Protocol Game

In case you've missed them, check first the introduction and the adversary.

Symmetric Encryption

In the previous examples, all messages were sent in plain-text, meaning that Eve could intercept all of them, and know their content. The traditional way to avoid this is to use encryption: given a message "m" and a key "K", the message "{m}K" is a cipher-text corresponding to "m" encrypted by "K". We first consider the case of symmetric encryption: only agents who knows the key "K" can encrypt and decrypt using that key.

For instance, consider the following protocol, where we make explicit the initial knowledge of the different agents:

    Knowledge: A:[secret, K], B:[K], E:[]
  1. A -> B : {secret}K

Let us now consider a simple interception attack.

Network stack

Let us first observe that even though Alice's initial knowledge is [secret, K], we automatically added "{secret}K". Indeed, any agent knowing a message "m" and a key "K" can do the encryption and will then know the resulting cipher-text. In general, we try to only add to the knowledge of an agent information that is relevant. For instance, we could also add "{{secret}K}K" or "{K}K" to the knowledge of Alice, however this is not required by the protocol.

Similarly, as soon as Bob receives "{secret}K", we can add "secret" to his knowledge, since he also knows the key "K". On the other hand, since Eve does not know "K", even though she can intercept "{secret}K", she cannot know "secret" since she cannot do the decryption.

Of course, Eve could still block the message "A -> B : secret", so that Bob does not know the secret. Let us consider the case where she tries to send a fake message to Bob, and we add "fake" and "K2" to her initial knowledge.

Network stack

As previously done, we automatically added "{fake}K2" to Eve's knowledge. However, even though Bob knows "{fake}K2", he does not know "fake": if he tries to decrypt "{fake}K2" with the key "K", he would not get "fake" (we consider here that Eve wants Bob to know a precise message "fake", not some random text). It is also important that even if Bob knew "K2", he would try to decrypt with the key "K" as it is what is expected from the protocol.

In the next part, we introduce the interactive console.