Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Hash Range Queries

Avatar for luke crouch luke crouch
December 18, 2018
Technology
0
110

Hash Range Queries

For simple, privacy-preserving data-sharing.

Avatar for luke crouch

luke crouch

December 18, 2018
Tweet

More Decks by luke crouch

See All by luke crouch
Pigeons to Padlocks: 5000 years of Network Security
Avatar for luke crouch groovecoder
0
71
cryptory-up-to-https-atlas-2024.pdf
Avatar for luke crouch groovecoder
0
57
Cryptography: 500 BC to https
Avatar for luke crouch groovecoder
0
170
Mozilla Observatory First Draft
Avatar for luke crouch groovecoder
0
120
VPNs
Avatar for luke crouch groovecoder
0
120
Digital Privacy & Security
Avatar for luke crouch groovecoder
0
260
Cryptography: 500 BC to Quantum Computing
Avatar for luke crouch groovecoder
0
800
Just enough bitcoing to go cryptojacking with JavaScript
Avatar for luke crouch groovecoder
0
100
Can we protect Privacy without breaking the web
Avatar for luke crouch groovecoder
0
160

Other Decks in Technology

See All in Technology
Findy Team+ QAチーム これからのチャレンジ!
Avatar for ファインディ株式会社(イベント資料アップ用) findy_eventslides
0
500
旅で応援する✈️ NEWTが目指すコミュニティ支援とあたらしい旅行 / New Travel: Supporting by NEWT on Your Journey
Avatar for miisan mii3king
0
140
エンタメとAIのための3Dパラレルワールド構築(GPU UNITE 2025 特別講演)
Avatar for Preferred Networks pfn
PRO
0
630
Wasmの気になる最新情報
Avatar for asuka askua
0
180
NLPコロキウム20251022_超効率化への挑戦: LLM 1bit量子化のロードマップ
Avatar for Yuma Ichikawa yumaichikawa
1
180
Introduction to Sansan Meishi Maker Development Engineer
Avatar for Sansan, Inc. sansan33
PRO
0
310
ヘンリー会社紹介資料(エンジニア向け) / company deck for engineer
Avatar for Henry, Inc. henryofficial
0
310
AIエージェント入門 〜基礎からMCP・A2Aまで〜
Avatar for Shu Kobuchi shukob
1
150
SCONE - 動画配信の帯域を最適化する新プロトコル
Avatar for kazuho kazuho
1
310
AI AgentをLangflowでサクッと作って、1日働かせてみた!
Avatar for Yano-13 yano13
1
120
「魔法少女まどか☆マギカ Magia Exedra」のIPのキャラクターを描くための3Dルック開発
Avatar for gree_tech gree_tech
PRO
0
140
Building a cloud native business on open source
Avatar for Liz Rice lizrice
0
160

Featured

See All Featured
How STYLIGHT went responsive
Avatar for nonsquared nonsquared
100
5.8k
Helping Users Find Their Own Way: Creating Modern Search Experiences
Avatar for Dan Newman danielanewman
30
2.9k
Code Reviewing Like a Champion
Avatar for maltzj maltzj
526
40k
How to Create Impact in a Changing Tech Landscape [PerfNow 2023]
Avatar for Tammy Everts tammyeverts
55
3k
Navigating Team Friction
Avatar for Lara Hogan lara
190
15k
XXLCSS - How to scale CSS and keep your sanity
Avatar for Zaharenia Atzitzikaki sugarenia
249
1.3M
Creating an realtime collaboration tool: Agile Flush - .NET Oxford
Avatar for Marc Duiker marcduiker
34
2.3k
What's in a price? How to price your products and services
Avatar for Michael Herold michaelherold
246
12k
Code Review Best Practice
Avatar for Trisha Gee trishagee
72
19k
GraphQLとの向き合い方2022年版
Avatar for Yosuke Kurami quramy
49
14k
A Tale of Four Properties
Avatar for Chris Coyier chriscoyier
161
23k
The Psychology of Web Performance [Beyond Tellerrand 2023]
Avatar for Tammy Everts tammyeverts
49
3.1k

Transcript

  1. Hash Range Queries For simple, privacy-preserving data-sharing

  2. https://blog.cloudflare.com/validating-leaked-passwords-with-k-anonymity/
 https://www.troyhunt.com/ive-just-launched-pwned-passwords-version-2/ Not my original idea

  3. https://api.pwnedpasswords.com/pwnedpassword/password A request for a single password reveals who is

    interested in this password. Maybe not that interesting for a widely-used value …

  4. https://api.pwnedpasswords.com/pwnedpassword/p1nkyp13 But how many people would use their favorite my

    little pony character with vowels replaced with numbers?

  5. Do you trust the person operating the service? • Are

    they doing something else with the data? • Are they securing the data?
  6. None

  7. How can a client get a single record from a

    server without revealing the record identifier to the server?

  8. The Easiest Way: Hashed Identifiers

  9. None
  10. None

  11. But rainbow tables exist

  12. None

  13. The Hard Way: Private Set Intersection

  14. None
  15. None

  16. The Middle Way: k-Anonymity

  17. https://en.wikipedia.org/wiki/K-anonymity Every record is unique

  18. https://en.wikipedia.org/wiki/K-anonymity k-Anonymity: 2 for any combination of Age + Gender

    + State found in any row of the table there are always at least 2 rows with those exact attributes Suppression Suppression Generalization

  19. https://blog.cloudflare.com/validating-leaked-passwords-with-k-anonymity/ By using this property, we are able to seperate

    hashes into anonymized "buckets".

  20. https://blog.cloudflare.com/validating-leaked-passwords-with-k-anonymity/ A client is able to anonymize the user-supplied hash

  21. https://blog.cloudflare.com/validating-leaked-passwords-with-k-anonymity/ … and then download all hashes in the same

    anonymized "bucket" as that hash … {

  22. https://blog.cloudflare.com/validating-leaked-passwords-with-k-anonymity/ { 5baa61e4c9b93f3f0682250b6cf8331b7ee68fd8 5baa61f4c0b12f0a6691121c7de9420c8ff12c1f 5baa61aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa 5baa61bbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb 5baa61cccccccccccccccccccccccccccccccccc 5baa61e4c9b93f3f0682250b6cf8331b7ee68fd8 5baa61f4c0b12f0a6691121c7de9420c8ff12c1f 5baa61aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa

    5baa61bbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb 5baa61cccccccccccccccccccccccccccccccccc … then do an offline check to see if the user- supplied hash is in that breached bucket.