In its simplest form, an identification protocol involves the presentation or submission of some information (a “secret value”) from a claimant to a verifier (see Identification). Challenge–response identification is an extension in which the information submitted by the claimant is the function of both a secret value known to the claimant (sometimes called a “prover”), and a challenge value received from the verifier (or “challenger”).
Such a challenge–response protocol proceeds as follows. A verifier V generates and sends a challenge value c to the claimant C. Using his/her secret value s and appropriate function f(), C computes the response value \(v=f {\rm (}c,s{\rm )}\), and returns v to V. V verifies the response value v, and if successful, the claim is accepted. Choices for the challenge value c, and additionally options for the function f() and secret s are discussed below.
Challenge–response identification is an improvement over simpler identification because it offers...