In che modo l'autenticazione OTR utilizzando "Domanda e risposta" protegge contro MiTM?

Un riferimento abbastanza leggibile è Protocollo del milionario sociale in OTR .

Puoi anche leggere l'analogia molto più facilmente comprensibile in Spiegalo come se avessi cinque anni: il problema dei milionari socialisti e il calcolo multipartito sicuro .

La sezione pertinente è la seguente:

Suppose Alice and Bob each might be making either 10, 20, 30, or 40 $/hour. We’ll arbitrarily say that Alice makes 30$/hour and Bob makes 20$/hour.

Bob goes to an office supply store and buys four lockable suggestion boxes (with different matching keys). He labels the four boxes as 10$, 20$, 30$, and 40$.

1 Bob discards all of the keys except the key for the 20$ box (because that’s how much he makes per hour).

2 Bob discards all but the 20$ key

3 Bob gives the locked suggestion boxes to Alice. In private, Alice puts a slip of paper saying ‘yes’ into the 30$ box (because that’s how much she makes per hour). She puts slips of paper saying ‘no’ into the other boxes.

4 Alice gives the boxes back to Bob. In private, Bob uses his key to unlock the 20$ box and get the slip of paper inside.

5 Bob sees that the slip of paper says ‘no’, meaning Alice doesn’t make 20$/hour like he does. He tells Alice they don’t make the same amount of money.

6 Bob now knows that Alice doesn’t make 20$/hour, but hasn’t learned if she makes 10, 30, or 40 $/hour. Similarly, Alice now knows Bob doesn’t make 30$/hour, but hasn’t learned if he makes 10, 20, or 40 $/hour.

The technical term for what Alice and Bob did in the previous example is oblivious transfer. Alice transferred many messages to Bob, but is oblivious to which single message Bob received. Alice sent an answer for every possible amount of money Bob might make, but Bob only received the answer corresponding to how much money he actually makes.