Another Look at Provable Security

  • Alfred Menezes
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 7237)


Many cryptographers believe that the only way to have confidence in the security of a cryptographic protocol is to have a mathematically rigorous proof that the protocol meets its stated goals under certain assumptions. However, it is often difficult to assess what such proofs really mean in practice especially if the proof is non-tight, the underlying assumptions are contrived, or the security definition is in the single-user setting. We will present some examples that illustrate this difficulty and highlight the important role that old-fashioned cryptanalysis and sound engineering practices continue to play in establishing and maintaining confidence in the security of a cryptographic protocol.


  1. 1.
    Chatterjee, S., Menezes, A., Sarkar, P.: Another Look at Tightness. In: Vaudenay, S. (ed.) SAC 2011. LNCS, vol. 7118, pp. 293–319. Springer, Heidelberg (2011)Google Scholar
  2. 2.
    Koblitz, N., Menezes, A.: Another look at provable security,
  3. 3.
    Koblitz, N., Menezes, A.: Another look at security definitions, Cryptology ePrint Archive: Report 2011/343Google Scholar

Copyright information

© International Association for Cryptologic Research 2012

Authors and Affiliations

  • Alfred Menezes
    • 1
  1. 1.Department of Combinatorics & OptimizationUniversity of WaterlooCanada

Personalised recommendations