High-level Cryptographic Abstractions

TL;DR

This paper introduces high-level cryptographic abstractions that simplify protocol implementation, reduce code size, and maintain security, demonstrated through implementation in Python and application to well-known protocols.

Contribution

It proposes a novel high-level abstraction framework for cryptography that is easy to use, implementable across languages, and safe against common misuse, improving developer productivity and security.

Findings

Programs using abstractions are about one-third smaller.

Overhead is less than 5 microseconds for shared key operations.

Abstractions are resistant to common cryptographic misuses.

Abstract

The interfaces exposed by commonly used cryptographic libraries are clumsy, complicated, and assume an understanding of cryptographic algorithms. The challenge is to design high-level abstractions that require minimum knowledge and effort to use while also allowing maximum control when needed. This paper proposes such high-level abstractions consisting of simple cryptographic primitives and full declarative configuration. These abstractions can be implemented on top of any cryptographic library in any language. We have implemented these abstractions in Python, and used them to write a wide variety of well-known security protocols, including Signal, Kerberos, and TLS. We show that programs using our abstractions are much smaller and easier to write than using low-level libraries, where size of security protocols implemented is reduced by about a third on average. We show our implementation incurs a small overhead, less than 5 microseconds for shared key operations and less than 341 microseconds (< 1%) for public key operations. We also show our abstractions are safe against main types of cryptographic misuse reported in the literature.