In the following partial list of such researchers, their names are followed by first a reference to the original paper with the purported proof and then a reference to the paper in which the researchers reported on flaws: V. Shoup;[1][2] A. J. Menezes;[3][4] A. Jha and M. Nandi;[5][6] D. Galindo;[7][8] T. Iwata, K. Ohashi, and K. Minematsu;[9][10] M. Nandi;[11][12] J.-S. Coron and D. Naccache;[13][14] D. Chakraborty, V. Hernández-Jiménez, and P. Sarkar;[15][16] P. Gaži and U. Maurer;[17][18] S. A. Kakvi and E. Kiltz;[19][20] and T. Holenstein, R. Künzler, and S.
[21][22] Koblitz and Menezes have written that provable security results for important cryptographic protocols frequently have fallacies in the proofs; are often interpreted in a misleading manner, giving false assurances; typically rely upon strong assumptions that may turn out to be false; are based on unrealistic models of security; and serve to distract researchers' attention from the need for "old-fashioned" (non-mathematical) testing and analysis.
Goldreich wrote: "... we point out some of the fundamental philosophical flaws that underlie the said article and some of its misconceptions regarding theoretical research in cryptography in the last quarter of a century.
"[27]: 1 In his essay Goldreich argued that the rigorous analysis methodology of provable security is the only one compatible with science, and that Koblitz and Menezes are "reactionary (i.e., they play to the hands of the opponents of progress)".
Researchers Oded Goldreich, Boaz Barak, Jonathan Katz, Hugo Krawczyk, and Avi Wigderson wrote letters responding to Koblitz's article, which were published in the November 2007 and January 2008 issues of the journal.
[30]: 7 Ivan Damgård later wrote a position paper at ICALP 2007 on the technical issues,[32] and it was recommended by Scott Aaronson as a good in-depth analysis.
Instead, practice-oriented provable security is concerned with concrete objects of cryptographic practice, such as hash functions, block ciphers, and protocols as they are deployed and used.