# From Objectives to a Protocol

Let’s learn about the complete process involved in the design of a cryptographic protocol, beginning with the instance of real security problems and ending with the specification of a cryptographic protocol.

We'll cover the following

The design of a cryptographic protocol is a process commencing with a real security problem needing to be solved and ending with the specification of a cryptographic protocol.

## Stages of protocol design

There are three main stages to the process of designing a cryptographic protocol:

• Defining the objectives: This is the problem statement, which identifies the problem that the protocol is intended to solve. While we will focus on security objectives, it’s important to realize that there may be other objectives that are also important, particularly performance-related objectives.

• Determining the protocol goals: This stage translates the objectives into a set of clear cryptographic requirements. The protocol goals are typically statements of the form, ‘At the end of the protocol, entity $X$ will be assured of security service $Y$.

• Specifying the protocol: This takes the protocol goals as input and involves determining some cryptographic primitives, message flow, and actions that achieve these goals.

A very simple example of these stages would be the following:

• Defining the objectives: Merchant Bob wants to make sure a contract he’ll receive from Alice cannot later be denied.

• Determining the protocol goals: At the end of the protocol, Bob requires non-repudiation of the contract received from Alice.

• Specifying the protocol: A protocol to achieve this simple goal is given in the illustration below. There’s only one message sent from Alice to Bob in this protocol. This message consists of the contract digitally signed by Alice. The notation $Sig_{Alice}$ represents a generic digital signature algorithm.

We do not specify which algorithm is to be used. Nor do we specify whether the digital signature scheme is with appendix or message recovery. We assume that if a digital signature scheme with appendix is used, then part of $Sig_{Alice}(contract)$ is a plaintext version of the contract.

Get hands-on with 1200+ tech skills courses.