This exam consists of two sections.
Section A consists of 15 short questions. Some questions in this section are multiple choice,
others can be answered in at most one or two sentences. Questions in Section A are worth 2, 3 or
4 marks each, for a total of 45 marks in the section.
Section B consists of 3 longer questions. One of these questions is divided into multiple parts,
the other two questions require a single answer. These questions are worth 17, 18 and 20 marks,
for a total of 55 marks in the section.
Section A
1. Consider the following attempted definition of commerce:
Commerce is a transaction between two or more parties, in which something of
value is exchanged.
This definition is missing one very important aspect that is necessary for a transation to be
commerce. What is missing (Marks: 3)
Solution: Each party must hope to benefit from the transaction.
2. What does the “value proposition” of a company mean (Marks: 3)
Solution: The thing the company delivers that is (perceived to be) of value to its customers.
3. Should you design your own e-commerce software from scratch
A No.
B No.
C No.
D No.
E All of the above.
Explain your answer in one or two sentences. (Marks: 3)
Solution: Any of A-E. Designing your own e-commerce software from scratch would be
reinventing the wheel, at great expense.
4. A one-time pad is, in some respects, a perfect encryption method. One-time pads have a
number of downsides, however, that make them less useful in practice. Name exactly two
such downsides.
(Note: if you try to name more than two downsides, you will lose marks!) (Marks: 4)
Solution: Any two of:
The required key size is large.
It is hard to create pads that are “sufficiently random”.
You cannot re-use a key.
You need to distribute the key in advance.
PAPER CODE COMP315 page 2 of 9 Continued
5. What is the difference between hashing and encryption (Marks: 4)
Solution: Encryption is reversible: with the correct key, the plaintext can be recovered from
the cyphertext. Hashing is irreversible: it is (or at least: should be) impossible to recover the
input that produced a given hash.
6. If you run an e-commerce business, you may have the opportunity to collect a lot of data
about your customers. Name one advantage and one disadvantage of collecting this data.
(Note: if you try to name more than one advantage and one disadvantage, you will lose
marks!)
(Marks: 3)
Solution: Advantages could include:
You might be able to sell the data.
The data might allow you to help the user find what they need (“discoverability”).
The data might allow you to provide personal offers (“price discrimination”).
Disadvantages could include:
You may run into trouble with privacy regulations.
Your customers might not like your data gathering.
Having a lot of data makes you a tempting target for criminals.
Collecting a lot of data could be unethical.
7. Which of the following types of e-commerce is the largest, by value (Marks: 3)
A B2C e-commerce
B B2B e-commerce
C C2C e-commerce.
D C2B e-commerce
Solution: B
8. Which of the following best describes the revenue model of EBay (Marks: 3)
A Advertiser model.
B Sales model.
C Subscription model.
D Transaction fee model.
Solution: D
9. Consider a second price sealed bid auction with three bidders, where the bidders value the
item being sold at $80, $85 and $100, respectively. Which bidder should we expect to win,
and what price will they pay (Marks: 3)
A The bidder who values the item at $100 will win, and will pay $100.
PAPER CODE COMP315 page 3 of 9 Continued
B The bidder who values the item at $100 will win, and will pay $85.
C The bidder who values the item at $85 will win, and will pay $100.
D The bidder who values the item at $85 will win, and will pay $85.
E The bidder who values the item at $85 will win, and will pay $80.
Solution: B
10. Which of the following auction mechanisms is truthful (Marks: 3)
A English auction (with a minimum increase)
B English auction (without a minimum increase)
C Japanese auction
D Dutch auction
Solution: C
11. Which of the following is an example of public key encryption (Marks: 3)
A Caesar’s cipher
B AES-256
C RSA
D One-time pad
Solution: C
12. How should you store your users’ passwords (Marks: 3)
A Salted and hashed.
B Encrypted using public key encryption.
C Encrypted using symmetric key encryption.
D In plaintext.
Solution: A
13. The GDPR places requirements on how anyone processing personal data must treat that
data. Which of the following is not required by the GDPR Data must be. . .
(Marks: 3)
A Collected for a specified purpose.
B Deleted after one year.
C Kept up to date.
D Stored securely.
Solution: B
PAPER CODE COMP315 page 4 of 9 Continued
14. If you gather data about people, and then pseudonymise that data by replacing the name of
each person by a unique number, is the resulting data set still considered personal data
(Marks: 2)
A Yes.
B No.
Solution: A
15. If the person about whom you have gathered data is deceased, is the data still considered
personal data (Marks: 2)
A Yes.
B No.
Solution: B
Section B
16. Consider a second-price English auction, with a minimum bid increase of $1. This auction
proceeds exactly like an English auction, except for the price paid by the winner: instead of
paying their own bid, they pay the second highest bid. If only one bid is made, the winner
pays the starting bid.
For the purpose of this question, assume that the starting bid is $0.
A truthful strategy in this auction would be the following:
If the current standing bid is less than your valuation v, bid v.
If the current standing bid is more than or equal to your valuation v, do not bid.
Is this auction truthful
If it is truthful, prove that bidding truthfully is an optimal strategy, regardless of (i) the
value v you assign to the item being sold and (ii) the bidding strategy employed by your
opponents.
If it is not truthful, describe a situation where a non-truthful bidding strategy gives you
a better outcome than bidding truthfully. Your description should include (i) the value v
you assign to the item being sold, (ii) your bidding strategy, (iii) the bidding strategy of
at least one other participant and (iv) a proof that your bidding strategy outperforms the
truthful strategy, given your value v and the opponent’s strategy.
For the sake of simplicity, you may assume that you are faster than your opponents, so
if you and another bidder both want to raise the bid, you will get to do so first.
Note that in either case, the opponent’s strategy need not be rational. (Marks: 17)
Solution: The auction is not truthful. Suppose that you value the item at $100. Suppose
furthermore that there is one other bidder, and that they bid according to this strategy: (1) if
PAPER CODE COMP315 page 5 of 9 Continued
the current standing bid is less than or equal to $110, raise the bid by $1, and (2) if the current
standing bid is more than $110, do not bid.
The auction starts at a starting bid of $0. By assumption, you get to bid first. Under the
honest strategy, you will bid $100. Your opponent will then raise to $101, and you lose the
auction. Your total gain is $0.
Now, consider the alternative strategy where you bid $111. You raise from the starting bid to
$111. Your opponent will not outbid you, so you win the auction and pay the second price,
which is the starting bid: $0. Your profit is $100.
So in this situation, the non-truthful bidding strategy outperforms the truthful strategy by
$100.
17. Let X be a set, and let f : X
2 → X be a one-way function with respect to its first argument,
i.e.,
(i) given x, y ∈ X it is easy to compute f(x, y),
(ii) given y1, · · · , yn and f(x, y1), · · · , f(x, yn), it is not feasible to compute x, nor is it feasible
to find an x
0 such that f(x
0 , yi) = f(x, yi) for some i.
Suppose, furthermore, that f has the following commutative property:
(iii) for any x, y, z ∈ X, f(x, f(y, z)) = f(y, f(x, z)).
Finally, suppose that f is not predictable, in the sense that
(iv) without knowing x, it is not feasible to determine f(x, y).
Suppose Alice, Bob and Claire each have one secret from X, known only to them. We denote
these secrets by sa, sb and sc, respectively.
Alice, Bob and Claire want to gain a shared secret sabc ∈ X that is known to all three of them,
but not to any outsiders. Nor do they want their secrets sa, sb and sc to become known to
outsiders. They only have access to public information channels, so any message between
them could be intercepted.
Describe a protocol that allows them to create such a shared secret, using the function f.
Explain why your protocol satisfies the conditions.
(Hint: this setting is quite similar to Diffie-Hellman key exchange.) (Marks: 18)
Solution: The three agents first agree, publicly, on a value y ∈ X. Then Alice computes
xa = f(sa, y), Bob computes xb = f(sb, y) and Claire computes xc = f(sc, y). They each send
the value they computed (xa, xb and xc) to both other agents, publicly.
Alice then computes xab = f(sa, xb), Bob computes xbc = f(sb, xc) and Claire computes xca =
f(sc, xa). Again, they send their computed values (xab, xbc and xca) to both other agents,
publicly.
Finally, Alice computes xabc = f(sa, xbc), Bob computes xbca = f(sb, xca) and Claire computes
xcab = f(sc, xab). They take the value they computed as their shared secret sabc.
By property (iii) of f, we have
xabc = f(sa, f(sb, f(sc, y))) = f(sb, f(sa, f(sc, y))) = f(sb, f(sc, f(sa, y))) = xbca
PAPER CODE COMP315 page 6 of 9 Continued
and similarly
xabc = f(sa, f(sb, f(sc, y))) = f(sa, f(sc, f(sb, y))) = f(sc, f(sa, f(sb, y))) = xcab,
so xabc = xbca = xcab = sabc is a shared value.
Furthermore, the only things that were communicated were
y,
xa = f(sa, y),
xb = f(sb, y),
xc = f(sc, y),
xab = f(sa, xb),
xbc = f(sb, xc) and
xca = f(sc, xa).
By property (ii) of f, this does not make it feasible to compute sa, sb or sc, so outsides do not
learn any of the three individual secrets. Finally, by property (iv) of f, an outsider can only
compute sabc if they know sa, sb or sc, and we already established that they don’t.
18. Congratulations! You have just been hired to design “Vapor”, which is supposed to become
a video game store that competes with Steam, as well as Steam’s competitors such as the
Epic Games Store and Origin.
It is going to be very hard to beat this competition, but you’re going to try, since that’s what
you have been hired to do.
You will need to make a lot of decisions when designing Vapor. I can’t ask you about all these
decisions, we’d be here all day. But I’m still going to ask you to explain some parts of your
design.
Part of your marks for this question will be based on whether your plans for Vapor are rea_x005f sonable. So don’t choose the most esoteric and weird plans just because you can!
(Hint: note the amount of marks awarded for each part of the question, and use this to
calibrate the level of detail in your answers.)
(Total marks for this question: 20)
(a) What is going to be Vapor’s primary revenue model Explain how you will use this model.
(Marks: 3)
(b) You don’t need to limit yourself to one model, though. Choose exactly two other revenue
models that Vapor will also use. Explain how you will be using these models.
(Note: if you give more than two other revenue models, you will lose marks.)
(Marks: 3)
PAPER CODE COMP315 page 7 of 9 Continued
(c) You are told that Vapor needs to use auctions of some sort, but it is up to you to decide
what will be auctioned, who the buyers and sellers will be, and what type of auction will
be used.
What kind of auction will you use Clearly state (i) what product will be sold, (ii) who the
seller(s) will be, (iii) who the buyer(s) will be and (iv) what auction type will be used.
You should make sure that your auction type is suitable for the auction in question, but
you do not need to explain why it is suitable.
(Marks: 5)
(d) Your shop will need a recommender system. Explain which factors will make your recom mender more likely to recommend a given game to a user, and which factors will make it
less likely to do so.
For each factor, make it clear how your recommender will get the information it needs.
(Marks: 6)
(e) In some of the previous parts of this question, you may have indicated that Vapor will
gather, store and/or process data about its customers. Discuss the privacy implications
of this data gathering, and state what your lawful basis will be for doing so.
(Marks: 3)
Solution: Almost any answer can be correct, as long as it is argued for correctly. This model
solution lists a few likely answers.
(a) Likely answers include:
Sales model: Vapor will make money when customers buy games from Vapor.
Transaction fee model: Vapor will not sell games itself, but instead be a marketplace
where developers can sell their games—for a fee.
Subscription model: Vapor could provide a subscription service that allows unlimited
access to a catalogue of games, as long as the user stays subscribed.
(b) Likely answers include the examples given for (a), plus the following:
Advertising model: Vapor will run ads in its store.
Freemium model: Vapor could allow free access to a basic set of games, and require
sale or subscription for access to more.
(c) Likely answers include:
Ad auction. Product sold will be advertising space, buyers are advertisers, you are
the seller, auction type will be second price sealed bid.
Games auction. Product sold will be games, buyers are the customers of your store,
you are the seller, auction type will be English auction.
In game item auction. Product sold will be in-game items, buyers are players of the
game, sellers are also players, auction type will be English auction.
(d) Factors that might increase likelihood include:
The user has viewed the game in before in Vapor, or has expressed an interest (e.g.,
wishlisted it). Information source: interaction of user with Vapor.
PAPER CODE COMP315 page 8 of 9 Continued
The user has bought or played some game x with the property that people who
buy/play x tend to also buy/play this game. Information source: aggregate data from
Vapor users.
The game has high user reviews on Vapor. Information source: aggregate data from
Vapor users.
The game has a genre that a lot of games the user bought/played are also in. Infor mation source: interaction of user with Vapor for which games were bought/played,
tagging (aggregate Vapor user data) or publisher description to determine genres.
The game is popular on Vapor. Information source: aggregate Vapor user data.
Factors that might decrease likelihood include:
The user has expressed disinterest in the game before in Vapor. Information source:
interaction of user with Vapor.
The game has low user reviews on Vapor. Information source: aggregate data from
Vapor users.
(e) This part of the question depends entirely on the answers given to previous parts of the
question. The most likely lawful basis is “legitimate interest”. An alternative would be
“consent”. All other lawful bases are highly unlikely.
