Dear forum,
It looks like the displayed message here is an attachement of the mail (the first one). We received on the mailing another mail (you can verify it, 10 nov. 2021 5:13pm) which I would like to paste here for clarity reasons. Also, can anyone explain why the first attachement is displayed instead of the original mail? On top of that, the preview of the post through the web UI shows the beginning of the original mail.
Below the original mail:
"Dear forum,
NIST has stated on multiple occasions its preference
to select at most
one KEM among {Kyber, NTRU, SABER}. After discussing
this matter with
several colleagues, we think it is worth considering
the possibility of
having several structured lattices KEM standardized
instead of one.
The decision to be made now will impact a primitive
that will be heavily
deployed and used in the coming decades. There is a
huge responsibility
involved here if we do not standardize the best
solution in the long run.
There is a patent issue (true or potential, it does
not matter) for
Kyber and SABER which is unlikely to be solved by the
end of this year.
This may impact the process and lead to reject schemes
irrespective of
their scientific merits. Also, as previously mentioned
on this forum
(see attached messages), there might be other IP
issues we are not yet
aware of. Moreover, there is a fair chance that these
patent issues will
be resolved if given enough time.
Therefore, our open question to the community is
"would not it be good to standardize several
solutions?"
Giving both time and options without compromising the
competition
timeline. This could allow a soft landing towards the
best solution(s)
for the various platforms and applications. Besides,
structured
lattice-based KEMs allow compact implementation,
mitigating the 'burden
on implementors' argument.
Nicolas Sendrier & Jean-Pierre Tillich"
Thanks,
Joffrey