# HG changeset patch # User Christian Urban # Date 1425168673 0 # Node ID ddac52c0014cc23f9e2fd0c02c69dfd54de183ea # Parent 6c7996b6b4716992a5f0756900e1c94e2a45f89f updated diff -r 6c7996b6b471 -r ddac52c0014c handouts/ho01.tex --- a/handouts/ho01.tex Sat Jan 03 23:14:47 2015 +0000 +++ b/handouts/ho01.tex Sun Mar 01 00:11:13 2015 +0000 @@ -639,8 +639,12 @@ \end{document} -%%% +%%% fingerprints vs. passwords (what is better) +https://www.youtube.com/watch?v=VVxL9ymiyAU&feature=youtu.be + +%%% cookies +http://randomwalker.info/publications/cookie-surveillance-v2.pdf %%% Local Variables: diff -r 6c7996b6b471 -r ddac52c0014c handouts/ho06.pdf Binary file handouts/ho06.pdf has changed diff -r 6c7996b6b471 -r ddac52c0014c handouts/ho06.tex --- a/handouts/ho06.tex Sat Jan 03 23:14:47 2015 +0000 +++ b/handouts/ho06.tex Sun Mar 01 00:11:13 2015 +0000 @@ -47,7 +47,7 @@ \end{quote} \noindent -You could go on to look up the definition of the third +You could go on looking up the definition of the third non-article in this definition and so on. But let us assume you agreed with Bob to stop after three iterations with the third non-article word in the last definition, that is @@ -80,21 +80,21 @@ were barred from publishing their results used also a hash to prove they did the work and (presumably) managed to get into cars without a key; see Figure~\ref{paper}. This is very -similar to the method about crosswords: They like to prove -that they did the work, but not giving out the ``solution''. -But this also shows what the problem with such a method is: -yes, we can hide the secret temporarily, but if somebody else -wants to verify it, then the secret has to be made public. Bob -needs to know that \textit{folio} is the solution before he -can verify the claim that somebody else had the solution -first. Similarly with the paper: we need to wait until the -authors are finally allowed to publish their findings in order -to verify the hash. This might happen at some point, but -equally it might never happen (what for example happens if the -authors lose their copy of the paper because of a disk -failure?). Zero-knowledge proofs, in contrast, can be -immediately checked, even if the secret is not public yet -and perhaps never will be. +similar to the method above about crosswords: They like to +prove that they did the work, but not giving out the +``solution''. But this also shows what the problem with such a +method is: yes, we can hide the secret temporarily, but if +somebody else wants to verify it, then the secret has to be +made public. Bob needs to know that \textit{folio} is the +solution before he can verify the claim of Alice that she had +the solution first. Similarly with the car-crypto paper: we +need to wait until the authors are finally allowed to publish +their findings in order to verify the hash. This might happen +at some point, but equally it might never happen (what for +example happens if the authors lose their copy of the paper +because of a disk failure?). Zero-knowledge proofs, in +contrast, can be immediately checked, even if the secret is +not public yet and perhaps never will be. \begin{figure} \begin{center} @@ -331,7 +331,7 @@ If somehow Alice can find out before she committed to $H_i$, she can cheat. For this assume Alice does \emph{not} know an isomorphism between $G_1$ and $G_2$. If she knows which -isomorphism Bob will ask for she can craft $H$ ins such a way +isomorphism Bob will ask for she can craft $H$ in such a way that it is isomorphism with either $G_1$ or $G_2$ (but it cannot with both). Then in each case she would send Bob a correct answer and he would come to the conclusion that @@ -407,6 +407,8 @@ \end{document} +http://blog.cryptographyengineering.com/2014/11/zero-knowledge-proofs-illustrated-primer.html + http://btravers.weebly.com/uploads/6/7/2/9/6729909/zero_knowledge_technique.pdf http://zk-ssh.cms.ac/docs/Zero_Knowledge_Prinzipien.pdf http://www.wisdom.weizmann.ac.il/~oded/PS/zk-tut02v4.ps diff -r 6c7996b6b471 -r ddac52c0014c handouts/ho09.pdf Binary file handouts/ho09.pdf has changed diff -r 6c7996b6b471 -r ddac52c0014c handouts/ho09.tex --- a/handouts/ho09.tex Sat Jan 03 23:14:47 2015 +0000 +++ b/handouts/ho09.tex Sun Mar 01 00:11:13 2015 +0000 @@ -573,8 +573,10 @@ \url{http://www.scala-lang.org} \end{quote} -Let us have a look at the Scala code shown in Figure~\ref{code}. -It shows the entire code +Let us have a look at the Scala code shown in +Figure~\ref{code}. It shows the entire code for the +interpreter, though the implementation is admittedly no +frills. \begin{figure}[t] \small @@ -596,6 +598,12 @@ \end{document} +%% list of static analysers for C +http://spinroot.com/static/index.html + +%% NASA coding rules for C +http://pixelscommander.com/wp-content/uploads/2014/12/P10.pdf + %%% Local Variables: %%% mode: latex %%% TeX-master: t diff -r 6c7996b6b471 -r ddac52c0014c hws/hw01.pdf Binary file hws/hw01.pdf has changed diff -r 6c7996b6b471 -r ddac52c0014c hws/hw01.tex --- a/hws/hw01.tex Sat Jan 03 23:14:47 2015 +0000 +++ b/hws/hw01.tex Sun Mar 01 00:11:13 2015 +0000 @@ -40,6 +40,26 @@ the business of stealing cars. What attack would be easier to perform if the lights do not flash?) +\item Imagine you are at your home a broadband contract with + TalkTalk. You do not like their service and want to + switch, say, to ???. The procedure between the Internet + providers is that you contact ??? and set up a new + contract and they will automatically inform TalkTalk to + terminate the old contract. TalkTalk will then send you + a letter to confirm that you want to terminate. If they + do not hear from you otherwise, they will terminate the + contract and will request any outstanding cancellation + fees. Can you imagine in which situations this way of + doing things can cause you a lot of headaches? For this + consider that TalkTalk needs approximately 14 days to + reconnect you. + +\item A water company has a device that transmits the meter + reading when their company car drives by. How can this + transmitted data be abused, if not properly encrypted? + If you identified an abuse, then how would you + encrypt the data so that such an abuse is prevented. + %\item Imagine there was recently a break in where computer criminals % stole a large password database containing diff -r 6c7996b6b471 -r ddac52c0014c slides/slides06.pdf Binary file slides/slides06.pdf has changed diff -r 6c7996b6b471 -r ddac52c0014c slides/slides06.tex --- a/slides/slides06.tex Sat Jan 03 23:14:47 2015 +0000 +++ b/slides/slides06.tex Sun Mar 01 00:11:13 2015 +0000 @@ -206,7 +206,7 @@ \begin{itemize} \item \alert{\bf Completeness} If Alice knows the secret, Bob - accepts Alice ``proof'' for sure.\bigskip + accepts Alice's ``proof'' for sure.\bigskip \item \alert{\bf Soundness} If Alice does not know the secret, Bob accepts her ``proof'' with a very small probability.