Evidence for the Security of PKCS #1 Digital Signatures September 25, 2018 https://www.schneier.com/blog/archives/2018/09/evidence_for_th.html
Isn't it scary the most widespread sig algo have long been lacking its security proof? Well, PKCS#1 v1.5 is not IND-CCA2, but I don't think it's practical weakness. Considering the complexity required to conduct generalized Coron-Naccache-Stern attack, there're no practical attack againt PKCS#1 v1.5 AFAIK. But I've been assumed somebody already established its security proof, and it seems it was wrong as the author says it's the first proof. Regarding "under the model of the proof", I believe it's written because the blog is for general public. For those who apply math to sth, it's common sense any results are under the model assumption and can't say much about outside the model. So it doesn't lower the value of the study & necessity for mathematical proof in all others.
