Ability of MITM attacker to modify, redact or replay messages between server and client. This safeguard covers protection of the Client=>Server flow protections, for Server=>Client communication flow see Server_MAC.
The initial SQRL client request and all subsistent requests are unique as a result of them containing server derived entropy in the form on a NUT / QRY parameter. The server can recognise as being generated by itsef each instance of the use of the NUT / QRY parameter. The core functionality of the SQRL protocol, the Zero_Knowledge_Proof offers the ability of alteration protection against a previously shared public key.
Messages from client to server must be protected from being altered or replaced with similar messages.
The entirety of each request sent from client to server is signed with one or more Ed25519 private keys the associated public keys being part of the request being signed. These signatures are then attached to the request.
Unless an attacker possesses or can derive all private keys they cannot alter the request message without invalidating the signature, and since the public key is the identity of the user if they use their own key pair they will be authenticating as themselves and not the user.
The inclusion of the public keys in the data to be signed also protects against replacement of keys during key migration.