Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Hash Range Queries

Avatar for luke crouch luke crouch
December 18, 2018
Technology
130
0

Hash Range Queries

For simple, privacy-preserving data-sharing.

Avatar for luke crouch

luke crouch

December 18, 2018

More Decks by luke crouch

See All by luke crouch
Mr. Brokebot: Lethal language attacks against AI agents
Avatar for luke crouch groovecoder
0
110
Pigeons to Padlocks: 5000 years of Network Security
Avatar for luke crouch groovecoder
0
100
cryptory-up-to-https-atlas-2024.pdf
Avatar for luke crouch groovecoder
0
83
Cryptography: 500 BC to https
Avatar for luke crouch groovecoder
0
200
Mozilla Observatory First Draft
Avatar for luke crouch groovecoder
0
140
VPNs
Avatar for luke crouch groovecoder
0
150
Digital Privacy & Security
Avatar for luke crouch groovecoder
0
280
Cryptography: 500 BC to Quantum Computing
Avatar for luke crouch groovecoder
0
1k
Just enough bitcoing to go cryptojacking with JavaScript
Avatar for luke crouch groovecoder
0
120

Other Decks in Technology

See All in Technology
20260516_SecJAWS_Days
Avatar for Takuya Yonezawa takuyay0ne
2
430
PdM・Eng・QAで進めるAI駆動開発の現在地/aidd-with-pdm-eng-qa
Avatar for butatamasoba / Shota Kusaba / 草場翔太 shota_kusaba
0
250
20260513_生成AIを専属DSに_AI分析結果の検品テクニック_ハンズオン_交通事故データ
Avatar for NobuakiOshiro doradora09
PRO
0
230
Terragrunt x Snowflake + dbt で作るマルチテナントなデータ基盤構築プラットフォーム
Avatar for Gaku TASHIRO gak_t12
0
230
Every Conversation Counts
Avatar for Yasunobu Kawaguchi kawaguti
PRO
0
230
How to learn AWS Well-Architected with AWS BuilderCards: Security Edition
Avatar for Kosuke ENOMOTO coosuke
PRO
0
150
O'Reilly Infrastructure & Ops Superstream: Platform Engineering for Developers, Architects & the Rest of Us
Avatar for Syntasso syntasso
0
210
Tachikawa.any 運営挨拶
Avatar for daitasu daitasu
0
180
Purview Endpoint DLP 動かしてみた
Avatar for kozakigh kozakigh
0
430
RedmineをAIで効率的に使う検証
Avatar for Takayuki Yoshioka yoshiokacb
0
130
Gaussian Splattingの表現力を拡張する — 高周波再構成とインタラクションへのアプローチ —
Avatar for GPU UNITE gpuunite_official
0
180
おいらのAWSアップデートの追い方〜Slack×AgentCore〜
Avatar for やくも yakumo
1
110

Featured

See All Featured
CSS Pre-Processors: Stylus, Less & Sass
Avatar for Bermon Painter bermonpainter
360
30k
Git: the NoSQL Database
Avatar for Brandon Keepers bkeepers
PRO
432
67k
State of Search Keynote: SEO is Dead Long Live SEO
Avatar for Ryan Jones ryanjones
0
190
Between Models and Reality
Avatar for mayunak mayunak
4
290
Prompt Engineering for Job Search
Avatar for Mfonobong Umondia mfonobong
0
300
RailsConf 2023
Avatar for Aaron Patterson tenderlove
30
1.4k
Building Applications with DynamoDB
Avatar for Matt Wood mza
96
7k
Public Speaking Without Barfing On Your Shoes - THAT 2023
Avatar for David Neal reverentgeek
1
390
StorybookのUI Testing Handbookを読んだ
Avatar for Shingo Yamazaki zakiyama
31
6.7k
Producing Creativity
Avatar for Steve Smith orderedlist
PRO
348
40k
Skip the Path - Find Your Career Trail
Avatar for Mark Kilby mkilby
1
120
ラッコキーワード サービス紹介資料
Avatar for ラッコ株式会社 rakko
1
3.3M

Transcript

  1. Hash Range Queries For simple, privacy-preserving data-sharing

  2. https://blog.cloudflare.com/validating-leaked-passwords-with-k-anonymity/
 https://www.troyhunt.com/ive-just-launched-pwned-passwords-version-2/ Not my original idea

  3. https://api.pwnedpasswords.com/pwnedpassword/password A request for a single password reveals who is

    interested in this password. Maybe not that interesting for a widely-used value …

  4. https://api.pwnedpasswords.com/pwnedpassword/p1nkyp13 But how many people would use their favorite my

    little pony character with vowels replaced with numbers?

  5. Do you trust the person operating the service? • Are

    they doing something else with the data? • Are they securing the data?
  6. None

  7. How can a client get a single record from a

    server without revealing the record identifier to the server?

  8. The Easiest Way: Hashed Identifiers

  9. None
  10. None

  11. But rainbow tables exist

  12. None

  13. The Hard Way: Private Set Intersection

  14. None
  15. None

  16. The Middle Way: k-Anonymity

  17. https://en.wikipedia.org/wiki/K-anonymity Every record is unique

  18. https://en.wikipedia.org/wiki/K-anonymity k-Anonymity: 2 for any combination of Age + Gender

    + State found in any row of the table there are always at least 2 rows with those exact attributes Suppression Suppression Generalization

  19. https://blog.cloudflare.com/validating-leaked-passwords-with-k-anonymity/ By using this property, we are able to seperate

    hashes into anonymized "buckets".

  20. https://blog.cloudflare.com/validating-leaked-passwords-with-k-anonymity/ A client is able to anonymize the user-supplied hash

  21. https://blog.cloudflare.com/validating-leaked-passwords-with-k-anonymity/ … and then download all hashes in the same

    anonymized "bucket" as that hash … {

  22. https://blog.cloudflare.com/validating-leaked-passwords-with-k-anonymity/ { 5baa61e4c9b93f3f0682250b6cf8331b7ee68fd8 5baa61f4c0b12f0a6691121c7de9420c8ff12c1f 5baa61aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa 5baa61bbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb 5baa61cccccccccccccccccccccccccccccccccc 5baa61e4c9b93f3f0682250b6cf8331b7ee68fd8 5baa61f4c0b12f0a6691121c7de9420c8ff12c1f 5baa61aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa

    5baa61bbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb 5baa61cccccccccccccccccccccccccccccccccc … then do an offline check to see if the user- supplied hash is in that breached bucket.