Letter IV - Learn to Navigate an Imperfect World

Aug 14, 2025

Dear Paulinus,

The concept of security is philosophical in nature and difficult to properly assess by just looking at the technical definitions. Since you are serious about the topic, it is worth spending some paragraphs on the concept before looking into the different definitions. As always, I will point you to valuable technical resources rather than giving you the definition here, so that you can experience a more complete assessment of the state of the art.

Security, as most people perceive it, is a binary illusion. For them, something either is or isn't secure. But, alas, this is a child's understanding, one that fails to grasp the probabilistic essence of the matter. People tend to search for the feeling of being held by their parents' arms, assured that nothing bad can happen to them, but this is clearly impossible for any person who successfully crossed the adult stage of life. You will see, my dear Paulinus, that part of becoming an adult is the acceptance that perfection is unattainable in any matter of life. For matters of security, we must manage risk and understand trade-offs.

You see, Paulinus, we lock our doors knowing a determined thief could still break in and we fasten seatbelts understanding they cannot guarantee survival in every crash. In cryptography, we face the same reality. No real cryptographer thinks to be able to design a system that is perfectly impenetrable, as perfection (in this sense) is only a property of God. The humble cryptographer, in itself the only experienced and competent kind of cryptographer, aims to raise the cost of attacks beyond what any adversary, bound to the laws of this world, would bear. As you read the Saints, Paulinus, you will understand that ultimately everything is in the hands of God and that you must do all of what is in your power to improve your situation, but nothing more. As me and you are not God, we must balance protection against practicality, lest we may think we have perfect protection and don’t need Him in our life (something the very Devil esort us to think!).

And yet, Paulinus, this very impossibility of complete security is God’s mercy in disguise, for what would we become without adversity to temper us? Just as a muscle weakens without resistance, so too does the soul atrophy without challenge. Consider the lesson of The Metamorphosis of Prime Intellect, where humanity, granted perfect safety and immortality through a universe reduced to mere data, found itself suffocating in a secular paradise. Though no physical harm could touch them, their spirits withered. For without risk, there can be no courage; without loss, no gratitude; without the possibility of failure, no true achievement. In their despair, they begged Prime Intellect to restore the old, fragile world. Therein lies the divine wisdom: to remove all threat is to remove all meaning, a truth as applicable to encryption as it is to existence.

Here we encounter another folly of our age: the cry for security raised without ever naming the enemy. Men clamor to be “safe” while remaining willfully blind to what threatens them. They tremble before specters of “hackers”, an abused term which the masses have rendered meaningless (you would do well to read Stallman's discourse on what hacking truly means). Yet all the while, they ignore the ordinary perils that have undone men since the Fall. You see this madness when a man locks his digital vault with the most cunning cryptography, only to see his fortune lost when the scrap of paper bearing his seed phrase is claimed by fire or even by water spilt over it. The Devil works not always through shadowy intruders, my dear Paulinus, but through our own forgetfulness and through the thousand small vulnerabilities we overlook in our pride.

This reveals a deeper truth about our craft: all security is ultimately probabilistic, never absolute. The cryptographer's art lies not in building impregnable walls, for such things exist only in fairy tales, but in carefully calculating what would break an adversary's will before it breaks our defenses. We do not ask "is it secure?" like children seeking comfort, but "secure against whom, at what cost, and for how long?" You must train yourself to think in these terms, Paulinus, to resist the siren song of false certainty.

And in so doing, we would come to understand security as the cryptographer does: a constant negotiation with reality. Just as a man only discovers his true capacity for virtue when tempted, our systems only reveal their worth under assault. The wise approach is neither blind faith in our constructions nor paralyzing doubt, but what the ancients called prudentia: that clear-eyed assessment which measures both our strengths and our limits. You'll find no perfect ciphers nor protocols in this world, Paulinus, only those whose flaws we've yet to discover. The mark of maturity, both in men and systems, isn't the pretense of invulnerability, but the wisdom to know what failures we can endure.

Let this understanding guide you as you study the technical aspects of our field. You will encounter definitions of “semantic security” and learn about attack models. Don’t treat the adversary's capabilities in a chosen-plaintext attack or the security parameter in a reduction proof as abstract concepts, but respect them as the tools for our negotiation. To think of an all-powerful adversary in cryptography is similar to thinking of an all powerful Devil in our life: it will lead to despair, which makes the Devil happy and moves us away from God. Indeed, the adversary in our proofs is not infinite in power, just as temptation is not infinite in strength, as both operate within God's ordained limits. Your task is to understand those limits in matters related to cryptography (one would even say in life, but surely, my dear Paulinus, I am in no regard an expert on these matters).

Even the “AES256”, as the masses call some non-existing encryption scheme (AES stands for Advanced Encryption Standard, not scheme. As such, multiple parameters beside the key length in bits must be specified for it to be able to encrypt, such as its mode of operations), is not "unbreakable" in any menaingful sense: we simply judge that no earthly adversary can muster the 2^128 operations needed on average to brute-force it, assuming you don’t write the key and leave it as a post it on your laptop. This is the adult mindset you must cultivate, one that replaces childish absolutes with measured probabilities, and blind faith with reasoned trust.

Finally, remember that as the security of your house depends as much on the neighborhood you build it in as on the quality of its locks, so it is true in cryptography: a cipher may be mathematically sound, yet fail utterly when implemented carelessly or deployed against unexpected threats. This is why we distinguish so carefully between theoretical security and practical security, between the pristine world of our proofs and the messy reality where systems must live.

So take heart, Paulinus, and approach cryptography as the wise approach life itself: with humility, vigilance, and trust in Providence. Remember always that the Devil delights most not in those who recognize their vulnerability, but in those who, believing themselves invincible, grow careless. If you cultivate this mindset, neither naive nor despairing, you will have learned cryptography’s greatest lesson: that true security lies not in the illusion of perfection, but in the wisdom to navigate an imperfect world.

Yours ,

BowTiedItaliano