2024.05.20 13:10:54 (Mastodon 112473581482876329, Twitter 1792543538603077791) from Daniel J. Bernstein:
18 months ago NIST suddenly switched to counting memory-access costs in lattice attacks, massively pumping up Kyber-512's claimed security level. New lattice-attack optimization from Zhao, Ding, and Yang makes the memory-access costs practically disappear: https://eprint.iacr.org/2024/739