2013.01.26 20:32:34 (295252913574539265) from Daniel J. Bernstein, replying to "Claudio Orlandi (@claudiorlandi)" (294816091828547584):
PK doesn't avoid the issue. Example: No competent cryptanalyst would recommend the Eurocrypt 2009 Hofheinz--Kiltz system. @claudiorlandi
2013.01.24 16:22:07 (294465109613477889) from Daniel J. Bernstein:
Some evidence that "provable security" is negatively correlated with actual security: http://cr.yp.to/talks/2013.01.23/slides.pdf
2013.01.25 15:36:48 (294816091828547584) from "Claudio Orlandi (@claudiorlandi)":
@hashbreaker "structure" might be bad for hashing but how are we going to do secure public key systems without it?