undefined | Better HN

0 pointsshuckles4y ago0 comments

> What's to stop an attacker from generating a NeuralHash of popular memes, deriving a key, then bruteforcing the leaked data until it successfully decrypts an entry, thus verifying the contents within a specific user's cloud photo library, and degrading their level of privacy?

Decrypting vouchers requires the server blinding key and the NeuralHash derived metadata of the input image (technical summary page 10, Bellare Fig. 1 line 18). This attacker only has the latter.

0 comments

NTroy4y ago

> For CSAM matches, the cryptographic header in the voucher combines with the server-side blinding secret (that was used to blind the known CSAM database at setup time) to successfully decrypt the outer layer of encryption.

In the text you referenced, it specifically says that the blinding key would be needed to decrypt vouchers which are CSAM matches. This is because Apple set up their CSAM database in a blinded manner. Therefore to access a hash from the database from which to derive a decryption key, Apple would need the blinding key to first decrypt that hash value.

However, and attacker would be generating their own (presumably unblinded) database, and therefore wouldn't need to access Apple's blinding key.

shucklesOP4y ago

I’m a little confused. The vouchers you are trying to decrypt have already been generated. How does it matter if the attacker can decrypt vouchers from a database they created but was not used by the vouchers in the breached data?

NTroy4y ago

It is my understanding that the vouchers are only encrypted with a key derived from the NeuralHash of the photo. Therefore an attacker would only need to find a matching NeuralHash, to decrypt the voucher.

Apple needs the blinding key, because they encrypt their list of NeuralHashes hashes first, so that others cannot see exactly which CSAM hashes they're testing against. Therefore they first need to decrypt their own database in order to get the corresponding hash value from which to derive the decryption key.

1 more reply

j / k navigate · click thread line to collapse

0 pointsshuckles4y ago0 comments

Decrypting vouchers requires the server blinding key and the NeuralHash derived metadata of the input image (technical summary page 10, Bellare Fig. 1 line 18). This attacker only has the latter.

0 comments

NTroy4y ago

However, and attacker would be generating their own (presumably unblinded) database, and therefore wouldn't need to access Apple's blinding key.

shucklesOP4y ago

NTroy4y ago

1 more reply

j / k navigate · click thread line to collapse