[Cryptography] Quillon Graph: A private, post-quantum electronic cash system

[John Gilmore]

Viktor S. Kristensen via cryptography <cryptography at metzdowd.com> wrote:
> by that logic, we wouldn't have migrated from DES to AES until someone
> built a practical DES cracker and used it on live traffic.

You have accurately described the history.

The interesting parallel is that in DES's case, we had NSA telling
people, "The security is fine, just keep doing the easy thing."  This
was not because it was secure, but because they knew it was insecure
against their brute-force attacks.  Because it helped them decrypt real
traffic from real adversaries, who *thought* they were using a secure
algorithm.

Why is NSA pushing belt-without-suspenders quantum-resistant crypto?
Shrug.  What *is* known is they've publicly advocated broken or jiggered
easily-breakable crypto for at least seven decades.  On this list nobody
needs to list all of them, but let's start with Crypto AG, DES, and Dual
EC DRBG.  You could bet that they've changed their spots, but it's a
sucker bet.

	John