Practice-Driven Cryptographic Theory

Cryptographic standards abound: TLS, SSH, IPSec, XML Encryption, PKCS, and so many more. In theory the cryptographic schemes used within these standards solve well understood problems, yet a parade of damaging attacks leave us with the question: What gives? Theoreticians often suggest (at least in private) that the problems are well-understood and attacks arise because standardizers misunderstand cryptographic theory. I'll use some of my recent work which uses provable-security techniques to analyze important standards (including TLS, HMAC, and PKCS#5) to argue that, just as often, it is the theoreticians who don't have all the answers: analyzing practically-useful cryptography requires pushing models and proof techniques in never-before-considered directions. We'll see how (what I'll call) practice-driven cryptographic theory can lead to new understanding and improved confidence in cryptographic practice. This talk will cover joint work with Mihir Bellare, Scott Coull, Yevgeniy Dodis, Kevin Dyer, Kenneth Paterson, Thomas Shrimpton, John Steinberger, and Stefano Tessaro.