Simiarly, SLH-DSA-128{S,F}-{SHA2,SHAKE}, SLH-DSA-192{S,F}-SHAKE, and SLH-DSA-128{S,F}-SHAKE are designed to offer security comparable with the SHA-256/SHA3-256, AES-192, and AES-256 respectively.
Compares signature strength with hash function (SHA2/SHA3) strength and encryption algorithm strength (AES). I wonder is this a correct comparison, doesn't it look like you compare apples with oranges? I would at least understand if the text was:
Simiarly, SLH-DSA-128{S,F}-{SHA2,SHAKE}, SLH-DSA-192{S,F}-SHAKE, and SLH-DSA-128{S,F}-SHAKE are designed to offer security comparable with the AES-128, AES-192, and AES-256 respectively.
but the current text makes me puzzled. Perhaps I'm missing something.
tireddy2
commented
4 months ago
The text in the Security Considerations section
Simiarly, SLH-DSA-128{S,F}-{SHA2,SHAKE}, SLH-DSA-192{S,F}-SHAKE, and SLH-DSA-128{S,F}-SHAKE are designed to offer security comparable with the SHA-256/SHA3-256, AES-192, and AES-256 respectively.
Compares signature strength with hash function (SHA2/SHA3) strength and encryption algorithm strength (AES). I wonder is this a correct comparison, doesn't it look like you compare apples with oranges? I would at least understand if the text was:
Simiarly, SLH-DSA-128{S,F}-{SHA2,SHAKE}, SLH-DSA-192{S,F}-SHAKE, and SLH-DSA-128{S,F}-SHAKE are designed to offer security comparable with the AES-128, AES-192, and AES-256 respectively.
but the current text makes me puzzled. Perhaps I'm missing something.