# Time for a Paradigm Shift in Our Disciplinary Culture?

@inproceedings{Koblitz2016TimeFA, title={Time for a Paradigm Shift in Our Disciplinary Culture?}, author={Neal Koblitz}, booktitle={Mycrypt}, year={2016} }

The well-known KISS principle of engineering — Keep It Simple, Stupid! — is also of value in cryptography. In certain subfields, such as lattice-based crypto and indistinguishability obfuscation, the proposed constructions pay little heed to the KISS principle. Even the descriptions of the proper functioning of the protocols are frightfully complicated (by comparison with RSA or ECC, for example), and the security analyses and guidelines for parameter selection are even more problematic.

## References

SHOWING 1-10 OF 22 REFERENCES

Another Look at Tightness II: Practical Issues in Cryptography

- Computer Science, MathematicsIACR Cryptol. ePrint Arch.
- 2016

N nontightness in connection with complexity leveraging, HMAC, lattice-based cryptography, identity-based encryption, and hybrid encryption is discussed.

Another look at security definitions

- Computer ScienceAdv. Math. Commun.
- 2013

A critical look at security models that are often used to give "provable security" guarantees finds that they fail to take into account many types of attacks and do not provide a comprehensive model of adversarial behavior.

Another look at HMAC

- Computer Science, MathematicsIACR Cryptol. ePrint Arch.
- 2012

A separation result is proved between two versions of HMAC, the former being the real-world version standardized by Bellare et al. in 1997 and the latter being the version described in Bellare's proof of security in his Crypto 2006 paper.

Another Look at Security Theorems for 1-Key Nested MACs

- Mathematics, Computer ScienceOpen Problems in Mathematics and Computational Science
- 2014

It is concluded that from a provable security standpoint, there is little reason to prefer HMAC to Envelope MAC or similar schemes and a theorem assuming collision resistance is proved.

Another look at HMQV

- Computer Science, MathematicsJ. Math. Cryptol.
- 2007

It is demonstrated that the HMQV protocols are insecure by presenting realistic attacks in the Canetti-Krawczyk model that recover a victim's static private key.

A "Paradoxical" Solution to the Signature Problem (Extended Abstract)

- Computer Science, MathematicsFOCS
- 1984

A general signature scheme which uses any pair of trap-door permutations for which it is infeasible to find any x, y with f0(x) = f1(y) and possesses the novel property of being robust against an adaptive chosen message attack.

HMQV: A High-Performance Secure Diffie-Hellman Protocol

- Computer Science, MathematicsCRYPTO
- 2005

HMQV is presented, a carefully designed variant of MQV that provides the same superb performance and functionality of the original protocol but for which all the MqV's security goals can be formally proved to hold in the random oracle model under the computational Diffie-Hellman assumption.

Reducing elliptic curve logarithms to logarithms in a finite field

- Mathematics, Computer ScienceSTOC '91
- 1991

The main result of the paper is to demonstrate the reduction of the elliptic curve logarithm problem to the logariths problem in the multiplicative group of an extension of the underlying finite field, thus providing a probabilistic subexponential time algorithm for the former problem.

New Proofs for NMAC and HMAC: Security without Collision Resistance

- Computer Science, MathematicsJournal of Cryptology
- 2014

It is shown that an even weaker than PRF condition on the compression function, namely that it is a privacy-preserving MAC, suffices to establish HMAC is a secure MAC as long as the hash function meets the very weak requirement of being computationally almost universal.