How does OTR's authentication using "Question and answer" protect against MiTM?

Question

I've read that the answer has something to do Socialist Millionaire, but I still don't understand how can the user be protected against malicious Man In The Middle, which would capture the question and answer by itself if it knows the answer. Could anyone explain that to me how can we authenticate someone getting his key from a secure channel?

Answer 1

A fairly readable reference is Social Millionaire's Protocol in OTR .

You can also read the much more easily understandable analogy in Explain it like I’m Five: The Socialist Millionaire Problem and Secure Multi-Party Computation.

The relevant section is as follows:

Suppose Alice and Bob each might be making either 10, 20, 30, or 40 $/hour. We’ll arbitrarily say that Alice makes 30$/hour and Bob makes 20$/hour.

Bob goes to an office supply store and buys four lockable suggestion boxes (with different matching keys). He labels the four boxes as 10$, 20$, 30$, and 40$.

1 Bob discards all of the keys except the key for the 20$ box (because that’s how much he makes per hour).

2 Bob discards all but the 20$ key

3 Bob gives the locked suggestion boxes to Alice. In private, Alice puts a slip of paper saying ‘yes’ into the 30$ box (because that’s how much she makes per hour). She puts slips of paper saying ‘no’ into the other boxes.

4 Alice gives the boxes back to Bob. In private, Bob uses his key to unlock the 20$ box and get the slip of paper inside.

5 Bob sees that the slip of paper says ‘no’, meaning Alice doesn’t make 20$/hour like he does. He tells Alice they don’t make the same amount of money.

6 Bob now knows that Alice doesn’t make 20$/hour, but hasn’t learned if she makes 10, 30, or 40 $/hour. Similarly, Alice now knows Bob doesn’t make 30$/hour, but hasn’t learned if he makes 10, 20, or 40 $/hour.

The technical term for what Alice and Bob did in the previous example is oblivious transfer. Alice transferred many messages to Bob, but is oblivious to which single message Bob received. Alice sent an answer for every possible amount of money Bob might make, but Bob only received the answer corresponding to how much money he actually makes.