Note: Many researchers are justifiably concerned about the fact that Alfred Menezes will be giving an invited talk at Eurocrypt 2012 related to his line of papers criticizing provable security. I share this concern. I hope to blog about his (and Koblitz’s) papers over the next few weeks leading up to the conference.
What follows is something that Yehuda sent me unsolicited.
In an ideal world, people will be gracious and scientists will work primarily to promote science. (I am not naive, and am aware that scientists are people and need to promote themselves. However, self-promotion should go together with the promotion of science and not at its expense.)
The specific issue that I wish to talk about in this context is how to deal with bugs, errors, flaws and so on that you discover in other people’s papers. The right thing to do is to write the authors a nice email, saying that you believe you have found a bug and would like to inform them about it, or be corrected in case it is your mistake. If you are correct, and the authors are also gracious (as they should be), then they will correct their paper and give you a nice acknowledgement thanking you for the correction. You can then continue to do productive research.
Of course, if such a correction requires novel research that you have already done, then the above strategy may not work. In such a case, one can try to be creative in order to be gracious. One such example happened to me when I proved an impossibility result, only to discover that a (contradictory) positive result was published on this exact topic a few years beforehand. I couldn’t work out who was wrong, so I spoke to the authors. After discussion we realized that they were wrong, and that their proof holds in a much weaker model. In my paper, all I wrote was “Our impossibility result does not contradict [X] since their positive result holds for a different, weaker model”. The other authors acknowledged me for finding the bug, and everyone walked away happy. Would I have gained anything by writing “we show that [X] were wrong”; most certainly not!
Unfortunately, not everyone in our community takes this approach. Indeed, there are even people who actively search for errors in order to promote an agenda of attacking the entire crypto-theory community. Two examples are Koblitz and Menezes. You can see their newest paper on eprint. This time they really outdid themselves since there is actually no error. Rather the proof of security is in the non-uniform model, which they appear to not be familiar with. Even after being told about this, they still chose to leave their attack unchanged. You can see my discussion post.