A Modular Treatment of Cryptographic APIs: The Symmetric-Key Case

Thomas Shrimpton, Martijn Stam, Bogdan Warinschi

Research output: Chapter in Book/Report/Conference proceedingConference Contribution (Conference Proceeding)

3 Citations (Scopus)


Application Programming Interfaces (APIs) to cryptographic tokens like smartcards and Hardware Security Modules (HSMs) provide users with commands to manage and use cryptographic keys stored on trusted hardware. Their design is mainly guided by industrial standards with only informal security promises.

In this paper we propose cryptographic models for the security of such APIs. The key feature of our approach is that it enables modular analysis. Specifically, we show that a secure cryptographic API can be obtained by combining a secure API for key-management together with secure implementations of, for instance, encryption or message authentication. Our models are the first to provide such compositional guarantees while considering realistic adversaries that can adaptively corrupt keys stored on tokens. We also provide a proof of concept instantiation (from a deterministic authenticated-encryption scheme) of the key-management portion of cryptographic API.
Original languageEnglish
Title of host publicationAdvances in Cryptology - CRYPTO 2016
Subtitle of host publication36th Annual International Cryptology Conference, Santa Barbara, CA, USA, August 14-18, 2016, Proceedings, Part I
Number of pages31
ISBN (Electronic)9783662530184
ISBN (Print)9783662530177
Publication statusPublished - 21 Jul 2016

Publication series

NameLecture Notes in Computer Science (LNCS)
ISSN (Print)0302-9743


Dive into the research topics of 'A Modular Treatment of Cryptographic APIs: The Symmetric-Key Case'. Together they form a unique fingerprint.

Cite this