Understanding lattice risks: Many differences between marketing and reality

Crypto nerds are fighting over the future — and the comments are absolutely not calm

TLDR: The article says new “quantum-safe” encryption is being oversold and that relying on it alone is risky, especially because buggy software keeps getting exposed. In the comments, people split between “don’t trust the new standard by itself” and “this is also a long-running expert feud, so be careful who you believe.”

A fresh cryptography blog post lit the fuse, and the real fireworks exploded in the comments. The author argues that the sales pitch for new post-quantum security tools is way too rosy, saying supporters are focusing on a narrow slice of risk while brushing past the messy reality: software bugs, timing leaks, and all the ways real-world code can fall apart. In plain English, the complaint is simple: don’t throw away the old seatbelt just because the shiny new one looks futuristic. Keep the older elliptic-curve system and add the new post-quantum one, instead of trusting the new thing alone.

Commenters immediately turned this into a full-on trust war. One of the strongest reactions came from nneonneo, who basically read the whole situation as someone pushing an insecure standard, arguing there’s no good reason to put all your security eggs in one basket when a mixed approach exists. That’s the spicy, suspicious side of the thread. But others hit the brakes hard: dgacmu openly said they don’t have the expertise and pointed out this is part of a bigger feud between heavyweight cryptographers, with the author often taking shots from the opposite corner of many respected experts. Then came the practical skeptics, like 866121283, waving a counterargument: combining old and new systems isn’t free, and extra complexity can create its own disasters. The vibe? Half "don’t trust the hype," half "don’t trust the guy yelling about the hype" — which is exactly the kind of nerd drama the internet was built for.

Key Points

  • The article critiques a 29 June 2026 argument that supports standalone ML-KEM over hybrid ECC+ML-KEM.
  • The author argues that focusing on "known" cryptanalysis improperly narrows the relevant risk surface for cryptographic deployment decisions.
  • The article cites three emergency timing-attack patch rounds for Kyber reference software: KyberSlash 1, KyberSlash 2, and Clangover.
  • It states that security failures can arise from software bugs and side-channel issues, not only from mathematical attacks on cryptographic specifications.
  • The article reiterates a recommendation to deploy hybrid ECC+PQ systems rather than replace ECC with standalone post-quantum cryptography.

Hottest takes

"someone is pushing hard for an insecure standard" — nneonneo
"this is part of a larger fight" — dgacmu
"Putting EC and PQ algorithms together isn’t trivial" — 866121283
Made with <3 by @siedrix and @shesho from CDMX. Powered by Forge&Hive.