High-level Cryptographic Abstractions
This addresses usability issues for developers working with security protocols, though it is incremental as it builds on existing cryptographic libraries.
The paper tackled the problem of clumsy and complex interfaces in cryptographic libraries by proposing high-level abstractions that simplify usage, resulting in programs that are about a third smaller on average and incur minimal overhead (e.g., less than 5 microseconds for shared key operations).
The interfaces exposed by commonly used cryptographic libraries are clumsy, complicated, and assume an understanding of cryptographic algorithms. The challenge is to design high-level abstractions that require minimum knowledge and effort to use while also allowing maximum control when needed. This paper proposes such high-level abstractions consisting of simple cryptographic primitives and full declarative configuration. These abstractions can be implemented on top of any cryptographic library in any language. We have implemented these abstractions in Python, and used them to write a wide variety of well-known security protocols, including Signal, Kerberos, and TLS. We show that programs using our abstractions are much smaller and easier to write than using low-level libraries, where size of security protocols implemented is reduced by about a third on average. We show our implementation incurs a small overhead, less than 5 microseconds for shared key operations and less than 341 microseconds (< 1%) for public key operations. We also show our abstractions are safe against main types of cryptographic misuse reported in the literature.