Crypto in the classroom: digital signatures for homework

If you don’t know, I’m a graduate student at the University of Utah, which means I make a living my teaching classes. Recently a student charged that I lost a good deal of her homework. We wound up in a “he-said/she-said” situation where ultimately the dean concluded that we need to raise her grade by a letter under the assumption that I really was up to shenanigans (we ultimately gave her 100% credit in the “homework” column in the grade book, raising her grade from F to D). Not a pleasant situation: aside from a track record of strong teaching evaluations, there was nothing to defend my reputation.

Experienced teachers know that claims of “lost” work are frequent. If we want to be objective about this (and we do), the claims need to be taken seriously, since lost things rarely leave a trail. All we have when analyzing such claims is the following:

• The missing work never seems to turn up. Not after a week, a month, a semester, a year, or ever.
• If a person rarely finds that they misplace his own belongings, it’s hard to accept that he is misplacing student work (assuming they treat student work with a reasonable amount of care, as we typically do, given how terrible it would be to lose it!)
• These claims never seem to come from students who are doing well on exams; they tend to come from students who are backed into a corner, grade-wise.

Of course, it is entirely conceivable that these claims are occasionally correct, and it would be terrible to allow such mistakes — our mistakes — to adversely effect our students.

Last Spring was the only time a student has accused me of losing their work. It was a lousy situation that I have no intention of ever repeating. So when I was assigned to teach a half-term class this summer, I decided it was time to try something new. I’ve recently finished teaching that class; here’s what I did.

The idea

A digital signature is a cryptographic technique to verify that a document was authored by a particular person. They are frequently used in situations where someone might later claim to have not authored a document in order to weasel out of a precarious situation. It is usually the recipient of the document who insists that a digital signature be used.

Digital signatures can be used in other situations where authenticity is important. For instance, concert tickets can be printed with a digital signature that validates they were printed by the ticketing agent. The signature on each ticket will need to be different, but this isn’t hard to arrange. If the cryptography is sound, no one will be able to forge the signature, hence no one should be able to print a phony ticket.

This summer I experimented with using digital signatures to provide students with a way to prove that they’ve turned an assignment in. Every time I made an assignment I produced a corresponding batch of digitally-signed receipts. One receipt per student per assignment. I wrote a program to automate this: it takes a list of students and the name of the assignment and produces a PDF file of receipts. I’d then print the PDF, take it to the cutting board, and produce an alphabetized stack of receipts for each assignment (the program was clever enough to sort the receipts on the printed page in such a way that the alphabetizing didn’t require me to sort through the cut up pages).

I then instituted a policy: I won’t take your homework unless you take your receipt. Because the receipts were sorted this didn’t take long to do (though to save class time, I only accept homework before and after class, or during problem sessions).

I’d then periodically create printed grade reports for each individual (again I had a program that automated this, taking data from my spreadsheet and turning it into a PDF with one page per student). This allowed students to check whether or not I was giving them credit for their work. At the end of the term, I gave them one last report that showed the grade I was going to submit for them. No one can claim that I was withholding information.

The wonderful thing about this system is that it gives the students proper recourse: if it looks like I lost an assignment, the receipt proves they are right, and I’ll give them full credit. Because the receipts are digitally-signed, they cannot be forged, so there’s no funny business to be had by any bad apples.

Reception

Naturally I described my plan to the bosses in the math department. My department chair conjectured that no one on earth had tried this before. The associate chair laughed at the lengths I was going through. My peers suspected that the students would find this system confusing, annoying, and unnecessary.

When I implemented this system the results were fantastic. I don’t believe anyone in class understood how the digital signatures worked, but they didn’t need to: all they had to know is that the receipts give them recourse if I lose their work. And they loved it. Why wouldn’t they? It was apparent that I was doing extra work to expose myself for their sake (nevermind that I was originally motivated to try this to avoid getting in hot water myself).

Contrary to initial predictions that I would be mired down in extra paperwork, this process did not take much time on my end. Once I had the programs written to automate the work (which took an afternoon) the time investment was nearly zero. The most time consuming part was passing out the receipts as students turned in their work, but since this was taking place during problem sessions, it didn’t actually increase my working time.

For me the most interesting thing is that I did apparently lose someone’s assignment! I have no clue how, and part of me still hasn’t accepted this, but the evidence suggests that it happened. I gave someone a grade report, it said they were missing an assignment, but sure enough they had a receipt. They called me on it in front of the class, and when I reaffirmed my promise to give them credit, a couple people in the class praised me. The receipt system actually took my mistake and turned it into an asset. Incredible.

Edit: this is what a sample of my receipt-PDF looks like (here shown with just a small number of hypothetical students). Notice how it’s sorted — makes it very easy to just go to the chopping board, stack the pages, make 4 cuts, and concatenate the little stacks.

How I did it

There’s a considerable about of machinery that goes into such a scheme. If you’re interested in implementing something like this, and have a good familiarity with computing, you can follow these steps to get rolling. For all of this I’m using openssl, which is installed by default on my Mac, and also on every Linux distribution I’ve ever used. I’ll show how this is done using a test receipt.

Step 1: Create the key files. Create a directory to do your work in. Within this directory, issue the following two commands:


$ openssl genrsa -out private.pem 1024
$ openssl rsa -in private.pem -out public.pem -outform PEM -pubout


This will create a public and a private file, so-named by openssl. The public file can be put on your website, or included in your syllabus, allowing a 3rd party to arbitrate any disputes that may arise. The private file must be kept private, as it is the key to signing the receipts.

Step 2: Create a test receipt to work with. Later you’ll do this step for each student, for each assignment (consider using a script to do this for you!). Here’s my test receipt:


$ cat Test-receipt.txt
FAKE, STUDENT ASSIGNMENT 0001


Step 3: Sign the receipt, putting the output into base64 (this will allow you to print the signed receipt so you can give it to your student in writing)


$ openssl rsautl -sign -inkey private.pem -in Test-receipt.txt |
openssl enc -base64 -out Test-receipt.sig

You can examine the output:


$ cat Test-receipt.sig
hRqaY5LAns3CrzueaMXirehihYCn6TI6K4Luwo9T6F4JVMXiBb10wSN4fDLnM12m
NICQihiAt5prlqDxjwqpr2J4tPMmQZpXr8dpFKdyQgxn6IesLiEm9HIVjYUELRMW
kzxv86+8oVl6qQny+kMVWo3w7pI/JTTnHP3yLl1NJJw=

When you go to print your student’s receipt, include both the contents of the receipt (in my case, Test-receipt.txt) as well as this gibberish.

Step 4: Make sure you know how to verify a receipt! This isn’t so bad. If someone gives you their receipt, you enter the gibberish into a file (in this case, Test-receipt.sig) and execute the following:


$ cat Test-receipt.sig | openssl enc -base64 -d | openssl rsautl -verify
-pubin -inkey public.pem
FAKE, STUDENT ASSIGNMENT 0001


If the signature is correct (that is, not entered wrongly, nor an invalid forgery) you should see the receipt in plain text, as demonstrated here.

As an example, if I modify even a single letter in Test-receipt.sig, I’ll wind up with something that makes no sense, or more likely, I’ll get an error. For instance, if I replace the first letter (a lower-case h) with an upper case H, I get the following:


$ cat Test-receipt.sig-error | openssl enc -base64 -d | openssl rsautl -verify -pubin -inkey public.pem
RSA operation error
286:error:0407006A:rsa routines:RSA_padding_check_PKCS1_type_1:block type is not 01:/SourceCache/OpenSSL098/OpenSSL098-27/src/crypto/rsa/rsa_pk1.c:100:
286:error:04067072:rsa routines:RSA_EAY_PUBLIC_DECRYPT:padding check failed:/SourceCache/OpenSSL098/OpenSSL098-27/src/crypto/rsa/rsa_eay.c:697:


This will allow you to detect cheap forgeries.

Conclusions

This summer I ran this experiment with a class of 55 students, and in this setting, homework collection took about 15 minutes. It worked fantastically. In the Fall I’m teaching a group of 180. The turn-in time might make this plan infeasible for such a large group unless I can have my TA’s come to class to help collect work. I’ll definitely post my experience with this group in the comments to this post.

Posted by intoverflow on 27 June, 2010

https://intoverflow.wordpress.com/2010/06/27/crypo-in-the-classroom-digital-signatures-for-homework/