aio

Not sure what you think my "different premises" are? Also I obviously already know that Shor's algorithm solves the discrete log problem. I don't know why you phrased your comment assuming I'm an idiot.

Yeah and I agree that in principle we should be trying to move to cryptosystems which aren't known to be broken by quantum algorithms. I just don't think the argument in the article is sound. There are costs, including actual security risks, inherent to switching. To name a couple:

1. There will be implementation errors any time a new cryptosystem is implemented; this is practically inevitable especially if you are trying to rush the process through in 3 years.
2. Quantum-unbroken systems are slower and require bigger keys than elliptic curve systems. Users will be inconvenienced by the resulting performance hit, which will both impede adoption of cryptography in general, and tempt implementors into using incorrect parameters.

You have to actually weigh the benefits of resistance to quantum algorithm computers (which may or may not actually appear) against these costs (which certainly will). Paranoia isn't a threat model.

And to be clear cryptographers already know these things and if they still think we should all move to lattice cryptosystems despite the costs then that's totally fine. I just wish they would write their blog posts to reflect that instead of talking about the 1% thing.

I feel like the same "<1%" argument is used to justify a whole lot of things these days. Can you guarantee that there's a <1% chance that someone will come out next year with a paper showing that LWE can be broken efficiently with a quantum algorithm? What about a classical algorithm? I feel like a better argument is needed than just "well you can't be sure it won't happen" because we aren't sure about pretty much anything.

... why 7/8?

the output is probabilistic not deterministic. By definition, that means it’s not entirely consistent or reproducible, just… maybe close enough.

That isn't a barrier to making guarantees regarding the behavior of a program. The entire field of randomized algorithms is devoted to doing so. The problem is people willfully writing and deploying programs which they neither understand nor can control.

computer, print awawa.

Also your paper has to be truly irredeemable dogshit to get rejected from arxiv. Like you can post proofs of P=NP as long as it sounds kinda coherent. 2400 monthly rejections is absurd.

i think it's when you and a bunch of other vegans live in a group home together and argue over who does the dishes

a lot of this "computational irreducibility" nonsense could be subsumed by the time hierarchy theorem which apparently Stephen has never heard of

He straight up misstates how NP computation works. Essentially he writes that a nondeterministic machine M computes a function f if on every input x, there exists a path of M(x) which outputs f(x). But this is totally nonsense - it implies that a machine M which just branches repeatedly to produce every possible output of a given size "computes" every function of that size.

the ruliad is something in a sense infinitely more complicated. Its concept is to use not just all rules of a given form, but all possible rules. And to apply these rules to all possible initial conditions. And to run the rules for an infinite number of steps

So it's the complete graph on the set of strings? Stephen how the fuck is this going to help with anything

if two people disagree on a conclusion then either they disagree on the reasoning or the premises.

I don't think that's an accurate summary. In Aumann's agreement theorem, the different agents share a common prior distribution but are given access to different sources of information about the random quantity under examination. The surprising part is that they agree on the posterior probability provided that their conclusions (not their sources) are common knowledge.