Timeline for Bridging the gap between security proofs and "real-world" security
Current License: CC BY-SA 3.0
8 events
| when toggle format | what | by | license | comment | |
|---|---|---|---|---|---|
| Aug 6, 2018 at 11:51 | answer | added | Alpha Bravo | timeline score: 1 | |
| Oct 1, 2014 at 12:58 | comment | added | tylo | If there was an answer to this question, it would probably fill hundreds of journals, I guess. And even then, scientists would not be able to agree on common assumptions, I guess. | |
| Sep 30, 2014 at 22:09 | comment | added | pg1989 | Hmm... you might be right. I wouldn't be offended if people voted to close; this was just on my mind and I wanted to solicit input from the community. | |
| Sep 30, 2014 at 21:15 | comment | added | Seth | I think that in its current form, this question might be too broad and subjective. This rabbit hole is deep. The range of possible issues includes appropriateness of the attack model (most models assume no timing side-channels exist), the interpretation of what "secure" means (when is it safe to leak plaintext length? Are even the strongest possible order-preserving encryption security definitions "secure enough"?), the assumptions (AES? Good. LWE? Hmm... ROM? Uh...). To say nothing of concrete vs. asymptotic security, a can of worms on its own! Not to mention implementation issues. | |
| Sep 30, 2014 at 3:40 | history | tweeted | twitter.com/#!/StackCrypto/status/516794639160864768 | ||
| Sep 30, 2014 at 0:14 | comment | added | pg1989 | I guess a salient example of this is encryption that preserves some functionality of the plaintext in the ciphertexts. Most good schemes in this area provide a proof of security based on a constructed model of the ideal functionality. How do we reason about the relevance of that model to a real deployed implementation of the scheme? | |
| Sep 30, 2014 at 0:08 | comment | added | mikeazo | Can you give some examples? | |
| Sep 29, 2014 at 23:53 | history | asked | pg1989 | CC BY-SA 3.0 |