LOGBOOK

HELP

1 / 34
Other keys: showSpace: good1-4: rate0: skip5: flag6: invert

Question

What is the difference between a cryptographic algorithm and a cryptographic protocol?

Answer

An algorithm is a finite, well-defined sequence of steps that solves a specific problem (a single computation). A protocol is a set of rules for communication between multiple parties — specifying which messages are exchanged, in what order, and which algorithms are used inside.

Algorithm Protocol
Performed by One party (one machine) Two or more parties, communicating
Output A computed value (ciphertext, hash, signature, …) A negotiated state (a shared key, an authenticated session, a signed agreement, …)
Examples SHA-256, AES, RSA TLS, Kerberos, Signal protocol, e-voting protocol

The food analogy:

  • An algorithm is like a recipe — fixed steps you follow to bake a cake.
  • A protocol is like a multi-course meal at a restaurant — the rules of "waiter brings menu, customer orders, chef cooks, waiter delivers, customer pays" that coordinate multiple actors.

Why this distinction matters in security review:

  • Algorithm security is about mathematical hardness (Is factoring large n infeasible? Is the S-box non-linear enough?). Decades of focused academic analysis vet a small number of well-known algorithms.
  • Protocol security is about interactions (Can an attacker replay a message? Reorder them? Strip a signature? Trick parties into using a weaker option?). Most real-world breaks are protocol-level even when the underlying algorithms are unbroken.

Tip: A common engineering mistake is "we use AES, so we're secure". AES is just an algorithm — without a correct protocol around it (mode of operation, IV management, key exchange, MAC, replay protection), you have a building block, not a system. Use vetted protocols (TLS 1.3, Signal, age) rather than rolling your own.

or press any other key