[Cryptography] quantum computers & crypto

[Ray Dillinger]

On 11/6/21 7:39 AM, Peter Gutmann wrote:
> I've actually had more than
> one discussion with cryptographers who were absolutely baffled that I'd built
> in extra safety measures around the outside of a provable-security [0]
> mechanism.
>
> Peter.
>
> [0] Note that that's "provable-security", not "proven-secure".  A proof that
>     you meet a theorem precondition doesn't mean you've stopped attackers,
>     which is why I built in the extra safety measures.
>

I believe it was Knuth who checked in something warning people to
'beware bugs in the above code; I have only proven it correct, not
tested it.'  People think of him as a theorist, but that single incident
proves to me that he is also an engineer and craftsman who has dealt
with the real world.

Even correct code needs safety measures.  We hang extra logic around our
code to be sure it actually does exactly what we intended for it to do
and nothing else.  We add the architecture and structures to accommodate
likely future extensions, and then write code to be absolutely sure
those additional facilities are not being used yet and cannot be used
until such extensions are actually made.

Some don't 'get it', but they're the same folk in spirit as those who
wanted me to fix my code because their coverage analysis tool found
'dead code' that could never be executed. 

/*THIS NEVER HAPPENS*/
fprintf(stderr, "Probability computed as >1.0 or <0.0 in
testScore.getProb()\n");
exit(PROG_ERROR);

I was *delighted* to hear that there was a formal proof that it could
not be executed, and duly impressed that the checking tool they were
using had done the mathematical analysis.  I didn't see any good purpose
in 'fixing' it though; I marked it 'not a bug' and sent it back.

Hijinx & Sue had a long discussion about it, and when Helena finally
showed me some of the things she keeps in that handbasket of hers, I
decided it would probably be better to just comment it out.

Bear