Lock in $30 Savings on PRO—Offer Ends Soon! ⏳
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Hash Range Queries
Search
luke crouch
December 18, 2018
Technology
0
120
Hash Range Queries
For simple, privacy-preserving data-sharing.
luke crouch
December 18, 2018
Tweet
Share
More Decks by luke crouch
See All by luke crouch
Mr. Brokebot: Lethal language attacks against AI agents
groovecoder
0
10
Pigeons to Padlocks: 5000 years of Network Security
groovecoder
0
81
cryptory-up-to-https-atlas-2024.pdf
groovecoder
0
67
Cryptography: 500 BC to https
groovecoder
0
170
Mozilla Observatory First Draft
groovecoder
0
130
VPNs
groovecoder
0
130
Digital Privacy & Security
groovecoder
0
260
Cryptography: 500 BC to Quantum Computing
groovecoder
0
930
Just enough bitcoing to go cryptojacking with JavaScript
groovecoder
0
110
Other Decks in Technology
See All in Technology
Strands Agents × インタリーブ思考 で変わるAIエージェント設計 / Strands Agents x Interleaved Thinking AI Agents
takanorig
4
1.8k
M&Aで拡大し続けるGENDAのデータ活用を促すためのDatabricks権限管理 / AEON TECH HUB #22
genda
0
220
普段使ってるClaude Skillsの紹介(by Notebooklm)
zerebom
8
2k
なぜ あなたはそんなに re:Invent に行くのか?
miu_crescent
PRO
0
130
ExpoのインダストリーブースでみたAWSが見せる製造業の未来
hamadakoji
0
190
Amazon Bedrock Knowledge Bases × メタデータ活用で実現する検証可能な RAG 設計
tomoaki25
6
2.1k
Kiro を用いたペアプロのススメ
taikis
4
1.6k
ハッカソンから社内プロダクトへ AIエージェント「ko☆shi」開発で学んだ4つの重要要素
sonoda_mj
6
1.4k
たまに起きる外部サービスの障害に備えたり備えなかったりする話
egmc
0
390
SREには開発組織全体で向き合う
koh_naga
0
410
『君の名は』と聞く君の名は。 / Your name, you who asks for mine.
nttcom
1
100
Snowflake だけで実現する “自立的データ品質管理” ~Data Quality Monitoring 解説 ~@ BUILD Meetup: TOKYO 2025
ryo_suzuki
0
120
Featured
See All Featured
Building a Scalable Design System with Sketch
lauravandoore
463
34k
The Organizational Zoo: Understanding Human Behavior Agility Through Metaphoric Constructive Conversations (based on the works of Arthur Shelley, Ph.D)
kimpetersen
PRO
0
200
Organizational Design Perspectives: An Ontology of Organizational Design Elements
kimpetersen
PRO
0
42
Building a A Zero-Code AI SEO Workflow
portentint
PRO
0
190
Bootstrapping a Software Product
garrettdimon
PRO
307
120k
YesSQL, Process and Tooling at Scale
rocio
174
15k
Future Trends and Review - Lecture 12 - Web Technologies (1019888BNR)
signer
PRO
0
3.1k
Build your cross-platform service in a week with App Engine
jlugia
234
18k
Digital Ethics as a Driver of Design Innovation
axbom
PRO
0
130
Fight the Zombie Pattern Library - RWD Summit 2016
marcelosomers
234
17k
The Web Performance Landscape in 2024 [PerfNow 2024]
tammyeverts
12
980
Gemini Prompt Engineering: Practical Techniques for Tangible AI Outcomes
mfonobong
2
230
Transcript
Hash Range Queries For simple, privacy-preserving data-sharing
https://blog.cloudflare.com/validating-leaked-passwords-with-k-anonymity/ https://www.troyhunt.com/ive-just-launched-pwned-passwords-version-2/ Not my original idea
https://api.pwnedpasswords.com/pwnedpassword/password A request for a single password reveals who is
interested in this password. Maybe not that interesting for a widely-used value …
https://api.pwnedpasswords.com/pwnedpassword/p1nkyp13 But how many people would use their favorite my
little pony character with vowels replaced with numbers?
Do you trust the person operating the service? • Are
they doing something else with the data? • Are they securing the data?
None
How can a client get a single record from a
server without revealing the record identifier to the server?
The Easiest Way: Hashed Identifiers
None
None
But rainbow tables exist
None
The Hard Way: Private Set Intersection
None
None
The Middle Way: k-Anonymity
https://en.wikipedia.org/wiki/K-anonymity Every record is unique
https://en.wikipedia.org/wiki/K-anonymity k-Anonymity: 2 for any combination of Age + Gender
+ State found in any row of the table there are always at least 2 rows with those exact attributes Suppression Suppression Generalization
https://blog.cloudflare.com/validating-leaked-passwords-with-k-anonymity/ By using this property, we are able to seperate
hashes into anonymized "buckets".
https://blog.cloudflare.com/validating-leaked-passwords-with-k-anonymity/ A client is able to anonymize the user-supplied hash
…
https://blog.cloudflare.com/validating-leaked-passwords-with-k-anonymity/ … and then download all hashes in the same
anonymized "bucket" as that hash … {
https://blog.cloudflare.com/validating-leaked-passwords-with-k-anonymity/ { 5baa61e4c9b93f3f0682250b6cf8331b7ee68fd8 5baa61f4c0b12f0a6691121c7de9420c8ff12c1f 5baa61aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa 5baa61bbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb 5baa61cccccccccccccccccccccccccccccccccc 5baa61e4c9b93f3f0682250b6cf8331b7ee68fd8 5baa61f4c0b12f0a6691121c7de9420c8ff12c1f 5baa61aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
5baa61bbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb 5baa61cccccccccccccccccccccccccccccccccc … then do an offline check to see if the user- supplied hash is in that breached bucket.
groovecoder
takanorig
genda
zerebom
miu_crescent
hamadakoji
tomoaki25
taikis
sonoda_mj
egmc
.JPG){kind=avatar}
koh_naga
nttcom
ryo_suzuki
lauravandoore
kimpetersen
portentint
garrettdimon
rocio
signer
jlugia
axbom
marcelosomers
tammyeverts
mfonobong
