Closed ounsworth closed 1 week ago
It is hard to quantify the overall strength at any given point it time, because it changes based on cryptanalysis. Therefore, we don't think this table would add value. We have added a strong security considerations section that talks about the strength of the algorithms in terms of their underlying notions.
From the LAMPS mail list:
Hi Piotr,
While I agree that this will be useful to a reader, I think that coming up with a single “overall security strength” for a composite will be difficult. For example, are you considering before or after your adversary has a CRQC? Perhaps the best we could do is to have two columns for “Classical security” and “PQ Security” and list different numbers in each column. Is this worth doing?