Closed oilel closed 11 months ago
I would not suggest anything other than using hybrid schemes at this time.
The extra overhead is low, there's very few use cases which couldn't handle a traditional kex in addition to Kyber.
If no one else has anything to add to this issue I'll close it in a fortnight.
Suggested reading:
https://media.defense.gov/2022/Sep/07/2003071836/-1/-1/0/CSI_CNSA_2.0_FAQ_.PDF Let's ses these 2 parts: First: NSA suggests using Leighton-Micali Signature (LMS) or Xtended Merkle Signature Scheme (XMSS) to sign firmware or software. You should implement them in pure Rust. Second:
In my opinion, "product availability and interoperability" means compatibility for old browsers in WinXP and even Win10. So only when you're still using WinXP or even Win10, you use hybrid mode for your old browser. In my opinion, it's only for old browsers, Kyber is strong enough and works well without legacy cryptographies.