Hi Quan,
There are a few separate issues you've brought up here, let me try to dissect them:
First-- Regarding those slides: those were written from my personal point of view, originally targeted for grad students at a local university, in the hope of encouraging them to begin work in the area of NIST PQC related research.
While I'd absolutely stand behind the content of the slides, they are also full with "my personal recollection" or "my personal opinion" of this event or technical topic or that.
Where this delineation matters (in terms of "parsing the information recorded in those slides"): I primarily have personal expertise in lattice and hash-based cryptography (and more recently in code-based cryptography), but less so in multivariate cryptography (it's an area I'm just getting into), and much less so in isogeny-based cryptography.
You can contrast a set of slides written from my personal point of view, e.g. the ones posted online at request after the fact, against official products of the entire NIST PQC team, e.g. the report itself (where you can find our official comments about Rainbow) and e.g. Dustin Moody's upcoming talk surveying NIST PQC's 3rd Round (aimed for the broader PQC audience) that will be at PQCrypto 2020 very soon.
Interlude:
Q: "Is NIST changing its point of view between this presentation and that?"
A: "No, this is a rhetorical nonsense. These slides I wrote were those from a single member of the NIST PQC team who is not a MV expert, not from the full team, and -- for what it's worth -- it's not clear what the 'changes' even are."
Second-- Regarding the security of Rainbow. The more proper way to frame the security of Rainbow (again, in my view, given more than one bullet point to write in..) is as follows.
For many years, there has been a gap between the theoretical analysis of Rainbow and the empirical/experimental performance of attacks against Rainbow (and the related problems in multivariate cryptography).
In a situation where we have a gap between "our understanding" (the theoretical matter) and "our observations" (the empirical matter), this raises a concern -- "How confident can we be in the security of the system?"
Then, very recently, there were a sequence of three papers posted online that explored a new notion of "bi-degree" as it related to the band separation type of attack against Rainbow.
1)
https://eprint.iacr.org/2020/702.pdf "Rainbow Band Separation is Better than we
Thought" Smith-Tone, Perlner (NIST authors)
2)
https://eprint.iacr.org/2020/703.pdf "New Complexity Estimation on the Rainbow-Band-Separation Attack" Nakamura, Ikematsu, Wang, Ding, Takagi (Japan & Univ of Cincinnati USA)
3)
https://eprint.iacr.org/2020/908.pdf "Analysis on the MinRank Attack using Kipnis-Shamir Method Against Rainbow" Nakamura, Wang, Ikematsu (a subset of the 2nd paper; now looking at a 'multi-degree' notion)
The key point here (as I understand the situation..) is not that "attacks have improved, and may continue improving against Rainbow."
Rather, we first had a very loose theoretical analysis of the attacks, and empirical results (from a generic style of algorithm) that outperformed the theoretical analysis.
Now, however, the theoretical analysis has been tightened in a way that
matches the empirical observations of the generic algorithm.
Rather than Rainbow having lost some claim to security, we now understand why the generic style of attack performs as it does.
So in fact, our theoretical understanding of attacks against Rainbow now align with our empirical observations of attacks against Rainbow.(If you want more information about the technical matter, I'm at the limits of my personal grasp of the situation; I'll have to ask Ray or Daniel S-T from NIST if they would like to additionally chime in on the discussion.. =))
Hope this is helpful!
Best,
--Daniel