11/08/06: Problem 1. The hash function is known to the attacker.

11/08/06: Problem 2. 212 was a typo for 2^12.

11/08/06: Problem 4. The protocols of your answer should be either in transport layer or in application layer. What I meant was that it has to be a protocol that can tell "application-specific behavior". SMTP tells email application specific behavior, and HTTP tells web specific behavior. Find example protocols that has application specific behavior that does not allow proxies.

9/19/06: For the question 3, Bob may not be an honest person. For example, Bob could launch a replay attack if Alice only required H(F) instead of H(F||r). This replay attack consists of computing H(F) once, then deleting F, and sending the pre-computed H(F) whenever Alice asks for H(F).

9/19/06: Hint!! For the question 3, if Bob were to send H(r||F), then we would not have the same flaw.

9/19/06: For the question 3, imagine that the hash function is known to everybody, including the attackers.

9/13/06: For the question 1, imagine that Bob has put his $100 book on an auction site. What does Bob need to receive from Alice as a proof of the commitment? (Hint: Alice might want to pay less than $100 later.)