NIST's Flawed Kyber-512 Security Calculation: A Controversy Over Standardization
This cr.yp.to blog post exposes a serious error in NIST's calculation of the security level for the Kyber-512 post-quantum cryptosystem. The author demonstrates that NIST nonsensically multiplied two costs that should have been added, resulting in a severe overestimation of Kyber-512's security. This error stems from NIST's mishandling of memory access costs, misinterpretations of existing literature, and a lack of transparency in its standardization process. The author also reveals the close collaboration between NIST and the NSA, and the unfair treatment of alternative candidates like NTRU. The post details the flawed calculation and calls for a complete overhaul of NIST's standardization procedures to ensure transparency and reliability.