The importance of clarifying the goals of a cryptographic protocol is widely recognised. The majority of authors have addressed intensional goals which are concerned with correct operation within the protocol itself. Extensional goals are properties independent of the protocol and define what the protocol is designed to achieve. This paper reviews the previous literature on goals in protocols and classifies them as intensional or extensional goals. A hierarchy of extensional protocol goals is proposed which includes the major proposed goals for key establishment. It is shown how these extensional goals can be exploited to motivate design of entity authentication protocols.

. A new digital signature scheme and public key cryptosystem are proposed which use operations in a prime order subgroup of Z n for a composite number n. There are similarities with the best known digital signatures and public key cryptosystems (RSA and discrete logarithm based schemes) in terms of the mathematical structure. With regard to computational requirements the new schemes are competitive and, in particular, are more efficient than the best known schemes when averaged over both public and private key computations. 1 Introduction The best known and most widely used public key cryptosystems today base their security on the difficulty of either the integer factorisation problem or the discrete logarithm problem. The RSA scheme [11] can be used to provide both digital signatures and public key encryption; its security relies on the difficulty of factorising a modulus which is the product of two large primes. The algorithms of ElGamal [4] can also provide digital signatures an...

Version 3.0

This document specifies Version 1.0 of the Transport Layer Security (TLS) protocol. The TLS protocol provides communications privacy over the Internet. The protocol allows client/server applications to communicate in a way that is designed to prevent eavesdropping, tampering, or message forgery.