Maybe It's Snake Oil All the Way Down
Amir Herzberg
amir at herzberg.name
Mon Jun 2 12:25:13 EDT 2003
Erik is right: there must be very strong motivation to consider using a
cryptographic mechanism/protocol which is not `standard` (de-facto
standards are Ok). When this motivation is supposedly improved security,
the new (supposedly more secure) primitive should preferably be composed
with a supposedly-weaker but standard mechanism, in a
`cryptanalysis-tolerant` manner, i.e. an attack should apply to _both_
mechanisms. But of course other motivations (e.g. performance) may rule out
this approach.
The basic security argument underlying computational cryptography is always
the fact that it withstood cryptanalysis. Even when we provide `provable
security`, what the proofs really show is only that the
mechanism/protocol is as secure as some other assumption. The only
exception is unconditional secure systems such as one-time pad, but these
are usually not practical (e.g. due to key length requirements); in
particular public key systems are always `only` computationally secure.
This is not really a problem and certainly not a motivation to design new
systems, without a proof of security...
Best, Amir Herzberg
http://amir.herzberg.name
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list