Another Look at Provable Security

Ever since Thomas Kuhn's The Structure of Scientific Revolutions appeared a half-century ago, historians of science and technology have viewed the challenging — and occasionally the overthrowing — of reigning paradigms as an essential part of scientific progress. In contrast, complacency, arrogance, and efforts to suppress alternative viewpoints (for example, by dominating program committees or editorial boards) are antithetical to the scientific spirit.

This very general observation applies with special force to cryptography. Throughout history the most successful cryptographers have been those who've been aware of the need to be constantly questioning assumptions, searching for new vulnerabilities, and critiquing exaggerated claims of security.

In our time one of the dominant paradigms in cryptographic research goes by the name "provable security." This is the notion that the best (or, some would say, the only) way to have confidence in the security of a cryptographic protocol is to have a mathematically rigorous theorem that establishes some sort of guarantee of security (defined in a suitable way) under certain conditions and given certain assumptions.

The purpose of this website is to encourage the emergence of a more skeptical and less credulous attitude toward this notion and to contribute to a process of critical analysis of the positive and negative features of the "provable security" paradigm.

Neal Koblitz and Alfred Menezes