Suppose Alice wishes to authenticate herself to Bob, by proving she knows a secret that they share. With pseudorandom number generators (PRNGs) they could proceed as follows.
- They both seed a PRNG with the shared secret $s$.
- Bob picks sends Alice some random number $i \in \mathbb{N}$.
- Alice proves she knows the share secret by responding with the $i$-th random number generated by the PRNG.
I am wondering why Bob sends a random number $i$ instead of just $1$. Then Alice just sends $G(s)$ (where $G(\cdot)$ is the PRNG) to Bob. Only Alice and Bob should have access to the secret $s$, and hence this should also work. In the above example, Alice and Bob should both have to compute $G(s)$$i$ times, making it much more inefficient.
Which is the difference between what I am proposing and the original example? Aren't them both equally secure?
