Clarification on HW2

Your protocol only needs to defend against attacks that would be feasible in a "real-world" deployment where we assume that the bank cannot be tampered with, nor can the code running on the ATM be examined. In particular, you do not need to defend against the following:
  1. Using code disassembly to recover secret keys.
  2. Attacks that require restarting the bank.
Your protocol should be secure if the adversary is not in possession of a user's ATM card, even if the adversary knows the user's PIN.