High-level Cryptographic Abstractions
share
The interfaces exposed by commonly used cryptographic libraries are clumsy, complicated, and assume an understanding of cryptographic algorithms. This paper proposes high-level abstractions consisting of simple cryptographic primitives and declarative configuration. These abstractions can be implemented on top of any cryptographic library in any language. We have implemented these abstractions in Python, and used them to write a variety of well-known security protocols, including Signal, Kerberos, and TLS. We show that programs using our abstractions are much smaller and easier to write than using low-level libraries, and are safe against the vast majority of cryptographic misuse reported in the literature. Size of security protocol implementations are reduced by about a third on average when written with our abstractions. We also show that our implementation incurs a small overhead, less than 5 microseconds for shared key operations and less than 341 microseconds (< 1
READ FULL TEXT
