Lipton Post on Provable Security

by

There is a great discussion on Godel’s Lost Letters about provable security.  As usual Prof. Lipton has great stories and some virtuoso computer science to share — and the comments are wonderful — so I really recommend that you read this post and the comments.

Advertisements

2 Responses to “Lipton Post on Provable Security”

  1. Ian Axelrod Says:

    It saddens me to say that I was only barely competent enough in ECC and generic groups to understand all that they talked about. It was a slow read because of that.
    That out of the way, I think that Dr. Lipton is correct, but I do not think he goes into detail as to why flawed protocols are passed as correct.
    Of course, first and foremost, it is because a mistake is made in the proof or some observation is overlooked. That is addressed in the article.
    What is only addressed as an aside is the reason why these mistakes are overlooked throughout multiple rounds of review and whatnot. The reason cited in the article is a lack of peer review, which I am sure is partly to blame.

    I propose another, more significant, reason: These people want their protocol recognized, and recognized fast, so that they can capitalize on it and get a real return for their investment in time – money and recognition. They are at an advantage if they can hush-hush errors in the proof as long as no one outspoken notices them. They can introduce fixes later.

    Not wanting to be proven wrong simply out of pride is of course a second consideration for many (most?) people. Adam’s first comment is an example of this.

    -Ian

  2. Karthik Rangarajan Says:

    I completely disagree that Adam’s first comment is an example of not wanting to be proven wrong because of pride. It doesn’t make sense, these are guys who have been working on cryptography for a long time, and the only way they work is by finding flaws in proof, and by correcting the proof. Getting the simplest proof in crypto can be really hard, proving a protocol secure, that too in generic groups, is a huge challenge.

    As for the second thing, where they want to “get recognized, and get recognized fast”..I don’t think that’s a reason at all. Sasha is well known in crypto, she wouldn’t claim something that wasn’t true just to get some “fame”. Most people in academia wouldn’t do it, as far as I know. 🙂

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s


%d bloggers like this: