17
3
The Challenge
I present to you another spy vs. spy challenge pitting obfuscators versus crackers. In this case, however, the datum to be protected is not an input but an output.
The rules of the challenge are simple. Write a routine with the following specifications:
- The routine may be written in any language but may not exceed 320 bytes.
- The routine must accept three 32-bit signed integers as inputs. It can take the form of a function that accepts 3 arguments, a function that accepts a single 3-element array, or a complete program that reads 3 integers from any standard input.
- The routine must output one signed 32-bit integer.
- Over all possible inputs, the routine must output between 2 and 1000 (inclusive) unique values. The number of unique values a routine can output is called its key.
As an example, the C program
int foo( int i1, int i2, int i3 ) {
return 20 + (i1^i2^i3) %5;
}
has a key of 9, since it (hopefully) can only output the nine values 16
,17
,18
,19
,20
,21
,22
,23
, and 24
.
Some additional limitations are as follows:
- The routine must be fully deterministic and time-invariant, returning identical outputs for identical inputs. The routine should make no call to pseudorandom number generators.
- The routine may not rely on "hidden variables" such as data in files, system variables, or esoteric language features. For example, routines should generally not refer to constants unless the constants are clearly defined in the code itself. Routines that rely on compiler quirks, outputs from mathematically undefined operations, arithmetic errors, etc. are also strongly discouraged. When in doubt, please ask.
- You (the coder) must know precisely how many unique outputs the routine can produce, and should be able to provide at least one input sequence that produces each output. (Since there can potentially be hundreds of unique outputs, this set would only ever be requested in the event your key is contested.)
Since this problem bares far less resemblance to classical encryption than the previous one, I expect it will be accessible to a broader audience.
The more creative, the better.
The Scoring
The shortest non-cracked submission(s) per byte count will be declared the winner(s).
If there's any confusion, please feel free to ask or comment.
The Counter-Challenge
All readers, including those who have submitted their own routines, are encouraged to "crack" submissions. A submission is cracked when its key is posted in the associated comments section. If a submission persists for 72 hours without being modified or cracked, it is considered "safe" and any subsequent success in cracking it will be ignored for sake of the contest.
Only one cracking attempt per submission per reader is permitted. For example, if I submit to user X: "your key is 20" and I'm wrong, user X will disclaim my guess as incorrect and I will no longer be able to submit additional guesses for that submission.
Cracked submissions are eliminated from contention (provided they are not "safe"). They should not be edited. If a reader wishes to submit a new routine, (s)he should do so in a separate answer.
A cracker's score is the number of submissions (either compliant or not) (s)he cracks. For crackers with identical counts, the ranking is determined by total byte count across all cracked submissions (the higher, the better).
The cracker(s) with the highest score(s) will be declared the winners along with the developers of the winning routines.
Please do not crack your own submission.
Best of luck. :)
Leaderboard
Last Updated Sept 2, 10:45 AM EST
Immovable Barriers (non-cracked submissions):
- CJam, 105 [Dennis]
Unstoppable Forces (crackers):
- Dennis [Java, 269; C, 58; Mathematica, 29]
- Martin Büttner [Java, 245]
11May I suggest [cops-and-robbers] as the tag for these challenges? I think it's a fairly established name for such games in security and it will probably provoke more interest then [adversarial]. – Martin Ender – 2014-08-31T09:01:29.083
Sure. I'll change it now. – COTO – 2014-08-31T09:02:30.250
What kind of output is acceptable? STDOUT,
return
, etc... – Ypnypn – 2014-08-31T21:01:58.900Both
stdout
and a simplereturn
are acceptable. – COTO – 2014-08-31T21:12:25.5032Your example is incorrect; its signature is 9. %5 can return anything from -4 to 4, inclusive. – Keith Randall – 2014-09-01T05:07:35.190
I forgot about that. I'll correct the example. Thanks for the heads up. – COTO – 2014-09-01T06:55:34.433
I've made an attempt to crack a key, but the answer was edited since the original post was invalid. Does that mean I get to try again?
– Dennis – 2014-09-01T21:16:06.5171@Dennis I would be fine with you trying again. It was my fault that it was messed up. – Stretch Maniac – 2014-09-01T22:25:17.090
@COTO Your example still doesn't have a key of 5. -2^31 is an edge case, since
– Geobits – 2014-09-02T13:47:09.260abs()
doesn't work on it.burbles lips OK. Third time's the charm. – COTO – 2014-09-02T13:50:25.057