This is a potential security issue, you are being redirected to https://csrc.nist.gov.
Abstract: In determining which cryptosystems to use and what parameter choices to make for those cryptosystems, a major criterion is the concrete security of the cryptosystem and parameter set (i.e. the complexity of the cheapest attack.) Ideally, the concrete security could be expressed in a single number, like 128 bits of security, 192 bits of security etc. However, often in attempting to do this we find ourselves making assumptions about the relative cost of classical operations, quantum operations, memory, memory bandwidth, hardware, wall-clock time, energy etc. This talk will draw upon the experience of the NIST Postquantum Cryptography (PQC) standardization process to give examples of the issues that come up when trying to compare the concrete security of very dissimilar schemes, and the various approaches that have been suggested to resolve these issues.