JavaScript isn't enabled in your browser, so this file can't be opened. Enable and reload.
Quiz 12 - Privacy in DeFi; Auditable Privacy; ZKP
DeFi MOOC
If you are a UC Berkeley student, you *
must
* use your Berkeley email to receive credit!
Sign in to Google
to save your progress.
Learn more
* Indicates required question
Email
*
Your email
Berkeley Student ID (e.g. 3034567890)
Leave
blank
if you are not a Berkeley student.
Your answer
Question 1 - Which of the following statement is incorrect regarding pseudonymity and full anonymity?
1 point
It is easy to implement reputation for both pseudonymity and full anonymity systems.
If one transaction sent from a pseudonym is linked to the physical identity, then all transactions from a pseudonym are linked to this physical identity
Full anonymity systems cannot tell if two transactions are from the same person.
Clear selection
An example Tornado.cash deposit money flow, where address 0x40e... sends its fund to more than 50 other addresses before the fund is deposited into Tornado.cash
Question 2 - Tornado.cash is an Ethereum on-chain mixer. In the figure above, we show an interesting situation of money flow in Tornado.cash: Multiple depositors receive ETH from a single user account (EOA) before they deposit inTornado.cash. Based on this plot, which of the following statement is correct?
*
1 point
All the addresses that deposits into TC must belong to the same entity
It is likely that all the addresses belong to the same entity, especially if this "division and consolidation" happened within a short time frame, but we cannot be sure about it
Recall the Pedersen commitment we discussed in the lecture
Question 3 - Which of the following is incorrect regarding Pedersen commitment?
*
1 point
commit(m, r) = H(m, r) is binding follows from collision resistance of H, which means an efficient adversary cannot produce verify(m1, com, r1) = verify(m2, com, r2) = accept.
commit(m, r) = H(m, r) is hiding follows from an assumption on H is random, such that the random space is much bigger than the collision space (|R|>>|C|), which means com=H(m,r) is independent of m.
Pedersen is homomorphic, because commit(m1, r1) x commit(m2, r2) = commit(m1+m2, r1+r2)
None of above
Question 4 - For succinct non-interactive argument system with circuit size C, statement size x, security parameter lambda, which of the following complexity statement is correct?
*
1 point
1. Provers generate short proofs - O(log(|C|), lambda) and 2. Verifiers run fast - O(|x|, log(|C|), lambda)
1. Provers generate short proofs - O(|C|, lambda) and 2. Verifiers run fast - O(|x|, log(|C|), lambda)
1. Provers generate short proofs - O(log(|C|), lambda) and 2. Verifiers run fast - O(log(|x|), log(|C|), lambda)
A copy of your responses will be emailed to the address you provided.
Submit
Clear form
Never submit passwords through Google Forms.
reCAPTCHA
Privacy
Terms
This content is neither created nor endorsed by Google.
Report Abuse
-
Terms of Service
-
Privacy Policy
Forms