pqc-forum

> I think it's clearer to look at what NSA posts online (and > which was the basis for the

Is this true even now that the one markedly different scheme is totally broken? HQC and RQC still

> > I don't fully understand this part. It seems perfectly natural to me > > for an

Hi I monitor this forum but this is not my field. Is this article correct? https://gcc02.safelinks.

Hello everyone, We are happy to share with you the MQ-estimator (https://github.com/Crypto-TII/

Hi Everyone - There is a mega-spending package to grow US semiconductor production that is roughly

I'm pleased to announce availability of the next installment in the S-unit-attacks saga: a new 59

"Kelsey, John M. (Fed)" <john.kelsey@nist.gov> wrote: Dear John, dear all, > That

NIST's round-3 report claims a better FO proof picture for Kyber than it does for NTRU. This is

Dear PQC Researchers, We'd like to announce our recent paper (https://eprint.iacr.org/2022/952.

If you have any questions about abcmint being cracked, you can ask Jin Liu, the chairman of abcmint,

Hi all, Indeed, the algorithm is flawed. Here's a quick summary of what the algorithm does and

On Sun, Jul 17, 2022 at 4:23 AM Dan Collins <dcollinsn@gmail.com> wrote: One item which

There have been many other improvements to Shor's algorithm in the decades since it was

Hi, I think that is an interesting suggestion. My understanding is that Keccak-p[1600, 12] is twice

>Just to be clear, the "hedged" mode would replace line >12 of Figure 4 in the

Dear all, Those of us who tried to get ECC into real working systems during the years before 2018 or

Uri, NIST has not retracted SP 800-208, “Recommendation for Stateful Hash-Based Signature Schemes,”

John, Thank you. Yes, we expect that our overall project timeline is accurate. That is, we are aiming

I agree but the solution is probably not to force implementation of all the four primitives AES-256,

Is an implementation in the works? If so, any timeline for an implementation, so that performance can

Please Dr. Alexander Zeh Infineon Technologies AG Senior Principal Engineer CyberSecurity Systems

DJ Bernstein, T. Lange, and C. Peters wrote: > Our PQCrypto 2008 ISD algorithm is faster than the

Dear, colleagues, The PQNet2022 event was very successful with many participants registered. Thank

> On Jun 27, 2022, at 3:09 AM, DJ Bernstein <djb@cr.yp.to> wrote: > > Mike Hamburg

Hi Bo, I may be repeating myself a bit, but as someone involved with building commercial side-channel

Yes. Soon, we are doing final check our numbers. On Thu, Jun 23, 2022 at 8:45 AM andy yi <

We never claimed that advanced ISD procedures in the *low-memory regime* (2+2 case) would yield

On Tuesday, June 14, 2022 at 7:31:23 AM UTC+1 Prasanna Ravi wrote: Dear all, We would like to share

It depends on the platform and parameter set; on some it's faster and on some it's slower.