How Alice & Bob Outsmart Eavesdroppers: A Fun Guide to Encryption, MACs, and Digital Signatures

Background

Introduce the characters involved in the cryptographic scenarios:

Alice – talkative partner who wants to keep secrets.

Bob – silent, technically inclined partner.

Eve – nosy roommate who tries to eavesdrop.

Mallory – malicious attacker who attempts to tamper and impersonate.

Trent – trusted authority who can issue certificates.

How to avoid eavesdropping – Symmetric Encryption

Initially Alice and Bob communicate in plaintext, which Eve can easily listen to. Bob proposes using a shared secret key to encrypt messages. The sender encrypts the plaintext with the key, producing ciphertext that Eve cannot understand; the receiver decrypts with the same key.

Symmetric encryption (secret‑key cryptography) uses the same key for encryption and decryption. Common algorithms include AES, Blowfish, DES, and historic ciphers such as Enigma, Purple, Caesar, and rail‑fence.

How to exchange keys – Asymmetric Encryption

Because securely sharing a secret key is difficult, Bob generates a public‑private key pair. He publishes the public key and keeps the private key. Alice encrypts messages with Bob’s public key; only Bob can decrypt with his private key.

Typical asymmetric algorithms are RSA, DSA, and ECC. Asymmetric encryption is slower, so hybrid schemes that combine asymmetric key exchange with symmetric data encryption are commonly used.

Preventing data tampering – Message Authentication Code (MAC)

Bob and Alice also agree on a secret MAC key. Alice computes a MAC over the message and sends both the message and MAC. Bob recomputes the MAC and verifies equality; any modification causes a mismatch.

MACs can be built from hash functions (HMAC) or block‑cipher modes. Common hash algorithms used for integrity checks include MD5, SHA‑1, SHA‑256, etc.

Verifying identity – MAC

Because only parties sharing the MAC key can produce a valid MAC, an attacker like Mallory cannot forge a message that passes verification.

Further – Digital Signatures

Digital signatures solve the key‑exchange problem for integrity. The sender signs a hash of the message with their private key; the receiver verifies the signature with the sender’s public key. This provides non‑repudiation, ensuring the sender cannot deny the message.

Public‑key certificates

To prevent attackers from substituting public keys, a trusted Certificate Authority (CA) such as Trent issues a certificate binding a public key to an identity. The CA signs the certificate with its own private key; anyone can verify the binding using the CA’s public key.

The infrastructure built on certificates is known as Public‑Key Infrastructure (PKI).