Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Hash Range Queries
Search
luke crouch
December 18, 2018
Technology
0
110
Hash Range Queries
For simple, privacy-preserving data-sharing.
luke crouch
December 18, 2018
Tweet
Share
More Decks by luke crouch
See All by luke crouch
Pigeons to Padlocks: 5000 years of Network Security
groovecoder
0
69
cryptory-up-to-https-atlas-2024.pdf
groovecoder
0
55
Cryptography: 500 BC to https
groovecoder
0
160
Mozilla Observatory First Draft
groovecoder
0
120
VPNs
groovecoder
0
120
Digital Privacy & Security
groovecoder
0
250
Cryptography: 500 BC to Quantum Computing
groovecoder
0
690
Just enough bitcoing to go cryptojacking with JavaScript
groovecoder
0
99
Can we protect Privacy without breaking the web
groovecoder
0
160
Other Decks in Technology
See All in Technology
普通のチームがスクラムを会得するたった一つの冴えたやり方 / the best way to scrum
okamototakuyasr2
0
110
KotlinConf 2025_イベントレポート
sony
1
140
CDK CLIで使ってたあの機能、CDK Toolkit Libraryではどうやるの?
smt7174
4
190
LLMを搭載したプロダクトの品質保証の模索と学び
qa
0
1.1k
【NoMapsTECH 2025】AI Edge Computing Workshop
akit37
0
230
Snowflake×dbtを用いたテレシーのデータ基盤のこれまでとこれから
sagara
0
120
JTCにおける内製×スクラム開発への挑戦〜内製化率95%達成の舞台裏/JTC's challenge of in-house development with Scrum
aeonpeople
0
270
職種の壁を溶かして開発サイクルを高速に回す~情報透明性と職種越境から考えるAIフレンドリーな職種間連携~
daitasu
0
170
いま注目のAIエージェントを作ってみよう
supermarimobros
0
350
「その開発、認知負荷高すぎませんか?」Platform Engineeringで始める開発者体験カイゼン術
sansantech
PRO
2
680
要件定義・デザインフェーズでもAIを活用して、コミュニケーションの密度を高める
kazukihayase
0
120
Unlocking the Power of AI Agents with LINE Bot MCP Server
linedevth
0
120
Featured
See All Featured
[Rails World 2023 - Day 1 Closing Keynote] - The Magic of Rails
eileencodes
36
2.5k
実際に使うSQLの書き方 徹底解説 / pgcon21j-tutorial
soudai
PRO
188
55k
GraphQLとの向き合い方2022年版
quramy
49
14k
Rails Girls Zürich Keynote
gr2m
95
14k
Raft: Consensus for Rubyists
vanstee
140
7.1k
Balancing Empowerment & Direction
lara
3
620
Typedesign – Prime Four
hannesfritz
42
2.8k
Visualization
eitanlees
148
16k
Fantastic passwords and where to find them - at NoRuKo
philnash
52
3.4k
個人開発の失敗を避けるイケてる考え方 / tips for indie hackers
panda_program
113
20k
Bash Introduction
62gerente
615
210k
Reflections from 52 weeks, 52 projects
jeffersonlam
352
21k
Transcript
Hash Range Queries For simple, privacy-preserving data-sharing
https://blog.cloudflare.com/validating-leaked-passwords-with-k-anonymity/ https://www.troyhunt.com/ive-just-launched-pwned-passwords-version-2/ Not my original idea
https://api.pwnedpasswords.com/pwnedpassword/password A request for a single password reveals who is
interested in this password. Maybe not that interesting for a widely-used value …
https://api.pwnedpasswords.com/pwnedpassword/p1nkyp13 But how many people would use their favorite my
little pony character with vowels replaced with numbers?
Do you trust the person operating the service? • Are
they doing something else with the data? • Are they securing the data?
None
How can a client get a single record from a
server without revealing the record identifier to the server?
The Easiest Way: Hashed Identifiers
None
None
But rainbow tables exist
None
The Hard Way: Private Set Intersection
None
None
The Middle Way: k-Anonymity
https://en.wikipedia.org/wiki/K-anonymity Every record is unique
https://en.wikipedia.org/wiki/K-anonymity k-Anonymity: 2 for any combination of Age + Gender
+ State found in any row of the table there are always at least 2 rows with those exact attributes Suppression Suppression Generalization
https://blog.cloudflare.com/validating-leaked-passwords-with-k-anonymity/ By using this property, we are able to seperate
hashes into anonymized "buckets".
https://blog.cloudflare.com/validating-leaked-passwords-with-k-anonymity/ A client is able to anonymize the user-supplied hash
…
https://blog.cloudflare.com/validating-leaked-passwords-with-k-anonymity/ … and then download all hashes in the same
anonymized "bucket" as that hash … {
https://blog.cloudflare.com/validating-leaked-passwords-with-k-anonymity/ { 5baa61e4c9b93f3f0682250b6cf8331b7ee68fd8 5baa61f4c0b12f0a6691121c7de9420c8ff12c1f 5baa61aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa 5baa61bbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb 5baa61cccccccccccccccccccccccccccccccccc 5baa61e4c9b93f3f0682250b6cf8331b7ee68fd8 5baa61f4c0b12f0a6691121c7de9420c8ff12c1f 5baa61aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
5baa61bbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb 5baa61cccccccccccccccccccccccccccccccccc … then do an offline check to see if the user- supplied hash is in that breached bucket.