--
James A. Donald:
> > I do not understand what is meant by "provably secure"]
At 09:57 AM 7/28/2000 -0400, Rich Salz wrote
> An unfortunate admission for a would-be cryptographer.
It should have been obvious from the context that you deleted that I was
criticizing the use of the word to refer to protocol.
Multicast is a protocol, not a cypher. It may well use provably secure
cyphers, but that does not make multicast provably secure.
"Provably secure" is a word applicable to cyphers, not protocols. To use
it in reference to a protocol is nonsense gibberish.
"Provably secure" means that breaking a cypher is as hard as cracking the
underlying one way transformation", which is usually true, and not very
interesting, since cypher weakness is separate from protocol
weakness. Cyphers are almost always stronger than protocols, and protocols
seldom attacked through their cyphers.
When we discuss a protocol, we normally take for granted that the cyphers
are strong, irrespective of whether they are provably secure or not.
One can prove that cracking a cypher is as hard as cracking some well known
mathematical problem.
What, however, does it mean to say that a protocol is provably secure? A
protocol is not a cypher, though it uses well known cyphers.
For example the problem with Verisign is not any weakness in the cyphers,
but a weakness in determining true names.
--digsig
James A. Donald
6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG
f/wePiA4NUqV4TnDEAk3SMnTITqtbXlOE+0v1m/3
4r58BUE6S1/oWtoWDbs9VJxhGz07D0ZA1WMhIvFuB