From mblum@cs.cmu.edu Tue Oct 30 13:35:52 2001 Date: Tue, 30 Oct 2001 12:17:38 -0500 From: Manuel Blum To: hopper@cs.cmu.edu Subject: Crypto lecture 12 SECURITY and CRYPTOGRAPHY 15-827 30 OCT 01 Lecture #12 M.B. 4615 Wean Handouts: articles from the current issue of NATURE. description of the CAPTCHA project. Ask Nick Hopper to comment on the first midterm exam. Have the students time me on my most recent PhonOID: "If seven maids with seven mops swept it for half a year" 15 03924 71227 0148 36257 0094 92547 81 554 8293 7 1487 I am not done with HumanOID or PhonOID, and will return to it. But today we nevertheless start on CAPTCHA. CAPTCHA = Completely Automatic Public Turing test to tell Computers and Humans Apart. COMPLETELY AUTOMATIC means programmable. PUBLIC means that commented source code is made available to anyone who wants it. The main reason to make CAPTCHAS public is that it gives the CAPTCHA designer a better sense of the problem. That's because an adversary can always SAMPLE a CAPTCHA to get a good idea of how it works. Make it public because it is in any case public. Another reason to make CAPTCHAS public is that I want to use them to CHALLENGE the AI community. A CAPTCHA is a precise definition of a computational problem that humans can easily solve but that computers, at their current state of development, cannot solve. TURING TEST: n. a proposed test of a computer's ability to think, requiring that the covert substitution of the computer for one of the participants in a teletype dialogue should be undetectable by the remaining human participant. For purposes of a CAPTCHA, a TURING TEST is a test that "most" English-speaking literate humans can pass but that no computer can pass. A REVERSE Turing test is either 1.(Blum) a test that most computers but no human can pass, or 2.(Baird) a Turing test administered by a computer rather than a human. Obviously, it is easy to design a test that computers CAN pass, but that humans CANNOT pass -- unless they have the services of a computer at their command. Is it possible to design a (programmable) Turing test? Let me be clear about my views on this. I personally believe that computers will one day be as intelligent as any of us (and consequently they will one day be MORE intelligent than any of us). Now YOU don't have to believe this. In fact, it helps to suspend any such belief in order to design a CAPTCHA. That's because CAPTCHAS CANNOT exist once computers are as intelligent as humans. WHAT'S A CAPTCHA FOR? YAHOO uses our simplest CAPTCHA based on Optical Character Recognition (OCR) to keep users out of chat rooms. We say that an AI problem is REDUCIBLE to a CAPTCHA if a program that can pass the CAPTCHA most of the time can be used as an oracle to solve the AI problem. Can a CAPTCHA be built on the basis of ANY AI problem? How about a CAPTCHA based on the human ability to understand text? "Canyouunderstandasentencethathasnopunctuationandnospaces" "Kin ewe hun dare Stan a sent inns half fling wee erred lee rid ten whirs?" "Ken use under stand hay scent ends halve in we're dull E writ tin wears?"