appendix h decoding cryptographic protocol discussions -- who are these people!? The cryptographic literature, including many of the books listed as references in this paper, has a very peculiar tone. It's always the same people sending messages back and forth. They are made to stand in for all other potential message senders and receivers, from large corporations to computer software modules. That saves time and simplifies the discussion, but who are they? This is a list of those mysterious people and their cryptographic discussion functions. Alice is generally the first person to communicate, and Bob is always the second in that case. Otherwise Bob is first and Alice second. If there's a third party in the message traffic it's always Carol. So far, those who remember a movie from the early seventies may be expecting Ted to be the next person when more than three parties are mutually communicating. Note that there are two men and two women; this may be a tribute to today's sensitivities, or an artifact of the plot development of that movie. And Ted has indeed sometimes appeared in four person communication situations. However, the fourth participant is usually Dave, and now it should be clear why those names were chosen. Aethlred, Brunhilda, Chmondeley, and Donatella might have served as well. But Bob and Carol and Ted and Alice have a certain fitness together, at least for those of a certain age. If you need more people, the movie can't help. Ellen and Frank are the most common fifth and sixth participants. Eve appears often in protocol descriptions; she's a hostile presence who can eavesdrop on communications between (or among) the others. Think NSA here, in its snoop_on_anything_it_can role. Mallory is a malevolent attacker not limited merely to eavesdropping. He is by turns, a burglar, a kidnapper, an eavesdropper, a suborner of loyal employees, a dumpster diver, a network cracker, an industrial spy, a prosecutor, a government agent/spy (eg, FBI agent, Surete officer, CIA informant, "Bond .... James Bond"), a poseur using social engineering to worm secrets unknowingly out of Alice / Bob / etc, or a faithless employee himself. Mallory is actively malicious, not merely a passive attacker. Think FBI black bag jobs here, with the resources and skeleton keys that organization has. Trent is a trusted arbitrator. If Bob or Carol or Dave or Alice needs assurance about one of the others (verification of identity, for instance), Trent is your guy. Unfortunately, nearly all protocols stop there in considering Trent. Readers of this summary will understand that no one can ever stop there. Why should anyone actually trust Trent? Just defining him to be trusted is not enough in the real world, however convenient it may be in theoretical discussion in academic cryptography protocol papers. A certificate authority, for instance, is nominally a Trent, but there are many questions to ask before anyone should trust this, or any, Trent. And in all the other cases. Walter is a warden who will 'guard' the participants in some protocols. You can think of him as a specialized Trent. And all those questions still apply to this as to all Trents. Peggy is a prover. Another special case Trent in some protocols. Same questions. And finally, Victor is a verifier. Another special case Trent in some protocols. Same questions. Protocols are important and all these people help describe and analyze them. There are lots, and I can't stress enough that anything less than pristine design and operation of your protocols is insecure. But protocols also have names. My own favorite is the Wide Mouth Frog. Other nice ones are 'oblivious transfer', 'the terrorist fraud', 'the mafia fraud', 'zero-knowledge proof of identity' (including the especially intriguing 'non-interactive zero- knowledge proofs'), 'secret sharing with cheaters', 'poker protocols', and 'flipping coins into a well'. This is a field with a certain sense of humor about itself. the executive summary: cryptography © W Wilgus, 2001. Reproduction prohibited.