Yeah, and they all bootstrap using things like Diffie-Hellman, and intrinsically must. Which are broken by Shor’s algorithm. For example, a TLS connection could use TLS_ECDHE to share a secret and generate a temporary one-time secret, and then move to an AES stream based on that shared secret for the actual data. If a quantum attacker broke that first step, they could read the AES-encrypted data no problem, because they would also have the one-time secret.
Do you have some choice insults for NIST as well? They’re putting a lot of effort into things like Kyber, but maybe they don’t understand cryptographic protocols as well as you do.
Yeah, and they all bootstrap using things like Diffie-Hellman, and intrinsically must. Which are broken by Shor’s algorithm. For example, a TLS connection could use TLS_ECDHE to share a secret and generate a temporary one-time secret, and then move to an AES stream based on that shared secret for the actual data. If a quantum attacker broke that first step, they could read the AES-encrypted data no problem, because they would also have the one-time secret.
Do you have some choice insults for NIST as well? They’re putting a lot of effort into things like Kyber, but maybe they don’t understand cryptographic protocols as well as you do.