# Security protocol notation

> Mediated Wiki article. Canonical URL: https://mediated.wiki/source/Security_protocol_notation
> Markdown URL: https://mediated.wiki/source/Security_protocol_notation.md
> Source: https://en.wikipedia.org/wiki/Security_protocol_notation
> Source revision: 1328341015
> License: Creative Commons Attribution-ShareAlike 4.0 International (https://creativecommons.org/licenses/by-sa/4.0/)

Notation for communication protocols

In [cryptography](/source/Cryptography), **security (engineering) protocol notation**, also known as **protocol narrations**[1] and **Alice & Bob notation**, is a way of expressing a [protocol](/source/Cryptographic_protocol) of correspondence between entities of a dynamic system, such as a [computer network](/source/Computer_network). In the context of a [formal model](/source/Formal_model), it allows reasoning about the properties of such a system.

The standard notation consists of a set of principals (traditionally named [Alice, Bob](/source/Alice_and_Bob), Charlie, and so on) who wish to communicate. They may have access to a server S, shared keys K, timestamps T, and can generate [nonces](/source/Cryptographic_nonce) N for authentication purposes.

A simple example might be the following:

- A → B : { X } K A , B {\displaystyle A\rightarrow B:\{X\}_{K_{A,B}}}

This states that **A**lice intends a message for **B**ob consisting of a [plaintext](/source/Plaintext) **X** encrypted under shared key **KA,B**.

Another example might be the following:

- B → A : { N B } K A {\displaystyle B\rightarrow A:\{N_{B}\}_{K_{A}}}

This states that **B**ob intends a message for **A**lice consisting of a [**n**once](/source/Cryptographic_nonce) **NB** encrypted using public key of Alice.

A key with two subscripts, **KA,B**, is a [symmetric key](/source/Symmetric_key) shared by the two corresponding individuals. A key with one subscript, **KA**, is the public key of the corresponding individual. A private key is represented as the [inverse](/source/Inverse_function#Notation) of the public key.

The notation specifies only the operation and not its semantics — for instance, private key encryption and signature are represented identically.

We can express more complicated protocols in such a fashion. See [Kerberos](/source/Kerberos_(protocol)) as an example. Some sources refer to this notation as *Kerberos Notation*.[2] Some authors consider the notation used by Steiner, Neuman, & Schiller[3] as a notable reference.[4]

Several models exist to reason about security protocols in this way, one of which is [BAN logic](/source/BAN_logic).

Security protocol notation inspired many of the programming languages used in [choreographic programming](/source/Choreographic_programming).

## References

1. **[^](#cite_ref-1)** Briais, Sébastien; Nestmann, Uwe (2005). ["A Formal Semantics for Protocol Narrations"](http://sbriais.online.fr/papers/A_Formal_Semantics_For_Protocol_Narrations_TGC05-final.pdf) (PDF). *Trustworthy Global Computing*. Lecture Notes in Computer Science. Vol. 3705. pp. 163–181. [Bibcode](/source/Bibcode_(identifier)):[2005LNCS.3705..163B](https://ui.adsabs.harvard.edu/abs/2005LNCS.3705..163B). [doi](/source/Doi_(identifier)):[10.1007/11580850_10](https://doi.org/10.1007%2F11580850_10). [ISBN](/source/ISBN_(identifier)) [978-3-540-30007-6](https://en.wikipedia.org/wiki/Special:BookSources/978-3-540-30007-6).

1. **[^](#cite_ref-2)** Chappell, David (1999). ["Exploring Kerberos, the Protocol for Distributed Security in Windows 2000"](https://web.archive.org/web/20170815043157/https://www.microsoft.com/msj/0899/kerberos/kerberos.aspx). *Microsoft Systems Journal*. Archived from [the original](https://www.microsoft.com/msj/0899/kerberos/kerberos.aspx) on 2017-08-15.

1. **[^](#cite_ref-3)** Steiner, J. G.; Neuman, B. C.; Schiller, J. I. (February 1988). ["Kerberos: An Authentication Service for Open Network Systems"](https://web.archive.org/web/20100806141601/http://clifford.neuman.name/publications/1988/198802-Usenix-Kerberos/198802-Usenix-Steiner-Neuman-Schiller-Kerberos.pdf) (PDF). *Proceedings of the Winter 1988 Usenix Conference*. Usenix. Berkeley, CA: USENIX Association. pp. 191–201. Archived from [the original](http://clifford.neuman.name/publications/1988/198802-Usenix-Kerberos/198802-Usenix-Steiner-Neuman-Schiller-Kerberos.pdf) (PDF) on 2010-08-06. Retrieved 2009-06-10.

1. **[^](#cite_ref-4)** Davis, Don; Swick, Ralph (1989-03-17). [*Workstation Services and Kerberos Authentication at Project Athena*](ftp://athena-dist.mit.edu/pub/ATHENA/kerberos/doc/user2user.ps) (PS). p. 1. Retrieved 2009-06-10. …our notation follows Steiner, Neuman, & Schiller,…

This cryptography-related article is a stub. You can help Wikipedia by adding missing information.

- [v](https://en.wikipedia.org/wiki/Template:Crypto-stub)
- [t](/source/Template_talk%3ACrypto-stub)
- [e](https://en.wikipedia.org/wiki/Special:EditPage/Template:Crypto-stub)

---
Adapted from the Wikipedia article [Security protocol notation](https://en.wikipedia.org/wiki/Security_protocol_notation) by Wikipedia contributors ([contributor history](https://en.wikipedia.org/wiki/Security_protocol_notation?action=history)). Available under [Creative Commons Attribution-ShareAlike 4.0 International](https://creativecommons.org/licenses/by-sa/4.0/). Changes may have been made.