If you know the algorithm (the evaluate function, if I understood correctly), you can make some assumptions about the data itself, even though you can't inspect the data you're operating on - e.g., exploiting the time it takes to compare password hashes [1].
If you know the algorithm (the evaluate function, if I understood correctly), you can make some assumptions about the data itself, even though you can't inspect the data you're operating on - e.g., exploiting the time it takes to compare password hashes [1].
[1] http://security.stackexchange.com/questions/9192/timing-atta...