Simply put the provability of cryptographic theorems doesn’t matter much in the real world if there are other attack vectors that can defeat the security much more effectively.

There is however one area of security where provability can be meaningfully applied, namely integrity. When Whit Diffie proposed public key cryptography he wasn’t thinking about integrity  - he was thinking about key exchange and how two parties could communicate securely across an insecure channel. At the time it was perfectly natural to think about extending PKI to for verifying the integrity of messages and the consequence of this that today that when security professionals have an integrity problem they naturally turn to PKI, it has been the only tool in the toolshed.

The challenge however is that PKI requires secrets and trusted parties – that can’t be proven and will always remain the weakest link in security – no matter what the key length used in the underlying crypto. Managing keys is hard and even the best security companies can’t do it successfully.  For integrity at least it is also completely unnecessary. By eliminating the need for keys and using widely witnessed consensus it is possible to have provable security and that is a really big deal for CISOs who want to secure their networks. It is the difference between saying I know my network has integrity and I can mathematically prove it and “Our security is based on key management and trusting system administrators”. As we have seen with the NSA and now more recently with Target and AT&T the latter is not a winning strategy.

Widely Witnessed Consensus

Interestingly recent crypto-currencies address integrity without reliance on cryptographic keys. Instead they use widely witnessed consensus. Consider SWIFT and Bitcoin. SWIFT is a closed system used for inter-bank payments based entirely on PKI. The integrity of transactions are thus verifiable based on the security of keys and the administrators who manage them. It works (as far as we know) perfectly well, albeit expensively within the closed inter-bank system. However SWIFT has continually struggled to move beyond inter-bank payments and is in danger of becoming increasing irrelevant as other payment schemes continue to gain traction. One such payment scheme is Bitcoin. Bitcoin uses an entirely different mechanism for integrity based on widely witnessed consensus i.e. a transaction is only complete once a sufficient number of participants (miners) have entered the transaction into public ledger of transactions (block-chain). Once complete anyone, anywhere can verify the integrity of a transaction without reliance on a centralized authority.  It is (most likely) provably secure based on the two assumptions, the security of hash-functions and widely witnessed consensus of the participants in the system.

The point is that as crypto-currencies have shown that integrity can be achieved without the need for trusted parties or security of keys. Widely witnessed consensus is a lot easier than key management and paves the way for provable security to finally be relevant in the real world.

KSI is based on the same principles, by making the events widely witnessed it allows the integrity of those events to be verified without reliance on securing keys, creating in effect a global tagging system for electronic data where the verification is open and public and thus can be made provably secure. That's a big deal – for government, for digital society and not least for securing telecom infrastructure.

This is technological progress at its best. For the last 40 years digital society has been plagued by basing security on the wrong (and entirely unnecessary) assumptions. Whether Bitcoin (for transactions) or KSI (for general electronic data) technological progress cannot be halted. In the case of KSI it will also finally address the root cause of a 450 Billion USD a year cybersecurity problem.