Step 3: Implement the Functions Using Generic Procedures

This step refers to the basic cryptographic building blocks, such as private key encryption, message authentication codes, hash functions, or signature schemas. Defining generic procedures helps you understand which security property of the underlying building block is used to achieve a certain security property of the new system.

The design has to work independently of specific procedures, since it is always possible for individual procedures to be broken. For example, researchers recently found the first attacks on the SHA-1 hash function. Developing a completely new system because individual components have been broken is simply too expensive. Moreover, the insecurity of individual instances does not alter the fact that the concept as such is secure. To illustrate this point, just briefly think about the example of fire protection. Just because the material of an individual door proved not to be fireproof does not mean that the entire strategy, which envisaged a fireproof door at a particular location, is wrong.

Step 4: Formal Mathematical Proof of Security

After the formal specification of the security properties and the design, formal mathematical proof of security follows in the fourth step. This step confirms that the design satisfies the desired safety properties. Formal proof provides a one-to-one mapping between the security properties of the underlying cryptographic building blocks and the security properties that the system is intended to achieve. Formally verifying the security uncovers design flaws. If the security properties of the underlying cryptographic building are not applied, there is a flaw in the design, and there is most likely a more efficient solution.

Step 5: Instantiate the Implementation

Once the formal security of the system has been established, it is necessary to instantiate the generic cryptographic building blocks with specific cryptographic procedures. For example, a generic encryption schema with a private key is introduced, and this building block is implemented in practice using AES. Since generic building blocks work with abstract objects (such as "a private key" or "a ciphertext"), you need to translate these objects into concrete instances. For example, the object "public key encryption scheme" is instantiated with an ElGamal encryption scheme [2].