[HN Gopher] Notes on a claim that a mceliece348864 distinguisher...
       ___________________________________________________________________
        
       Notes on a claim that a mceliece348864 distinguisher uses only
       2^529 operations [pdf]
        
       Author : nabla9
       Score  : 7 points
       Date   : 2025-04-17 11:52 UTC (2 days ago)
        
 (HTM) web link (classic.mceliece.org)
 (TXT) w3m dump (classic.mceliece.org)
        
       | nabla9 wrote:
       | >- The costs claimed in [16] are 2529 for the smallest proposed
       | Classic McEliece param- eters. This is much more expensive than a
       | brute-force search through 256-bit seeds, and much more expensive
       | than ISD.
       | 
       | >- The costs are for an algorithm that is merely distinguishing
       | public keys from random, not attacking OW-CPA. The
       | indistinguishability assumption targeted in [16] is not used in
       | the Classic McEliece security analysis; it is even explicitly
       | disclaimed by the Classic McEliece security analysis.
       | 
       | > [16] incorrectly suggests that it (1) attacks a problem that
       | Classic McEliece relies upon and (2) is faster than the best
       | previous attacks against Classic McEliece. We promptly responded
       | when [16] appeared, but no errata were issued. Some third parties
       | are now citing [16] as supposedly significant attack progress.
       | 
       | [16] Hugues Randriambololona. The syzygy distinguisher, 2024.
       | URL: https://eprint. iacr.org/archive/2024/1193/1722424045.p
        
       ___________________________________________________________________
       (page generated 2025-04-19 23:01 UTC)