I’m going to have to correct my own self here (note to self, don’t be in a rush when writing about cryptography).
I’ve not communicated well here, regarding Grovers. It makes it seem like I’m putting more faith in Grovers than I meant to. That is my error.
The point I was trying to make here, is there is nothing specific within the SHA2 algorithm itself to counter Grovers (or any other quantum-computing algorithm).
And I should have been more specific when saying “SHA2 still needs to be replaced”.
Specifically, its SHA128 & SHA256 which needs to be replaced (with either SHA384 and/or SHA512, or in limited cases with SHA3).
Yes and no, depending on whose language you use when using the word “prove”.
If you’re a mathematician, you might say yes (as in a mathematical proof).
In the epistomological sense, no. There’s no way in hard science to prove you are secure. You can only prove you are reasonably secure, having migitated all the known flaws.
I assume this is why Qubes OS makes claims that it is a “reasonably secure OS” - not that it is a “secure OS”.
It is the unknown flaws that may one day still threaten you, and there is no way to prove there are zero flaws left.
There’s a lot of improvements relating to Shor’s algorithm right now because after 30 years people are finding ways to optimise on the original algorithm. But my wider point from above (which was communicated poorly), was that it is still plausible one day there will be improvements in the symmetric attacks too. Attacks only get better.
The former. It is a slow shift but it has started. Not everyone in the security community has fully embraced it yet, but enough big players have - so everyone else eventually have to follow.
NSA, NIST, Google/Chrome, Apple/Safari, Cloudflare and many others have also started on the path of moving towards quantum-resistant algorithms (Apple being the most recent).
Once Microsoft, Google and Apple embrace a change, you have three of the largest hardware/browser manufacturers on board at that point - and then you have a defacto standard regardless of if you wanted it or not.
And once NIST changes their recommendations for algorithms (which they are), every governance framework will also change. That forces governments and corporations to move towards NISTs recommendations.
Yes, but it’s also more than just a technical challenge. Its also a governance challenge too. A team of stakeholder representatives needs to be assembled to meet regularly, to discuss goals of any and all new UEFI specifications, including moving to quantum-resistant algorithms.
This doesn’t happen overnight, it takes time (people to bring in, meetings to be scheduled and funded etc.). Without changing the algorithms immediately, this process can be started this year (and it should be, because the changes are not trivial and will take time to fully implement).