SECURITY and CRYPTOGRAPHY 15-827 25 NOV 01 Lecture #17 M.B. 4615 Wean 1. Ask students how they did on analyzing the palindrome- restricted #82. This is protocol #82 with challenges restricted to being palindromes having a1,a2, ... all pairwise distinct. Does this restriction make #82 stronger? In particular, ask Abie to explain his attack on the above protocol. 2. On to CAPTCHAS. 3. Ask Luis to show his FORKS CAPTCHA: Q: What is common to these 5 pictures? A: fork This CAPTCHA picks a "picturable noun" from BASIC ENGLISH and searches on the web for 5 images indexed by that noun. 4. Suggest that someone write their own CAPTCHA, perhaps based on: Q: Find the correspondence between labelled points in this picture to labelled points in this other picture? A: A-1. B-5. C-4. d-2. E-3. Given a picture and a slightly distorted variant of the picture, find points in the distorted picture that map from given points in the original picture. Or given two distinct views of a picture, find the point in one that corresponds to a given point in the other. The pictures could be the two images of a 3-D picture, or they could be two slightly different views of a face. The fundamental AI problem on which these are based is the problem of finding a picture in a data base. It would be valuable to be able to find an image in a data base, given some slightly distorted portion of the picture. You take a photograph of a picture to a museum or library and ask: Who was the artist? How can I find more such pictures? 5. Is the image search problem hard? If not, how would you solve it? 6. Is it possible to have a text-only (ascii) CAPTCHA? It's not even clear how to define it. Ascii art draws pictures using only ascii characters. DEFINITION: An ASCII CAPTCHA is a CAPTCHA composed of ASCII characters, typically "English words", that can be understood about as well when heard (spoken in a normal clear voice line after line from left to right) as when seen. ENGLISH WORDS are words from a given English dictionary. A CAPTCHA is UNDERSTOOD ABOUT AS WELL when heard as when seen if it can be passed by a human about as easily when heard as when seen. An ASCII CAPTCHA is NOT a sound-oriented CAPTCHA: the ASCII CAPTCHA can be spoken in a normal voice by almost any English-speaking English-literate person. It can also be displayed and read visually. Q: What makes an ASCII CAPTCHA so difficult (if not impossible) to construct? A: The source of semantically meaningful sentences is public. GOOGLE can find any public sentence from just half a dozen words. Replacing words by synonyms is not a big impediment since GOOGLE can try synonyms for every set of half a dozen words. For example, (6^6)*(20 choose 6) = 1.8x10^9 Replacing words by synonyms can make a sentence harder for humans to understand. The usual cryptographic technique for checking that a proof is correct is to check for consistency. But where is the consistency in: "The deaf dumb and blind kid plays a mean pinball." This is after all a semantically meaningful and even correct sentence that is, however, highly paradoxical. 7. See alice.org for a pretty good "language understanding" program. See http://test.thespark.com/genertest/ for an imbecilic test that nevertheless guessed my gender correctly (but just barely).