Acryptographic protocol is an abstract or concreteprotocol that performs asecurity-related function and appliescryptographic methods, often as sequences ofcryptographic primitives. A protocol describes how the algorithms should be used and includes details about data structures and representations, at which point it can be used to implement multiple, interoperable versions of a program.[1]
Cryptographic protocols are widely used for secure application-level data transport. A cryptographic protocol usually incorporates at least some of these aspects:
For example,Transport Layer Security (TLS) is a cryptographic protocol that is used to secure web (HTTPS) connections.[2] It has an entity authentication mechanism, based on theX.509 system; a key setup phase, where asymmetric encryption key is formed by employing public-key cryptography; and an application-level data transport function. These three aspects have important interconnections. Standard TLS does not have non-repudiation support.
There are other types of cryptographic protocols as well, and even the term itself has various readings; Cryptographicapplication protocols often use one or more underlyingkey agreement methods, which are also sometimes themselves referred to as "cryptographic protocols". For instance, TLS employs what is known as theDiffie–Hellman key exchange, which although it is only a part of TLSper se, Diffie–Hellman may be seen as a complete cryptographic protocol in itself for other applications.
A wide variety of cryptographic protocols go beyond the traditional goals of data confidentiality, integrity, and authentication to also secure a variety of other desired characteristics of computer-mediated collaboration.[3]Blind signatures can be used fordigital cash anddigital credentials to prove that a person holds an attribute or right without revealing that person's identity or the identities of parties that person transacted with.Secure digital timestamping can be used to prove that data (even if confidential) existed at a certain time.Secure multiparty computation can be used to compute answers (such as determining the highest bid in an auction) based on confidential data (such as private bids), so that when the protocol is complete the participants know only their own input and the answer.End-to-end auditable voting systems provide sets of desirable privacy and auditability properties for conductinge-voting.Undeniable signatures include interactive protocols that allow the signer to prove a forgery and limit who can verify the signature.Deniable encryption augments standard encryption by making it impossible for an attacker to mathematically prove the existence of a plain text message.Digital mixes create hard-to-trace communications.
Cryptographic protocols can sometimes beverified formally on an abstract level. When it is done, there is a necessity to formalize the environment in which the protocol operates in order to identify threats. This is frequently done through theDolev-Yao model.
Logics, concepts and calculi used for formal reasoning of security protocols:
 |
Research projects and tools used for formal verification of security protocols:
|
To formally verify a protocol it is often abstracted and modelled usingAlice & Bob notation. A simple example is the following:
This states thatAlice intends a message for Bob consisting of a message encrypted under shared key.
{{citation}}: CS1 maint: multiple names: authors list (link){{cite book}}: CS1 maint: numeric names: authors list (link)