Chris Peikert is one of the O.G. academic lattice cryptography researchers. He's not affiliated with the CRYSTALS team, but was pretty involved with the NIST PQC contest (as was every other academic researcher working in the space).<p>The backstory here:<p>Dan Bernstein wrote a sprawling manifesto attempting to explain, in tens of thousands of words, how NIST computed the conventional security levels for Kyber-512 (the fastest, weakest of the Kybers, with security levels sort of analogous to Curve25519) wrong by a relatively insignificant amount; the gist of what Bernstein seems to be saying is that if you did the math on security levels differently, adding instead of multiplying specific terms, you'd get higher security levels for his team's submission, NTRUprime.<p>Since Bernstein has chosen to communicate this in just about the most inflammatory way possible, choosing as his audience people who don't pay attention to cryptographic research but do pay close attention to NSA kremlinology, his blog post has gotten some press, including a pop sci story in New Scientist that was on the front page last night.<p>It turns out: he appears to have gotten the math wrong. Which is pretty embarrassing if it's true; if you're going to write a zillion word manifesto calling laypeople to arms against the outcome of an academic cryptography competition, you should probably have your numbers right, as Omar Little was once heard to say.<p>Far more savage is Ray Perlner's response; all you need to know to understand that response is, again, that Bernstein is affiliated with NTRUprime.