[citation needed] It quantifies the security of a cryptosystem by bounding the probability of success for an adversary running for a fixed amount of time.
[2][better source needed] Traditionally, provable security is asymptotic: it classifies the hardness of computational problems using polynomial-time reducibility.
An inefficient reduction results either in the success probability for the adversary or the resource requirement of the scheme being greater than desired.
[citation needed] Concrete security parametrizes all the resources available to the adversary, such as running time and memory, and other resources specific to the system in question, such as the number of plaintexts it can obtain or the number of queries it can make to any oracles available.
[citation needed] Concrete security estimates have been applied to cryptographic algorithms: In addition, a software tool named the "Foundational Cryptography Framework", which embeds into Coq, is able to formally verify proofs of concrete security.