Designing the API for a Cryptographic Library A Misuse-Resistant Application Programming Interface

摘要

Most of the time, cryptography fails due to "implementation and management errors". So the task at hand is to design a cryptographic library to ease its safe use and to hinder implementation errors. This is of special interest when the implementation language is celebrated for its qualification to write reliable safe and secure systems, such as Ada.This paper concentrates on the handling of nonces ("number used once") and on authenticated encryption, i.e., on establishing a safe communication channel between two parties which share a common secret key. Cryptographers consider it as a "nonce misuse", if a nonce value is ever reused. Avoiding nonce-misuse is easy in theory, but difficult in practice. One problem with authenticated encryption is that a naive combination of a secure authentication and a secure encryption scheme may turn out to be insecure. Another problem is that decryption temporarily provides an incomplete plaintext, that may eventually found to be unauthentic.We discuss how to ease the proper usage of cryptosystems, how to hinder unintentional misuse, and how one may possibly limit the damage in the case of a misuse.