Another Look at "Provable Security". II
نویسندگان
چکیده
We discuss the question of how to interpret reduction arguments in cryptography. We give some examples to show the subtlety and difficulty of this question.
منابع مشابه
Another look at security definitions
We take a critical look at security models that are often used to give “provable security” guarantees. We pay particular attention to digital signatures, symmetric-key encryption, and leakage resilience. We find that there has been a surprising amount of uncertainty about what the “right” definitions might be. Even when definitions have an appealing logical elegance and nicely reflect certain n...
متن کاملAnother Look at PMAC
We can view an existing Message Authentication Code (MAC) as a Carter-Wegman MAC in spite of the fact it may not have been designed as one. This will make the analysis easier than it has been when considered from other viewpoints. In this paper, we can look PMAC with two keys as a Carter-Wegman MAC and get a simple security proof for it. Using this viewpoint to look at PMAC, we will learn not o...
متن کاملPractice-Oriented Provable-Security
This short article is intended to complement my talk. I would like to try to introduce you to a certain, relatively new sub-area of cryptography that we have been calling practice-oriented provable-security. It is about applying the ideas of “provably security” to the derivation of practical, secure protocols. I believe it is a fruitful blend of theory and practice that is able to enrich both s...
متن کاملAnother look at HMQV
The HMQV protocols are ‘hashed variants’ of the MQV key agreement protocols. They were introduced at CRYPTO 2005 by Krawczyk, who claimed that the HMQV protocols have very significant advantages over their MQV counterparts: (i) security proofs under reasonable assumptions in the (extended) Canetti-Krawczyk model for key exchange; and (ii) superior performance in some situations. In this paper w...
متن کاملAnother Look at Security Theorems for 1-Key Nested MACs
We prove a security theorem without collision-resistance for a class of 1-key hash-function-based MAC schemes that includes HMAC and Envelope MAC. The proof has some advantages over earlier proofs: it is in the uniform model, it uses a weaker related-key assumption, and it covers a broad class of MACs in a single theorem. However, we also explain why our theorem is of doubtful value in assessin...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
- IACR Cryptology ePrint Archive
دوره 2006 شماره
صفحات -
تاریخ انتشار 2006