Professional Documents
Culture Documents
COMP3632 HW4 2022 F (With Answer)
COMP3632 HW4 2022 F (With Answer)
1. (4pt) As discussed in the lecture, timestamps can be used to replace nonces in designing
secure protocols.
(d) (answer): 1. If Trudy acts within the clock skew, she can send {K}Bob to Bob
and Bob will respond with {K}T rudy so that Trudy can find K.
2. Trudy can be a MiM and forward the first message from Alice to Bob, but
change {K}B ob to say {KT }Bob where KT is a key of Trudy’s choosing. Then
Trudy shares a key with Bob.
2. (6pt) Considering the following protocol. Suppose Certificate is not a problem here; the
correct certificate is delivered from Bob to Alice. The session key is K = h(S, RA , RB ).
(a) (2pt) We discuss constant string like CLNT and SRVR in the lecture. Why do we
need them in typical authentication protocols?
1
Homework 4 COMP 3632
(b) (answer): To mark the identity of client/server. This way, we avoid a “client” to
reuse msg from “server” and to pretend himself as “server”. The vice versa.
(c) (2pt) Does Alice authenticate Bob? Explain your answer.
(d) (answer): Yes. The value S is needed in order to determine K, which is used
in the final message, and Alice can verify that K was used in the final message.
Only Bob knows his private key, so only Bob could determine S from SBob .
(e) (2pt) Does Bob authenticate Alice? Explain your answer.
(f) (answer): No. Only public key operations are required.
(a) (2pt) Please identify the vulnerability presented in the following smart contract
snippet.
pragma solidity ˆ0.4.0;
contract bug {
uint public supply = 0;
2
Homework 4 COMP 3632
(a) (2pt) What is proof-of-work (PoW)? Please briefly explain your answer. In typical
blockchain scenario, who is responsible to solve PoW?
(b) (answer): PoW uses crypto hash to measure the computations an entity has
taken. Miners do PoW.
(c) (3pt) Ethereum blockchain is adopting a new scheme named “Proof-of-Stake” to
substitute the original scheme. Explain what is “Proof-of-Stake” in your own
language. What is the advantage of PoS comparing to PoW?
(d) (answer): The proof of stake (PoS) attributes mining power to the proportion
of coins held by a miner. A PoS miner is limited to mining a percentage of
transactions that is reflective of his or her ownership stake. Someone holding 1%
of the Bitcoin can mine 1% of the “Proof of Stake blocks”.
(e) (3pt) Another scheme, namely “Proof of Elapsed Time (PoET)”, has also gen-
erated some buzz. Explain what is PoET in your own language. What is the
advantage of PoET comparing to PoW?
3
Homework 4 COMP 3632
(f) (answer):
In PoET, a separate random timer that operates independently at every node
determines whether or not that node creates the new block of the blockchain and
gets the reward.
Compare to PoW, PoET requires less energy, and it often relies on trusted hard-
ware (Intel SGX, for example) to ensure the random time is not manipulatable
(a) (4pt) Consider the following contract, which acts as part of a typical Raffle game,
where users transfer certain amount of Ether to function process and also reserve
a number as the function input.
contract Raffle {
mapping ( u i n t 2 5 6 => a d d r e s s ) r e s e r v e d ;
4
Homework 4 COMP 3632
5
Homework 4 COMP 3632
Submission Instructions
All submissions should be done through the Canvas system. You should submit a pdf doc-
ument with your answers. It is important to name your files correctly. Please check out the
late submission policies on the course website (https://course.cse.ust.hk/comp3632) in
case you didn’t attend the first lecture.