Shostack + Friends Blog Archive

 

On Provable Security

Eric Rescorla writes:

Koblitz and Menezes are at it again. Back in 2004, they published
Another Look at “Provable
Security”
arguing that the reduction proofs that are de rigeur
for new cryptosystems don’t add much security value. (See
here [link to http://www.rtfm.com/movabletype/archives/2004_07.html#000995 no longer works]
for a summary.) Last week, K&M returned to the topic with
Another Look at “Provable
Security”
which is about the difficulty of interpreting
the reduction results. They take on the proofs for a number
of well-known systems and argue that they don’t show what you
would like.

See “Provable Security (II)” [link to http://www.educatedguesswork.org/movabletype/archives/2006/07/provable_securi.html no longer works] if you want the rest of the details.