0Pricing
Cryptology Academy · Lesson

Why Informal Proofs Are Not Enough

Study protocol failures (Needham-Schroeder, WEP) caused by subtle flaws.

The Gap Between Design and Security

Protocol designers routinely produce informal security arguments — prose reasoning about why an attacker cannot succeed. History shows these arguments are frequently wrong, even for expert-designed protocols.

The Needham-Schroeder Protocol Failure

Needham-Schroeder (1978) was designed for mutual authentication. In 1995, Gavin Lowe found a man-in-the-middle attack using automated verification — 17 years after publication. The informal proof missed a subtle replay.

All lessons in this course

  1. Why Informal Proofs Are Not Enough
  2. Dolev-Yao Attacker Model & Symbolic Crypto
  3. ProVerif: Automated Protocol Verification
  4. Tamarin & Computational Proofs
← Back to Cryptology Academy