2025-06-07 19:49 GMT+02:00 Loganaden Velvindron <logana...@gmail.com>:
> ML-KEM implementations may suffer from compiler optimizations that could
> weaken
> the security properties of a pure ML-KEM implementation such as Kyberslash.
That is both a general risk independent of the algorithm, and in the specific
case only applicable when reusing public keys. (Yet another discussion that
could be avoided by forbidding key reuse!)
_______________________________________________
TLS mailing list -- tls@ietf.org
To unsubscribe send an email to tls-le...@ietf.org
