Right, the key point here is that, with a few exceptions like the one-time pad, there have NEVER been proofs that ANY of the cryptosystems we use in practice are secure!  They all depend on unproven conjectures about computational hardness -- at the very least, the belief that P!=NP.

You could argue that the currently deployed systems have been "battle-tested" for longer than the new quantum-resistant ones.  In reality, though, problems like factoring and discrete log have been battle tested for ~50 years, whereas lattice problems have been battle tested for ~25 years, so it's not even that huge of a difference anymore!

I'm Scott Aaronson, quantum computing theorist at UT Austin!  AMA

ScottAaronson

Right, the key point here is that, with a few exceptions like the one-time pad, there have NEVER been proofs that ANY of the cryptosystems we use in practice are secure!  They all depend on unproven conjectures about computational hardness -- at the very least, the belief that P!=NP.

You could argue that the currently deployed systems have been "battle-tested" for longer than the new quantum-resistant ones.  In reality, though, problems like factoring and discrete log have been battle tested for ~50 years, whereas lattice problems have been battle tested for ~25 years, so it's not even that huge of a difference anymore!