A Scheme for Secure Pass-Fail Tests

We propose a simple construction for pass-fail tests that can be scored by a physically insecure computer program. The construction uses an error correcting code to x mistakes and a cryptographic hash function to recognize correct answers. 1 The problem, and a proposed solution Suppose we want to administer a pass-fail test consisting of a list of yes/no questions, and we want the test to be automatically gradable by a computer program whose source code is available to the test taker, and hence cannot contain the list of correct answers. If we require a set of answers to be 100 percent correct, then we could solve the problem in the obvious way using a cryptographically secure hash-ing function such as MD5: the grading program would contain the hash of the correct answers, and it would compare this value with the hash of the proposed answers to determine whether the subject has passed the test. This technical note addresses the more diicult case where the correct-ness threshold for a passing grade is less than 100 percent. We propose using a codeword in an error correcting code for the answer vector. Then we can use the error correction algorithm to correct the allowed fraction of mistakes before hashing and checking the result. 2 The protocol A test that permits t mistakes is constructed as follows. 1. Select a random bit vector R of length k. 2. Expand R to a bit vector A of length n using the encoding algorithm of an error correcting code which can tolerate t errors. 3. Compute H, the hash of A, using a cryptographic hash function. 4. Select a question list Q such that the bits of A are the answers of Q.