Gregory's ServerSo fun story: I wrote an internal threat model for Google for the threats posed by quantum computing, because some higher up asked for it. My manager read that doc and was like "this isn't really containing any internal only information, right? Publish it externally as well then".
So here we are. How Google threat models PQC, at least at this moment in time.
 8 comments
@sophieschmieg Maybe a silly question, but do you have thoughts on homomorphic encryption and PQC? Many cryptographic models, not matter how strong, break when you have to temporarily decrypt the data to to manipulate it. Homomorphic encryption avoids the need for decryption. @sophieschmieg I think this is super. However, I can't help but note that the way thing seem these days, if something somehow goes wrong related to this being made externally available, you'll be the one under the hot light. Hoping that doesn't happen. @lauren I know of stories within ISE where public communication went wrong, and the individual in question was fine, we treated it like any other vulnerability, not blaming it on anyone, but fixing the process where it needed fixing. I know that isn't necessarily universal in the company, but I have some trust in my management chain, otherwise you wouldn't see anything published by me. @sophieschmieg Keeping my fingers crossed for you. It's just that, frankly, from my current position looking in from the outside, I have the discomforting feeling that the way things were when I was inside are not necessarily representative of the way things are now, given recent events. Of course, as usual, I don't know what I don't know.  @sophieschmieg sweet! it's always lovely to hear your analyses of these things, and we're glad you get a piece to show off :) @sophieschmieg Thanks for sharing this publicly. Do you know any vendor currently providing SPHINCS+ for firmware signature? It's been almost 3 years since https://www.youtube.com/watch?v=PsCLITtHW0I. See also https://twitter.com/XenoKovah/status/1760344710076379513 if you still have an account over thereā¦ |
There are more blog posts in this style planned for PQC as well, trying to fill the gap between pop science and expert-only information.