[HN Gopher] Confess your love with zero-knowledge
___________________________________________________________________
Confess your love with zero-knowledge
Author : amirGi
Score : 206 points
Date : 2022-06-03 15:52 UTC (7 hours ago)
(HTM) web link (www.zkcrush.xyz)
(TXT) w3m dump (www.zkcrush.xyz)
| AndrewStephens wrote:
| I used a similar technique to obfuscate the answers in a silly TV
| quiz[0] I wrote a couple of years ago.
|
| I have a terrible habit of looking at the source of web-based
| puzzles to discover the solutions and wanted to make something
| where that was impossible.
|
| My solution was to use the given answers as the key to decode a
| small blob of data. Multiple correct answers (different
| spellings) were handled by simply encoding the blob multiple
| times and trying them all.
|
| Everything happens client side but at no time does the client
| store any information about the answers unless the user proves
| they know them by typing them in.
|
| [0] https://sheep.horse/2020/4/tv_opening_sequences_quiz.html
| skrebbel wrote:
| I sent it to my wife but she spelled her own name wrong and now
| she thinks I have a crush on someone else
| anthropodie wrote:
| Now you either gotta point out her mistake or you gotta admit
| you have crush on someone else. Good luck getting out of this
| :)
| skrebbel wrote:
| I told her I have zero knowledge of any of this
| andrewstuart2 wrote:
| OP should probably trim whitespace too. I sent it to my wife
| and it's not a match either, because there was a trailing space
| left by her keyboard.
| ntoskrnl wrote:
| Don't forget normalizing unicode. You don't want to see Jorge
| fighting with Jorge.
| runj__ wrote:
| It does handle emojis though! In case... Uhhh... You have
| emojis in you name?
| dylan604 wrote:
| Don't give Musk any ideas!
| splitstud wrote:
| 0xedb wrote:
| lmao
| sshine wrote:
| I did the same.
|
| I never had a thing for good spellers.
| easton wrote:
| Context: http://sigtbd.csail.mit.edu/pubs/2016/paper10.pdf
| natly wrote:
| I think this is the first time I've understood zero-knowledge
| communication.
| drdaeman wrote:
| As far as I understand it (and I'm not a cryptographer!), it is
| not zero knowledge.
|
| _Zero_ knowledge means you can prove you know something
| without disclosing _any_ additional information about it, _at
| all_ - that 's why it's called "zero". And here, a hash of
| crush name is exposed, so it's not.
|
| Check this out for a much better explanation:
| https://crypto.stackexchange.com/questions/70877/is-a-hash-a...
| lvass wrote:
| >Zero knowledge means you can prove you know something
| without disclosing any additional information, at all
|
| This is physically impossible and definitely not what ZK
| means.
| drdaeman wrote:
| I could be wrong, yes.
|
| But why impossible? Take this example:
| https://en.wikipedia.org/wiki/Zero-
| knowledge_proof#Discrete_... - all parties exchange are
| essentially random numbers (which doesn't count as
| "additional information"), yet they establish the fact that
| Peggy knows _x_. There 's that footnote about how _r_ must
| be truly random, of course, but as long as everything 's
| done right there is no additional _information_ there
| whatsoever, only random _noise_.
|
| Side note: one thing I certainly don't understand are NI-ZK
| - while I think I have some rough understanding of how
| interactive ZK proofs work - well, I mean, I've read
| Quisquater et al.'s "How to explain zero-knowledge
| protocols to your children" - but I'm pretty clueless how
| they manage to make such things non-interactive.
| lvass wrote:
| Any information exchange must go through a medium and
| it's not possible to create one with zero metadata.
| drdaeman wrote:
| Oh, I think I see your point now. But I think it's a
| weird argument, to be honest.
|
| I suppose the fact that it's Peggy and Victor who are
| running that protocol is simply irrelevant. They're
| talking about that value of _x_ after all, and nothing
| related to that topic is revealed beyond the proof of the
| fact that Peggy knows it. If she 'd appear in person,
| wherever she wears a red shirt or a white one would be
| might be considered "information" but it would be
| completely out of scope.
| go_to_moon wrote:
| This isn't zero knowledge, like, at all
|
| "The essence of zero-knowledge proofs is that it is trivial to
| prove that one possesses knowledge of certain information by
| simply revealing it; the challenge is to prove such possession
| without revealing the information itself or any additional
| information."
| lvass wrote:
| "In cloud computing, the term zero-knowledge (or occasionally
| no-knowledge or zero access) refers to software services that
| store, transfer or manipulate data such that it is only
| accessible to its owner, not to the service provider."
| drdaeman wrote:
| > In cloud computing
|
| Your quote heavily misspells "bullshit marketing" ;)
|
| For marketing reasons, people try give things fancy names,
| even if those names are misused and are completely wrong.
| This is exactly what happened with all those "zero-
| knowledge encrypted cloud storages" and so on.
| agucova wrote:
| This seems to imply terms can only have and only one
| "right" definition, which is not how languages work, at
| all.
|
| Clearly there are two big clusters of meaning for "zero-
| knowledge" and they seem distinct enough to not overlap.
| Seems fine to me.
| [deleted]
| ok_dad wrote:
| I might be an old timer but there used to be a site where you
| would put in your email and your crushes email and if they did
| the same you'd both be notified. I don't remember the name of the
| site now though.
| dylan604 wrote:
| allyourcreditarebelongtous.com?
|
| i assume at this point in life that any site doing something as
| silly as this has ulterior motives for the site's existence.
| aarondia wrote:
| To stop my friends from using this to guess who my crush is, a
| fun iteration could be instead of entering the person's name, you
| enter the last text you sent, place you met, etc. Something only
| the two of you would know ... and maybe even something romantic
| :)
| macintux wrote:
| Virtually guaranteeing you'd never match even if you match.
| a-dub wrote:
| that's called salting.
| jonahbenton wrote:
| What if you love hashes?
| paxys wrote:
| Nice. Kinda along the lines of what made the current generation
| of dating apps (starting with Tinder) so popular. Take a large
| group of 1st and 2nd degree friends. People anonymously select
| who all they'd like to get with. If there's a match, both parties
| are notified. If not, no one gets to know. It's such a simple
| concept, and it's odd that someone like Facebook wasn't able to
| capitalize on it first despite providing all the infrastructure
| (the social graph) to make a service like this possible in the
| first place.
| snarkconjecture wrote:
| What does this achieve that posting "text me and I'll tell you if
| I have a crush on you" doesn't?
|
| Or texting your crush directly?
|
| I suppose it's a useful commitment mechanism for proving you
| aren't telling everyone they're your only crush, but that seems a
| bit of a niche use case.
| mikebenfield wrote:
| 1. Since it's an external web site with a little bit of tech
| behind it that presumably others are using, it might seem less
| desperate or strange than the post you suggest.
|
| 2. The potential crushee can do the check without notifying you
| they're doing so. They might be too embarrassed/intimidated to
| actually tell you they're interested in whether you have a
| crush.
| m00dy wrote:
| I hardly see how this is related to zero-knowledge
| ghayes wrote:
| Yeah zero-knowledge is supposed to give you no usable
| information, but brute-forcing aside, the fact anyone can learn
| they are _not_ the target is knowledge, right?
| m00dy wrote:
| right.
| woojoo666 wrote:
| I believe "zero knowledge" refers to the third party here. That
| is, you give it A => B, and it tells you if B => A was given
| previously, without it knowing the actual values of A or B.
| While _you_ might be able to brute force the system by trying
| every name you know, the third party can 't unless you give the
| third party a registry of names to try.
|
| Related is the humorous paper "Solving the Dating Problem with
| the SENPAI Protocol" [1], though the solution in that paper
| does not rely on a third party.
|
| [1]: http://sigtbd.csail.mit.edu/pubs/2016/paper10.pdf
| varispeed wrote:
| It's fascinating to see how far people are willing to go to avoid
| the awkward feeling of potential rejection. I mean I have been
| there. But as I am older this just feels funny. If you like
| someone just tell them. Rejection is part of the fun.
| anticristi wrote:
| Right? I embraced rejection therapy and the results were scary
| good. A whole new world opened up, not only in romance, but
| sales, financing, recruitment, etc.
| can16358p wrote:
| Love these kind of ideas. Reminded me of once I was trying to
| allow access to a file with a password. It wasn't any super-
| secret file or anything, just a CV of a friend hosted on a static
| file server and she wanted it to "protect" it with a simple
| password (just didn't want it to be directly available to anyone
| viewing the homepage. No mission-critical secret of any kind
| otherwise).
|
| Having no real/strict security requirements and being lazy to go
| server-side scripting, I simply hashed the password. Noted the
| hash. Saved the file into a folder like "/${hash}/Proper
| Name.pdf". Hashed the hash again and embedded it into client-side
| JS. Wrote a JS function that took the input, hashed it twice, and
| if second hash of the entered password matches that, download the
| file "/${first hash}/Proper Name.pdf".
|
| It worked like a charm, but please note that this is prone to
| attacks so if anyone reading this thinks it's a good idea to
| implement actual security, DO NOT. It is not. Fun to play with
| though.
| jesprenj wrote:
| What attacks?
| martin-adams wrote:
| Maybe the browser or an extension leaking the URL of the
| file, which could ultimately get indexed in a search engine.
| [deleted]
| flax wrote:
| I own the domain ilikeyou.fyi and considered doing something very
| much like this. I rejected that plan for all the reasons above.
|
| It could be done better with public/private key cryptography, but
| then your audience has to be able to deal with that.
|
| Oh well, it's on my backlog down in the "I'll never actually get
| there" section.
| Garvey wrote:
| Small idea, no idea how useful if at all but maybe it could be
| a simple page with a list of reasons why the sender likes the
| recipient, and/or a YouTube playlist of songs that remind them
| of the recipient etc
| batch12 wrote:
| Maybe don't display the hash and self destruct after n bad
| guesses or something.
| makach wrote:
| Yeaaahh, but no. It doesn't need to be mutual. Guess can be
| correct but the reveal will probably just out you and cause
| problems. For confessing your love do it openly, they are no
| short cuts.
| exikyut wrote:
| * _Hires team of synchronized skywriters to draw SHA-256 hash
| above crush 's location_*
| michaelmior wrote:
| Avoiding hash collisions has never been so important...
| hsnewman wrote:
| What if your girlfriend and wife have the same hash?
| runjake wrote:
| Maybe this would be better using
| Twitter/Instagram/TikTok/Snapchat handles? (I don't use 75% of
| those, but presumably they all use handles.)
| Liron wrote:
| Last year my wife and I suspected we might have gotten each other
| the same Christmas gift, but didn't want to spoil the surprise in
| case we didn't. So we compared SHA256 hashes... and sure enough
| they both came out cb17007d (theragun)
| avg_dev wrote:
| What did you hash? The name of the product? Or the UPC or
| something? I am curious.
| Liron wrote:
| We both hashed "theragun" in all lowercase. We actually
| bought each other two different models of Theragun but it was
| pretty natural to refer to them with that string.
| nullc wrote:
| Not technically zero knowledge, since you could brute force
| search her non-matching hash later.
|
| A true ZK comparison[1] would just return a true or false
| without exposing any other information such as the hash of the
| item.
|
| I'm sure the hash was good enough for your purpose, however!
|
| [1] https://en.wikipedia.org/wiki/Socialist_millionaire_problem
| hinkley wrote:
| There are a couple of science and science fiction authors that
| started posting hashes or signatures for their predictions for
| the future, and then post it after events played out.
|
| I think the idea is that unlike pundits predicting the future,
| you don't want your particularly clever friend speculating out
| loud ten minutes into the suspense movie what they think is
| going on because they either guess the ending, or their guess
| makes you figure out the ending, and then it's 70 minutes of
| sitting there reading all of the other foreshadowing and not
| getting to enjoy any of it.
| garaetjjte wrote:
| Doesn't work, because you can reasonably brute-force possible
| gifts.
| Liron wrote:
| Yeah I'm not sure what's the best protocol that's actually
| zero-knowledge here, but since we both trusted each other to
| only want to find out whether or not our gifts were the same,
| and otherwise to not spoil the surprise, this did the job.
| kevinventullo wrote:
| You could write a script that does the hash comparison for
| you and simply outputs "Yes" or "No" for whether the hashes
| are identical.
| 10000truths wrote:
| Sure, but the example is contrived, as it serves to
| illustrate the point in an easily digestible (heh) way. In
| real world applications, both the possible messages and the
| possible hashes would be way too large to brute force.
| lights0123 wrote:
| You could reveal the hash letter-by-letter and stop as soon
| as a letter differs so there's more possibilities.
| mbauman wrote:
| You can similarly brute force mutual acquaintances in TFA
| PascLeRasc wrote:
| This explained zero knowledge so much easier than that parable
| about the caves, thank you.
| vintermann wrote:
| But it isn't zero-knowledge. If it was zero-knowledge, you
| would be able to know what you had the same gift/crush, but
| it would be impossible to prove to someone else.
|
| Mere hashing doesn't do that. For the crush example (This
| site), your crush could show everyone the link and their
| name. For that matter, someone could enter the names of
| everyone you knew in turn, until you were outed.
| sangel wrote:
| Non interactive zero knowledge allows one proof to be
| checked by many verifiers. I think folks would still
| consider that to be a zero knowledge proof no?
|
| That said, yeah this hashing example is not zero knowledge
| because, among other things, the hash is not hiding.
| josephcsible wrote:
| An actual zero-knowledge way to do that would be the
| Socialist Millionaires' Protocol.
| puffoflogic wrote:
| As the sibling comment says, neither gp comment nor this post
| are zero-knowledge.
|
| But in addition to the definition given in sibling comment,
| here's another necessary condition of a zero-knowledge proof:
| it _must_ be possible to forge transcripts (i.e., one party
| writing both sides of the interaction) of a zk proof even
| without possessing the secret.
| [deleted]
| tinktank wrote:
| Pretty clever IMO
| niyazpk wrote:
| Well... hactually... This is kind like the opposite of zero-
| knowledge, where everyone can know your crush just by entering
| all suspecting names in the link.
| UmbertoNoEco wrote:
| Nothing says romance like a sha-256 hash. Neruda,take notes.
| sixhobbits wrote:
| "First and Last name capitalised"
|
| Seems like someone hasn't read the famous "Falsehoods Programmers
| Believe about Names"[0]
|
| [0] https://www.kalzumeus.com/2010/06/17/falsehoods-
| programmers-...
| alanh wrote:
| I mean, it's basically a helpful hint there to maximize the
| chance that both parties include the same names with the same
| capitalizations
| kube-system wrote:
| And it's a unhelpful suggestion to butcher names that aren't
| correctly formatted that way.
| lvass wrote:
| Maybe they did, got confused and gave up. How would you deal
| with 4, 11, 12+13, 14 and 18 here?
| soco wrote:
| Quite simple: you don't deal at all. That's zero assumptions
| about the name. Let them eat cake and enter whatever they
| want. The user should know their sweetie well enough to guess
| what they will enter as own name. This is an assumption about
| their level of mutual knowledge, true, but not one about the
| naming scheme.
| lvass wrote:
| This is a design decision that will very likely lead to
| missed matches, bold of you to assume it's desirable but
| even that doesn't answer the entire ordeal. How are they
| going to enter the name, have you read 11?
| not2b wrote:
| On the contrary, there is a very strong and completely
| invalid assumption: that Alice will type her name in
| exactly the way Bob typed her name, and vice versa, that
| neither will misspell it, that either both will use the
| official name or both will use the same nickname.
| kube-system wrote:
| > 4. People have, at this point in time, one full name which
| they go by.
|
| The relationship between person and name is one-to-many
|
| > 11. People's names are all mapped in Unicode code points.
|
| You can implement custom characters, i.e.
| https://en.wikipedia.org/wiki/Private_Use_Areas or have a
| process for exceptions
|
| > 12. People's names are case sensitive. 13. People's names
| are case insensitive.
|
| You can store this as an attribute
|
| > 14. People's names sometimes have prefixes or suffixes, but
| you can safely ignore those.
|
| This can be other fields if you're trying to structure the
| data, or you can simply store the entire name as a contiguous
| field.
|
| > 18. People's names have an order to them. Picking any
| ordering scheme will automatically result in consistent
| ordering among all systems, as long as both use the same
| ordering scheme for the same name.
|
| Don't string compare names as a test for equality.
|
| The obvious response to this is: that's too hard (/impossible
| to do). But that's just the reality of the situation. These
| issues are not necessarily possible to solve. #21 in
| particular makes this application very broken even with very
| plain vanilla western names.
| [deleted]
| system16 wrote:
| Humorous, but not zero-knowledge at all. They could be on to
| something here though. Maybe blockchain's "killer app" will be
| Verifiable Romance?
| cableshaft wrote:
| Instead of getting your SO's name tattooed on your body that
| you'll regret in a few years, you'll instead get your names
| added to the blockchain...that you'll regret in a few years.
| TobyTheDog123 wrote:
| Dont give them any ideas. The RomanceSmartChain is only a few
| months out at this rate.
| orthecreedence wrote:
| $LOVE is MOONING!!
|
| Blake2b + Hybrid PoW chain with LOW TRANSACTION FEES and 4
| TX/S THROUGHPUT now CONFIRMING COMMITTED RELATIONSHIPS with
| blockchain technology! Your relationship isn't valid until
| there are AT LEAST 36 CONFIRMATIONS on $LOVE chain!!1
|
| Also now supporting ON-CHAIN unique NFTs for couples for
| low fees!!
| sunshinerag wrote:
| Link to white paper please
| radicalbyte wrote:
| Zero-knowledge describes the OP w.r.t zero-knowledge-proofs.
| littlestymaar wrote:
| Jacques Patarin[1], my cryptography teacher at university
| introduced us with zero-knowledge proofs with a simple real-life
| zero knowledge scheme for this exact purpose. All you need is 5
| cards, 3 identical red and 2 identical blacks.
|
| You give one black and one red to each person (Alice and Bob),
| and keep the last red.
|
| The scheme is the following:
|
| Alice will puts her two cards ON TOP of the remaining red card:
| to say yes, she puts her black card on top of her red card, to
| say no she does the opposite (red on top of black).
|
| Bob will put his pair of cards BELOW the remaining red card, and
| to say yes he puts his black card at the bottom, with his red
| card in between, and to say no he does the opposite.
|
| Then you _cut_ the deck enough times to obfuscate who 've done
| what, and you know that they've both day yes if you have the two
| blacks cards next to each other (or both at each ends of the
| deck). If anyone (or both of them) said no, you'd have black
| cards separated by one red card.
|
| [1] https://fr.wikipedia.org/wiki/Jacques_Patarin
| [deleted]
| rockbruno wrote:
| Fun concept, but quite easy to use with a malicious intent. It
| would be better if only people who have a crush on you could use
| the link (meaning the confession would work both ways)
| leto_ii wrote:
| > People can enter their names into this unique link to generate
| the hash of their name. If the generated hash matches, they'll be
| notified *you* are *their* crush
|
| Don't mean to be pedantic, but shouldn't it be "they'll be
| notified *they* are *your* crush"?
| ascv wrote:
| Yes it seems to be worded incorrectly.
| [deleted]
| ihuman wrote:
| I remember reading a joke research paper about something like
| this. It explored all currently known methods of confessing your
| love, their pros and cons, and had a funny acronym for each. It
| then proposed a newer, secure algorithm for confessing to your
| crush if the feeling was mutual, and without leaking information
| to 3rd parties. I'm trying to find it, but I don't have it saved
| and I haven't found it on Google yet.
| easton wrote:
| The SENPAI protocol!
| http://sigtbd.csail.mit.edu/pubs/2016/paper10.pdf
| anticristi wrote:
| This is probably the geekiest CS paper I ever read!
| ihuman wrote:
| Thank you! I had a feeling the name had something to do with
| anime, but I couldn't remember what.
| SpaceManNabs wrote:
| I can see this being somewhat popular on some campuses.
| bigdict wrote:
| I think this was originally a joke on a MIT Facebook page.
| blueplanet200 wrote:
| This is not the usual notion of zero-knowledge.
| latchkey wrote:
| https://www.zkcrush.xyz/api/hello
| samiur1204 wrote:
| Lol, sending someone the link kind of defeats the purpose, no?
| Tomte wrote:
| This is some strange notion of zero-knowledge.
|
| If Bob publishes his link, and I want to know who his crush is, I
| can simply try all our classmates' names and quickly find out
| that it's Alice.
|
| Those games only make at least a bit of sense when everybody
| enters their crush and only when matching both get notified.
|
| Also brute-forceable, but at least it's quadratic (if you suspect
| nothing about crushes, which is unrealistic in itself).
| spekcular wrote:
| Indeed, a similar "secure" crush confession on an MIT facebook
| group was exploited in this way, by brute forcing every name in
| the student directory.
| hinkley wrote:
| And when everyone is an actual adult, not a manchild or other
| people without a fully formed prefrontal cortex and thus prone
| to making ugly, life-changing decisions - for themselves and
| others - on a dime.
|
| That's most of the demographic for this product. The number of
| over-25 people, not in a committed relationship, who still
| haven't figured out how to ask people out, is pretty small.
| random314 wrote:
| Or just tell your crush, without sharing URLs with everyone
| staticassertion wrote:
| Easy as an adult. But as a kid I feel like we jumped through
| soooo many hoops to de-risk telling someone we had a crush on
| them.
|
| I remember those reallllly early games like MASH or even
| early "compatibility" apps. Very coy.
| vintermann wrote:
| There's nothing wrong with only wanting to reveal a crush
| if it's somewhat returned. If it isn't, you're just putting
| them in an uncomfortable position for no good reason.
| the_af wrote:
| Yes, I can see how -- as a kid -- sharing an URL of your
| hashed crush with the world is not going to be awkward _at
| all_.
| soco wrote:
| Putting links in your tiktok/whatever profile doesn't
| seem like very unusual nowadays...
| staticassertion wrote:
| Awkward is the name of the game.
| LeifCarrotson wrote:
| You'd want to use asymmetric public key cryptography so that
| Bob could hash his message with Alice's public key, and it
| could only be decrypted with Alice's private key.
| superjan wrote:
| For heaven's sake just call her!
| tawktiem wrote:
| Yup, everyone publishes their public keys. No one's private
| keys gets published (fake crush created).
|
| I'm not sure if zero-knowledge proofs exist for love outside
| of action - repeated acts of commitment over time (to reduces
| the confidence that someone doesn't love you).
| vintermann wrote:
| That lets Bob confess semi-deniably to Alice (if Alice is
| willing to share her private key, she can still show Bob's
| confession to Carroll and prove that it's authentic). But it
| still doesn't do any matching; Alice will know about Bob's
| feelings whether she returns then or not.
| gizmo686 wrote:
| That still lets Alice find out.
|
| I don't see a clear way of mapping the concept of a zero
| knowledge proof to the crush problem.
|
| But the best I can come up with is:
|
| 1) No one learns that Alice (claims to) have a crush on Bob
|
| 2) Unless Bob also claims to have a crush on Alice, in which
| case.
|
| 3) Only Bob learns that Alice has a crush on him.
|
| 4) If Bob learns that Alice has a crush on him, Alice learns
| that Bob has a crush on her.
|
| 5) All the above guarantees are symmetric if you swap Bob and
| Alice.
| geysersam wrote:
| Seems to me such a system must make it expensive to claim
| to have a crush on someone. Otherwise Bob can just claim to
| have a crush on everyone and will find out who crushes on
| him.
| [deleted]
| mikebenfield wrote:
| > Those games only make at least a bit of sense when everybody
| enters their crush and only when matching both get notified.
|
| Even then, among heterosexuals they will suffer from the same
| problem as basically every software platform for romance among
| straight people: the massive asymmetry in interest between men
| and women. Men would copy and paste virtually every woman they
| know into the system as a "crush," so they can find which if
| any of their female acquaintances might be interested, and
| _then_ they would decide who to pursue.
| pessimizer wrote:
| > Men would copy and paste virtually every woman they know
| into the system as a "crush," so they can find which if any
| of their female acquaintances might be interested, and then
| they would decide who to pursue.
|
| Smart men would, who know their place in the world. Any of
| them are good enough for you, really. Take the one that you
| like the most out of the ones who like you. Is this a
| problem? If it weren't asymmetric, it would be hopeless.
| Instead, most men get the choice between one or more
| interested women, and most women get a response from one or
| more of the men they were interested in.
|
| It's better if one side isn't as picky as the other. The
| other options are that only a couple of people match up at
| all, or everyone getting a response from everyone i.e. no
| signal at all.
|
| edit: I mean, isn't that Bumble?
| mikebenfield wrote:
| I don't follow this, either logically or in practice.
|
| Granted I've never dated as a gay man or as a lesbian, but
| from what I've observed it seems to me a much smoother and
| more mutual process than straight dating. I've even heard
| from bi men about how much easier and less stressful it is
| to date men than women. AFAICT when both parties are on a
| level playing field, and there's not a massive asymmetry in
| power, interest, and investment, there's a lot less grief
| overall.
|
| > edit: I mean, isn't that Bumble?
|
| Bumble is a valiant attempt to fix this issue but it seems
| to mostly be a failure. An average man may occasionally get
| a message (which will usually just say "hi"), but the
| asymmetry in interest is still there, and it's still mostly
| men's responsibility to do the _real_ initiating.
| a-dub wrote:
| that's because it's not zero knowledge, it's password hashing.
|
| a zero knowledge proof would do something like prove a valid
| attestation of love, but reveal nothing about who (other than
| maybe membership in some large enough set).
| momojo wrote:
| This could be a fun way to teach a class about the
| vulnerabilities around hashing. Strong hash != strong
| protection.
|
| Maybe the second half of the class could be about designing a
| more secure system. Or use this dilemma to explain public-
| private key encryption.
| praptak wrote:
| Yeah, it is like hashing a phone number to protect its owner's
| identity. With a small domain known by the attacker hashing
| isn't really one-directional.
| tgv wrote:
| If it tells you how many letters are right, and how many are in
| the right place, it could become Datle.
| DrewADesign wrote:
| * Flirdle
| andrewstuart2 wrote:
| Challenge: build something worthy of being called 204Date
| (2048 clone).
| jandrese wrote:
| Smashing together people to win at dating? Isn't that just
| Tinder?
| CameronNemo wrote:
| Tinder goes in two directions. This would go in 4
| directions. Swipe up to send them to your friends, down
| to your enemies, left to the void, right to you.
| bonzini wrote:
| Match fruits until you get a date?
| dylan604 wrote:
| Careful, FruitNinjaDating could get interesting if not
| messy
| darig wrote:
| giantrobot wrote:
| SHA256 doesn't work like that. Even single bit differences
| between inputs should result in very different outputs.
| forty wrote:
| Enjoy ;)
| https://rsk0315.github.io/playground/passwordle.html
| drdaeman wrote:
| It doesn't. But there are so-called locality sensitive
| hashes.
|
| https://www.pinecone.io/learn/locality-sensitive-hashing/
| giantrobot wrote:
| Sure, such hashes exist. SHA256 is not one of them.
| lvass wrote:
| Or even easier, use a SHA-256 reversing service that has all
| names.
| yosito wrote:
| Wrapping this in a native app could be a nice little moneymaker.
| Lots of speed dating events could use this to help match
| attendees that were interested in each other.
| tecleandor wrote:
| Poor John Smith.
| latchkey wrote:
| https://github.com/amirgamil/zk-crush/blob/main/pages/crush....
| const isMatch = React.useMemo(() => hash === crushHash,
| [crushHash]);
|
| Sure is a lot of work to do a string comparison 'efficiently'.
| qudat wrote:
| Definitely a waste. `useMemo` has a bunch of performance issues
| related to it and should only be used when absolutely
| necessary.
| [deleted]
| jkcxn wrote:
| That's mad because the useMemo clearly has to do an equality
| check to see if it changed anyway...
| wfh wrote:
| Reminds me a paper I co-authored all the way back in 2000!
| https://www.cl.cam.ac.uk/~fms27/papers/2000-StajanoHar-roman...
| wow that's a long time ago!
| markus_zhang wrote:
| Interesting but I'm too old for this.
| baby wrote:
| This has nothing to do with zero-knowledge crypto. Here's some
| intuition about what zero-knowledge is actually about:
| https://minaprotocol.com/blog/kimchi-the-latest-update-to-mi...
| hinkley wrote:
| It's my understanding that zero-knowledge concepts can be
| extended to databases, in a way where I can query a database
| and get a result without knowing the contents, perhaps to pass
| on to a trusted system to perform another action.
|
| Depending how you slice it, I either do or don't get to know if
| the result set is empty. In the latter case, there's a
| variation of this crush registration system where I don't get
| to know if Sally has a crush on me, but I do find out if
| _anyone_ has a crush on me. Of course if the answer is empty
| set, I don 't know if I'm unloved or only loved by people that
| don't use the app. Which could be pretty heavy.
___________________________________________________________________
(page generated 2022-06-03 23:00 UTC)