Is there a convenient way to make "sealed" predictions?

post by Daniel Kokotajlo (daniel-kokotajlo) · 2022-05-06T23:00:36.789Z · LW · GW · 4 comments

This is a question post.

Contents

  Answers
    18 Quintin Pope
    11 Zolmeister
    1 dkirmani
    1 River
    1 blackstampede
None
4 comments

Many people in our community claim to have ideas for how to build AGI, or other things, that they deem infohazardous and so don't want to publish. It would be great if they could publicly register these ideas in an encrypted way, so that later when their predictions come true they can reveal the key and everyone can see that they called it and give them epistemic credit accordingly.

I know this is possible in principle, e.g. by using PGP and posting encrypted messages on your LW shortform and then later revealing the key.

But it would be nice if this was a convenient, hassle-free feature embedded in LW, for example.

Also: Is this a bad idea for some reason? Is the privacy not as secure as I think, such that people would be hesistant to make even these encrypted predictions? (I guess there is the matter of how to securely store the key...) Is there a way to make a prediction that will automatically be decrypted after N years?

Answers

answer by Quintin Pope · 2022-05-06T23:10:01.833Z · LW(p) · GW(p)

You could easily do an ad hoc form of this by just posting an SHA-512 hash of your predictions. This doesn’t have an integrated method to decrypt the prediction after n years, but you can publicly precommit to reveal your prediction after n years.

If you’re worried about this revealing your prediction early via a brute force attack, you can append a random sequence of tokens to your prediction before hashing it.

comment by Paul Crowley (ciphergoth) · 2022-05-09T19:58:50.052Z · LW(p) · GW(p)

For cryptographic security, I would use HMAC with a random key. Then to reveal, you publish both the message and the key. This eg allows you to securely commit to a one character message like "Y".

comment by Daniel Kokotajlo (daniel-kokotajlo) · 2022-05-07T00:43:19.682Z · LW(p) · GW(p)

Thanks. To decrypt the prediction, don't I need some sort of key? And isn't that vulnerable to being taken by attackers? I need some secure place to store it, no?

Replies from: quintin-pope, rhollerith_dot_com
comment by Quintin Pope (quintin-pope) · 2022-05-07T02:09:54.138Z · LW(p) · GW(p)

No key is needed or involved. SHA-512 isn’t an encryption scheme. SHA-512 is a one way cryptographic hash that maps any input string to a 512 bit pseudo random string. The only known way to derive the input from the hash is to search over the space of possible inputs for a collision. The difficulty of deriving the input from the hash thus scales exponentially according to entropy of the input.

E.g., given the hash:

1c0fb5008c573315e7b1e1af5ab41d0ce9b8d4469e41c4d59c3041bd99671208c415fcb0359418dd6bc481863d3d5d030a75364318afbec54cdba082df3f9577

it would not be difficult to reverse it because this is just the hash of the single word “cats”. You can just test every word (or every sequence of 4 letters) until you find a collision. In contrast, a hash like:

4ca4934820c79165975c443baac9020cc40d9c3eac04c22c5fd66849af176903125b02199f21fe9eed5a4912e93a81dc2a21b3e675c369b25a8f42c0f007bcc5

is essentially unbreakable because the input was a long string of random characters. You'd never be able to find the original input I used to generate the hash.

You can’t “decrypt” a hash because the hash doesn’t encode the message in question. It’s of fixed length, so it can hardly encode an arbitrary-sized message. Instead, you can prove that you either have the input which originally generated the hash in question, or that you were able to find a collision in SHA-512 (which is thought to be very difficult).

The overall process would go like this:

  • You generate some plaintext message M containing a prediction about AI progress.
  • You sample a random string of characters R (maybe 100 characters in length).
  • You generate H, an SHA-512 hash of M||R
  • You published H publicly.
  • The computational difficulty of deriving M from H scales ~ 2^(entropy of M||R). This is why I suggested appending a random message to the end of your prediction. In the case that you make a low-entropy prediction (e.g., if someone can make plausible guesses about what you’d write for M based on your past writings), you’d still be protected by the high entropy of R.
  • When you want to prove that you made prediction M when you published H, you publish M||R.
  • People can then see that SHA-512(M||R) = H, so you must have known M||R in order to have published H (or found a collision).

In other words, the “key” you need to track and keep safe to prove your prediction is M||R.

Replies from: TekhneMakre
comment by TekhneMakre · 2022-05-07T03:45:27.216Z · LW(p) · GW(p)

(Note that this has exactly the same potential security problems as something involving a key; e.g. if you keep a copy on a machine connected to the internet, someone might hack you and steal the secret message.)

Replies from: daniel-kokotajlo
comment by Daniel Kokotajlo (daniel-kokotajlo) · 2022-05-07T15:59:21.866Z · LW(p) · GW(p)

Thanks everyone, this is great! So basically there's already a user-friendly way to do this, but we just have to be careful to write the "key" on paper instead of on one's internet-connected computer (in case one is worried about hackers etc.) And then keep the paper somewhere. This still adds a bit of overhead because writing down all those random numbers and letters is probably annoying...

Replies from: Yoav Ravid
comment by Yoav Ravid · 2022-05-07T17:13:21.676Z · LW(p) · GW(p)

If you have a password manager (either online or offline) that you trust to keep your passwords, then you can also trust it to keep your key and message.

Replies from: yitz
comment by Yitz (yitz) · 2022-05-08T03:45:46.674Z · LW(p) · GW(p)

I think it would still be nice to have a dedicated website to make the process one-click

answer by Zolmeister · 2022-05-07T05:11:12.868Z · LW(p) · GW(p)

Gwern has a fantastic overview of time-lock encryption methods.

A compute-hard real-time in-browser solution that doesn't rely on exotic encryption appears infeasible. (You'd need a GPU, and hours/days worth of compute for years of locking). For LW, perhaps threshold aggregate time-lock encryption would suffice (though vulnerable to collusion/bribery attacks, as noted by Gwern).

I agree with Quintin Pope, a public hash is simple and effective.

answer by dkirmani · 2022-09-09T18:10:11.168Z · LW(p) · GW(p)

Set up two bitcoin wallets, transfer funds from one to the other, and put your hash in the message field.

The bitcoin blockchain is both immutable and public, making it an ideal medium for sealed predictions. While the LW servers might be compromised, there are game-theoretic guarantees that the blockchain won't be.

answer by River · 2022-05-10T03:54:42.809Z · LW(p) · GW(p)

 For the less cryptographically inclined, or those predicting the failure of computing technology, there is always the old school method: write your prediction on a peace of paper, literally seal it in an envelope, and mail it to yourself. The postal marking they put over the stamp includes the date.

comment by ChristianKl · 2022-05-10T20:14:41.099Z · LW(p) · GW(p)

Mailing an envelope to your self does not allow other people to verify whether the envelope wasn't opened in between.

Maybe a quality forensic lab has the ability to tell whether the envelope was opened in between but most people you might show the letter don't.

Replies from: daniel-kokotajlo
comment by Daniel Kokotajlo (daniel-kokotajlo) · 2022-05-10T22:01:38.850Z · LW(p) · GW(p)

Also, it's a lot easier to fake by writing 10 letters with 10 different predictions and then burning the ones that don't come true.

answer by blackstampede · 2022-05-07T12:58:52.690Z · LW(p) · GW(p)
comment by Daniel Kokotajlo (daniel-kokotajlo) · 2022-05-07T15:50:09.744Z · LW(p) · GW(p)

I think that's exactly the sort of thing I'm looking for, yes. It's important that users be able to trust that e.g. the website won't get hacked and its secrets revealed. How can that be achieved?

Replies from: blackstampede

4 comments

Comments sorted by top scores.

comment by Anonymous (currymj) · 2022-05-07T18:08:00.239Z · LW(p) · GW(p)

Historically, scientists would use anagrams to do this. Galileo famously said "Smaismrmilmepoetaleumibunenugttauiras". Later he revealed that it could be unscrambled into "Altissimum planetam tergeminum observavi" which per Wikipedia is Latin for "I have observed the most distant planet to have a triple form", establishing his priority in discovering the rings of Saturn.

Obviously hashing and salting is better, nowadays.

comment by alexlyzhov · 2022-05-08T00:52:14.003Z · LW(p) · GW(p)

To receive epistemic credit, make sure that people would know you haven't made all possible predictions on a topic this way and then revealed the right one after the fact. You can probably publish plaintext metadata for this.

comment by Zach Stein-Perlman · 2022-05-07T18:15:01.356Z · LW(p) · GW(p)

Until such time as a better system exists, I made a post [LW · GW].

comment by Nanda Ale · 2022-05-10T06:31:54.835Z · LW(p) · GW(p)

Automatic decryption would be a nice feature. Pretty easy to be accurate if you only decrypt your good predictions!