@screwtape
> this is the one that basically halves the number of bits of encryption you used expecting a classical attack?
This question is way beyond me :P I just stumbled upon the paper by following a link in something else I was reading, and thought it might be interesting to share.