The key is here… because finding what is effectively hash collisions has become feasible for some types of hashes: They were able to come up with a malicious program that, if presented with its own hash as the secret input, could compute the random challenges and then arrange its internal workings so the spots being challenged would pass inspection. The verifier would see no reason to doubt that the program really did output what the prover claimed, even though it did not. What’s more, th...
