Protocol 1
Let’s learn about the flow and messages of our first candidate protocol.
We'll cover the following
Protocol assumptions
The illustration below shows our first candidate protocol’s flow and messages.
There are three assumptions we make before running this protocol:

Bob has access to a source of randomness: This is necessary because the protocol requires Bob to be able to generate a nonce. We also naturally assume that this generator is ‘secure’ enough to guarantee the unpredictability of the output.

Alice and Bob already share a symmetric key $K$ known only to them: This is necessary because the protocol requires Alice to be able to generate a MAC that Bob can verify.

Alice and Bob agree on using a strong MAC algorithm: This is necessary because if the MAC algorithm is flawed, then data origin authentication is not necessarily provided by it.
If Alice and Bob do not already share a symmetric key, they will need to run a different protocol to establish a common symmetric key $K$.
Technically, if Alice and Bob have not already agreed on using a strong MAC algorithm to compute the MAC, then Alice could indicate the choice of MAC algorithm she’s using in her reply.
Get handson with 1200+ tech skills courses.