Horton Principle

From Wikipedia, the free encyclopedia
Jump to navigation Jump to search

The Horton Principle is a design rule for cryptographic systems and can be expressed as "Authenticate what is being meant, not what is being said".[1] The principle is named after the title character in the Dr. Seuss children's book Horton Hatches the Egg.[1][2]

The Horton Principle becomes important when using Message Authentication Codes (or MACs) in a cryptographic system. Suppose Alice wants to send a message to Bob, and she uses a MAC to authenticate a message m that was made by concatenating three data fields, where m := a || b || c. Bob needs to know what rules Alice used to create the message in order to split m back into its components, but if he uses the wrong rules then he'll get the wrong values from an authenticated message.

The problem is that the MAC is only authenticating a string of bytes, while Alice and Bob need to authenticate the way the message was constructed as well. If not, then it may be possible for an attacker to substitute a message with a valid MAC but a different meaning.

Systems can manage this problem by adding metadata such as a protocol number or by formatting messages with an explicit structure, such as XML.


  1. ^ a b Ferguson, N., Schneier, B. (2003). Practical Cryptography, p. 109, Indianapolis, Indiana: Wiley Publishing, Inc.
  2. ^ Wagner, David; Schneier, Bruce (April 15, 1997). "Analysis of the SSL 3.0 Protocol". schneier.com.