Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Hash Range Queries

Avatar for luke crouch luke crouch
December 18, 2018
Technology
0
110

Hash Range Queries

For simple, privacy-preserving data-sharing.

Avatar for luke crouch

luke crouch

December 18, 2018
Tweet

More Decks by luke crouch

See All by luke crouch
Pigeons to Padlocks: 5000 years of Network Security
Avatar for luke crouch groovecoder
0
71
cryptory-up-to-https-atlas-2024.pdf
Avatar for luke crouch groovecoder
0
56
Cryptography: 500 BC to https
Avatar for luke crouch groovecoder
0
160
Mozilla Observatory First Draft
Avatar for luke crouch groovecoder
0
120
VPNs
Avatar for luke crouch groovecoder
0
120
Digital Privacy & Security
Avatar for luke crouch groovecoder
0
260
Cryptography: 500 BC to Quantum Computing
Avatar for luke crouch groovecoder
0
710
Just enough bitcoing to go cryptojacking with JavaScript
Avatar for luke crouch groovecoder
0
100
Can we protect Privacy without breaking the web
Avatar for luke crouch groovecoder
0
160

Other Decks in Technology

See All in Technology
AWSにおけるTrend Vision Oneの効果について
Avatar for shima shimak
0
130
Escaping_the_Kraken_-_October_2025.pdf
Avatar for Maarten Dalmijn mdalmijn
0
150
PLaMoの事後学習を支える技術 / PFN LLMセミナー
Avatar for Preferred Networks pfn
PRO
9
3.9k
データエンジニアがこの先生きのこるには...?
Avatar for 10xinc 10xinc
0
450
英語は話せません!それでも海外チームと信頼関係を作るため、対話を重ねた2ヶ月間のまなび
Avatar for ニイオカ niioka_97
0
120
社内お問い合わせBotの仕組みと学び
Avatar for Tomoyuki Nishimura nish01
0
430
生成AIとM5Stack / M5 Japan Tour 2025 Autumn 東京
Avatar for you(@youtoy) you
PRO
0
220
フルカイテン株式会社 エンジニア向け採用資料
Avatar for FULL KAITEN fullkaiten
0
9.1k
How to achieve interoperable digital identity across Asian countries
Avatar for Naohiro Fujie fujie
0
120
動画データのポテンシャルを引き出す! Databricks と AI活用への奮闘記(現在進行形)
Avatar for Databricks Japan databricksjapan
0
150
M5製品で作るポン置きセルラー対応カメラ
Avatar for Hisaya OKADA sayacom
0
160
Shirankedo NOCで見えてきたeduroam/OpenRoaming運用ノウハウと課題 - BAKUCHIKU BANBAN #2
Avatar for marokiki marokiki
0
150

Featured

See All Featured
Scaling GitHub
Avatar for Zach Holman holman
463
140k
BBQ
Avatar for Matthew Crist matthewcrist
89
9.8k
VelocityConf: Rendering Performance Case Studies
Avatar for Addy Osmani addyosmani
332
24k
Building an army of robots
Avatar for Kyle Neath kneath
306
46k
KATA
Avatar for Megan Lloyd mclloyd
32
15k
The Art of Delivering Value - GDevCon NA Keynote
Avatar for David Neal reverentgeek
15
1.7k
No one is an island. Learnings from fostering a developers community.
Avatar for Antonio thoeni
21
3.5k
Stop Working from a Prison Cell
Avatar for Chris Michel hatefulcrawdad
271
21k
A better future with KSS
Avatar for Kyle Neath kneath
239
17k
Rails Girls Zürich Keynote
Avatar for Gregor Martynus gr2m
95
14k
jQuery: Nuts, Bolts and Bling
Avatar for Doug Neiner dougneiner
64
7.9k
Unsuck your backbone
Avatar for Amy Palamountain ammeep
671
58k

Transcript

  1. Hash Range Queries For simple, privacy-preserving data-sharing

  2. https://blog.cloudflare.com/validating-leaked-passwords-with-k-anonymity/
 https://www.troyhunt.com/ive-just-launched-pwned-passwords-version-2/ Not my original idea

  3. https://api.pwnedpasswords.com/pwnedpassword/password A request for a single password reveals who is

    interested in this password. Maybe not that interesting for a widely-used value …

  4. https://api.pwnedpasswords.com/pwnedpassword/p1nkyp13 But how many people would use their favorite my

    little pony character with vowels replaced with numbers?

  5. Do you trust the person operating the service? • Are

    they doing something else with the data? • Are they securing the data?
  6. None

  7. How can a client get a single record from a

    server without revealing the record identifier to the server?

  8. The Easiest Way: Hashed Identifiers

  9. None
  10. None

  11. But rainbow tables exist

  12. None

  13. The Hard Way: Private Set Intersection

  14. None
  15. None

  16. The Middle Way: k-Anonymity

  17. https://en.wikipedia.org/wiki/K-anonymity Every record is unique

  18. https://en.wikipedia.org/wiki/K-anonymity k-Anonymity: 2 for any combination of Age + Gender

    + State found in any row of the table there are always at least 2 rows with those exact attributes Suppression Suppression Generalization

  19. https://blog.cloudflare.com/validating-leaked-passwords-with-k-anonymity/ By using this property, we are able to seperate

    hashes into anonymized "buckets".

  20. https://blog.cloudflare.com/validating-leaked-passwords-with-k-anonymity/ A client is able to anonymize the user-supplied hash

  21. https://blog.cloudflare.com/validating-leaked-passwords-with-k-anonymity/ … and then download all hashes in the same

    anonymized "bucket" as that hash … {

  22. https://blog.cloudflare.com/validating-leaked-passwords-with-k-anonymity/ { 5baa61e4c9b93f3f0682250b6cf8331b7ee68fd8 5baa61f4c0b12f0a6691121c7de9420c8ff12c1f 5baa61aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa 5baa61bbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb 5baa61cccccccccccccccccccccccccccccccccc 5baa61e4c9b93f3f0682250b6cf8331b7ee68fd8 5baa61f4c0b12f0a6691121c7de9420c8ff12c1f 5baa61aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa

    5baa61bbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb 5baa61cccccccccccccccccccccccccccccccccc … then do an offline check to see if the user- supplied hash is in that breached bucket.