Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Hash Range Queries

Avatar for luke crouch luke crouch
December 18, 2018
Technology
0
120

Hash Range Queries

For simple, privacy-preserving data-sharing.

Avatar for luke crouch

luke crouch

December 18, 2018
Tweet

More Decks by luke crouch

See All by luke crouch
Pigeons to Padlocks: 5000 years of Network Security
Avatar for luke crouch groovecoder
0
75
cryptory-up-to-https-atlas-2024.pdf
Avatar for luke crouch groovecoder
0
62
Cryptography: 500 BC to https
Avatar for luke crouch groovecoder
0
170
Mozilla Observatory First Draft
Avatar for luke crouch groovecoder
0
130
VPNs
Avatar for luke crouch groovecoder
0
130
Digital Privacy & Security
Avatar for luke crouch groovecoder
0
260
Cryptography: 500 BC to Quantum Computing
Avatar for luke crouch groovecoder
0
860
Just enough bitcoing to go cryptojacking with JavaScript
Avatar for luke crouch groovecoder
0
110
Can we protect Privacy without breaking the web
Avatar for luke crouch groovecoder
0
160

Other Decks in Technology

See All in Technology
現地速報!Microsoft Ignite 2025 M365 Copilotアップデートレポート
Avatar for Kaz Asada | しがない情シス kasada
2
1.8k
グローバルなコンパウンド戦略を支えるモジュラーモノリスとドメイン駆動設計
Avatar for かわうそ kawauso
3
9.3k
経営から紐解くデータマネジメント
Avatar for Jun Ernesto Okumura pacocat
3
770
『星の世界の地図の話: Google Sky MapをAI Agentでよみがえらせる』 - Google Developers DevFest Tokyo 2025
Avatar for Tomohiro Tani taniiicom
0
370
Building AI Applications with Java, LLMs, and Spring AI
Avatar for Thomas Vitale thomasvitale
1
250
重厚長大企業で、顧客価値をスケールさせるためのプロダクトづくりとプロダクト開発チームづくりの裏側 / Developers X Summit 2025
Avatar for モンゴル (mongolyy) mongolyy
0
200
ローカルLLM基礎知識 / local LLM basics 2025
Avatar for Naoki Kishida kishida
23
8.7k
AI駆動開発2025年振り返りとTips集
Avatar for KNR knr109
1
110
確実に伝えるHealth通知 〜半自動システムでほどよく漏れなく / JAWS-UG 神戸 #9 神戸へようこそ!LT会
Avatar for GENDA genda
0
150
AI時代の戦略的アーキテクチャ 〜Adaptable AI をアーキテクチャで実現する〜 / Enabling Adaptable AI Through Strategic Architecture
Avatar for 株式会社ビットキー / Bitkey Inc. bitkey
PRO
15
11k
転職したら勘定系システムのクラウド化担当だった件 〜銀行勘定系システムをEKSで稼働させるまで〜
Avatar for Toru Kono torukouno
0
100
Datadog LLM Observabilityで実現するLLMOps実践事例 / practical-llm-observability-with-datadog
Avatar for 逆井(さかさい) k6s4i53rx
0
170

Featured

See All Featured
Raft: Consensus for Rubyists
Avatar for Patrick Van Stee vanstee
140
7.2k
10 Git Anti Patterns You Should be Aware of
Avatar for Lemi Orhan Ergin lemiorhan
PRO
659
61k
Context Engineering - Making Every Token Count
Avatar for Addy Osmani addyosmani
9
420
Practical Tips for Bootstrapping Information Extraction Pipelines
Avatar for Matthew Honnibal honnibal
25
1.6k
JavaScript: Past, Present, and Future - NDC Porto 2020
Avatar for David Neal reverentgeek
52
5.7k
Into the Great Unknown - MozCon
Avatar for Noah Learner thekraken
40
2.2k
個人開発の失敗を避けるイケてる考え方 / tips for indie hackers
Avatar for panda_program panda_program
118
20k
Git: the NoSQL Database
Avatar for Brandon Keepers bkeepers
PRO
432
66k
Build The Right Thing And Hit Your Dates
Avatar for Maggie C. maggiecrowley
38
2.9k
Testing 201, or: Great Expectations
Avatar for Joseph Mastey jmmastey
46
7.8k
Unsuck your backbone
Avatar for Amy Palamountain ammeep
671
58k
Producing Creativity
Avatar for Steve Smith orderedlist
PRO
348
40k

Transcript

  1. Hash Range Queries For simple, privacy-preserving data-sharing

  2. https://blog.cloudflare.com/validating-leaked-passwords-with-k-anonymity/
 https://www.troyhunt.com/ive-just-launched-pwned-passwords-version-2/ Not my original idea

  3. https://api.pwnedpasswords.com/pwnedpassword/password A request for a single password reveals who is

    interested in this password. Maybe not that interesting for a widely-used value …

  4. https://api.pwnedpasswords.com/pwnedpassword/p1nkyp13 But how many people would use their favorite my

    little pony character with vowels replaced with numbers?

  5. Do you trust the person operating the service? • Are

    they doing something else with the data? • Are they securing the data?
  6. None

  7. How can a client get a single record from a

    server without revealing the record identifier to the server?

  8. The Easiest Way: Hashed Identifiers

  9. None
  10. None

  11. But rainbow tables exist

  12. None

  13. The Hard Way: Private Set Intersection

  14. None
  15. None

  16. The Middle Way: k-Anonymity

  17. https://en.wikipedia.org/wiki/K-anonymity Every record is unique

  18. https://en.wikipedia.org/wiki/K-anonymity k-Anonymity: 2 for any combination of Age + Gender

    + State found in any row of the table there are always at least 2 rows with those exact attributes Suppression Suppression Generalization

  19. https://blog.cloudflare.com/validating-leaked-passwords-with-k-anonymity/ By using this property, we are able to seperate

    hashes into anonymized "buckets".

  20. https://blog.cloudflare.com/validating-leaked-passwords-with-k-anonymity/ A client is able to anonymize the user-supplied hash

  21. https://blog.cloudflare.com/validating-leaked-passwords-with-k-anonymity/ … and then download all hashes in the same

    anonymized "bucket" as that hash … {

  22. https://blog.cloudflare.com/validating-leaked-passwords-with-k-anonymity/ { 5baa61e4c9b93f3f0682250b6cf8331b7ee68fd8 5baa61f4c0b12f0a6691121c7de9420c8ff12c1f 5baa61aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa 5baa61bbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb 5baa61cccccccccccccccccccccccccccccccccc 5baa61e4c9b93f3f0682250b6cf8331b7ee68fd8 5baa61f4c0b12f0a6691121c7de9420c8ff12c1f 5baa61aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa

    5baa61bbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb 5baa61cccccccccccccccccccccccccccccccccc … then do an offline check to see if the user- supplied hash is in that breached bucket.