Cryptography Reference
In-Depth Information
also applies to cryptographic primitives themselves, since if we even slightly
amend the key schedule of AES then the resulting algorithm is no longer AES.
9.2.3 Assumptions and actions
We now reconsider the simple cryptographic protocol shown in Figure 9.1.
Recall the four components of a cryptographic protocol that we identified in
Section 9.1.3, namely assumptions, flow, messages and actions. In fact, Figure 9.1
only describes the flow (one message from Alice to Bob) and the message (a
contract digitally signed by Alice).
There are several problems that could arise with the protocol in Figure 9.1:
1. If Alice and Bob have not agreed on the digital signature scheme that they are
going to use then Bob will not know which verification algorithm to use.
2. If Alice does not already possess a signature key then she will not be able to
digitally sign the contract.
3. If Bob does not have access to a valid verification key that corresponds to
Alice's signature key then he will not be able to verify the digital signature.
4. If Bob does not verify the digital signature received from Alice then he cannot
have any assurance that Alice has provided himwith correctly formed data that
can later be used to settle a potential dispute.
ASSUMPTIONS
The simple protocol in Figure 9.1 only makes sense if we make the following
assumptions regarding the environment in which the protocol is run. Before the
protocol is run:
• Alice and Bob agree on the use of a strong digital signature scheme. This
addresses the first problem .
• Alice has been issued with a signature key. This addresses the second problem .
• Bob has access to a verification key corresponding to Alice's signature key. This
addresses the third problem .
Indeed, it may be appropriate to generalise these assumptions to one that states
that before the protocol is run there exists a supporting public-key management
system for overseeing the management of all required cryptographic keys (see
Chapter 11).
ACTIONS
The description of the simple protocol in Figure 9.1 is only complete if we
specify the following action that needs to take place as part of the protocol. After
receiving the message from Alice:
• Bob verifies the digital signature received from Alice. This addresses the fourth
problem .
Search WWH ::




Custom Search