The cryptographic protocol problem

• How do I prove that the protocol is free from:

  • corruption of the protocol or the data
  • denial of function
  • reuse of ciphertext
  • man-in-the-middle attack
  • leakage of message characteristics
  • leakage of key characteristics
    • timing of encryption as a covert channel
    • message length implies operation type
    • communicating parties implies a deal underway
    • etc.

Previous slide

Next slide

Back to first slide

View graphic version