Add Dilithium-2 paragraph in Security Considerations

lamps-wg / dilithium-certificates

I-D that describes the algorithm identifiers for NIST's PQC Dilithium algorithm for use in the Internet X.509 Public Key Infrastructure

Other

4 stars 0 forks source link

Add Dilithium-2 paragraph in Security Considerations #2

Open csosto-pk opened 2 years ago

csosto-pk commented 2 years ago

Dilithium-2 offers a CoreSVP hardness of ~118 bits of security which is a little lower than it should. The Kyber submission refines the CoreSVP cost by using sieving cost simulations and claims that the gate and memory cost is ~2^150 and ~2^90 approximately which they argue is better than AES. I think it would be worth to call out the CoreSVP hardness and the refined estimate for Dilithium-2 in the Sec Considerations section.

csosto-pk commented 1 year ago

Depending on what gets standardized, this will be of value in the end. In the end, there will only be one Dilithium algorithm, the one specified by NIST with or without the Dilithium-2 parameter.