Cryptography Reference
In-Depth Information
1.4. Motivation to the Rigorous Treatment
In this section we address three related issues:
1.
the mere need for a rigorous treatment of the field,
2.
the practical meaning and/or consequences of the rigorous treatment, and
3.
the “conservative” tendencies of the treatment.
Parts of this section (corresponding to Items 2 and 3) are likely to become more clear
after reading any of the following chapters.
1.4.1. The Need for a Rigorous Treatment
If the truth of a proposition does not follow
from the fact that it is self-evident to us,
then its self-evidence in no way justifies our belief in its truth.
Ludwig Wittgenstein,
Tractatus logico-philosophicus
(1921)
Cryptography is concerned with the construction of schemes that will be robust against
malicious attempts to make these schemes deviate from their prescribed functionality.
Given a desired functionality, a cryptographer should design a scheme that not only will
satisfy the desired functionality under “normal operation” but also will maintain that
functionality in face of adversarial attempts that will be devised after the cryptographer
has completed the design. The fact that an adversary will devise its attack after the
scheme has been specified makes the design of such schemes very hard. In particular,
the adversary will try to take actions other than the ones the designer has envisioned.
Thus,
the evaluation of cryptographic schemes
must take account of a practically infinite
set of adversarial strategies. It is useless to make assumptions regarding the specific
strategy
that an adversary may use. The only assumptions that can be justified will
concern the computational
abilities
of the adversary. To summarize, an evaluation of a
cryptographic scheme is a study of an infinite set of potential strategies (which are not
explicitly given). Such a highly complex study cannot be carried out properly without
great care (i.e., rigor).
The design of cryptographic systems
must be based on
firm foundations
, whereas
ad hoc approaches and heuristics are a very dangerous way to go. Although always
inferior to a rigorously analyzed solution, a heuristic may make sense when the designer
has a very good idea about the environment in which a scheme is to operate. Yet a
cryptographic scheme has to operate in a maliciously selected environment that typically
will transcend the designer's view. Under such circumstances, heuristics make little
sense (if at all).
In addition to these straightforward considerations, we wish to stress two additional
aspects.
On Trusting Unsound Intuitions.
We believe that
one
of the roles of science is to
formulate, examine, and refine our intuition about reality. A rigorous formulation is
