Hypotheses in Secure Protocol Design


Consider this to be my 7 Laws of Secure Protocol Design. They are not really laws because I'm not yet dead, but I have to get them down before that otherwise I'll miss out.

They continue to evolve, both their content and their number. Today, the number N is 7, which also is the magical number of Financial Cryptography. This be coincidence, not science, and expect it to change, as science once again takes to the sword and slaughters the dragons and myths of the dark ages of security.

These hypotheses are opinionated, yet they come of having read, experienced and been battered by many secure protocols, and built a few as well. After a while -- after repeated abuses at the hands of other peoples ideas -- one perceives patterns out of pain, and those patterns tend to predict things: success or failure, stalling or booming, security or smoke.


  1. H1 - The One True Cipher Suite.
  2. H2 - Divide and Conquer. Commentary: 1, 2,
  3. H3 - There is Only One Mode and it is Secure and commentary: 1, 2, 3. And now, a new case study: Zooko on ZRTP.
  4. H4 - The First Requirement of Security is Usability
  5. H5 - Security Begins at the Application and Ends at the Mind.
  6. H6 - It's Your Job. Do it! Some commentary and introductions: H6.1, H6.2, H6.3, H6.4.
  7. H7


Twan van der Schoot as always gave a challenging critique.

Other Works

  1. Jerome Saltzer and Michael Schoeder, The Protection of Information in Computer Systems, PDF espouses 8 principles
  2. Adi Shamir's 3 Laws in Security
  3. Kerrkhoffs' 6 Principles
  4. Ian Grigg, FC in 7 Layers
  5. Nick Szabo, TTP Minimizing Methodology
  6. Ian Grigg, Pareto-secure
  7. Ian Grigg, Growth and Fraud

Quick index

H1          H2          H3          H4          H5          H6          H7