In cryptography, **security (engineering) protocol notation**, also known as **protocol narrations** and **Alice & Bob notation**, is a way of expressing a protocol of correspondence between entities of a dynamic system, such as a computer network. In the context of a formal model, it allows reasoning about the properties of such a system.

The standard notation consists of a set of principals (traditionally named Alice, Bob, Charlie, and so on) who wish to communicate. They may have access to a server S, shared keys K, timestamps T, and can generate nonces N for authentication purposes.

A simple example might be the following:

A
→
B
:
{
X
}
K
A
,
B
This states that **A**lice intends a message for **B**ob consisting of a plaintext **X** encrypted under shared key **K**_{A,B}.

Another example might be the following:

B
→
A
:
{
N
B
}
K
A
This states that **B**ob intends a message for **A**lice consisting of a **n**once **N**_{B} encrypted using public key of Alice.

A key with two subscripts, **K**_{A,B}, is a symmetric key shared by the two corresponding individuals. A key with one subscript, **K**_{A}, is the public key of the corresponding individual. A private key is represented as the inverse of the public key.

The notation specifies only the operation and not its semantics — for instance, private key encryption and signature are represented identically.

We can express more complicated protocols in such a fashion. See Kerberos as an example. Some sources refer to this notation as *Kerberos Notation*. Some authors consider the notation used by Steiner, Neuman, & Schiller as a notable reference.

Several models exist to reason about security protocols in this way, one of which is BAN logic.