Oddbean new post about | logout
jb55 | 6 months ago (raw) | root | parent | reply | flag 
 This is why I’m trying to come up with a way that makes it computationally infeasible to reverse it.
jb55 | 6 months ago (raw) | root | parent | reply | flag 
 Range hashes are still on the table, so there would be no exact number
DataNostrum | 6 months ago (raw) | root | parent | reply | flag +1 
 Two reasons why this is a bad idea:

1) Your phone carrier knows both your number and your first name.

2) Assume that the adversary doesn't know names or phone numbers. How many distinct phone numbers are there in the world, like 10^14, tops? How many distinct first names? Millions, although most of the population is probably covered by 100k first names. But let's say that you have on the order of 10^21 hashes to compute, that's 1000 exahashes. The bitcoin network does that every two seconds.
jb55 | 6 months ago (raw) | root | parent | reply | flag +1 
 1. People who care about their ISP knowing their npub won’t use this.

2. You can’t compare sha2 hashing to what im talking about here, they are not the same thing
DataNostrum | 6 months ago (raw) | root | parent | reply | flag +1 
 1. Sure, but those who don't care can easily get identified, and therefore the people that they interact with/follow are much easier to identify by deduction.

2. What's the material difference?
mleku | 6 months ago (raw) | root | parent | reply | flag 
 unfortunately i think that's the thing, the less it leaks metadata the more candidates you are gonna turn up, which defeats the purpose

but i do think, regardless, that for building DVMs able to find any kind of data that this kind of cryptography is the way to make it possible for someone with a sufficiently high entropy clue set to match it up to a highly obfuscated data point

broaden your concept of how to generate the match set and balance your expectations with the idea that people who will publish such hashes are maybe putting a bullseye on their backs