1367:
280:
217:
169:
can be used to compute answers (such as determining the highest bid in an auction) based on confidential data (such as private bids), so that when the protocol is complete the participants know only their own input and the answer.
148:
A wide variety of cryptographic protocols go beyond the traditional goals of data confidentiality, integrity, and authentication to also secure a variety of other desired characteristics of computer-mediated collaboration.
120:
key is formed by employing public-key cryptography; and an application-level data transport function. These three aspects have important interconnections. Standard TLS does not have non-repudiation support.
430:
202:
on an abstract level. When it is done, there is a necessity to formalize the environment in which the protocol operates in order to identify threats. This is frequently done through the
1347:
1177:
628:
54:
should be used and includes details about data structures and representations, at which point it can be used to implement multiple, interoperable versions of a program.
740:
529:
812:
57:
Cryptographic protocols are widely used for secure application-level data transport. A cryptographic protocol usually incorporates at least some of these aspects:
1030:
496:
476:
456:
780:
Armando, A.; Arsac, W; Avanesov, T.; Barletta, M.; Calvi, A.; Cappai, A.; Carbone, R.; Chevalier, Y.; +12 more (2012). Flanagan, C.; König, B. (eds.).
161:
to prove that a person holds an attribute or right without revealing that person's identity or the identities of parties that person transacted with.
995:
608:
248:
171:
603:
1023:
186:
augments standard encryption by making it impossible for an attacker to mathematically prove the existence of a plain text message.
1395:
133:
635:
132:, which are also sometimes themselves referred to as "cryptographic protocols". For instance, TLS employs what is known as the
1226:
98:
287:
224:
826:
166:
909:
1016:
124:
There are other types of cryptographic protocols as well, and even the term itself has various readings; Cryptographic
1342:
1297:
1110:
377:
1221:
368:
362:
263:
1337:
182:
include interactive protocols that allow the signer to prove a forgery and limit who can verify the signature.
1327:
1317:
1172:
576:
555:
311:
Automated
Validation of Internet Security Protocols and Applications (AVISPA) and follow-up project AVANTSSAR.
105:
1322:
1312:
1115:
1075:
1068:
1058:
1053:
758:
560:
47:
35:
783:
The AVANTSSAR Platform for the
Automated Validation of Trust and Security of Service-Oriented Architectures
862:
187:
1370:
1216:
1162:
709:
659:
Chen, Shan; Jero, Samuel; Jagielski, Matthew; Boldyreva, Alexandra; Nita-Rotaru, Cristina (2021-07-01).
593:
540:
886:
1332:
1256:
179:
162:
117:
39:
253:
140:, Diffie–Hellman may be seen as a complete cryptographic protocol in itself for other applications.
1095:
550:
199:
183:
1201:
1185:
1132:
806:
781:
690:
158:
78:
1261:
1251:
1122:
991:
734:
682:
501:
1196:
983:
787:
672:
863:"SAT-based Model-Checker for Security Protocols and Security-sensitive Application (SATMC)"
571:
150:
86:
933:
1271:
1191:
1152:
1100:
1085:
598:
481:
461:
441:
350:
92:
68:
972:
944:
661:"Secure Communication Channel Establishment: TLS 1.3 (over TCP Fast Open) versus QUIC"
1389:
1352:
1307:
1266:
1246:
1142:
1105:
1080:
694:
436:
258:
129:
61:
43:
1302:
1147:
1137:
1127:
1090:
1039:
565:
165:
can be used to prove that data (even if confidential) existed at a certain time.
987:
791:
17:
1281:
830:
328:
272:
Research projects and tools used for formal verification of security protocols:
755:"Automated Validation of Internet Security Protocols and Applications (AVISPA)"
677:
660:
1241:
1211:
1206:
1167:
913:
209:
Logics, concepts and calculi used for formal reasoning of security protocols:
74:
686:
174:
provide sets of desirable privacy and auditability properties for conducting
1231:
203:
51:
897:
1276:
1236:
342:
175:
367:
To formally verify a protocol it is often abstracted and modelled using
971:
Ermoshina, Ksenia; Musiani, Francesca; Halpin, Harry (September 2016).
726:
Fábrega, F. Javier Thayer, Jonathan C. Herzog, and Joshua D. Guttman.,
112:) connections. It has an entity authentication mechanism, based on the
1157:
850:
955:
545:
154:
113:
109:
581:
1012:
866:
274:
211:
108:(TLS) is a cryptographic protocol that is used to secure web (
754:
982:. INSCI 2016. Florence, Italy: Springer. pp. 244–254.
887:
Casper: A Compiler for the
Analysis of Security Protocols
973:"End-to-End Encrypted Messaging Protocols: An Overview"
291:
228:
1178:
Cryptographically secure pseudorandom number generator
504:
484:
464:
444:
380:
1004:
1290:
1046:
827:"Constraint Logic-based Attack Searcher (Cl-AtSe)"
728:Strand Spaces: Why is a Security Protocol Correct?
523:
490:
470:
450:
424:
314:Constraint Logic-based Attack Searcher (CL-AtSe)
898:cpsa: Symbolic cryptographic protocol analyzer
425:{\displaystyle A\rightarrow B:\{X\}_{K_{A,B}}}
1024:
333:Cryptographic Protocol Shapes Analyzer (CPSA)
8:
851:Open-Source Fixed-Point Model-Checker (OFMC)
739:: CS1 maint: multiple names: authors list (
400:
393:
317:Open-Source Fixed-Point Model-Checker (OFMC)
811:: CS1 maint: numeric names: authors list (
786:. Vol. 7214. LNTCS. pp. 267–282.
128:protocols often use one or more underlying
1031:
1017:
1009:
1005:
978:. In Bagnoli, Franco; et al. (eds.).
136:, which although it is only a part of TLS
676:
509:
503:
483:
463:
443:
408:
403:
379:
198:Cryptographic protocols can sometimes be
910:"Knowledge In Security protocolS (KISS)"
83:Secured application-level data transport
934:Maude-NRL Protocol Analyzer (Maude-NPA)
710:"Lecture Notes Cryptographic Protocols"
620:
339:Maude-NRL Protocol Analyzer (Maude-NPA)
249:Burrows–Abadi–Needham logic (BAN logic)
804:
761:from the original on 22 September 2016
732:
336:Knowledge In Security protocolS (KISS)
371:. A simple example is the following:
190:create hard-to-trace communications.
7:
609:Comparison of cryptography libraries
172:End-to-end auditable voting systems
116:system; a key setup phase, where a
604:Security Protocols Open Repository
25:
629:"Cryptographic Protocol Overview"
1366:
1365:
278:
264:Protocol composition logic (PCL)
215:
144:Advanced cryptographic protocols
320:SAT-based Model-Checker (SATMC)
50:. A protocol describes how the
46:methods, often as sequences of
1227:Information-theoretic security
384:
99:Secure multi-party computation
42:-related function and applies
1:
167:Secure multiparty computation
988:10.1007/978-3-319-45982-0_22
792:10.1007/978-3-642-28756-5_19
634:. 2015-10-23. Archived from
1343:Message authentication code
1298:Cryptographic hash function
1111:Cryptographic hash function
498:encrypted under shared key
357:Notion of abstract protocol
163:Secure digital timestamping
134:Diffie–Hellman key exchange
77:and message authentication
34:is an abstract or concrete
1412:
1222:Harvest now, decrypt later
678:10.1007/s00145-021-09389-w
458:intends a message for Bob
363:Security protocol notation
360:
1361:
1338:Post-quantum cryptography
1008:
1328:Quantum key distribution
1318:Authenticated encryption
1173:Random number generation
577:Transport Layer Security
556:Off-the-Record Messaging
478:consisting of a message
369:Alice & Bob notation
106:Transport Layer Security
48:cryptographic primitives
1396:Cryptographic protocols
1323:Public-key cryptography
1313:Symmetric-key algorithm
1116:Key derivation function
1076:Cryptographic primitive
1069:Authentication protocol
1059:Outline of cryptography
1054:History of cryptography
561:Point to Point Protocol
524:{\displaystyle K_{A,B}}
1064:Cryptographic protocol
525:
492:
472:
452:
426:
32:cryptographic protocol
27:Aspect of cryptography
1217:End-to-end encryption
1163:Cryptojacking malware
665:Journal of Cryptology
594:List of cryptosystems
541:Internet Key Exchange
526:
493:
473:
453:
427:
180:Undeniable signatures
130:key agreement methods
80:material construction
1333:Quantum cryptography
1257:Trusted timestamping
708:Berry Schoenmakers.
502:
482:
462:
442:
378:
292:adding missing items
229:adding missing items
118:symmetric encryption
1096:Cryptographic nonce
194:Formal verification
184:Deniable encryption
159:digital credentials
1202:Subliminal channel
1186:Pseudorandom noise
1133:Key (cryptography)
521:
488:
468:
448:
422:
290:; you can help by
227:; you can help by
1383:
1382:
1379:
1378:
1262:Key-based routing
1252:Trapdoor function
1123:Digital signature
997:978-3-319-45982-0
491:{\displaystyle X}
471:{\displaystyle B}
451:{\displaystyle A}
435:This states that
308:
307:
245:
244:
200:verified formally
18:Security protocol
16:(Redirected from
1403:
1369:
1368:
1197:Insecure channel
1033:
1026:
1019:
1010:
1006:
1001:
980:Internet Science
977:
958:
953:
947:
942:
936:
931:
925:
924:
922:
921:
912:. Archived from
906:
900:
895:
889:
884:
878:
877:
875:
874:
865:. Archived from
859:
853:
848:
842:
841:
839:
838:
829:. Archived from
823:
817:
816:
810:
802:
800:
798:
777:
771:
770:
768:
766:
751:
745:
744:
738:
730:
723:
717:
716:
714:
705:
699:
698:
680:
656:
650:
649:
647:
646:
640:
633:
625:
530:
528:
527:
522:
520:
519:
497:
495:
494:
489:
477:
475:
474:
469:
457:
455:
454:
449:
431:
429:
428:
423:
421:
420:
419:
418:
303:
300:
282:
281:
275:
240:
237:
219:
218:
212:
153:can be used for
151:Blind signatures
64:or establishment
38:that performs a
21:
1411:
1410:
1406:
1405:
1404:
1402:
1401:
1400:
1386:
1385:
1384:
1375:
1357:
1286:
1042:
1037:
998:
975:
970:
967:
965:Further reading
962:
961:
954:
950:
943:
939:
932:
928:
919:
917:
908:
907:
903:
896:
892:
885:
881:
872:
870:
861:
860:
856:
849:
845:
836:
834:
825:
824:
820:
803:
796:
794:
779:
778:
774:
764:
762:
753:
752:
748:
731:
725:
724:
720:
712:
707:
706:
702:
658:
657:
653:
644:
642:
638:
631:
627:
626:
622:
617:
590:
572:Signal Protocol
537:
505:
500:
499:
480:
479:
460:
459:
440:
439:
404:
399:
376:
375:
365:
359:
304:
298:
295:
279:
254:Dolev–Yao model
241:
235:
232:
216:
196:
146:
87:Non-repudiation
28:
23:
22:
15:
12:
11:
5:
1409:
1407:
1399:
1398:
1388:
1387:
1381:
1380:
1377:
1376:
1374:
1373:
1362:
1359:
1358:
1356:
1355:
1350:
1348:Random numbers
1345:
1340:
1335:
1330:
1325:
1320:
1315:
1310:
1305:
1300:
1294:
1292:
1288:
1287:
1285:
1284:
1279:
1274:
1272:Garlic routing
1269:
1264:
1259:
1254:
1249:
1244:
1239:
1234:
1229:
1224:
1219:
1214:
1209:
1204:
1199:
1194:
1192:Secure channel
1189:
1183:
1182:
1181:
1170:
1165:
1160:
1155:
1153:Key stretching
1150:
1145:
1140:
1135:
1130:
1125:
1120:
1119:
1118:
1113:
1103:
1101:Cryptovirology
1098:
1093:
1088:
1086:Cryptocurrency
1083:
1078:
1073:
1072:
1071:
1061:
1056:
1050:
1048:
1044:
1043:
1038:
1036:
1035:
1028:
1021:
1013:
1003:
1002:
996:
966:
963:
960:
959:
956:Tamarin Prover
948:
937:
926:
901:
890:
879:
854:
843:
818:
772:
746:
718:
700:
651:
619:
618:
616:
613:
612:
611:
606:
601:
599:Secure channel
596:
589:
586:
585:
584:
579:
574:
569:
563:
558:
553:
548:
543:
536:
533:
518:
515:
512:
508:
487:
467:
447:
433:
432:
417:
414:
411:
407:
402:
398:
395:
392:
389:
386:
383:
361:Main article:
358:
355:
354:
353:
351:Tamarin Prover
348:
345:
340:
337:
334:
331:
326:
323:
322:
321:
318:
315:
306:
305:
285:
283:
270:
269:
266:
261:
256:
251:
243:
242:
222:
220:
195:
192:
145:
142:
102:
101:
96:
93:Secret sharing
90:
84:
81:
71:
69:authentication
65:
26:
24:
14:
13:
10:
9:
6:
4:
3:
2:
1408:
1397:
1394:
1393:
1391:
1372:
1364:
1363:
1360:
1354:
1353:Steganography
1351:
1349:
1346:
1344:
1341:
1339:
1336:
1334:
1331:
1329:
1326:
1324:
1321:
1319:
1316:
1314:
1311:
1309:
1308:Stream cipher
1306:
1304:
1301:
1299:
1296:
1295:
1293:
1289:
1283:
1280:
1278:
1275:
1273:
1270:
1268:
1267:Onion routing
1265:
1263:
1260:
1258:
1255:
1253:
1250:
1248:
1247:Shared secret
1245:
1243:
1240:
1238:
1235:
1233:
1230:
1228:
1225:
1223:
1220:
1218:
1215:
1213:
1210:
1208:
1205:
1203:
1200:
1198:
1195:
1193:
1190:
1187:
1184:
1179:
1176:
1175:
1174:
1171:
1169:
1166:
1164:
1161:
1159:
1156:
1154:
1151:
1149:
1146:
1144:
1143:Key generator
1141:
1139:
1136:
1134:
1131:
1129:
1126:
1124:
1121:
1117:
1114:
1112:
1109:
1108:
1107:
1106:Hash function
1104:
1102:
1099:
1097:
1094:
1092:
1089:
1087:
1084:
1082:
1081:Cryptanalysis
1079:
1077:
1074:
1070:
1067:
1066:
1065:
1062:
1060:
1057:
1055:
1052:
1051:
1049:
1045:
1041:
1034:
1029:
1027:
1022:
1020:
1015:
1014:
1011:
1007:
999:
993:
989:
985:
981:
974:
969:
968:
964:
957:
952:
949:
946:
941:
938:
935:
930:
927:
916:on 2016-10-10
915:
911:
905:
902:
899:
894:
891:
888:
883:
880:
869:on 2015-10-03
868:
864:
858:
855:
852:
847:
844:
833:on 2017-02-08
832:
828:
822:
819:
814:
808:
793:
789:
785:
784:
776:
773:
760:
756:
750:
747:
742:
736:
729:
722:
719:
711:
704:
701:
696:
692:
688:
684:
679:
674:
670:
666:
662:
655:
652:
641:on 2017-08-29
637:
630:
624:
621:
614:
610:
607:
605:
602:
600:
597:
595:
592:
591:
587:
583:
580:
578:
575:
573:
570:
567:
564:
562:
559:
557:
554:
552:
549:
547:
544:
542:
539:
538:
534:
532:
516:
513:
510:
506:
485:
465:
445:
438:
415:
412:
409:
405:
396:
390:
387:
381:
374:
373:
372:
370:
364:
356:
352:
349:
346:
344:
341:
338:
335:
332:
330:
327:
324:
319:
316:
313:
312:
310:
309:
302:
293:
289:
286:This list is
284:
277:
276:
273:
267:
265:
262:
260:
257:
255:
252:
250:
247:
246:
239:
230:
226:
223:This list is
221:
214:
213:
210:
207:
205:
201:
193:
191:
189:
188:Digital mixes
185:
181:
177:
173:
168:
164:
160:
156:
152:
143:
141:
139:
135:
131:
127:
122:
119:
115:
111:
107:
104:For example,
100:
97:
94:
91:
88:
85:
82:
79:
76:
72:
70:
66:
63:
62:Key agreement
60:
59:
58:
55:
53:
49:
45:
44:cryptographic
41:
37:
33:
19:
1303:Block cipher
1148:Key schedule
1138:Key exchange
1128:Kleptography
1091:Cryptosystem
1063:
1040:Cryptography
979:
951:
940:
929:
918:. Retrieved
914:the original
904:
893:
882:
871:. Retrieved
867:the original
857:
846:
835:. Retrieved
831:the original
821:
795:. Retrieved
782:
775:
763:. Retrieved
749:
727:
721:
703:
668:
664:
654:
643:. Retrieved
636:the original
623:
566:Secure Shell
434:
366:
299:October 2016
296:
271:
268:Strand space
236:October 2016
233:
208:
197:
155:digital cash
147:
137:
125:
123:
103:
56:
31:
29:
1291:Mathematics
1282:Mix network
797:14 February
765:14 February
329:CryptoVerif
126:application
1242:Ciphertext
1212:Decryption
1207:Encryption
1168:Ransomware
920:2016-10-07
873:2016-10-17
837:2016-10-17
645:2015-10-23
615:References
288:incomplete
259:Ď€-calculus
225:incomplete
75:encryption
73:Symmetric
52:algorithms
1232:Plaintext
807:cite book
695:235174220
687:0933-2790
671:(3): 26.
385:→
204:Dolev-Yao
1390:Category
1371:Category
1277:Kademlia
1237:Codetext
1180:(CSPRNG)
759:Archived
735:citation
588:See also
551:Kerberos
535:Examples
343:ProVerif
176:e-voting
40:security
36:protocol
1047:General
945:Scyther
347:Scyther
206:model.
95:methods
89:methods
67:Entity
1158:Keygen
994:
693:
685:
325:Casper
138:per se
1188:(PRN)
976:(PDF)
713:(PDF)
691:S2CID
639:(PDF)
632:(PDF)
568:(SSH)
546:IPsec
437:Alice
114:X.509
110:HTTPS
992:ISBN
813:link
799:2024
767:2024
741:link
683:ISSN
582:ZRTP
157:and
984:doi
788:doi
673:doi
294:.
231:.
178:.
1392::
990:.
809:}}
805:{{
757:.
737:}}
733:{{
689:.
681:.
669:34
667:.
663:.
531:.
30:A
1032:e
1025:t
1018:v
1000:.
986::
923:.
876:.
840:.
815:)
801:.
790::
769:.
743:)
715:.
697:.
675::
648:.
517:B
514:,
511:A
507:K
486:X
466:B
446:A
416:B
413:,
410:A
406:K
401:}
397:X
394:{
391::
388:B
382:A
301:)
297:(
238:)
234:(
20:)
Text is available under the Creative Commons Attribution-ShareAlike License. Additional terms may apply.