Profile picture
thaidn
@XorNinja
, 8 tweets, 2 min read Read on Twitter
How this works (from memory)

Problem:
-Client has a single pair of (username, password) that it wants to check if it was leaked.
-Server has a huge database of leaked (username, password).
Security/privacy requirements:
- Server cannot learn the client's password
- Server cannot distinguish between the client's username and k-1 others, i.e., k-anonymity
To check a single password:
1. Client computes a k-bit hash of username, denote U
2. Client computes P = r * H(password), where r is a random scalar, and H(password) hashes the password to a point on NIST P-256
3. Client sends (U, P)
4. The server uses U to look up corresponding leaked passwords
5. The server generates a random scalar n. For each password_i, the server computes Q_i = n * H(password_i)
6. The server sends (n * P, Q_1, Q_2, ...)
7. The client unblinds the password by computing n * P * 1/r to retrieve n * H(password)
8. The client checks if n * H(password) is one of Q_i. If so, the password was leaked
Analysis
- Because the server only learns r * H(password), it cannot brute force for the password
- Because the server only learns k- bit of hash of username, it cannot distinguish between the client's username and k-1 others

If you found any issues, please drop me a message.
github.com/chromium/chrom… is the client-side implementation on Chrome, h/t @julianor
@julianor and of course, because Google, here's an ad: if you want to work on similar problems, please send me your resume at thaidn@google.com
Missing some Tweet in this thread?
You can try to force a refresh.

Like this thread? Get email updates or save it to PDF!

Subscribe to thaidn
Profile picture

Get real-time email alerts when new unrolls are available from this author!

This content may be removed anytime!

Twitter may remove this content at anytime, convert it as a PDF, save and print for later use!

Try unrolling a thread yourself!

how to unroll video

1) Follow Thread Reader App on Twitter so you can easily mention us!

2) Go to a Twitter thread (series of Tweets by the same owner) and mention us with a keyword "unroll" @threadreaderapp unroll

You can practice here first or read more on our help page!

More from @XorNinja see all

Profile picture
thaidn
@XorNinja
Kepler: so, you see, orbit of a planet is elliptical. To find where the Earth is, we need a method to calculate the arc length of the ellipse
Fermat: I have discovered such a marvelous method which this tweet is too narrow to contain
Newton: This is a fluent problem, and, as usual, it can be solved with an infinite series expansion
Leibniz: Pardon monsieur, what's a fluent? Arc length is an integral problem, and to calculate ∫f(x)dx first you need to find a closed form function such that F'(x) = f(x)
(100 years had passed. The search for Leibniz's closed-form solution for the elliptic integral, that is ∫f(x, g(x))dx where f is a rational function and g is a polynomial of degree 3 or 4, had been fruitless)
Read 13 tweets

Related threads

Profile picture
TheBridge
@TheBridgeWork
Ahead of @DEFCON, we're highlighting professionals from our Leaders Directory who work in #security & #cybersecurity. And check out our full Leaders Directory for who to know in #tech, #policy, & #politics. #thebridgeleaders thebridgework.com/profiles
@defcon .@CISAManfra, Assistant Director for Cybersecurity @CISAgov says, "Cybersecurity is a significant challenge that requires innovation not just in technical solutions but also in our policies." #thebridgeleaders bit.ly/2YMsoMJ
U.S. Congressman @HurdOnTheHill told us, "I think it’s important for innovators to understand some of the concerns that regulators are going to have further on down the line." #thebridgeleaders bit.ly/2LW4w39
Read 12 tweets
Profile picture
Vaishnavi Prasad
@Vaishnavioffl
What's your favourite clean joke?

Reply to this thread and let's make a collection of the best clean jokes. I'll go first.

When Mozart was alive he was composing
Now that he is dead, he is decomposing.
What's brown and sticky?

A stick.
What do you get when a piano falls down an army barracks?

A Flat Major
Read 38 tweets
Profile picture
Robert Young Pelton
@RYP__
Small world. Mark Nutsch and Erik Prince. princemanufacturing.com/prince-in-norm…
The actual PR lineup and gig: "To commemorate the 75th Anniversary of D-Day, a team of veterans from our #client American Freedom Distillery parachuted into the historic drop zones of Normandy with knapsacks full of their Horse Soldier® Bourbon."
Business is good. Try their bourbon. thewhiskeywash.com/reviews/whiske…
Read 4 tweets
Profile picture
Troy SK
@troysk704
Some of you might be aware; I have been on a 4 year quest to build a smarthome. I am using and sometimes hacking existing solutions in most cases. I found some glaring lapses of security and privacy. A thread on @Xiaomi/@XiaomiIndia #security #privacy #iot @internetofshit
First up; my favourite robot which keeps my home clean. The Roborock S55 uses SLAM technology with cameras & sensors to generate a model of the house. It cleans really well & it leaks even better as it doesn't use HTTPS to communicate. It misses its home and keeps calling back!
Next up; one of the cheapest smart cameras in the market. The Xiaomi XiaoFang WiFi camera does 1080p video and costs less than Rs. 1200. I have many around the house for security purposes. It is a great oxymoron as its a security device with no security.
Read 15 tweets
Profile picture
euzkera
@euzkera
1. Dice el Cardenal Gracias que dentro la reforma de la Curia y de la Constitución #PrædicateEvangelium, la prioridad será la evangelización.

¿Que significa eso teniendo a un Papa que está al servicio del #Islam y del #globalismo?

ncronline.org/news/vatican/c…

#PapaFrancisco
2. infovaticana.com/2019/04/22/vid…
Read 196 tweets
Profile picture
Ricardo Gonzalez
@rickProdManager
Have you heard about Zero-Downtime Upgrades (ZDU) for your #Database with #Oracle RHP ?
Hear of all about it here !
(1/19)
As part of the #Oracle RHP framework, ZDU provides an automated work flow that takes care of the upgrade process on your behalf.
(2/19)
ZDU automates 5 steps: Cloning, Switch Over, Upgrade, Sync Up & Switch Back.
(3/19)
Read 20 tweets

Trending hashtags

#hampton #WorkingClassHero #RainFall2 #shenanigans #Solidarity #Accesstojustice #progressive #FOREVER #Afrin #T4 #SaveYemen #GCHQ #perpetrators #redress #MissPavlichenko #digital #Austrian #Wipha #RepublicanPartyAntiSemitism #WarCriminals #sharedownership #Khartoum #CNNFakeNews #LIVEPD #security
Follow Us on Twitter!

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just three indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3.00/month or $30.00/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!