> It is literally the worst plan, because it leaves every PQC-protected system in the world exposed to _everybody in the world_.
No, it leaves every SIKE-protected system in the world exposed to _everybody who reads obscure algebraic geometry papers from 1997._ We got really lucky that the two dorks who do read those papers decided to share their insights.
For all you know, there’s a paper sitting at the Institute For Advanced Study that would let you write a marvelous pq-crystals-shattering Python script, but they’ll never tell you the combination to the safe.
(Again: TAOSSA contained 0day exploits, and few noticed for a decade.)
You seem to believe the only thing preventing people from exploiting Dual EC is not having read the right cryptography papers. No; the reason why that's not the case is plainly evident from Dual EC's structure (if that were true, the NSA would presumably have no need of Dual EC!). Our premises are too far apart to usefully discuss this.
No, it leaves every SIKE-protected system in the world exposed to _everybody who reads obscure algebraic geometry papers from 1997._ We got really lucky that the two dorks who do read those papers decided to share their insights.
For all you know, there’s a paper sitting at the Institute For Advanced Study that would let you write a marvelous pq-crystals-shattering Python script, but they’ll never tell you the combination to the safe.
(Again: TAOSSA contained 0day exploits, and few noticed for a decade.)