Thanks. To decrypt the prediction, don’t I need some sort of key? And isn’t that vulnerable to being taken by attackers? I need some secure place to store it, no?
No key is needed or involved. SHA-512 isn’t an encryption scheme. SHA-512 is a one way cryptographic hash that maps any input string to a 512 bit pseudo random string. The only known way to derive the input from the hash is to search over the space of possible inputs for a collision. The difficulty of deriving the input from the hash thus scales exponentially according to entropy of the input.
it would not be difficult to reverse it because this is just the hash of the single word “cats”. You can just test every word (or every sequence of 4 letters) until you find a collision. In contrast, a hash like:
is essentially unbreakable because the input was a long string of random characters. You’d never be able to find the original input I used to generate the hash.
You can’t “decrypt” a hash because the hash doesn’t encode the message in question. It’s of fixed length, so it can hardly encode an arbitrary-sized message. Instead, you can prove that you either have the input which originally generated the hash in question, or that you were able to find a collision in SHA-512 (which is thought to be very difficult).
The overall process would go like this:
You generate some plaintext message M containing a prediction about AI progress.
You sample a random string of characters R (maybe 100 characters in length).
You generate H, an SHA-512 hash of M||R
You published H publicly.
The computational difficulty of deriving M from H scales ~ 2^(entropy of M||R). This is why I suggested appending a random message to the end of your prediction. In the case that you make a low-entropy prediction (e.g., if someone can make plausible guesses about what you’d write for M based on your past writings), you’d still be protected by the high entropy of R.
When you want to prove that you made prediction M when you published H, you publish M||R.
People can then see that SHA-512(M||R) = H, so you must have known M||R in order to have published H (or found a collision).
In other words, the “key” you need to track and keep safe to prove your prediction is M||R.
(Note that this has exactly the same potential security problems as something involving a key; e.g. if you keep a copy on a machine connected to the internet, someone might hack you and steal the secret message.)
Thanks everyone, this is great! So basically there’s already a user-friendly way to do this, but we just have to be careful to write the “key” on paper instead of on one’s internet-connected computer (in case one is worried about hackers etc.) And then keep the paper somewhere. This still adds a bit of overhead because writing down all those random numbers and letters is probably annoying...
If you have a password manager (either online or offline) that you trust to keep your passwords, then you can also trust it to keep your key and message.
Thanks. To decrypt the prediction, don’t I need some sort of key? And isn’t that vulnerable to being taken by attackers? I need some secure place to store it, no?
No key is needed or involved. SHA-512 isn’t an encryption scheme. SHA-512 is a one way cryptographic hash that maps any input string to a 512 bit pseudo random string. The only known way to derive the input from the hash is to search over the space of possible inputs for a collision. The difficulty of deriving the input from the hash thus scales exponentially according to entropy of the input.
E.g., given the hash:
it would not be difficult to reverse it because this is just the hash of the single word “cats”. You can just test every word (or every sequence of 4 letters) until you find a collision. In contrast, a hash like:
is essentially unbreakable because the input was a long string of random characters. You’d never be able to find the original input I used to generate the hash.
You can’t “decrypt” a hash because the hash doesn’t encode the message in question. It’s of fixed length, so it can hardly encode an arbitrary-sized message. Instead, you can prove that you either have the input which originally generated the hash in question, or that you were able to find a collision in SHA-512 (which is thought to be very difficult).
The overall process would go like this:
You generate some plaintext message M containing a prediction about AI progress.
You sample a random string of characters R (maybe 100 characters in length).
You generate H, an SHA-512 hash of M||R
You published H publicly.
The computational difficulty of deriving M from H scales ~ 2^(entropy of M||R). This is why I suggested appending a random message to the end of your prediction. In the case that you make a low-entropy prediction (e.g., if someone can make plausible guesses about what you’d write for M based on your past writings), you’d still be protected by the high entropy of R.
When you want to prove that you made prediction M when you published H, you publish M||R.
People can then see that SHA-512(M||R) = H, so you must have known M||R in order to have published H (or found a collision).
In other words, the “key” you need to track and keep safe to prove your prediction is M||R.
(Note that this has exactly the same potential security problems as something involving a key; e.g. if you keep a copy on a machine connected to the internet, someone might hack you and steal the secret message.)
Thanks everyone, this is great! So basically there’s already a user-friendly way to do this, but we just have to be careful to write the “key” on paper instead of on one’s internet-connected computer (in case one is worried about hackers etc.) And then keep the paper somewhere. This still adds a bit of overhead because writing down all those random numbers and letters is probably annoying...
If you have a password manager (either online or offline) that you trust to keep your passwords, then you can also trust it to keep your key and message.
I think it would still be nice to have a dedicated website to make the process one-click