Practice-Oriented Provable-Security
نویسنده
چکیده
This short article is intended to complement my talk. I would like to try to introduce you to a certain, relatively new sub-area of cryptography that we have been calling practice-oriented provable-security. It is about applying the ideas of “provably security” to the derivation of practical, secure protocols. I believe it is a fruitful blend of theory and practice that is able to enrich both sides and has by now had some impact on real world security. A few years ago, provable security was largely known only to theoreticians. This has been changing. We are seeing a growing appreciation of provable security in practice, leading in some cases to the use of such schemes in preference to other ones. Indeed it seems standards bodies and implementors now view provable security as an attribute of a proposed scheme. This means that a wider audience needs an understanding of the basic ideas behind provable security. This article is directed at practioners and theoreticians alike. For the first I hope it will help to understand what provable security is and isn’t, why it is useful, how to evaluate the provable security of a scheme, and where to look for such schemes. For the second group, it can serve to acquaint them with how the ideas with which they are familiar are being applied. I will begin by describing the basic idea behind provable security. (For many of you, this will be mostly recall, but some novel viewpoints or examples may enter.) Next, I will discuss the practice-oriented approach. I will discuss its main ideas, the problems it has addressed, and briefly survey known results. I hope to leave you feeling there is scope here both for interesting research and for application.
منابع مشابه
Probabilistic Relational Hoare Logics for Computer-Aided Security Proofs
The provable security paradigm originates from the work of Goldwasser and Micali [10] and plays a central role in modern cryptography. Since its inception, the focus of provable security has gradually shifted towards practice-oriented provable security [4]. The central goal of practice-oriented provable security is to develop and analyze efficient cryptographic systems that can be used for prac...
متن کاملTowards a Secure Human-and-Computer Mutual Authentication Protocol
We blend research from human-computer interface (HCI) design with computational based cryptographic provable security. We explore the notion of practice-oriented provable security (POPS), moving the focus to a higher level of abstraction (POPS+) for use in providing provable security for security ceremonies involving humans. In doing so we highlight some challenges and paradigm shifts required ...
متن کاملEfficient Lattice-based Authenticated Encryption: A Practice-Oriented Provable Security Approach
Lattice-based cryptography has been received significant attention in the past decade. It has attractive properties such as being a major post-quantum cryptography candidate, enjoying worst-case to average-case security reductions, and being supported by efficient implementations. In recent years, lattice-based schemes have achieved enough maturity to become interesting also for the industry. A...
متن کاملInvariant-based Cryptosystems and Their Security Against Provable Worst-Case Break?
Cryptography based on noncommutative algebra still suffers from lack of schemes and lack of interest. In this work, we show new constructions of cryptosystems based on group invariants and suggest methods to make such cryptosystems secure in practice. Cryptographers still cannot prove security in its cryptographic sense or even reduce it to some statement about regular complexity classes. In th...
متن کامل