Quiz Entry - updated: 2026.06.01
How does challenge-response with asymmetric cryptography (signature variant) work — and how is it different from the symmetric version?
Alice signs the challenge with her private key; Bob verifies with her public key. Bob never holds anything that lets him impersonate Alice.
The protocol:
- Setup: Alice has a key pair (
sk,pk). Bob gets a copy of her public keypk(only). - Login:
- Alice → Bob:
"I'm Alice" - Bob → Alice:
challenge - Alice → Bob:
response = SIGN(sk, challenge) - Bob:
VERIFY(pk, challenge, response)→ ok / not ok.
- Alice → Bob:
Why it's a strict upgrade on the symmetric version:
- Bob can't impersonate Alice. He only has Alice's public key — useless for signing.
- A server compromise leaks public keys, which are public anyway. The attacker learns nothing useful.
- This solves a deep trust problem with symmetric crypto in big systems: with
nusers, the bank doesn't neednimpersonation-capable secrets sitting in one database.
The certificate variant adds: Alice sends her certificate (a signed binding of her name + public key by a trusted CA) along with the response. Bob then doesn't need to pre-know Alice — he trusts the CA's signature on the certificate.
Tip: This is the same idea underneath TLS client certificates, SSH keys, FIDO2 / passkeys, and PIV/CAC smart cards.