What are the theoretical usage limits of Kyber and Dilithium? Are there any sources to back this up? Maximum number of encryptions/signatures allowed per key, etc.?
4
- $\begingroup$ I suppose $2^{64}$ if not none. But I'm voting to close this Q for now, before you tell us why you believe there would be any - whether you heard it from somewhere, or why you imagined such theoretical limit in the first place. I only know SPHINCS has a limit that's so astronomical that we don't concern with it in practice. $\endgroup$DannyNiu– DannyNiu2023-09-23 06:53:01 +00:00Commented Sep 23, 2023 at 6:53
- $\begingroup$ I'm wondering how this question originated. Does this question originate from not understanding signature schemes (newbe question) or it is somehow related to a test which distinguishes hash-based signature schemes (HBS) and other PQC signature schemes? $\endgroup$Maarten Bodewes– Maarten Bodewes ♦2023-09-24 10:51:08 +00:00Commented Sep 24, 2023 at 10:51
- 1$\begingroup$ @MaartenBodewes It's probably from hearing about unauthenticated encryption/AEAD usage limits, like discussed here and here, and limited signatures for hash-based post-quantum signature schemes, like discussed here and here. $\endgroup$samuel-lucas6– samuel-lucas62023-09-24 11:16:59 +00:00Commented Sep 24, 2023 at 11:16
- $\begingroup$ Correct. Is it that incredulous a question? $\endgroup$Joe– Joe2023-09-25 13:30:35 +00:00Commented Sep 25, 2023 at 13:30
Add a comment |