Practice-Oriented Provable-Security

This short article is intended to complement my talk. I would like to try to introduce you to a certain, relatively new sub-area of cryptography that we have been calling practice-oriented provable-security. It is about applying the ideas of “provably security” to the derivation of practical, secure protocols. I believe it is a fruitful blend of theory and practice that is able to enrich both sides and has by now had some impact on real world security.A few years ago, provable security was largely known only to theoreticians. This has been changing. We are seeing a growing appreciation of provable security in practice, leading in some cases to the use of such schemes in preference to other ones. Indeed it seems standards bodies and implementors now view provable security as an attribute of a proposed scheme. This means that a wider audience needs an understanding of the basic ideas behind provable security.This article is directed at practioners and theoreticians alike. For the first I hope it will help to understand what provable security is and isn't, why it is useful, how to evaluate the provable security of a scheme, and where to look for such schemes. For the second group, it can serve to acquaint them with how the ideas with which they are familiar are being applied.I will begin by describing the basic idea behind provable security. (For many of you, this will be mostly recall, but some novel viewpoints or examples may enter.) Next, I will discuss the practice-oriented approach. I will discuss its main ideas, the problems it has addressed, and briefly survey known results. I hope to leave you feeling there is scope here both for interesting research and for application.