|Can we all act like grown-ups please?
||[Aug. 22nd, 2007|01:39 pm]
Just when you thought this fight was over.
"I see your eprint paper and I raise you an AMS article."
That latest one seems quite snarky, given the calm response in the preface of the HQMV paper. The somewhat antisemitic discussion at the end of that article was especially uncalled for.
Yes. The sad thing is that some of the things Koblitz points out are reasonable, but the reasonable parts get badly lost in the noise. For example, provable security claims can be misinterpreted by people who are not cryptographers and sometimes are. This happens despite the best efforts of cryptographers. I don't think many people attending CRYPTO, say, falls into this trap, but beyond that I don't know quite what to do other than be clear in my own discussions and (politely) correct misinterpretations of others.
I do think Koblitz is unfair to harp on the issue of loose reduction bounds -- from where I am standing, this is an issue that the community is aware of, and actively working on. (Even if we get negative results sometimes, alas.) At least one paper I've seen on threshold crypto, for example, explicitly computes the parameter sizes required to give a specific security level given their reduction gap. Still, his perspective may be different, if these arguments are coming up in a commercial setting without attention paid to the concrete security issues.
The issue with long hand-done proofs being prone to error is also reasonable -- and it is why I am interested in Shai Halevi's proposal, in the work by Blanchet and Pointcheval, and in Anupam Datta's work on new logics for protocol verification. There is concrete research one can do here to address these points! Even if you aren't doing it yourself (I'm not), you can keep track of this work against the day when it becomes more reasonable for non-specialists.
The rest, though, distracts from these main points by getting into name-calling, such as the silly contrasts between math journals and CS conferences. The commentary on Goldreich is also not helpful.
Did this come up at all at CRYPTO? I missed it this year, unfortunately...
I'm not sure what you mean by Halevi's proposal. Do you have a link?
I'm not at Crypto either. I'd always imagined I'd turn up at Crypto 2030 or whatever with grey hair and brag about not having missed Crypto since 04.
But my summer internship this year is at the intersection of security, data mining, and programming. So far from Crypto it'd be a little absurd to ask for money to go there. And Vitaly already paid me to go to Eurocrypt this year.
Funnily enough, the link to the AMS paper was sent to me by a college buddy who isn't doing anything crypto-related.
Sure. Shai Halevi wrote an eprint paper calling for a shift towards crypto papers that are a mix of hand-verified and machine-verified proofs. http://eprint.iacr.org/2005/181/
The Blanchet and Pointcheval system is a big step towards this, at least if you use the game-playing style of proof. Code and papers here:http://www.di.ens.fr/~blanchet/cryptoc-eng.html#CryptoVerif
My personal opinion, though, is that increased confidence in proofs, while important, is not the most important reason to pursue mechanized proofs. Instead, what interests me is the possibility of using large amounts of computation to search for previously unknown statements together with their proofs, or for proofs of statements we believe to be true but can't quite prove ourselves by hand. This is one of those things I want to get to "someday," but right now I'm trying to focus on bug detection...which you could kind of see as a search for proofs, for theorems of the form "this program has a bug."
Let us know when you can talk about what you did, sounds interesting.
The AMS article will be fairly widely read, I'd guess. So not that surprising that it would be sent along by a college buddy. Especially since most crypto-related people are busy right now.
Thanks, I'll take a look.
We're going to write some papers about the things I worked on here, but I'd love to chat about them too. I'd like to hear about your work up in Redmond as well. Unfortunately I'm headed back to Austin fairly soon. I was in Berkeley a while ago but I think you still at your internship. I'm sure we'll get a chance to meet at another conference..