fbpx
Wikipedia

Provable security

January 01, 1970

Provable security refers to any type or level of computer security that can be proved. It is used in different ways by different fields.

Usually, this refers to mathematical proofs, which are common in cryptography. In such a proof, the capabilities of the attacker are defined by an adversarial model (also referred to as attacker model): the aim of the proof is to show that the attacker must solve the underlying hard problem in order to break the security of the modelled system. Such a proof generally does not consider side-channel attacks or other implementation-specific attacks, because they are usually impossible to model without implementing the system (and thus, the proof only applies to this implementation).

Outside of cryptography, the term is often used in conjunction with secure coding and security by design, both of which can rely on proofs to show the security of a particular approach. As with the cryptographic setting, this involves an attacker model and a model of the system. For example, code can be verified to match the intended functionality, described by a model: this can be done through static checking. These techniques are sometimes used for evaluating products (see Common Criteria): the security here depends not only on the correctness of the attacker model, but also on the model of the code.

Finally, the term provable security is sometimes used by sellers of security software that are attempting to sell security products like firewalls, antivirus software and intrusion detection systems. As these products are typically not subject to scrutiny, many security researchers consider this type of claim to be selling snakeoil.

In cryptography edit

In cryptography, a system has provable security if its security requirements can be stated formally in an adversarial model, as opposed to heuristically, with clear assumptions that the adversary has access to the system as well as enough computational resources. The proof of security (called a "reduction") is that these security requirements are met provided the assumptions about the adversary's access to the system are satisfied and some clearly stated assumptions about the hardness of certain computational tasks hold. An early example of such requirements and proof was given by Goldwasser and Micali for semantic security and the construction based on the quadratic residuosity problem. Some proofs of security are in given theoretical models such as the random oracle model, where real cryptographic hash functions are represented by an idealization.

There are several lines of research in provable security. One is to establish the "correct" definition of security for a given, intuitively understood task. Another is to suggest constructions and proofs based on general assumptions as much as possible, for instance the existence of a one-way function. A major open problem is to establish such proofs based on P ≠ NP, since the existence of one-way functions is not known to follow from the P ≠ NP conjecture.

Controversies edit

Several researchers have found mathematical fallacies in proofs that had been used to make claims about the security of important protocols. In the following partial list of such researchers, their names are followed by first a reference to the original paper with the purported proof and then a reference to the paper in which the researchers reported on flaws: V. Shoup;[1][2] A. J. Menezes;[3][4] A. Jha and M. Nandi;[5][6] D. Galindo;[7][8] T. Iwata, K. Ohashi, and K. Minematsu;[9][10] M. Nandi;[11][12] J.-S. Coron and D. Naccache;[13][14] D. Chakraborty, V. Hernández-Jiménez, and P. Sarkar;[15][16] P. Gaži and U. Maurer;[17][18] S. A. Kakvi and E. Kiltz;[19][20] and T. Holenstein, R. Künzler, and S. Tessaro.[21][22]

Koblitz and Menezes have written that provable security results for important cryptographic protocols frequently have fallacies in the proofs; are often interpreted in a misleading manner, giving false assurances; typically rely upon strong assumptions that may turn out to be false; are based on unrealistic models of security; and serve to distract researchers' attention from the need for "old-fashioned" (non-mathematical) testing and analysis. Their series of papers supporting these claims[23][24] have been controversial in the community. Among the researchers who have rejected the viewpoint of Koblitz–Menezes is Oded Goldreich, a leading theoretician and author of Foundations of Cryptography.[25] He wrote a refutation of their first paper "Another look at 'provable security'"[26] that he titled "On post-modern cryptography". Goldreich wrote: "... we point out some of the fundamental philosophical flaws that underlie the said article and some of its misconceptions regarding theoretical research in cryptography in the last quarter of a century."[27]: 1  In his essay Goldreich argued that the rigorous analysis methodology of provable security is the only one compatible with science, and that Koblitz and Menezes are "reactionary (i.e., they play to the hands of the opponents of progress)".[27]: 2 

In 2007, Koblitz published "The Uneasy Relationship Between Mathematics and Cryptography",[28] which contained some controversial statements about provable security and other topics. Researchers Oded Goldreich, Boaz Barak, Jonathan Katz, Hugo Krawczyk, and Avi Wigderson wrote letters responding to Koblitz's article, which were published in the November 2007 and January 2008 issues of the journal.[29][30] Katz, who is coauthor of a highly regarded cryptography textbook,[31] called Koblitz's article "snobbery at its purest";[29]: 1455  and Wigderson, who is a permanent member of the Institute for Advanced Study in Princeton, accused Koblitz of "slander".[30]: 7 

Ivan Damgård later wrote a position paper at ICALP 2007 on the technical issues,[32] and it was recommended by Scott Aaronson as a good in-depth analysis.[33] Brian Snow, former Technical Director of the Information Assurance Directorate of the U.S. National Security Agency, recommended the Koblitz-Menezes paper "The brave new world of bodacious assumptions in cryptography"[34] to the audience at the RSA Conference 2010 Cryptographers Panel.[35]

Practice-oriented provable security edit

Classical provable security primarily aimed at studying the relationship between asymptotically defined objects. Instead, practice-oriented provable security is concerned with concrete objects of cryptographic practice, such as hash functions, block ciphers, and protocols as they are deployed and used.[36] Practice oriented provable security uses concrete security to analyse practical constructions with fixed key sizes. "Exact security" or "concrete security" is the name given to provable security reductions where one quantifies security by computing precise bounds on computational effort, rather than an asymptotic bound which is guaranteed to hold for "sufficiently large" values of the security parameter.

References edit

  1. ^ Bellare, Mihir; Rogaway, Phillip (1995). "Optimal asymmetric encryption". Advances in Cryptology — EUROCRYPT'94. Lecture Notes in Computer Science. Vol. 950. pp. 92–111. doi:10.1007/BFb0053428. ISBN 978-3-540-60176-0.
  2. ^ Shoup, Victor (2002), "OAEP reconsidered", Journal of Cryptology, 15 (4): 223–249, doi:10.1007/s00145-002-0133-9, S2CID 26919974
  3. ^ Krawczyk, Hugo (2005). "HMQV: A High-Performance Secure Diffie-Hellman Protocol". Advances in Cryptology – CRYPTO 2005. Lecture Notes in Computer Science. Vol. 3621. pp. 546–566. doi:10.1007/11535218_33. ISBN 978-3-540-28114-6.
  4. ^ Menezes, Alfred J. (2007), "Another look at HMQV", Journal of Mathematical Cryptology, 1: 47–64, doi:10.1515/JMC.2007.004, S2CID 15540513
  5. ^ Bellare, Mihir; Pietrzak, Krzysztof; Rogaway, Phillip (2005). "Improved Security Analyses for CBC MACs". Advances in Cryptology – CRYPTO 2005. Lecture Notes in Computer Science. Vol. 3621. pp. 527–545. doi:10.1007/11535218_32. ISBN 978-3-540-28114-6.; and Pietrzak, Krzysztof (2006), "A Tight Bound for EMAC", Automata, Languages and Programming, Lecture Notes in Computer Science, vol. 4052, pp. 168–179, doi:10.1007/11787006_15, ISBN 978-3-540-35907-4
  6. ^ Jha, Ashwin; Nandi, Mridul (2016), "Revisiting structure graphs: Applications to CBC-MAC and EMAC", Journal of Mathematical Cryptology, 10 (3–4): 157–180, doi:10.1515/jmc-2016-0030, S2CID 33121117
  7. ^ Boneh, Dan; Franklin, Matthew (2003), "Identity-based encryption from the Weil pairing", SIAM Journal on Computing, 32 (3): 586–615, doi:10.1137/S0097539701398521
  8. ^ Galindo, David (2005), "Boneh-Franklin Identity Based Encryption Revisited", Automata, Languages and Programming, Lecture Notes in Computer Science, vol. 3580, pp. 791–802, doi:10.1007/11523468_64, hdl:2066/33216, ISBN 978-3-540-27580-0, S2CID 605011
  9. ^ McGrew, David A.; Viega, John (2004), "The Security and Performance of the Galois/Counter Mode (GCM) of Operation", Progress in Cryptology - INDOCRYPT 2004, Lecture Notes in Computer Science, vol. 3348, pp. 343–355, doi:10.1007/978-3-540-30556-9_27, ISBN 978-3-540-24130-0
  10. ^ Iwata, Tetsu; Ohashi, Keisuke; Minematsu, Kazuhiko (2012). "Breaking and Repairing GCM Security Proofs". Advances in Cryptology – CRYPTO 2012. Lecture Notes in Computer Science. Vol. 7417. pp. 31–49. doi:10.1007/978-3-642-32009-5_3. ISBN 978-3-642-32008-8.
  11. ^ Ristenpart, Thomas; Rogaway, Phillip (2007), "How to Enrich the Message Space of a Cipher", Fast Software Encryption, Lecture Notes in Computer Science, vol. 4593, pp. 101–118, doi:10.1007/978-3-540-74619-5_7, ISBN 978-3-540-74617-1
  12. ^ Nandi, Mridul (2014). "XLS is Not a Strong Pseudorandom Permutation". Advances in Cryptology – ASIACRYPT 2014. Lecture Notes in Computer Science. Vol. 8874. pp. 478–490. doi:10.1007/978-3-662-45611-8_25. ISBN 978-3-662-45607-1.
  13. ^ Bellare, Mihir; Garray, Juan A.; Rabin, Tal (1998). "Fast batch verification for modular exponentiation and digital signatures". Advances in Cryptology — EUROCRYPT'98. Lecture Notes in Computer Science. Vol. 1403. pp. 236–250. doi:10.1007/BFb0054130. ISBN 978-3-540-64518-4.
  14. ^ Coron, Jean-Sébastien; Naccache, David (1999), Public Key Cryptography, Lecture Notes in Computer Science, vol. 1560, pp. 197–203, doi:10.1007/3-540-49162-7, ISBN 978-3-540-65644-9, S2CID 11711093
  15. ^ McGrew, David A.; Fluhrer, Scott R. (2007), "The Security of the Extended Codebook (XCB) Mode of Operation", Selected Areas in Cryptography, Lecture Notes in Computer Science, vol. 4876, pp. 311–327, doi:10.1007/978-3-540-77360-3_20, ISBN 978-3-540-77359-7
  16. ^ Chakraborty, Debrup; Hernández-Jiménez, Vicente; Sarkar, Palash (2015), "Another look at XCB", Cryptography and Communications, 7 (4): 439–468, doi:10.1007/s12095-015-0127-8, S2CID 17251595
  17. ^ Bellare, Mihir; Rogaway, Phillip (2006). "The Security of Triple Encryption and a Framework for Code-Based Game-Playing Proofs". Advances in Cryptology - EUROCRYPT 2006. Lecture Notes in Computer Science. Vol. 4004. pp. 409–426. doi:10.1007/11761679_25. ISBN 978-3-540-34546-6.
  18. ^ Gaži, Peter; Maurer, Ueli (2009). "Cascade Encryption Revisited". Advances in Cryptology – ASIACRYPT 2009. Lecture Notes in Computer Science. Vol. 5912. pp. 37–51. doi:10.1007/978-3-642-10366-7_3. ISBN 978-3-642-10365-0.
  19. ^ Coron, Jean-Sébastien (2002). "Optimal Security Proofs for PSS and Other Signature Schemes". Advances in Cryptology — EUROCRYPT 2002. Lecture Notes in Computer Science. Vol. 2332. pp. 272–287. doi:10.1007/3-540-46035-7_18. ISBN 978-3-540-43553-2.
  20. ^ Kakvi, Saqib A.; Kiltz, Eike (2012). "Optimal Security Proofs for Full Domain Hash, Revisited". Advances in Cryptology – EUROCRYPT 2012. Lecture Notes in Computer Science. Vol. 7237. pp. 537–553. doi:10.1007/978-3-642-29011-4_32. ISBN 978-3-642-29010-7.
  21. ^ Coron, Jean-Sébastien; Patarin, Jacques; Seurin, Yannick (2008). "The Random Oracle Model and the Ideal Cipher Model Are Equivalent". Advances in Cryptology – CRYPTO 2008. Lecture Notes in Computer Science. Vol. 5157. pp. 1–20. doi:10.1007/978-3-540-85174-5_1. ISBN 978-3-540-85173-8.
  22. ^ Holenstein, Thomas; Künzler, Robin; Tessaro, Stefano (2011), "The equivalence of the random oracle model and the ideal cipher model, revisited", Proceedings of the forty-third annual ACM symposium on Theory of computing, pp. 89–98, arXiv:1011.1264, doi:10.1145/1993636.1993650, ISBN 9781450306911, S2CID 2960550{{citation}}: CS1 maint: date and year (link)
  23. ^ Koblitz, Neal; Menezes, Alfred (2019). "Critical perspectives on provable security: Fifteen years of 'Another look' papers". Advances in Mathematics of Communications. 13 (4): 517–558. doi:10.3934/amc.2019034.
  24. ^ These papers are all available at "Another look at provable security". Retrieved 12 April 2018.
  25. ^ Goldreich, Oded (2003). Foundations of Cryptography. Cambridge University Press. ISBN 9780521791724.
  26. ^ Koblitz, Neal; Menezes, Alfred J. (2007), "Another look at "provable security"", Journal of Cryptology, 20 (1): 3–37, doi:10.1007/s00145-005-0432-z, S2CID 7601573
  27. ^ a b "On post-modern cryptography". Retrieved 12 April 2018.
  28. ^ Koblitz, Neal (2007), "The uneasy relationship between mathematics and cryptography" (PDF), Notices Amer. Math. Soc., 54 (8): 972–979
  29. ^ a b "Letters to the Editor" (PDF), Notices Amer. Math. Soc., 54 (12): 1454–1455, 2007
  30. ^ a b "Letters to the Editor" (PDF), Notices Amer. Math. Soc., 55 (1): 6–7, 2008
  31. ^ Katz, Jonathan; Lindell, Yehuda (2008). Introduction to Modern Cryptography. Chapman & Hall/CRC. ISBN 9781584885511.
  32. ^ Damgård, I. (2007). "A "proof-reading" of Some Issues in Cryptography". Automata, Languages and Programming. Lecture Notes in Computer Science. Vol. 4596. pp. 2–11. doi:10.1007/978-3-540-73420-8_2. ISBN 978-3-540-73419-2. preprint {{cite book}}: External link in |postscript= (help)CS1 maint: postscript (link)
  33. ^ "Shtetl-Optimized". scottaaronson.com. September 2007.
  34. ^ Koblitz, Neal; Menezes, Alfred J. (2010), "The brave new world of bodacious assumptions in cryptography" (PDF), Notices Amer. Math. Soc., 57: 357–365
  35. ^ "RSA Conference 2010 USA: The Cryptographers Panel". YouTube. Archived from the original on 2021-12-22. Retrieved 9 April 2018.
  36. ^ Rogaway, Phillip. "Practice-Oriented Provable Security and the Social Construction of Cryptography". Unpublished Essay Corresponding to an Invited Talk at EUROCRYPT 2009. May 6, 2009preprint {{cite journal}}: External link in |postscript= (help)CS1 maint: postscript (link)

January 01, 1970
provable, security, this, section, includes, list, references, related, reading, external, links, sources, remain, unclear, because, lacks, inline, citations, please, help, improve, this, section, introducing, more, precise, citations, september, 2018, learn, . This section includes a list of references related reading or external links but its sources remain unclear because it lacks inline citations Please help improve this section by introducing more precise citations September 2018 Learn how and when to remove this message Provable security refers to any type or level of computer security that can be proved It is used in different ways by different fields Usually this refers to mathematical proofs which are common in cryptography In such a proof the capabilities of the attacker are defined by an adversarial model also referred to as attacker model the aim of the proof is to show that the attacker must solve the underlying hard problem in order to break the security of the modelled system Such a proof generally does not consider side channel attacks or other implementation specific attacks because they are usually impossible to model without implementing the system and thus the proof only applies to this implementation Outside of cryptography the term is often used in conjunction with secure coding and security by design both of which can rely on proofs to show the security of a particular approach As with the cryptographic setting this involves an attacker model and a model of the system For example code can be verified to match the intended functionality described by a model this can be done through static checking These techniques are sometimes used for evaluating products see Common Criteria the security here depends not only on the correctness of the attacker model but also on the model of the code Finally the term provable security is sometimes used by sellers of security software that are attempting to sell security products like firewalls antivirus software and intrusion detection systems As these products are typically not subject to scrutiny many security researchers consider this type of claim to be selling snakeoil Contents 1 In cryptography 1 1 Controversies 1 2 Practice oriented provable security 2 ReferencesIn cryptography editIn cryptography a system has provable security if its security requirements can be stated formally in an adversarial model as opposed to heuristically with clear assumptions that the adversary has access to the system as well as enough computational resources The proof of security called a reduction is that these security requirements are met provided the assumptions about the adversary s access to the system are satisfied and some clearly stated assumptions about the hardness of certain computational tasks hold An early example of such requirements and proof was given by Goldwasser and Micali for semantic security and the construction based on the quadratic residuosity problem Some proofs of security are in given theoretical models such as the random oracle model where real cryptographic hash functions are represented by an idealization There are several lines of research in provable security One is to establish the correct definition of security for a given intuitively understood task Another is to suggest constructions and proofs based on general assumptions as much as possible for instance the existence of a one way function A major open problem is to establish such proofs based on P NP since the existence of one way functions is not known to follow from the P NP conjecture Controversies edit Several researchers have found mathematical fallacies in proofs that had been used to make claims about the security of important protocols In the following partial list of such researchers their names are followed by first a reference to the original paper with the purported proof and then a reference to the paper in which the researchers reported on flaws V Shoup 1 2 A J Menezes 3 4 A Jha and M Nandi 5 6 D Galindo 7 8 T Iwata K Ohashi and K Minematsu 9 10 M Nandi 11 12 J S Coron and D Naccache 13 14 D Chakraborty V Hernandez Jimenez and P Sarkar 15 16 P Gazi and U Maurer 17 18 S A Kakvi and E Kiltz 19 20 and T Holenstein R Kunzler and S Tessaro 21 22 Koblitz and Menezes have written that provable security results for important cryptographic protocols frequently have fallacies in the proofs are often interpreted in a misleading manner giving false assurances typically rely upon strong assumptions that may turn out to be false are based on unrealistic models of security and serve to distract researchers attention from the need for old fashioned non mathematical testing and analysis Their series of papers supporting these claims 23 24 have been controversial in the community Among the researchers who have rejected the viewpoint of Koblitz Menezes is Oded Goldreich a leading theoretician and author of Foundations of Cryptography 25 He wrote a refutation of their first paper Another look at provable security 26 that he titled On post modern cryptography Goldreich wrote we point out some of the fundamental philosophical flaws that underlie the said article and some of its misconceptions regarding theoretical research in cryptography in the last quarter of a century 27 1 In his essay Goldreich argued that the rigorous analysis methodology of provable security is the only one compatible with science and that Koblitz and Menezes are reactionary i e they play to the hands of the opponents of progress 27 2 In 2007 Koblitz published The Uneasy Relationship Between Mathematics and Cryptography 28 which contained some controversial statements about provable security and other topics Researchers Oded Goldreich Boaz Barak Jonathan Katz Hugo Krawczyk and Avi Wigderson wrote letters responding to Koblitz s article which were published in the November 2007 and January 2008 issues of the journal 29 30 Katz who is coauthor of a highly regarded cryptography textbook 31 called Koblitz s article snobbery at its purest 29 1455 and Wigderson who is a permanent member of the Institute for Advanced Study in Princeton accused Koblitz of slander 30 7 Ivan Damgard later wrote a position paper at ICALP 2007 on the technical issues 32 and it was recommended by Scott Aaronson as a good in depth analysis 33 Brian Snow former Technical Director of the Information Assurance Directorate of the U S National Security Agency recommended the Koblitz Menezes paper The brave new world of bodacious assumptions in cryptography 34 to the audience at the RSA Conference 2010 Cryptographers Panel 35 Practice oriented provable security edit Classical provable security primarily aimed at studying the relationship between asymptotically defined objects Instead practice oriented provable security is concerned with concrete objects of cryptographic practice such as hash functions block ciphers and protocols as they are deployed and used 36 Practice oriented provable security uses concrete security to analyse practical constructions with fixed key sizes Exact security or concrete security is the name given to provable security reductions where one quantifies security by computing precise bounds on computational effort rather than an asymptotic bound which is guaranteed to hold for sufficiently large values of the security parameter References edit Bellare Mihir Rogaway Phillip 1995 Optimal asymmetric encryption Advances in Cryptology EUROCRYPT 94 Lecture Notes in Computer Science Vol 950 pp 92 111 doi 10 1007 BFb0053428 ISBN 978 3 540 60176 0 Shoup Victor 2002 OAEP reconsidered Journal of Cryptology 15 4 223 249 doi 10 1007 s00145 002 0133 9 S2CID 26919974 Krawczyk Hugo 2005 HMQV A High Performance Secure Diffie Hellman Protocol Advances in Cryptology CRYPTO 2005 Lecture Notes in Computer Science Vol 3621 pp 546 566 doi 10 1007 11535218 33 ISBN 978 3 540 28114 6 Menezes Alfred J 2007 Another look at HMQV Journal of Mathematical Cryptology 1 47 64 doi 10 1515 JMC 2007 004 S2CID 15540513 Bellare Mihir Pietrzak Krzysztof Rogaway Phillip 2005 Improved Security Analyses for CBC MACs Advances in Cryptology CRYPTO 2005 Lecture Notes in Computer Science Vol 3621 pp 527 545 doi 10 1007 11535218 32 ISBN 978 3 540 28114 6 and Pietrzak Krzysztof 2006 A Tight Bound for EMAC Automata Languages and Programming Lecture Notes in Computer Science vol 4052 pp 168 179 doi 10 1007 11787006 15 ISBN 978 3 540 35907 4 Jha Ashwin Nandi Mridul 2016 Revisiting structure graphs Applications to CBC MAC and EMAC Journal of Mathematical Cryptology 10 3 4 157 180 doi 10 1515 jmc 2016 0030 S2CID 33121117 Boneh Dan Franklin Matthew 2003 Identity based encryption from the Weil pairing SIAM Journal on Computing 32 3 586 615 doi 10 1137 S0097539701398521 Galindo David 2005 Boneh Franklin Identity Based Encryption Revisited Automata Languages and Programming Lecture Notes in Computer Science vol 3580 pp 791 802 doi 10 1007 11523468 64 hdl 2066 33216 ISBN 978 3 540 27580 0 S2CID 605011 McGrew David A Viega John 2004 The Security and Performance of the Galois Counter Mode GCM of Operation Progress in Cryptology INDOCRYPT 2004 Lecture Notes in Computer Science vol 3348 pp 343 355 doi 10 1007 978 3 540 30556 9 27 ISBN 978 3 540 24130 0 Iwata Tetsu Ohashi Keisuke Minematsu Kazuhiko 2012 Breaking and Repairing GCM Security Proofs Advances in Cryptology CRYPTO 2012 Lecture Notes in Computer Science Vol 7417 pp 31 49 doi 10 1007 978 3 642 32009 5 3 ISBN 978 3 642 32008 8 Ristenpart Thomas Rogaway Phillip 2007 How to Enrich the Message Space of a Cipher Fast Software Encryption Lecture Notes in Computer Science vol 4593 pp 101 118 doi 10 1007 978 3 540 74619 5 7 ISBN 978 3 540 74617 1 Nandi Mridul 2014 XLS is Not a Strong Pseudorandom Permutation Advances in Cryptology ASIACRYPT 2014 Lecture Notes in Computer Science Vol 8874 pp 478 490 doi 10 1007 978 3 662 45611 8 25 ISBN 978 3 662 45607 1 Bellare Mihir Garray Juan A Rabin Tal 1998 Fast batch verification for modular exponentiation and digital signatures Advances in Cryptology EUROCRYPT 98 Lecture Notes in Computer Science Vol 1403 pp 236 250 doi 10 1007 BFb0054130 ISBN 978 3 540 64518 4 Coron Jean Sebastien Naccache David 1999 Public Key Cryptography Lecture Notes in Computer Science vol 1560 pp 197 203 doi 10 1007 3 540 49162 7 ISBN 978 3 540 65644 9 S2CID 11711093 McGrew David A Fluhrer Scott R 2007 The Security of the Extended Codebook XCB Mode of Operation Selected Areas in Cryptography Lecture Notes in Computer Science vol 4876 pp 311 327 doi 10 1007 978 3 540 77360 3 20 ISBN 978 3 540 77359 7 Chakraborty Debrup Hernandez Jimenez Vicente Sarkar Palash 2015 Another look at XCB Cryptography and Communications 7 4 439 468 doi 10 1007 s12095 015 0127 8 S2CID 17251595 Bellare Mihir Rogaway Phillip 2006 The Security of Triple Encryption and a Framework for Code Based Game Playing Proofs Advances in Cryptology EUROCRYPT 2006 Lecture Notes in Computer Science Vol 4004 pp 409 426 doi 10 1007 11761679 25 ISBN 978 3 540 34546 6 Gazi Peter Maurer Ueli 2009 Cascade Encryption Revisited Advances in Cryptology ASIACRYPT 2009 Lecture Notes in Computer Science Vol 5912 pp 37 51 doi 10 1007 978 3 642 10366 7 3 ISBN 978 3 642 10365 0 Coron Jean Sebastien 2002 Optimal Security Proofs for PSS and Other Signature Schemes Advances in Cryptology EUROCRYPT 2002 Lecture Notes in Computer Science Vol 2332 pp 272 287 doi 10 1007 3 540 46035 7 18 ISBN 978 3 540 43553 2 Kakvi Saqib A Kiltz Eike 2012 Optimal Security Proofs for Full Domain Hash Revisited Advances in Cryptology EUROCRYPT 2012 Lecture Notes in Computer Science Vol 7237 pp 537 553 doi 10 1007 978 3 642 29011 4 32 ISBN 978 3 642 29010 7 Coron Jean Sebastien Patarin Jacques Seurin Yannick 2008 The Random Oracle Model and the Ideal Cipher Model Are Equivalent Advances in Cryptology CRYPTO 2008 Lecture Notes in Computer Science Vol 5157 pp 1 20 doi 10 1007 978 3 540 85174 5 1 ISBN 978 3 540 85173 8 Holenstein Thomas Kunzler Robin Tessaro Stefano 2011 The equivalence of the random oracle model and the ideal cipher model revisited Proceedings of the forty third annual ACM symposium on Theory of computing pp 89 98 arXiv 1011 1264 doi 10 1145 1993636 1993650 ISBN 9781450306911 S2CID 2960550 a href Template Citation html title Template Citation citation a CS1 maint date and year link Koblitz Neal Menezes Alfred 2019 Critical perspectives on provable security Fifteen years of Another look papers Advances in Mathematics of Communications 13 4 517 558 doi 10 3934 amc 2019034 These papers are all available at Another look at provable security Retrieved 12 April 2018 Goldreich Oded 2003 Foundations of Cryptography Cambridge University Press ISBN 9780521791724 Koblitz Neal Menezes Alfred J 2007 Another look at provable security Journal of Cryptology 20 1 3 37 doi 10 1007 s00145 005 0432 z S2CID 7601573 a b On post modern cryptography Retrieved 12 April 2018 Koblitz Neal 2007 The uneasy relationship between mathematics and cryptography PDF Notices Amer Math Soc 54 8 972 979 a b Letters to the Editor PDF Notices Amer Math Soc 54 12 1454 1455 2007 a b Letters to the Editor PDF Notices Amer Math Soc 55 1 6 7 2008 Katz Jonathan Lindell Yehuda 2008 Introduction to Modern Cryptography Chapman amp Hall CRC ISBN 9781584885511 Damgard I 2007 A proof reading of Some Issues in Cryptography Automata Languages and Programming Lecture Notes in Computer Science Vol 4596 pp 2 11 doi 10 1007 978 3 540 73420 8 2 ISBN 978 3 540 73419 2 preprint a href Template Cite book html title Template Cite book cite book a External link in code class cs1 code postscript code help CS1 maint postscript link Shtetl Optimized scottaaronson com September 2007 Koblitz Neal Menezes Alfred J 2010 The brave new world of bodacious assumptions in cryptography PDF Notices Amer Math Soc 57 357 365 RSA Conference 2010 USA The Cryptographers Panel YouTube Archived from the original on 2021 12 22 Retrieved 9 April 2018 Rogaway Phillip Practice Oriented Provable Security and the Social Construction of Cryptography Unpublished Essay Corresponding to an Invited Talk at EUROCRYPT 2009 May 6 2009preprint a href Template Cite journal html title Template Cite journal cite journal a External link in code class cs1 code postscript code help CS1 maint postscript link Retrieved from https en wikipedia org w index php title Provable security amp oldid 1192033077, wikipedia, wiki, book, books, library,

article

, read, download, free, free download, mp3, video, mp4, 3gp, jpg, jpeg, gif, png, picture, music, song, movie, book, game, games.