[Cryptography] quantum computers & crypto

Ron Garret ron at flownet.com
Sat Nov 6 17:34:00 EDT 2021

On Nov 6, 2021, at 8:13 AM, Ray Dillinger <bear at sonic.net> wrote:

> On 11/6/21 7:39 AM, Peter Gutmann wrote:
>> I've actually had more than
>> one discussion with cryptographers who were absolutely baffled that I'd built
>> in extra safety measures around the outside of a provable-security [0]
>> mechanism.
>> Peter.
>> [0] Note that that's "provable-security", not "proven-secure".  A proof that
>>    you meet a theorem precondition doesn't mean you've stopped attackers,
>>    which is why I built in the extra safety measures.
> I believe it was Knuth who checked in something warning people to
> 'beware bugs in the above code; I have only proven it correct, not
> tested it.'  People think of him as a theorist, but that single incident
> proves to me that he is also an engineer and craftsman who has dealt
> with the real world.
> Even correct code needs safety measures.  We hang extra logic around our
> code to be sure it actually does exactly what we intended for it to do
> and nothing else.  We add the architecture and structures to accommodate
> likely future extensions, and then write code to be absolutely sure
> those additional facilities are not being used yet and cannot be used
> until such extensions are actually made.
> Some don't 'get it', but they're the same folk in spirit as those who
> wanted me to fix my code because their coverage analysis tool found
> 'dead code' that could never be executed. 
> fprintf(stderr, "Probability computed as >1.0 or <0.0 in
> testScore.getProb()\n");
> exit(PROG_ERROR);
> I was *delighted* to hear that there was a formal proof that it could
> not be executed, and duly impressed that the checking tool they were
> using had done the mathematical analysis.  I didn't see any good purpose
> in 'fixing' it though; I marked it 'not a bug' and sent it back.
> Hijinx & Sue had a long discussion about it, and when Helena finally
> showed me some of the things she keeps in that handbasket of hers, I
> decided it would probably be better to just comment it out.

I worked on a NASA mission in the 90s that had a formal proof or correctness *and* extensive ground testing and nonetheless still failed in flight:


Proofs are only as good as the correspondence between their assumptions and actual reality, which can never be proven.


More information about the cryptography mailing list