[Cryptography] quantum computers & crypto

Peter Gutmann pgut001 at cs.auckland.ac.nz
Sat Nov 6 03:39:47 EDT 2021

Arnold Reinhold via cryptography <cryptography at metzdowd.com> writes:

>When the physicists reviewed Dupont’s blueprints for the first production-
>scale nuclear reactor, they counted up the tubes intended for fuel and
>control rods and found there were more than they had specified.

That could actually have gone either way.  If there were more tubes for fuel
rods than the physicists called for and the operators simply filled them all
up, they could have ended up with an unwarranted power excursion during

>There has been a tendency in cryptography to keep safety margins small,
>perhaps a holdover from when processing capability was expensive.

I think more recently it's more the fault of the fashion for provable
security: We've cryptomathically proven that this and exactly this is provably
provable, so there's no need to do anything else.  I've actually had more than
one discussion with cryptographers who were absolutely baffled that I'd built
in extra safety measures around the outside of a provable-security [0]


[0] Note that that's "provable-security", not "proven-secure".  A proof that
    you meet a theorem precondition doesn't mean you've stopped attackers,
    which is why I built in the extra safety measures.

More information about the cryptography mailing list