Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Fun with Protocols
#1
 A reason why I made this

There are 3 different protocols presented here dealing with cash exchange between spenders, merchants, and the bank. Each protocol is designed to give the spender's money order anonymity to the bank (so it can't tell who's money order it was originally) when he makes a transaction, except possibly when he/she tries to cheat. The higher numbered protocols are more complicated and more secure than the previous one.

Your goal is to get more money into circulation than what you wrote for withdrawal from the bank! It does not count if you get caught later on. Anyone (not everyone) can get more money, including someone you've never met before, and you can be anyone, whether it is a participant in the protocol or an outsider.

And here's a tip: read carefully =P

In all the protocols, assume the following:
--Everyone participating in the protocol cannot be attacked in any shape, way or form, including hydrogen bombs, internet viruses, anthrax, paper cuts, whatever. If someone's getting hurt, then you're not following the rules.
--Everyone is assumed to have unlimited resources; unlimited paper, unlimited computing power (but you still can't violate the first rule), unlimited whatever.
--The bank is infallible. That is, it will always remain operational and does whatever it is suppose to do 100% correctly, given its knowledge and circumstances. It also cannot deliberately cheat for any reason whatsoever; it must be completely honest.
--Since the goal of this challenge is to swindle the bank, we'll assume that it balances its checkbook predictably every week or so. This is the only exception to the above rule.
--In any circumstance where you attempt to subvert the protocol where chance is involved, you automatically fail. Yes, even if you have a 99% chance of succeeding (which will never happen anyways).
--Unless stated otherwise, all and any messages/communications are assumed to be readable and unencrypted, as well as containing minimal information.

 Protocol 1
 Protocol 2
 Protocol 3

If you can subvert protocol 3 successfully, then you can easily see why security has to be incredibly air-tight, and why No Such Agency is heavily involved in "being in ur compooterz, listenin to ur n3farious pl0tz."
Reply
#2
I really can't figure a thing out. *brain asplodes*
Reply
#3
Can he double-load envelopes without being detected in the ones they open? (carbon, order, carbon, order) Maybe by having a secret pocket in the envelope...


 #2
Reply
#4
I remember something similar to the "open n-1" thing from my cybersecurity course.
Reply
#5
Stereo Wrote:Can he double-load envelopes without being detected in the ones they open? (carbon, order, carbon, order) Maybe by having a secret pocket in the envelope...


 #2

 #2

As for the secret pocket in the envelope, that's pretty insecure. There's a chance that the bank would notice when opening, say, 99 envelopes, or they might have a precise massing machine. They're the ones that define the screening process after all.

Spaz Wrote:I remember something similar to the "open n-1" thing from my cybersecurity course.

That's the basic "Blind Signature" protocol, meant to prevent malicious cheaters from simply getting the bank to blindly sign a money order saying it's worth x factorial amount, or some other magnanimous number that is far beyond your capacity. The same protocol also includes fancy math that does a document scramble or "encryption", rendering it unreadable until you reverse the process.
Reply
#6
In step 3, who decides which to 'unblind' and do they have visible uniqueness identifiers to ensure that Gregory actually opens those ones?

And since it's not stated explicitly, I assume by "checking everything's ok" the bank verifies that each has a unique ID they haven't already got, money values are all the same, and the id pairs all work out to a valid address.



On second thought, Gregory and the merchant just have to collude to fake the identity string half. Even if uniqueness matches, the bank won't know who to punish if it's incorrect.
Reply
#7
Having never dealt with anything of the like before, I'm going to ask what is probably a stupid question.

"Gregory prepares n amount of money orders for x amount of dollars" - what is n for? Is it just any number?
Reply
#8
Stereo Wrote:In step 3, who decides which to 'unblind' and do they have visible uniqueness identifiers to ensure that Gregory actually opens those ones?

The bank decides which money orders to "unblind", but only Gregory can "unblind" them, unless he told the bank how to.

Ideally, the format of the money orders is under the bank's jurisdiction. If the bank doesn't like how the "unblinded" money orders turned out, they can reject Gregory.

Stereo Wrote:And since it's not stated explicitly, I assume by "checking everything's ok" the bank verifies that each has a unique ID they haven't already got, money values are all the same, and the id pairs all work out to a valid address.

Yes. I'm not sure how the bank would react if they discovered a money order at step 3 that have a matching uniqueness string. I mean, what are they going to do, arrest Gregory? It's most likely a coincidence, and Gregory won't get his money order if there's a matching uniqueness string anyways.

Stereo Wrote:On second thought, Gregory and the merchant just have to collude to fake the identity string half. Even if uniqueness matches, the bank won't know who to punish if it's incorrect.

The merchant wouldn't know in any case whether the identity string stuff is truthful or not unless Gregory showed it all to him at step 1. The bank could try to get the authorities to get the merchant to fess up who he was dealing with though, and all that FBI crap.

But you're not going to get extra money that way.

Russt Wrote:Having never dealt with anything of the like before, I'm going to ask what is probably a stupid question.

"Gregory prepares n amount of money orders for x amount of dollars" - what is n for? Is it just any number?

Yes, n can be any positive number. In Cryptography, the higher the value of n, the more secure the protocol is. Of course, who wants to deal with 10E56 money orders?
Reply
#9
KajitiSouls Wrote:The bank decides which money orders to "unblind", but only Gregory can "unblind" them, unless he told the bank how to.

What if Gregory abuses his position of creating the "blinding" method to set it up in such a way that "unblinding" will always return the amount of money he wants it to.

Like you say unblind(p_x, 200) and it turns out it is a money order for $200
Or you say unblind(p_z, 200) and it is also a money order for $200

And then at step 5, when he "unblinds" for the merchant, he just marks it up however much is necessary.
Reply
#10
Stereo Wrote:What if Gregory abuses his position of creating the "blinding" method to set it up in such a way that "unblinding" will always return the amount of money he wants it to.

Like you say unblind(p_x, 200) and it turns out it is a money order for $200
Or you say unblind(p_z, 200) and it is also a money order for $200

And then at step 5, when he "unblinds" for the merchant, he just marks it up however much is necessary.

Ahh, but how "blinding" documents work is that the process is done in such a way that it has a mathematical relationship with the bank's digital signature (the bank must know what "blinding" protocol was used), so that in the process of "unblinding" the document, you preserve the signature. For the most basic "blinding" procedure, you just multiply the document by some random number, rendering it unreadable, but make sure the random number has a commutative property with the bank's signature or else it doesn't work. But something important to remember is that, while Gregory and the bank knows how "blinding" is done between them, the bank doesn't know how to "unblind" Gregory's document because the process requires you to know the "blinding factor", or the key.

Now, the bank would be smart enough to sign with a secure signature scheme that's compatible with a "blinding" protocol that is also secure. Given all this, it'd be extremely hard to find another document, let alone a valid money order, that also has a mathematical relationship that's congruent to the original document.
Reply
#11
And here I was wondering why Diebold was having a problem with "VoteCountObama++;". Thanks for shedding light on this.
Reply
#12
Alright, since it seems this thread is now dead, I'ma post the solution to #3.

 #3

Even though we had some assumptions and ground rules in here, we still broke these protocols. Now imagine what would happen if anything were allowed (though obviously in reality you don't have unlimited resources; finding a 128-bit key by brute force is virtually undo-able). What if there was noise along the communication lines, corrupting the money orders? What if the bank were not to be trusted? What if the hardware fails? What if someone hacks into the databases the bank houses? Even worse, what if an employee of the bank were attempting to steal the cash? Yet even worse, what if the president of the bank was plotting to haul off with everyone's deposits and flee?

Moral: Don't use these protocols.
Reply
#13
Technically speaking, though, that's using the bank to cheat the merchant, not cheating the bank.

Still not something you'd want to happen, to be sure, but you stated in the stem that "the goal of this challenge is to swindle the bank" Tongue
Reply


Forum Jump:


Users browsing this thread: 1 Guest(s)