bwesterb
commented
5 months ago Circl ≤1.3.6 was vulnerable to Kyberslash2, but not to Kyberslash1. It's patched in 1.3.7. We'll have a security advisory out soon. It's good to note that Kyberslash does not impact ephemeral use, such as in TLS.
david415
i know your Kyber is NIST round 3 but is it vulnerable to kyberslash1 and kyberslash2?
http://kyberslash.cr.yp.to/ http://kyberslash.cr.yp.to/faq.html http://kyberslash.cr.yp.to/libraries.html
https://www.bleepingcomputer.com/news/security/kyberslash-attacks-put-quantum-encryption-projects-at-risk/