Victor Duchovni wrote: > This part is not too radical. The more specific > skepticism of security proofs (I am reluctant to agree > that these are actively harmful), seems to be a > combination of the peer review issue above, and > (often?) lack of tight bounds that make the proofs > applicable to realistic parameter sizes.
"Proof of security" is actively harmful, for the best proofs of security are not worth much, and merely by existing, they give license for people to produce proofs that are amazingly worthless. As "proofs" of ever diminishing value multiply, it becomes difficult to distinguish the multitude of utterly worthless "proofs" from those proofs that have some limited value. While it is possible to produce a proof that is actually worth something, lots of morons glibly churn out large numbers of proofs that are as stupid as they are worthless. Even the best "proofs" of security involve some misdirection and a lowering of our standards about proof, whereupon one thousand idiots gleefully point at that subtle lowering of standards as justification to lower standards a great deal further - snake oil wearing the decorations of mathematics. --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
