Alice and Bob

From Wikipedia, the free encyclopedia
  (Redirected from Alice and bob)
Jump to: navigation, search

Alice and Bob are fictional symbolic characters commonly used in science and engineering literature. The Alice and Bob characters were invented by Ron Rivest, Adi Shamir, and Leonard Adleman in their 1978 paper "A method for obtaining digital signatures and public-key cryptosystems."[1] Subsequently, they have become common archetypes in many scientific and engineering fields, such as quantum cryptography, game theory and physics.[2] The names are used for convenience and to aid comphrension. For example, "How can Bob send a private message M to Alice in a public-key cryptosystem?"[1] is easier to understand than "How can B send a private message M to A in a public-key cryptosystem?" As the use of Alice and Bob became more popular, additional characters were added, each with a particular meaning.


These placeholder names are used for convenience and easier understanding. For example, if a writer wants to explain encrypted emails, the explanation might be:

  1. Alice gets Bob's public key from the company directory.
  2. Alice sends a message to Bob encrypted with Bob's public key.
  3. Bob can use his secret key to unscramble it.

Every reader can intuitively figure out that they themselves could do the same thing as Bob or Alice.

In cryptography and computer security, there are a number of widely used names for the participants in discussions and presentations about various protocols.[3] The names are conventional, somewhat self-suggestive, sometimes humorous, and effectively act as metasyntactic variables.

In typical implementations of these protocols, it is understood that the actions attributed to characters such as Alice or Bob need not always be carried out by human parties directly, but also by a trusted automated agent (such as a computer program) on their behalf.

Cast of characters[edit]

An example of an "Alice and Bob" analogy used in cryptography.
Alice and Bob diagram used to explain public-key cryptography.

This list is drawn mostly from the book Applied Cryptography by Bruce Schneier. Alice and Bob are archetypes in cryptography; Eve is also common. Names further down the alphabet are less common.

  • Alice and Bob. Generally, Alice wants to send a message to Bob. These names were used by Ron Rivest in the 1978 Communications of the ACM article presenting the RSA cryptosystem,[4] and in A Method for Obtaining Digital Signatures and Public-Key Cryptosystems published April 4, 1977, revised September 1, 1977, as technical Memo LCS/TM82.
  • Carol, Carlos or Charlie, as a third participant in communications.
  • Chuck, as a third participant usually of malicious intent.[5]
  • Craig, the password cracker (usually encountered in situations with stored hashed/salted passwords).
  • Dan, Dave or David, a fourth participant.
  • Erin, a fifth participant. (Rarely used; E is usually reserved for Eve.)
  • Eve, an eavesdropper, is usually a passive attacker. While she can listen in on messages between Alice and Bob, she cannot modify them. In quantum cryptography, Eve may also represent the environment.
  • Faythe, a trusted advisor, courier or intermediary (repository of key service, courier of shared secrets. May be a machine role or human role; used infrequently. Faith or Faithful).
  • Frank, a sixth participant (and so on alphabetically).
  • Grace, a government representative. Tries to force Alice and/or Bob into implementing backdoors in their protocols. May also deliberately weaken standards.[citation needed]
  • Heidi (not commonly used), a mischievous designer for crypto standards.[6]
  • Mallet[7][8][9][10] or Mallory,[11] a malicious attacker (less commonly called Trudy, an intruder); unlike the passive Eve, this one is the active man-in-the-middle attacker who can modify messages, substitute their own messages, replay old messages, and so on. The difficulty of securing a system against Mallet/Mallory is much greater than against Eve.
  • Oscar, an opponent, similar to Mallet/Mallory but not necessarily malicious. Could be white-hat but still wants to crack, modify, substitute, or replay messages.[citation needed]
  • Peggy, a prover, and Victor,[11] a verifier, often must interact in some way to show that the intended transaction has actually taken place. They are often found in zero-knowledge proofs. Alternative names for the prover and the verifier are Pat and Vanna[12] after Pat Sajak and Vanna White, the hosts of Wheel of Fortune.
  • Sybil, an attacker who marshals a large number of pseudonymous identities, e.g. to subvert a reputation system. See Sybil attack.
  • Trent or Ted, a trusted arbitrator, is some kind of neutral third party, whose exact role varies with the protocol under discussion.
  • Walter, a warden, may be needed to guard Alice and Bob in some respect, depending on the protocol being discussed.
  • Wendy, a whistleblower, is an insider with privileged access who may be in a position to divulge the information.

Although an interactive proof system is not quite a cryptographic protocol, it is sufficiently related to mention the cast of characters its literature features:

  • Arthur and Merlin: In interactive proof systems, the prover has unbounded computational ability and is hence associated with Merlin, the powerful wizard from the Arthurian legend. He claims the truth of a statement, and Arthur, the wise king, questions him to verify the claim. These two characters also give the name for two complexity classes, namely MA and AM.
  • A similar pair of characters is Paul and Carole. The characters were introduced in the solution of the Twenty Questions problem,[13] where "Paul", who asked questions, stood for Paul Erdős and "Carole", who answered them, was an anagram of "oracle". They were further used in certain combinatorial games in the roles of Pusher and Chooser respectively, and have since been used in various roles.[14]
  • Arthur and Bertha are players in a combinatorial game. Arthur represents the "Left", "Black", or "Vertical" player. Bertha represents the "Right", "White", or "Horizontal" player. Additionally, Arthur, given the same outcome, prefers a game to take the fewest number of moves. Bertha likewise prefers a game to take the most number of moves.[15]

See also[edit]


  1. ^ a b Rivest, R. L.; Shamir, A.; Adleman, L. (1978-02-01). "A Method for Obtaining Digital Signatures and Public-key Cryptosystems". Commun. ACM. 21 (2): 120–126. doi:10.1145/359340.359342. ISSN 0001-0782. 
  2. ^ Newton, David E. (1997). Encyclopedia of Cryptography. Santa Barbara California: Instructional Horizons, Inc. p. 10. 
  3. ^ RFC 4949
  4. ^ "Security's inseparable couple". Network World. February 7, 2005. 
  5. ^ Tanenbaum, Andrew S. (2007), Distributed Systems: Principles and Paradigms, Pearson Prentice Hall, p. 171;399–402, ISBN 978-0-13-239227-3  External link in |publisher= (help)
  6. ^ Fried, Joshua; Gaudry, Pierrick; Heninger, Nadia; Thomé, Emmanuel. "A kilobit hidden SNFS discrete logarithm computation" (PDF). University of Pennsylvania and INRIA, CNRS, University of Lorraine. Retrieved 2016-10-12. 
  7. ^ Bruce Schneier (1994), Applied Cryptography: Protocols, Algorithms, and Source Code in C, Wiley, ISBN 9780471597568, p. 44: "Mallet can intercept Alice's database inquiry, and substitute his own public key for Alice's. He can do the same to Bob."
  8. ^ Charles L. Perkins et al. (2000), Firewalls: 24seven, Network Press, ISBN 9780782125290, p. 130: "Mallet maintains the illusion that Alice and Bob are talking to each other rather than to him by intercepting the messages and retransmitting them."
  9. ^ Brian LaMacchia (2002), .NET Framework Security, Addison-Wesley, ISBN 9780672321849, p. 616: "Mallet represents an active adversary that not only listens to all communications between Alice and Bob but can also modify the contents of any communication he sees while it is in transit."
  10. ^ Shlomi Dolev, ed. (2009), Algorithmic Aspects of Wireless Sensor Networks, Springer, ISBN 9783642054334, p. 67: "We model key choices of Alice, Bob and adversary Mallet as independent random variables A, B and M [...]"
  11. ^ a b Bruce Schneier (1996), Applied Cryptography: Protocols, Algorithms, and Source Code in C, Second Edition, Wiley, ISBN 9780471117094, p. 23: Table 2.1: Dramatis Personae
  12. ^ Carsten Lund; et al. (1992). "Algebraic Methods for Interactive Proof Systems". J. ACM. ACM. 39 (4): 859–868. doi:10.1145/146585.146605. 
  13. ^ Spencer, Joel; Winkler, Peter (1992), "Three Thresholds for a Liar", Combinatorics, Probability and Computing, 1 (01): 81–93, doi:10.1017/S0963548300000080 
  14. ^ Muthukrishnan, S. (2005), Data Streams: Algorithms and Applications, Now Publishers, p. 3, ISBN 978-1-933019-14-7  External link in |publisher= (help)
  15. ^ Conway, John Horton (2000). On Numbers and Games. CRC Press. pp. 71, 175, 176. ISBN 9781568811277. 

Further reading[edit]

  • C.H. Lindsey, Regulation of Investigatory Powers Bill: Some Scenarios, 2000

External links[edit]