Alice and Bob

Last updated

Example scenario where communication between Alice and Bob is intercepted by Mallory Alice-bob-mallory.jpg
Example scenario where communication between Alice and Bob is intercepted by Mallory

Alice and Bob are fictional characters commonly used as placeholders in discussions about cryptographic systems and protocols, [1] and in other science and engineering literature where there are several participants in a thought experiment. The Alice and Bob characters were invented by Ron Rivest, Adi Shamir, and Leonard Adleman in their 1978 paper "A Method for Obtaining Digital Signatures and Public-key Cryptosystems". [2] Subsequently, they have become common archetypes in many scientific and engineering fields, such as quantum cryptography, game theory and physics. [3] As the use of Alice and Bob became more widespread, additional characters were added, sometimes each with a particular meaning. These characters do not have to refer to people; they refer to generic agents which might be different computers or even different programs running on a single computer.

Contents

Overview

An example of an "Alice and Bob" used in cryptography Public key shared secret.svg
An example of an "Alice and Bob" used in cryptography

Alice and Bob are the names of fictional characters used for convenience and to aid comprehension. For example, "How can Bob send a private message M to Alice in a public-key cryptosystem?" [2] is believed to be easier to describe and understand than if the hypothetical people were simply named A and B as in "How can B send a private message M to A in a public-key cryptosystem?"

The names are conventional, and where relevant may use an alliterative mnemonic such as "Mallory" for "malicious" to associate the name with the typical role of that person.

History

Scientific papers about thought experiments with several participants often used letters to identify them: A, B, C, etc.

The first mention of Alice and Bob in the context of cryptography was in Rivest, Shamir, and Adleman's 1978 article "A method for obtaining digital signatures and public-key cryptosystems." [2] They wrote, "For our scenarios we suppose that A and B (also known as Alice and Bob) are two users of a public-key cryptosystem". [2] :121 Previous to this article, cryptographers typically referred to message senders and receivers as A and B, or other simple symbols. In fact, in the two previous articles by Rivest, Shamir, and Adleman, introducing the RSA cryptosystem, there is no mention of Alice and Bob. [4] [5] The choice of the first three names may have come from the film Bob & Carol & Ted & Alice . [6]

Within a few years, however, references to Alice and Bob in cryptological literature became a common trope. Cryptographers would often begin their academic papers with reference to Alice and Bob. For instance, Michael Rabin began his 1981 paper, "Bob and Alice each have a secret, SB and SA, respectively, which they want to exchange." [7] Early on, Alice and Bob were starting to appear in other domains, such as in Manuel Blum's 1981 article, "Coin Flipping by Telephone: A Protocol for Solving Impossible Problems," which begins, "Alice and Bob want to flip a coin by telephone." [8]

Although Alice and Bob were invented with no reference to their personality, authors soon began adding colorful descriptions. In 1983, Blum invented a backstory about a troubled relationship between Alice and Bob, writing, "Alice and Bob, recently divorced, mutually distrustful, still do business together. They live on opposite coasts, communicate mainly by telephone, and use their computers to transact business over the telephone." [9] In 1984, John Gordon delivered his famous [10] "After Dinner Speech" about Alice and Bob, which he imagines to be the first "definitive biography of Alice and Bob." [11]

In addition to adding backstories and personalities to Alice and Bob, authors soon added other characters, with their own personalities. The first to be added was Eve, the "eavesdropper." Eve was invented in 1988 by Charles Bennet, Gilles Brassard, and Jean-Marc Robert, in their paper, "Privacy Amplification by Public Discussion." [12] In Bruce Schneier's book Applied Cryptography, other characters are listed. [13]

Cast of characters

Cryptographic systems

The most common characters are Alice and Bob. Eve, Mallory, and Trent are also common names, and have fairly well-established "personalities" (or functions). The names often use alliterative mnemonics (for example, Eve, "eavesdropper"; Mallory, "malicious") where different players have different motives. Other names are much less common and more flexible in use. Sometimes the genders are alternated: Alice, Bob, Carol, Dave, Eve, etc. [14]

Alice and BobThe original, generic characters. Generally, Alice and Bob want to exchange a message or cryptographic key.
Carol, Carlos or CharlieA generic third participant.
Chuck or ChadA third participant, usually of malicious intent. [15]
CraigA password cracker, often encountered in situations with stored passwords.
Dan, Dave or DavidA generic fourth participant.
ErinA generic fifth participant, but rarely used, as "E" is usually reserved for Eve.
Eve or YvesAn eavesdropper , who is usually a passive attacker. While they can listen in on messages between Alice and Bob, they cannot modify them. In quantum cryptography, Eve may also represent the environment.[ clarification needed ]
FaytheA trusted advisor , courier or intermediary. Faythe is used infrequently, and is associated with faith and faithfulness. Faythe may be a repository of key service or courier of shared secrets.[ citation needed ]
FrankA generic sixth participant.
GraceA government representative. For example, Grace may try to force Alice or Bob to implement backdoors in their protocols. Grace may also deliberately weaken standards. [16]
HeidiA mischievous designer for cryptographic standards, but rarely used. [17]
IvanAn issuer, mentioned first by Ian Grigg in the context of Ricardian contracts. [18]
JudyA judge who may be called upon to resolve a potential dispute between participants. See Judge Judy.
Mallory [19] [20] [21] or (less commonly) Mallet [22] [23] [24] [25] or Darth [26] A malicious attacker. Associated with Trudy, an intruder. Unlike the passive Eve, Mallory is an active attacker (often used in man-in-the-middle attacks), who can modify messages, substitute messages, or replay old messages. The difficulty of securing a system against a Mallory is much greater than against an Eve.
Michael or MikeUsed as an alternative to the eavesdropper Eve, from microphone .
NiajUsed as an alternative to the eavesdropper Eve in several South Asian nations. [27]
OliviaAn oracle , who responds to queries from other participants. Olivia often acts as a "black box" with some concealed state or information, or as a random oracle.
OscarAn opponent, similar to Mallory, but not necessarily malicious.
Peggy or PatA prover, who interacts with the verifier to show that the intended transaction has actually taken place. Peggy is often found in zero-knowledge proofs.
RupertA repudiator who appears for interactions that desire non-repudiation.
SybilA pseudonymous attacker, who usually uses a large number of identities. For example, Sybil may attempt to subvert a reputation system. See Sybil attack.
Trent or TedA trusted arbitrator , who acts as a neutral third party.
TrudyAn intruder.
Victor [19] or Vanna [28] A verifier, who requires proof from the prover.
WalterA warden , who may guard Alice and Bob.
WendyA whistleblower , who is an insider with privileged access capable of divulging information.

Interactive proof systems

For interactive proof systems there are other characters:

Arthur and MerlinMerlin provides answers, and Arthur asks questions. [29] Merlin has unbounded computational ability (like the wizard Merlin). In interactive proof systems, Merlin claims the truth of a statement, and Arthur (like King Arthur), questions him to verify the claim.
Paul and CarolePaul asks questions, and Carole provides answers. In the solution of the Twenty Questions problem, [30] Paul (standing in for Paul Erdős) asked questions and Carole (an anagram of "oracle") answered them. Paul and Carole were also used in combinatorial games, in the roles of pusher and chooser. [31]
Arthur and BerthaArthur is the "left", "black", or "vertical" player, and Bertha is the "right", "white", or "horizontal" player in a combinatorial game. Additionally, Arthur, given the same outcome, prefers a game to take the fewest moves, while Bertha prefers a game to take the most moves. [32]

Physics

The names Alice and Bob are often used to name the participants in thought experiments in physics. [33] [34] More alphabetical names, usually of alternating gender, are used as required, e.g. "Alice and Bob (and Carol and Dick and Eve)". [35]

In experiments involving robotic systems, the terms "Alice Robot" and "Bob Robot" refer to mobile platforms responsible for transmitting quantum information and receiving it with quantum detectors, respectively, within the context of the field of quantum robotics. [36] [37] [38] [39] [40] [41]

See also

Related Research Articles

<span class="mw-page-title-main">Diffie–Hellman key exchange</span> Method of exchanging cryptographic keys

Diffie–Hellman (DH) key exchange is a mathematical method of securely generating a symmetric cryptographic key over a public channel and was one of the first public-key protocols as conceived by Ralph Merkle and named after Whitfield Diffie and Martin Hellman. DH is one of the earliest practical examples of public key exchange implemented within the field of cryptography. Published in 1976 by Diffie and Hellman, this is the earliest publicly known work that proposed the idea of a private key and a corresponding public key.

<span class="mw-page-title-main">Public-key cryptography</span> Cryptographic system with public and private keys

Public-key cryptography, or asymmetric cryptography, is the field of cryptographic systems that use pairs of related keys. Each key pair consists of a public key and a corresponding private key. Key pairs are generated with cryptographic algorithms based on mathematical problems termed one-way functions. Security of public-key cryptography depends on keeping the private key secret; the public key can be openly distributed without compromising security.

RSA (Rivest–Shamir–Adleman) is a public-key cryptosystem, one of the oldest widely used for secure data transmission. The initialism "RSA" comes from the surnames of Ron Rivest, Adi Shamir and Leonard Adleman, who publicly described the algorithm in 1977. An equivalent system was developed secretly in 1973 at Government Communications Headquarters (GCHQ), the British signals intelligence agency, by the English mathematician Clifford Cocks. That system was declassified in 1997.

Quantum key distribution (QKD) is a secure communication method that implements a cryptographic protocol involving components of quantum mechanics. It enables two parties to produce a shared random secret key known only to them, which then can be used to encrypt and decrypt messages. The process of quantum key distribution is not to be confused with quantum cryptography, as it is the best-known example of a quantum-cryptographic task.

A key in cryptography is a piece of information, usually a string of numbers or letters that are stored in a file, which, when processed through a cryptographic algorithm, can encode or decode cryptographic data. Based on the used method, the key can be different sizes and varieties, but in all cases, the strength of the encryption relies on the security of the key being maintained. A key's security strength is dependent on its algorithm, the size of the key, the generation of the key, and the process of key exchange.

<span class="mw-page-title-main">Adi Shamir</span> Israeli cryptographer (born 1952)

Adi Shamir is an Israeli cryptographer and inventor. He is a co-inventor of the Rivest–Shamir–Adleman (RSA) algorithm, a co-inventor of the Feige–Fiat–Shamir identification scheme, one of the inventors of differential cryptanalysis and has made numerous contributions to the fields of cryptography and computer science.

<span class="mw-page-title-main">Digital signature</span> Mathematical scheme for verifying the authenticity of digital documents

A digital signature is a mathematical scheme for verifying the authenticity of digital messages or documents. A valid digital signature on a message gives a recipient confidence that the message came from a sender known to the recipient.

<span class="mw-page-title-main">Ron Rivest</span> American cryptographer

Ronald Linn Rivest is an American cryptographer and computer scientist whose work has spanned the fields of algorithms and combinatorics, cryptography, machine learning, and election integrity. He is an Institute Professor at the Massachusetts Institute of Technology (MIT), and a member of MIT's Department of Electrical Engineering and Computer Science and its Computer Science and Artificial Intelligence Laboratory.

Articles related to cryptography include:

Key/Config-authentication is used to solve the problem of authenticating the keys of a person that some other person is talking to or trying to talk to. In other words, it is the process of assuring that the key of "person A", held by "person B", does in fact belong to "person A" and vice versa.

A cryptosystem is considered to have information-theoretic security if the system is secure against adversaries with unlimited computing resources and time. In contrast, a system which depends on the computational cost of cryptanalysis to be secure is called computationally, or conditionally, secure.

Mental poker is the common name for a set of cryptographic problems that concerns playing a fair game over distance without the need for a trusted third party. The term is also applied to the theories surrounding these problems and their possible solutions. The name comes from the card game poker which is one of the games to which this kind of problem applies. Similar problems described as two party games are Blum's flipping a coin over a distance, Yao's Millionaires' Problem, and Rabin's oblivious transfer.

BB84 is a quantum key distribution scheme developed by Charles Bennett and Gilles Brassard in 1984. It is the first quantum cryptography protocol. The protocol is provably secure assuming a perfect implementation, relying on two conditions: (1) the quantum property that information gain is only possible at the expense of disturbing the signal if the two states one is trying to distinguish are not orthogonal ; and (2) the existence of an authenticated public classical channel. It is usually explained as a method of securely communicating a private key from one party to another for use in one-time pad encryption. The proof of BB84 depends on a perfect implementation. Side channel attacks exist, taking advantage of non-quantum sources of information. Since this information is non-quantum, it can be intercepted without measuring or cloning quantum particles.

<span class="mw-page-title-main">Cryptography</span> Practice and study of secure communication techniques

Cryptography, or cryptology, is the practice and study of techniques for secure communication in the presence of adversarial behavior. More generally, cryptography is about constructing and analyzing protocols that prevent third parties or the public from reading private messages. Modern cryptography exists at the intersection of the disciplines of mathematics, computer science, information security, electrical engineering, digital signal processing, physics, and others. Core concepts related to information security are also central to cryptography. Practical applications of cryptography include electronic commerce, chip-based payment cards, digital currencies, computer passwords, and military communications.

Identity-based cryptography is a type of public-key cryptography in which a publicly known string representing an individual or organization is used as a public key. The public string could include an email address, domain name, or a physical IP address.

Quantum cryptography is the science of exploiting quantum mechanical properties to perform cryptographic tasks. The best known example of quantum cryptography is quantum key distribution, which offers an information-theoretically secure solution to the key exchange problem. The advantage of quantum cryptography lies in the fact that it allows the completion of various cryptographic tasks that are proven or conjectured to be impossible using only classical communication. For example, it is impossible to copy data encoded in a quantum state. If one attempts to read the encoded data, the quantum state will be changed due to wave function collapse. This could be used to detect eavesdropping in quantum key distribution (QKD).

Knapsack cryptosystems are cryptosystems whose security is based on the hardness of solving the knapsack problem. They remain quite unpopular because simple versions of these algorithms have been broken for several decades. However, that type of cryptosystem is a good candidate for post-quantum cryptography.

Quantum secret sharing (QSS) is a quantum cryptographic scheme for secure communication that extends beyond simple quantum key distribution. It modifies the classical secret sharing (CSS) scheme by using quantum information and the no-cloning theorem to attain the ultimate security for communications.

Quantum robotics is an interdisciplinary field that investigates the intersection of robotics and quantum mechanics. This field, in particular, explores the applications of quantum phenomena such as quantum entanglement within the realm of robotics. Examples of its applications include quantum communication in multi-agent cooperative robotic scenarios, the use of quantum algorithms in performing robotics tasks, and the integration of quantum devices in robotic systems.

References

  1. R. Shirey (August 2007). Internet Security Glossary, Version 2. Network Working Group. doi: 10.17487/RFC4949 . RFC 4949.Informational.
  2. 1 2 3 4 Rivest, Ron L.; Shamir, Adi; Adleman, Len (February 1, 1978). "A Method for Obtaining Digital Signatures and Public-key Cryptosystems". Communications of the ACM. 21 (2): 120–126. CiteSeerX   10.1.1.607.2677 . doi:10.1145/359340.359342. ISSN   0001-0782. S2CID   2873616.
  3. Newton, David E. (1997). Encyclopedia of Cryptography. Santa Barbara California: Instructional Horizons, Inc. p. 10.
  4. Rivest, Ron L.; Shamir, Adi; Adleman, Len (April 1977). On Digital Signatures and Public-Key Cryptosystems. Cambridge MA: Massachusetts Institute of Technology.
  5. Rivest, Ron L.; Shamir, Adi; Adleman, Len (September 20, 1983) [1977]. Cryptographic Communications System and Method. Cambridge MA. 4405829.{{cite book}}: CS1 maint: location missing publisher (link)
  6. Brown, Bob (February 7, 2005). "Security's inseparable couple: Alice & Bob". NetworkWorld.
  7. Rabin, Michael O. (1981). How to exchange secrets with oblivious transfer. Aiken Computation Lab, Harvard University. Technical Report TR-81.
  8. Blum, Manuel (November 10, 1981). "Coin Flipping by Telephone a Protocol for Solving Impossible Problems". ACM SIGACT News. 15 (1): 23–27. doi: 10.1145/1008908.1008911 . S2CID   19928725.
  9. Blum, Manuel (1983). "How to exchange (Secret) keys". ACM Transactions on Computer Systems. 1 (2): 175–193. doi: 10.1145/357360.357368 . S2CID   16304470.
  10. Cattaneoa, Giuseppe; De Santisa, Alfredo; Ferraro Petrillo, Umberto (April 2008). "Visualization of cryptographic protocols with GRACE". Journal of Visual Languages & Computing. 19 (2): 258–290. doi:10.1016/j.jvlc.2007.05.001.
  11. Gordon, John (April 1984). "The Alice and Bob After Dinner Speech". Zurich.
  12. Bennett, Charles H.; Brassard, Gilles; Robert, Jean-Marc (1988). "Privacy Amplification by Public Discussion". SIAM Journal on Computing. 17 (2): 210–229. doi:10.1137/0217014. S2CID   5956782.
  13. Schneier, Bruce (2015). Applied Cryptography: Protocols, Algorithms and Source Code in C. Hoboken, NJ: John Wiley & Sons. ISBN   978-0-471-59756-8.
  14. Xue, Peng; Wang, Kunkun; Wang, Xiaoping (2017). "Efficient multiuser quantum cryptography network based on entanglement". Scientific Reports. 7 (1): 45928. Bibcode:2017NatSR...745928X. doi: 10.1038/srep45928 . ISSN   2045-2322. PMC   5379677 . PMID   28374854. An example from quantum cryptography with Alice, Bob, Carol, and David.
  15. Tanenbaum, Andrew S. (2007). Distributed Systems: Principles and Paradigms. Pearson Prentice Hall. p. 171;399402. ISBN   978-0-13-239227-3.
  16. Cho, Hyunghoon; Ippolito, Daphne; Yun William Yu (2020). "Contact Tracing Mobile Apps for COVID-19: Privacy Considerations and Related Trade-offs". arXiv: 2003.11511 [cs.CR].
  17. Fried, Joshua; Gaudry, Pierrick; Heninger, Nadia; Thomé, Emmanuel (2017). "A Kilobit Hidden SNFS Discrete Logarithm Computation". Advances in Cryptology – EUROCRYPT 2017 (PDF). Lecture Notes in Computer Science. Vol. 10, 210. University of Pennsylvania and INRIA, CNRS, University of Lorraine. pp. 202–231. arXiv: 1610.02874 . doi:10.1007/978-3-319-56620-7_8. ISBN   978-3-319-56619-1. S2CID   12341745 . Retrieved October 12, 2016.
  18. Grigg, Ian (November 24, 2002). "Ivan The Honourable". iang.org.
  19. 1 2 Schneier, Bruce (1996). Applied Cryptography: Protocols, Algorithms, and Source Code in C (Second ed.). Wiley. p. 23. ISBN   978-0-471-11709-4. Table 2.1: Dramatis Personae.
  20. Szabo, Nick (September 1997). "Formalizing and Securing Relationships on Public Networks". First Monday. 2 (9). doi: 10.5210/fm.v2i9.548 . S2CID   33773111.
  21. Schneier, Bruce (September 23, 2010), "Who are Alice & Bob?", YouTube, archived from the original on December 22, 2021, retrieved May 2, 2017
  22. Schneier, Bruce (1994). Applied Cryptography: Protocols, Algorithms, and Source Code in C. Wiley. p. 44. ISBN   978-0-471-59756-8. Mallet can intercept Alice's database inquiry, and substitute his own public key for Alice's. He can do the same to Bob.
  23. Perkins, Charles L.; et al. (2000). Firewalls: 24seven. Network Press. p. 130. ISBN   9780782125290. Mallet maintains the illusion that Alice and Bob are talking to each other rather than to him by intercepting the messages and retransmitting them.
  24. LaMacchia, Brian (2002). .NET Framework Security. Addison-Wesley. p. 616. ISBN   9780672321849. Mallet represents an active adversary that not only listens to all communications between Alice and Bob but can also modify the contents of any communication he sees while it is in transit.
  25. Dolev, Shlomi, ed. (2009). Algorithmic Aspects of Wireless Sensor Networks. Springer. p. 67. ISBN   9783642054334. We model key choices of Alice, Bob and adversary Mallet as independent random variables A, B and M [...]
  26. Stallings, William (1998). Cryptography and Network Security: Principles and Practice. Pearson. p. 317. ISBN   978-0133354690. Suppose Alice and Bob wish to exchange keys, and Darth is the adversary.
  27. "A Collaborative Access Control Framework for Online Social Networks" (PDF).
  28. Lund, Carsten; et al. (1992). "Algebraic Methods for Interactive Proof Systems". Journal of the ACM. 39 (4): 859–868. CiteSeerX   10.1.1.41.9477 . doi:10.1145/146585.146605. S2CID   207170996.
  29. Babai, László; Moran, Shlomo (April 1988). "Arthur-Merlin games: A randomized proof system, and a hierarchy of complexity classes". Journal of Computer and System Sciences . 36 (2): 254–276. doi: 10.1016/0022-0000(88)90028-1 .
  30. Spencer, Joel; Winkler, Peter (1992), "Three Thresholds for a Liar", Combinatorics, Probability and Computing, 1 (1): 81–93, doi:10.1017/S0963548300000080, S2CID   45707043
  31. Muthukrishnan, S. (2005). Data Streams: Algorithms and Applications. Now Publishers. p. 3. ISBN   978-1-933019-14-7.[ permanent dead link ]
  32. Conway, John Horton (2000). On Numbers and Games. CRC Press. pp. 71, 175, 176. ISBN   9781568811277.
  33. "Alice and Bob communicate without transferring a single photon". physicsworld.com. April 16, 2013. Retrieved June 19, 2017.
  34. Frazier, Matthew; Taddese, Biniyam; Antonsen, Thomas; Anlage, Steven M. (February 7, 2013). "Nonlinear Time Reversal in a Wave Chaotic System". Physical Review Letters. 110 (6): 063902. arXiv: 1207.1667 . Bibcode:2013PhRvL.110f3902F. doi:10.1103/physrevlett.110.063902. PMID   23432243. S2CID   35907279.
  35. David Mermin, N. (March 5, 2000). "209: Notes on Special Relativity" (PDF). An example with several names.
  36. Farbod Khoshnoud, Lucas Lamata, Clarence W. De Silva, Marco B. Quadrelli, Quantum Teleportation for Control of Dynamic Systems and Autonomy, Journal of Mechatronic Systems and Control, Volume 49, Issue 3, pp. 124-131, 2021.
  37. Lamata, Lucas; Quadrelli, Marco B.; de Silva, Clarence W.; Kumar, Prem; Kanter, Gregory S.; Ghazinejad, Maziar; Khoshnoud, Farbod (October 12, 2021). "Quantum Mechatronics". Electronics. 10 (20): 2483. doi: 10.3390/electronics10202483 .
  38. Farbod Khoshnoud, Maziar Ghazinejad, Automated quantum entanglement and cryptography for networks of robotic systems, IEEE/ASME International Conference on Mechatronic and Embedded Systems and Applications (MESA), IDETC-CIE 2021, Virtual Conference: August 17 – 20, DETC2021-71653, 2021.
  39. Khoshnoud, Farbod; Aiello, Clarice; Quadrelli, Bruno; Ghazinejad, Maziar; De Silva, Clarence; Khoshnoud, Farbod; Bahr, Behnam; Lamata, Lucas (April 23, 2021). Modernizing Mechatronics course with Quantum Engineering. 2021 ASEE Pacific Southwest Conference - "Pushing Past Pandemic Pedagogy: Learning from Disruption". ASEE Conferences. doi: 10.18260/1-2--38241 . PDF
  40. Khoshnoud, Farbod; Esat, Ibrahim I.; de Silva, Clarence W.; Quadrelli, Marco B. (April 2019). "Quantum Network of Cooperative Unmanned Autonomous Systems". Unmanned Systems. 07 (2): 137–145. doi:10.1142/S2301385019500055. ISSN   2301-3850. S2CID   149842737 . Retrieved September 7, 2023.
  41. Farbod Khoshnoud, Marco B. Quadrelli, Enrique Galvez, Clarence W. de Silva, Shayan Javaherian, B. Bahr, M. Ghazinejad, A. S. Eddin, M. El-Hadedy, Quantum Brain-Computer Interface, ASEE PSW, 2023, in press.