Chris Mitchell: Arguably, different encryption primitives have different properties, for example they may or may not offer non-malleability. That's an important distinction, because some protocols require non-malleable encryption, and some don't.Reply: Yes, this is a good point. I have been told by my advisor earlier in my life, never say, this is a good question, because you must assume that, but anyway, this is a good question. If you want everything, you end up getting nothing, and you will see we have found the trade-off, and I will return to the metric by which we measured the trade-off, but there will always be cases which cannot be met, because this is a programming language.
展开▼
