I would appreciate very much, if you could bring an example, or some examples, of your statement:”but the latter tend to come up with much more practical systems”.

]]>As one who knows the field in question fairly well, definitely better than any of the other posters here, I cannot but laugh at the whole charade. Basically, Foundations of Cryptography is meant to make order in the field, and create the theoretical background lacking in a field that was for centuries based on non-scientific intuition. It is ridicules that Koblitz as a mathematician is trying to undermine these efforts in favor of intuition, which especially in a field as hard as cryptography, will get you wrong almost every time.

As far as rigor goes, Bruce, by definition the theory of cryptography is as rigor as any field in mathematics, and all one needs to do in order to see that is simply read Oded’s book. Practical systems in Applied Cryptography may rely on hardness of a not-so-clear assumptions like the hardness of factoring, but that is whole notion of the practicality of the system. Even though factoring is getting easier, it is still hard enough for any practical application.

It seems that Koblitz intentionally used the weak hardness claims which some applied cryptography protocols are based on, to create a demagogic rant against the theory base of the field, without giving any reasonable proof.

In fact, you don’t need no fancy stinkin’ algorithms for the encryption part: One-Time Pads with XOR are the ideal solution “given good key management”.

]]>Actually, I have seen a real use for N-space topology, and it’s at least somewhat relevant to this site: optimal signal selection.

If signals are selected from an orthogonal multidimensional phase space (e.g., there are three overlapping frequencies: ‘A’ is 0,1,sqrt(2); ‘B’ is sqrt(2),0,1; etc.), noise tends to distort the signal by pushing it a distance away from its original point. The result is that the effective space taken up by all signals is a sphere of as many dimensions as you have independent variables.

Now, if you want to minimize power usage, you want to minimize the average distance from the origin to the centers of all these spheres. The result then becomes an N-dimensional sphere packing problem.

]]>
And let’s not forget the assumptions that you theorists make about

key management.

(laugh)… surf the “snake oil” posts on Bruce’s blog… theorists may say, “this is provably secure given good key management” (which may be true but somewhat naive), but there’s just as many horrid examples of practitioners making really bad unstated assumptions about key management. The use of “you theorists” belies objectivity here.

I don’t claim to be an expert in cryptographic theory (you’ll note I disclaimed that above), but I’ll reasonably claim that I know the difference between different schools of thought. If you regard Kobilitz’s paper as a criticism of the gray area in cryptography where the math hits the science and how the cryptographic community (as a whole) operates in that gray area, well, I think there’s blame to throw on both sides of the fence there.

]]>I recommend that anyone who’s bickering (above) take a few courses in breaking crypto systems. You’ll find out that while the math is usually pretty, coding them usually isn’t. And let’s not forget the assumptions that you theorists make about key management.

Before you ask: no, I don’t consider myself a member of either group. I never made it past tech calc and don’t feel insulted by any of the previous statements about which group is better/smarter/has a longer proof.

As far as I know, only one person on this page has an accepted crypto-system in operation. The rest of you need to get over yourselves. You’ll need to work together because (obviously) Bruce is trying to thin out the crowd by inciting a riot.

Nice troll you’ve set here, Bruce!

]]>
In cryptography, a proof is just as rigorous as a mathematical proof.

Both are based on certain axioms, and result in a statement about

the problem in question.

Here’s an attempt at a more precise correction of this assertion:

Theorems in pure mathematics and theoretical cryptography are held to the same standards of proof. In most cases, those standards are met. Failures occur occasionally in both fields, but somewhat more frequently in theoretical cryptography. There are several possible reasons (the inherent complexity of trying to analyze arbitrary adversaries, time pressure due to hard conference submission deadlines, eagerness to provide theoretical justification for cryptosystems that may be practically important). In applied cryptography proofs are much less important.

]]>