Why Provable Security Matters?

10 years 1 months ago
Why Provable Security Matters?
Abstract. Recently, methods from provable security, that had been developped for the last twenty years within the research community, have been extensively used to support emerging standards. This in turn has led researchers as well as practitioners to raise some concerns about this methodology. Should provable security be restricted to the standard computational model or can it rely on the so-called random oracle model? In the latter case, what is the practical meaning of security estimates obtained using this model? Also, the fact that proofs themselves need time to be validated through public discussion was somehow overlooked. Building on two case studies, we discuss these concerns. One example covers the public key encryption formatting scheme OAEP originally proposed in [3]. The other comes from the area of signature schemes and is related to the security proof of ESIGN [43]. Both examples show that provable security is more subtle than it at first appears. 1 Provable Security
Jacques Stern
Added 06 Jul 2010
Updated 06 Jul 2010
Type Conference
Year 2003
Authors Jacques Stern
Comments (0)