provable security: some caveats

Report

Tags:

Post on 30-Dec-2015

56 Views

Category:

Documents

4 Downloads

Preview:

Click to see full reader

DESCRIPTION

Provable Security: Some Caveats. Ari Juels RSA Laboratories 3 November 1999. What is provable security?. Is this provable security?. Ivan Damgård : Payment Systems and Credential Mechanisms with Provable Security Against Abuse by Individuals. 328-335 -- CRYPTO ‘88. Or this follow-on?. - PowerPoint PPT Presentation

TRANSCRIPT

Ari Juels RSA Laboratories3 November 1999

Provable Security: Some Caveats

What is provable security?

Is this provable security?

Ivan Damgård: Payment Systems and Credential

Mechanisms with Provable Security Against Abuse

by Individuals. 328-335 -- CRYPTO ‘88

Or this follow-on?

Birgit Pfitzmann, Michael Waidner:

How to Break and Repair a "Provably Secure"

Untraceable Payment System. 338-350 , CRYPTO ‘91

Is this provable security?

M. Ajtai and C. Dwork. A public-key cryptosystem with worst-case/

average-case equivalence. In Proc. 29th ACM STOC, pp. 284-293,

1997

A follow-on

P. Nguyen and J. Stern.

Cryptanalysis of the Ajtai-Dwork Cryptosystem

Proc. Of Crypto 98, pp. 223-242

Problems with provable security

Who shall guard the guardians? Who’s to say that a proof is correct?

Worst case security Average case security Asymptotic security Real world security

But even with a more precise notion of ‘‘provable security’’...

Amdahl’s Law

Part 1 Part 2 Part 3 Part 4

Amdahl’s Law

Part 1 Part 2 Part 3 Part 4

…Accelerating a small piece doesn’t help much

“Amdahl’s Law of Security”

Part 1 Part 2 Part 3 Part 4

Crypto

“Amdahl’s Law of Security”

Part 1 Part 2 Part 3 Part 4

…Strengthening secure part doesn’t help much

Provable Security Strengthens Most Secure Part

As far as we know, cryptography is rarely weakest point in system. Instead, it’s:

– Bad password selection– Social engineering– Bad software implementation

Where do you wnt to go today?re

WWhere do you want to go today?

A major security problem...

Provable security

May distract from more critical vulnerabilities– Hackers just go around the crypto

May yield more complex algorithms, and therefore make correct implementation less likely

Slow down implementations and encourage avoidance of crypto

What lessons to be learned?

Emphasis on extensive expert and empirical testing as a basis for security as with, e.g., RSA– Can be in addition to proofs

Emphasis on simple proofs and algorithms and on ‘exact security’

top related

cse identity-based distributed provable data
Documents
caveats - cisco · caveats • caveatqueriesbyproduct, page...
Documents
provable security1
Technology
provable security2
Technology
provable bounds for learning some deep representations
Documents
1 dynamic provable data possession
Documents
provable apis
Documents
removal of caveats -...
Documents
research survey on provable data possession
Documents
oracle json caveats
Software
important caveats in technical analysisimportant … ·...
Documents
cutaneous melanocytomas: variants and caveats
Documents
first, some caveats …
Documents
provable protocols for unlinkability
Documents
introduction to provable security...introduction to provable...
Documents
cisco asr1k caveats 38s - cisco
Documents
biochemical diagnosis in prolactinomas: some...
Documents
provable security against side-channel attacks
Documents
dynamic provable data possession
Documents
provable software laboratory moonzoo kim
Documents