Quiz Entry - updated: 2026.06.25
Besides signing, what's the second flavour of asymmetric challenge-response authentication?
Encryption variant: Bob encrypts a random value R with Alice's public key; Alice decrypts with her private key and returns R.
The flow:
- Setup: Alice has
(sk, pk). Bob has Alice'spk. - Login:
- Alice → Bob:
"I'm Alice" - Bob picks random
R, sendschallenge = ENC(pk, R) - Alice:
R = DEC(sk, challenge), sends backR - Bob checks the returned
Rmatches what he encrypted.
- Alice → Bob:
Same security properties as the signing variant:
- Only Alice can decrypt
challenge(she's the only one withsk). - Bob can't impersonate Alice — he doesn't have
sk.
Why both flavours exist:
- Signing is generally preferred in modern protocols (TLS, FIDO2, WebAuthn) because signatures are self-contained, non-repudiable, and don't require the verifier to keep state during the challenge.
- Encryption of a challenge is conceptually simpler and was used in older protocols; it's less common today.