Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Hash Range Queries

luke crouch
December 18, 2018
Technology
0
35

Hash Range Queries

For simple, privacy-preserving data-sharing.

luke crouch

December 18, 2018
Tweet

More Decks by luke crouch

See All by luke crouch
Cryptography: 500 BC to https
groovecoder
0
33
Mozilla Observatory First Draft
groovecoder
0
51
VPNs
groovecoder
0
20
Digital Privacy & Security
groovecoder
0
190
Cryptography: 500 BC to Quantum Computing
groovecoder
0
250
Just enough bitcoing to go cryptojacking with JavaScript
groovecoder
0
42
Can we protect Privacy without breaking the web
groovecoder
0
97
Google Safe Browsing (High Level)
groovecoder
0
41
How to run your code on the dark web (full version)
groovecoder
1
360

Other Decks in Technology

See All in Technology
IBM Cloud PLUS - #3 IBM PowerVS 入門と最新情報
6onoda
0
110
nlp2023 位置属性を有しない事物に対する地理的特定性の分析
takashiinui
0
140
自分のデータは自分で守る - あなたのCI/CDパイプラインをセキュアにする処方箋
jacopen
4
460
試して分かった!AWS を使った PLCのデータ収集と分析基盤の実践ノウハウ #FA設備技術勉強会#13
ganota
1
240
PHP で学ぶ Cache の距離の話 / study_cache_with_php
hanhan1978
3
760
八王子からお届けするノベルティ - YAPC::Kyoto 2023
uzulla
0
390
マルチベンダに対応したネットワークコントローラを OSS として公開している話 (NTT Tech Conference 2023)
motok1
3
300
QMファンネルとQAキャリア
gen519
PRO
1
160
BUILD UP for Web3 engineer
aramaki
0
380
ChatGPT(GPT-4版)でIoTやってみた / IoTLT vol.97
you
0
150
マネジメント3.0モデル入門(120分版)
takufujii
11
2.7k
軽率に休学したら Babylon.js×WebARで 夢を3つ叶えてた / my dreams with babylon.js and WebAR
drumath2237
0
120

Featured

See All Featured
The Mythical Team-Month
searls
210
40k
Build The Right Thing And Hit Your Dates
maggiecrowley
22
1.5k
Become a Pro
speakerdeck
PRO
6
3.3k
In The Pink: A Labor of Love
frogandcode
133
21k
VelocityConf: Rendering Performance Case Studies
addyosmani
317
22k
Why You Should Never Use an ORM
jnunemaker
PRO
49
8k
What the flash - Photography Introduction
edds
64
10k
Designing for humans not robots
tammielis
245
24k
XXLCSS - How to scale CSS and keep your sanity
sugarenia
236
1.1M
Designing Experiences People Love
moore
130
22k
Rails Girls Zürich Keynote
gr2m
87
12k
Thoughts on Productivity
jonyablonski
50
2.8k

Transcript

  1. Hash Range Queries
    For simple, privacy-preserving data-sharing

    View Slide

  2. https://blog.cloudflare.com/validating-leaked-passwords-with-k-anonymity/

    https://www.troyhunt.com/ive-just-launched-pwned-passwords-version-2/
    Not my original idea

    View Slide

  3. https://api.pwnedpasswords.com/pwnedpassword/password
    A request for a single password reveals who is
    interested in this password.
    Maybe not that interesting for a widely-used value

    View Slide

  4. https://api.pwnedpasswords.com/pwnedpassword/p1nkyp13
    But how many people would use their favorite my
    little pony character with vowels replaced with
    numbers?

    View Slide

  5. Do you trust the person
    operating the service?
    • Are they doing something else with the data?

    • Are they securing the data?

    View Slide

  6. View Slide

  7. How can a client get a single
    record from a server without
    revealing the record identifier
    to the server?

    View Slide

  8. The Easiest Way:
    Hashed Identifiers

    View Slide

  9. View Slide

  10. View Slide

  11. But
    rainbow tables exist

    View Slide

  12. View Slide

  13. The Hard Way:
    Private Set Intersection

    View Slide

  14. View Slide

  15. View Slide

  16. The Middle Way:
    k-Anonymity

    View Slide

  17. https://en.wikipedia.org/wiki/K-anonymity
    Every record is unique

    View Slide

  18. https://en.wikipedia.org/wiki/K-anonymity
    k-Anonymity: 2
    for any combination of Age + Gender + State found in any row of the table
    there are always at least 2 rows with those exact attributes
    Suppression Suppression
    Generalization

    View Slide

  19. https://blog.cloudflare.com/validating-leaked-passwords-with-k-anonymity/
    By using this property, we are able to seperate hashes
    into anonymized "buckets".

    View Slide

  20. https://blog.cloudflare.com/validating-leaked-passwords-with-k-anonymity/
    A client is able to anonymize the user-supplied
    hash …

    View Slide

  21. https://blog.cloudflare.com/validating-leaked-passwords-with-k-anonymity/
    … and then download all hashes in the same
    anonymized "bucket" as that hash …
    {

    View Slide

  22. https://blog.cloudflare.com/validating-leaked-passwords-with-k-anonymity/
    {
    5baa61e4c9b93f3f0682250b6cf8331b7ee68fd8
    5baa61f4c0b12f0a6691121c7de9420c8ff12c1f
    5baa61aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
    5baa61bbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb
    5baa61cccccccccccccccccccccccccccccccccc
    5baa61e4c9b93f3f0682250b6cf8331b7ee68fd8
    5baa61f4c0b12f0a6691121c7de9420c8ff12c1f
    5baa61aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
    5baa61bbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb
    5baa61cccccccccccccccccccccccccccccccccc
    … then do an offline check to see if the user-
    supplied hash is in that breached bucket.

    View Slide