[Cryptography] Security proofs prove non-failproof
Benjamin Kreuter
brk7bx at virginia.edu
Tue Feb 21 17:17:09 EST 2017
On Tue, 2017-02-21 at 14:05 -0500, Perry E. Metzger wrote:
> (That said, it will always be easier to verify cleaner, simpler
> designs, but I don't see that as a flaw.)
This is not true. In academic work, there are plenty of protocols that
do seemingly pointless things to make a security proof work. One
common technique is to design the protocol so that one party will prove
a statement like, "Either I am not cheating OR I know your secret key."
It may appear to be fragile and complicated, but it often makes
proving security easier (or maybe it prevents some real attack, and we
just do not yet know what that attack looks like).
-- Ben
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 847 bytes
Desc: This is a digitally signed message part
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20170221/4e2124c0/attachment.sig>
More information about the cryptography
mailing list