On Provable Security

Eric Rescorla writes:

Koblitz and Menezes are at it again. Back in 2004, they published
Another Look at “Provable
Security”
arguing that the reduction proofs that are de rigeur
for new cryptosystems don’t add much security value. (See
here
for a summary.) Last week, K&M returned to the topic with
Another Look at “Provable
Security”
which is about the difficulty of interpreting
the reduction results. They take on the proofs for a number
of well-known systems and argue that they don’t show what you
would like.

See “Provable Security (II)” if you want the rest of the details.