ABSTRACT
In modern cryptography, one establishes a formal security notion of the scheme to be designed, makes precise computational assumptions, builds the scheme based on some existing atomic primitives, and finally proves its security by exhibiting the so-called reduction between an algorithm which breaks the security notion and an algorithm that contradicts the assumptions. Classical cryptography takes an iterated design approach, where tries to design a cryptographic scheme by endless iteration of the process “attack found revision to the scheme.” The problems with this approach is that one never knows if things are right, and when damaging attacks emerge, it is difficult or impossible to effectively fix them. A security notion is defined by pairing a security goal of the designed scheme with an attack model, which describes what means or information are available to attackers. The atomic primitives are secure yet the higher-level primitives are insecure.
