CS1950Y Lecture #1: What is Logic for Systems?
January 23rd, 2019

What is logic? What do you use logic for?
What is a system? How do they relate?
What have we built before?
How do you know if your system works?

• It passes the test suite
• The TAs think it works

How are tests not sufficient?

• Not exhaustive
• Tests themselves could be wrong
  • Humans write tests and humans are bad at knowing what we don't know.
  • We subconsciously allow our intuitions to influence our test cases

Riddle 1

A three-person company has the following leadership structure:

Alice -> Bob -> Charlie

Alice attended Brown while Charlie attended the lesser Harvale. We do not know where Bob attended. Does someone who graduated from Brown directly supervise someone who did not graduate from Brown?

Brown -> ? -> Harvale

Yes. If Bob did not go to Brown, then he is supervised by Alice who did. If Bob did go to Brown, then he supervises Charlie who did not.

Riddle 2

An evil wizard has imprisioned 4 gnomes. There are two rooms separated by a wall. Gnomes can only see the gnomes in front of them.
They know there are two red hats and two blue hats. If any of the gnomes can figure out what
color hat they are wearing, they all go free.

/r\ | /b\ /r\ /b\
 O  |  O   O   O
________________

Can anyone figure out what color hat they are wearing?
The gnomes are smart, logical, and trust each other. There is no time limit.

Answer: The middle gnome hears the back gnome say 'I don't know.' The middle gnome now knows that its hat is a different color than the gnome in front of it, because if they were the same color, the back gnome would have been able to figure out its own hat color. So, in this case, the middle gnome
correctly figures out that its hat is red.

Public Key Cryptography

Messages are encrypted with public key (which everyone has access to), but can only be decrypted with private key.

• Tim and Andrew know each other's public keys
• They know their own private keys

  Tim                       Andrew
   ----- {Tim, SecretA}A ---->
   <---- {SecretA, SecretB}T ---
   ----- {SecretB}A ----------->

This was widely used and proven correct. Can you find the vulnerability in this interaction?
The protocol works as expected when the two parties are trustworthy, but consider what happens when one party is not trustworthy

Tim                           Andrew                     Tim's Bank
  ---- {Tim, SecretT}A ------->
                                ---- {Tim, SecretT}B ------>
                                <--- {SecretT, SecretB}T ---
  <--- {SecretT, SecretB}T ----
  ---- {SecretB}A ------------>
                                ---- {SecretB}B ----------->

Now, Tim thinks he's just talking to Andrew, but Tim's Bank thinks they're talking to Tim.
Can it be fixed?

In the third line, send {SecretT, SecretB, Bank}T, so that when it gets to Tim, he realizes that Andrew was trying to talk to his bank, and he can safely stop the interaction.