Hacker News new | past | comments | ask | show | jobs | submit | hkopp's comments login

The notation is really not that frightening, once you get it. Just read the wikipedia article: https://en.wikipedia.org/wiki/Algebraic_notation_(chess)

Don't bother with that large table at the bottom.


The title should probably be "Is TikTok safe?" to reduce clickbait.


“Is TikTok safe?” is the definition of clickbait.

With the headline as it is here, you could read the headline and know enough to possibly make a decision.


The current title is the opposite of clickbait, it's literally the conclusion of the article.


I think it is due to the homotopy type theory book. There is an elegant connection between category theory and type theory. I guess most of the people submitting category theory to hacker news (or any graduate math) just do it to flex and seem clever.


Actually, category theory, type theory, and proof theory.


I have studied math and was in some lectures about category theory. I still don't get what the project is about and that fact intrigues me.


It's just a theorem prover.

Like every theorem prover it has a logic that you use for stating propositions, and proving theorem. The logic is a specific logic that is closely related to HoTT.


I majored in CS and followed two graduate level courses on category theory. If it's any consolation I have no idea either.


- the "shin jin mei" of sen ts'an

- "On Zen" by Daio Kokuchi

- "Shobogenzo" by Dogen. I especially venerate the loose translation (or paraphrasing) by Brad Warner.


The precise mathematical definition of obfuscation and what is considered obfuscation for an average software engineer are two very different things.

In fact, the article is only about indistinguishability obfuscation. What is mostly discussed in this thread is the notion of virtual black box obfuscation (VBB). VBB has been proven to be impossible in the general case (see https://www.wisdom.weizmann.ac.il/~oded/PS/obf4.pdf). There are a few special programs where VBB is feasible, such as point functions, but in general in cannot be achieved.

Indistinguishability obfuscation (iO) means that if you obfuscate two programs that compute the same function, then you cannot distinguish them. Or put in different words, if you get two obfuscated programs, then there is no better way than random guessing (except for a factor that is negligible in some security parameter) to find out if they stem from the same original program.


To try to make this concrete, if you have a program A that does bubble sort, and a program B that does selection sort:

1. VBB would be making it so you can't glean information about A or B by running VBB(A) or VBB(B) or examining them, for various definitions of "information".

You can't tell A is a bubble sort at all, and you can't tell B is a selection sort at all.

VBB is, as mentioned, impossible in the general case.

2. IO would be making it so if you are holding IO(A) and IO(B), you can't tell them apart, and can't tell if the original was A or B.

So you can have functionally identical programs, and when you run them through IO, you can't tell whether the original was A or B.


I'm kind of confused. I'm guessing this is a dumb question, but I'm obviously missing something. If a program is running bubble sort, and another is running selection sort... can't you just run them instruction-by-instruction to see which elements they swap? And deduce what they were based on that? Like if you have [4, 3, 2, 1], and the first swap the program does results in [1, 3, 2, 4], then it clearly wasn't bubble sort, right? What am I missing?


Boolean circuits themselves do not have memory. (though you can create memory within them).

See the formal model here: https://en.wikipedia.org/wiki/Circuit_(computer_science)

There are extensions of iO to RAM programs, but this is not it.


> You can't tell A is a bubble sort at all, and you can't tell B is a selection sort at all.

That doesn't make any sense. You can trace them while they execute, then compare and analyze the two traces?

By definition obfuscation is always reversible or the software wouldn't even work any more.

You can make it infeasible (timewise) to figure it out, but it's still possible, even if it takes infinite time.


I'd suggest reading the paper - which covers this ;)


Thanks, this is a great explanation.


Ed: redundant - asked and answered in thread.


Yeah, I probably should have collected an the pieces into a single reply. Right now the number of comments is small enough that it’s not hard to find though.


The latter is useful to hide who wrote the program? Like some features of code that might reveal your personal patterns?

Or what is it for?

And how does it deal with timing? İf two programs I gave it have different complexity, would it pad the running time to some fixed value? İf so, how is that value chosen?


Thanks, I had no idea what to make of the OP, so your comment is very valuable!

> Or put in different words,

I don't see how the second phrasing follows from the first one. In fact, I don't understand what the second statement is supposed to mean to begin with. Could you elaborate?


If you have a bubble sort and selection sort, and run them through IO, for either result, you can't tell if the original was bubble sort or selection sort.

Roughly: VBB is the ability to take any program and make it indistinguishable from random.

IO is the ability to take two programs that compute the same function and make them indistinguishable from each other.


How far does this analogy go?

For example, if I plot how long both programs take at various scales, at some point I should be able to determine which one is O(n log(n)) right?


I gave the formal definition of distinguishability in the other comment, but it does not include running time.


And that involves preventing the leakage of any data? Such as the time each take?


The original goal was to be able to make public key systems out of secret key systems, so hiding existing running time is not part of the definition of indistinguishable.

It is about what information you can glean about either of the originals. Formally (from the paper):

Indistinguishability: For every two ensembles {C0,λ} and {C1,λ} of polynomial-sized circuits that have the same size, input length, and output length, and are functionally equivalent, that is, ∀λ, C0,λ(x) = C1,λ(x) for every input x, the following distributions are computationally indistinguishable:

  {iO(1λ, C0,λ)} {iO(1λ, C1,λ)}
IE you can take a secret key system, hardwire the key into the program, and turn it into a public key system without fear that the secret key will be recovered - instead, it will not be distinguishable from other programs with different hardwired keys.


> IE you can take a secret key system, hardwire the key into the program, and turn it into a public key system without fear that the secret key will be recovered - instead, it will not be distinguishable from other programs with different hardwired keys.

I don't understand. Shouldn't a different secret key yield a different function / circuit?


You can actually do it both ways - where the ciphertext is an obfuscated program, and where keys a programs and ciphertexts are short.

https://eprint.iacr.org/2013/454.pdf and friends have a direct description of the latter and references to the former.

This is just one mechanism.


Ah I think I understand better. Thanks!


I am much more familiar with the development in the chess world. Since Deep Blue beat Kasparov in 1997, there was a lot of progress in the development and the architecture of chess engines. Back then, we did not have neural networks. A lot of the strategies of chess engines are now used by chess grandmasters. As an example, the value of the activity of pieces was underrated in contrast to the value of material.

As there are more generations of chess engines than go engines, it would be quite interesting to pull something similar off against them. My intuition is that it maybe works against Leela, as LeelaChess basically uses only neural networks (think alphago but for chess), whereas it should not work with Stockfish, as some parts of Stockfishs evaluation function are still adjusted by hand.


The argumentation is faulty.

Users cannot be enumerated using the login, but using the signup. The author then argues that they should add the user enumeration function to the login.

This is similar to: The door is locked, but the window is open. And then consequently it makes no sense to close the door at all, as an attacker can sneak through the window.

Instead, the window should be locked as well, i.e., it should be impossible to enumerate users with the signup function.


I always use https://gitignore.io.


Note that hashquines, i.e., programs that print their own hash when executed do not depend on the hash function being broken. In fact, they are a fun little exercise.


    #!/bin/sh
    md5sum $0


I have no idea where to even begin if the digest does not leak something about the data


The same way as a normal quine:

  $ cat >a.py
  #! /bin/python
  import hashlib
  s='#! /bin/python\nimport hashlib\ns=%r\nprint hashlib.sha512(s%%s).hexdigest()\n'
  print hashlib.sha512(s%s).hexdigest()
  $ python a.py
  cf1daf466a7a95b245eab685b808fb861dab9af26078250a8041c4c08a8ff384 (edit: wrap)
  7f7d1853f9d62d6b40cc53d0c5be3efd80eb09f57b71250910c0d6157b73fcd3
  $ sha512sum a.py
  cf1daf466a7a95b245eab685b808fb861dab9af26078250a8041c4c08a8ff384 (edit: wrap)
  7f7d1853f9d62d6b40cc53d0c5be3efd80eb09f57b71250910c0d6157b73fcd3  a.py


Oh duh. That's a clever trick which is rather obvious in hindsight.


Any cryptographic digest is not supposed to leak anything about the data that went in. That’s a core property.

In this case the hash doesn’t depend on the data at all. Do you see how that helps?


  #!/bin/sh
  HASH=6ce1c11751e405291eac368af96de90f
  # Increment until hash of this file equals $HASH: 1
  echo $HASH


Join us for AI Startup School this June 16-17 in San Francisco!

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: