Re: Maybe It's Snake Oil All the Way Down

[Amir Herzberg]

Erik is right: there must be very strong motivation to consider using a 
cryptographic mechanism/protocol which is not `standard` (de-facto 
standards are Ok). When this motivation is supposedly improved security, 
the new (supposedly more secure) primitive should preferably be composed 
with a supposedly-weaker but standard mechanism, in a 
`cryptanalysis-tolerant` manner, i.e. an attack should apply to _both_ 
mechanisms. But of course other motivations (e.g. performance) may rule out 
this approach.

The basic security argument underlying computational cryptography is always 
the fact that it withstood cryptanalysis. Even when we provide `provable 
security`, what the proofs really show is only that the 
mechanism/protocol  is as secure as some other assumption. The only 
exception is unconditional secure systems such as one-time pad, but these 
are usually not practical (e.g. due to key length requirements); in 
particular public key systems are always `only` computationally secure.

This is not really a problem and certainly not a motivation to design new 
systems, without a proof of security...

Best, Amir Herzberg
http://amir.herzberg.name
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]