A sealed prediction

post by Quirinus_Quirrell · 2011-01-28T04:10:04.482Z · LW · GW · Legacy · 48 comments

Contents

48 comments

I would like to make a prediction, but I'm not ready to raise the subject of the prediction just yet. So to show that it was not just obvious in hindsight, and to strengthen my precommitment to write an article about it later, here is the sha1sum of my prediction: 9805a0c7bf3690db25e5753e128085c4191f0114.

48 comments

Comments sorted by top scores.

comment by Unnamed · 2011-01-28T04:15:16.996Z · LW(p) · GW(p)

Here is the sha1sum of Quirinus_Quirrell's prediction where he can't edit it: 9805a0c7bf3690db25e5753e128085c4191f0114.

Replies from: sketerpot, Larks
comment by sketerpot · 2011-01-28T04:36:45.004Z · LW(p) · GW(p)

And another one as backup, because this is Professor Quirrell we're talking about here:

9805a0c7bf3690db25e5753e128085c4191f0114

Obviously, though, this is all misdirection from his real scheme.

Replies from: endoself, DanArmak
comment by endoself · 2011-01-28T04:41:19.357Z · LW(p) · GW(p)

Of course, he would have two sockpuppets, to quell suspicion of the first one.

9805a0c7bf3690db25e5753e128085c4191f0114

Constant vigilance!

Replies from: Quirinus_Quirrell, Benquo
comment by Quirinus_Quirrell · 2011-01-28T22:16:15.418Z · LW(p) · GW(p)

You're safeguarding against the wrong thing. If I needed to fake a prediction that badly, I'd find a security hole in Less Wrong with which to edit all your comments. I wouldn't waste time establishing karma for sockpuppets to post editable hashes to deter others from posting hashes themselves, that would be silly. But as it happens, I'm not planning to edit this hash, and doing that wouldn't have been a viable strategy in the first place.

Replies from: Unnamed
comment by Unnamed · 2015-07-07T06:55:51.326Z · LW(p) · GW(p)

"Clearly, the way to make our safeguards super-secure is to make yet another comment with the hash."

"Clearly, the way to make my safeguards super-secure is to make yet another Horcrux."

Somehow, you could only see through one of these strategies.

comment by Benquo · 2011-01-28T14:22:47.246Z · LW(p) · GW(p)

9805a0c7bf3690db25e5753e128085c4191f0114

Replies from: DanielLC
comment by DanielLC · 2011-01-28T18:58:53.366Z · LW(p) · GW(p)

How do I know you're not all sock puppets of him? Clearly, the only solution is for everyone to keep a copy of it themselves.

Replies from: JGWeissman
comment by JGWeissman · 2011-01-28T19:13:15.390Z · LW(p) · GW(p)

Edited comments have an asterisk after the date, the lack of this asterisk indicates the comment has not been edited. Though this does not work for top level posts.

Replies from: DanielVarga, komponisto
comment by DanielVarga · 2011-01-28T20:58:36.285Z · LW(p) · GW(p)

Maybe they are all someone else's sockpuppets. At a given date, they will coordinatedly change some whitespace in their comments (but not the hash itself), thus framing Quirrell. Fortunately, now that I unmasked the plan, it is not really viable anymore.

comment by komponisto · 2011-01-29T18:22:42.602Z · LW(p) · GW(p)

Edited comments have an asterisk after the date

I never noticed that before.

comment by DanArmak · 2011-01-28T13:05:54.822Z · LW(p) · GW(p)

Here is the sha512sum of his sha1sum:

efd2fe6c5defd19d396a8504fd4a300de88dbd4ae64f934464da34644b03fb4c805a76fd208b417c837c0f4861f3fe0999e99fc085d48a86cfd3d4317ec48993

comment by Larks · 2011-01-28T17:20:28.770Z · LW(p) · GW(p)

It's worth noting, people, that Unnamed joined Less Wrong before Eliezer started writing Methods.

Having said that, it's not clear to me we want to do all this. Sometimes we could be at a game-theoretic advantage by not knowing something. E.g. I don't want to be able to be told that someone's kidnapped my daughter, because then they have no incentive to do so (TDT aside). Maybe Quirrell is actually planning on us being able to verify his honesty.

Replies from: Alicorn, Unnamed, TheOtherDave
comment by Alicorn · 2011-01-28T19:23:43.767Z · LW(p) · GW(p)

E.g. I don't want to be able to be told that someone's kidnapped my daughter, because then they have no incentive to do so (TDT aside)

Unless they just want your daughter, instead of wanting whatever behavior they could use her to coerce you into. So really what you don't want is a way to receive ransom demands.

comment by Unnamed · 2011-01-28T20:23:25.323Z · LW(p) · GW(p)

I've also done this 'reply to someone else's hashed prediction so they can't edit it' thing before. There were some other suggestions of how to verify hashed predictions in that discussion, if our asterisk-free comments seem insufficiently secure for dealing with User!Quirinus_Quirrell.

comment by TheOtherDave · 2011-01-28T17:39:29.861Z · LW(p) · GW(p)

Right now, we have no grounds for considering being able to confirm a deception in this matter more dangerous than being unable to. If at some point in the future such grounds arise, Unnamed (and everyone else) can delete or edit their comments, thereby eliminating the more dangerous option.

comment by JoshuaZ · 2011-01-28T04:30:18.013Z · LW(p) · GW(p)

Note that if the predicted event occurs less than six hours from now we should consider the possibility that Quirrell brought a time-turner with him when he fled the story.

Replies from: Jack
comment by Jack · 2011-01-28T06:26:58.395Z · LW(p) · GW(p)

If Quirrell has a time-turner it seems plausible the time cost required for finding SHA-1 collisions would be irrelevant and the entire method would be insecure.

Replies from: JoshuaZ
comment by JoshuaZ · 2011-01-28T06:31:55.622Z · LW(p) · GW(p)

If Quirrell has a time-turner it seems plausible the time cost required for finding SHA-1 collisions would be irrelevant and the entire method would be insecure.

Harry's work suggest that time-turners respond poorly to being used for computational short-cuts.

Replies from: Document, Jack
comment by Jack · 2011-01-28T06:36:02.268Z · LW(p) · GW(p)

Hmmmm. I thought the outcome of that experiment was more ambiguous than that- didn't his attempt return a cryptic "Don't mess with time travel"?

Replies from: wedrifid
comment by wedrifid · 2011-01-28T08:33:09.835Z · LW(p) · GW(p)

Which, while it is cryptic, certainly gives us a strong indication about the expected success of time-travel computation.

(Without MoRverse) It reminds us to consider the implications of physics and the evident time travel mechanism. At the simplest level we can ask ourselves "What is more likely? We derive the right result or we get eaten by a black swan while trying?"

A consideration to make with respect to Harry's experiment in particular is that what we discovered was only that it is more likely for Harry to panic than for Harry to solve that particular computational task via that method. Not enough to rule out some degree of shortcut taking but certainly enough to be rather careful when taking it to the extremes of brute force decryption.

Replies from: orthonormal
comment by orthonormal · 2011-01-29T23:55:32.500Z · LW(p) · GW(p)

An excellent point.

comment by Paul Crowley (ciphergoth) · 2019-12-25T18:12:22.040Z · LW(p) · GW(p)

I note that nearly eight years later, the preimage was never revealed.

Actually, I have seen many hashed predictions, and I have never seen a preimage revealed. At this stage, if someone reveals a preimage to demonstrate a successful prediction, I will be about as impressed as if someone wins a lottery, noting the number of losing lottery tickets lying about.

comment by gwern · 2013-01-30T17:09:47.940Z · LW(p) · GW(p)

Update: still nothing about this. Starting to look like he was going to use it as a cheap gotcha - register a prediction and reveal it only if he was right.

Replies from: gwern
comment by gwern · 2014-01-30T16:25:31.538Z · LW(p) · GW(p)

Nothing as of Jan 2014.

Replies from: drethelin
comment by drethelin · 2014-04-11T21:58:54.122Z · LW(p) · GW(p)

glad someone but me is keeping an eye out

Replies from: rank-biserial
comment by rank-biserial · 2022-03-17T20:41:49.453Z · LW(p) · GW(p)

CONSTANT VIGILANCE

comment by [deleted] · 2011-07-23T13:27:28.322Z · LW(p) · GW(p)

Almost 6 months now.

Replies from: Jack
comment by Jack · 2012-01-30T01:07:00.541Z · LW(p) · GW(p)

Has now been one year.

Replies from: grinchler
comment by grinchler · 2013-12-26T18:52:11.315Z · LW(p) · GW(p)

Approaching on three years.

Replies from: rhaps0dy
comment by Adrià Garriga-alonso (rhaps0dy) · 2016-12-11T16:03:11.703Z · LW(p) · GW(p)

Almost 5 years now.

comment by Jack · 2011-01-28T06:31:06.909Z · LW(p) · GW(p)

You all realize of course that if the prediction is false Quirrell need never say anything about it again.

Replies from: JoshuaZ
comment by JoshuaZ · 2011-01-28T06:47:01.924Z · LW(p) · GW(p)

So, remember to ask him about it periodically. If it doesn't get revealed in a few months, one can assume he's wrong.

But, Quirrell would understand that if he is wrong, demonstrating that he's willing to admit that would raise his status in this group, and will act accordingly. Indeed, given that it is Quirrell, the hash might even correspond to something he expects not to happen so he can then reveal that he was wrong in a way that not only increases his status but also cause us to underestimate him.

Replies from: Davorak
comment by Davorak · 2011-01-29T10:27:59.481Z · LW(p) · GW(p)

The second explanation humorous, but for the most part also like a large waste of time.

comment by Dorikka · 2011-10-06T02:43:04.069Z · LW(p) · GW(p)

Any update on this?

comment by orthonormal · 2011-01-29T23:59:57.426Z · LW(p) · GW(p)

Does this prediction concern only some event in MoR? And if so, will you reveal your prediction by the time MoR is completed?

(Damn, I had to rewrite this carefully in order to forestall a Quirrell answer. The original version had an "or" question and a "may we assume".)

comment by DanArmak · 2011-01-28T13:17:57.662Z · LW(p) · GW(p)

sha1 seems likely to be broken sooner later than later:

http://en.wikipedia.org/wiki/SHA-1#SHA-1

http://code.google.com/p/hashclash/

Someone as clever, powerful, and rich as yourself can likely find a collision if you get to choose both source texts (which is easier than finding a collision with one of the two inputs determined by someone else).

To increase our confidence, I suggest you post hashes of the same prediction text made by several different algorithms, e.g. SHA2-512 and each of the SHA3 finalists. I also suggest you commit to the hashed prediction text beginning with the words, "I, Quirinus Quirrel (on LW) predict that: " - so you can't choose your entire source text.

Replies from: Snowyowl, Quirinus_Quirrell, saturn
comment by Snowyowl · 2011-01-28T17:00:09.960Z · LW(p) · GW(p)

I made a prediction with sha1sum 0000000000000000000000000000000000000000. It's the prediction that sha1sum will be broken. I'll only reveal the exact formulation once I know whether it was true or false.

comment by Quirinus_Quirrell · 2011-01-28T18:14:21.316Z · LW(p) · GW(p)

Someone as clever, powerful, and rich as yourself can likely find a collision if you get to choose both source texts (which is easier than finding a collision with one of the two inputs determined by someone else).

This is actually much harder than you'd think. A hash function is considered broken if any collision is found, but a mere collision is not sufficient; to be useful, a collision must have chosen properties. In the case of md5sum, it is possible to generate collisions between files which differ in a 128-byte aligned block, with the same prefix and suffix. This works well for any file format that is scriptable or de-facto scriptable - wrap the colliding block in a comparison statement, and behave differently depending on its result. However, even for md5sum, it is still impossible to generate a collision between plain-text files with two separate chosen texts; nor is it possible to generate collisions between files that have no random-seeming sections, or that have random sections that are too small, not block-aligned, or are drawn from a constrained alphabet. (Snowyowl's joke would require a preimage attack, which is harder still, and which won't be available at first even if sha1sum is broken, so he will not be able to fulfill his promise to reveal a message with that sha1sum.)

Anyways, since you asked, here are a few more hashes of the same thing. I didn't bother with the SHA3 finalists, since they don't seem to have made convenient command-line utilities yet and I don't want to force people to fiddle too much to verify my hashes.

sha512sum: 85cf46426d025843d6b0f11e3232380c6fac6cae88b66310ee8fbcd3f81722d08b2154c6388ecb1ee9cebc528e0f56e3be7a057cd67531cfda442febe0132418 sha384sum: 400d47bf97b6a3ccd662e0eb1268820c57d10e2a623c3a007b297cc697ed560862dda19b74638f92a3550fbbfe14d485 md5sum: 8fec2109c85f622580e1a78c9cabdab4

Replies from: ciphergoth, JoshuaZ, philh
comment by Paul Crowley (ciphergoth) · 2011-01-29T10:20:23.490Z · LW(p) · GW(p)

impossible that is, not currently publically known to be possible - MD5 gets more broken all the time, so I wouldn't want to be very confident about what is impossible.

sha512sum: 85cf46426d025843d6b0f11e3232380c6fac6cae88b66310ee8fbcd3f81722d08b2154c6388ecb1ee9cebc528e0f56e3be7a057cd67531cfda442febe0132418 sha384sum: 400d47bf97b6a3ccd662e0eb1268820c57d10e2a623c3a007b297cc697ed560862dda19b74638f92a3550fbbfe14d485 md5sum: 8fec2109c85f622580e1a78c9cabdab4

comment by JoshuaZ · 2011-01-30T01:46:13.798Z · LW(p) · GW(p)

Anyways, since you asked, here are a few more hashes of the same thing. I didn't bother with the SHA3 finalists, since they don't seem to have made convenient command-line utilities yet and I don't want to force people to fiddle too much to verify my hashes.

There's another reason not to do so. No one has thought strongly about how the different hashes would interact together. It wouldn't surprise me if there were some way given the various hashes to extract information that would not otherwise be extractable given any single hash scheme. This is all the more plausible given that you've given the hash for the fairly weak md5. The multiple hashes you have given make it implausible that you could have multiple texts that lead to the same result; adding more hash types has more of an effect now of making it conceivable that a sufficiently interested individual could identify your text.

comment by philh · 2013-12-26T22:06:50.286Z · LW(p) · GW(p)

I don't think you get notified when people reply to you top-level, so I'll ask here in case you forgot - any update on this?

comment by saturn · 2011-01-28T18:19:58.110Z · LW(p) · GW(p)

It's extremely unlikely that a useful collision exists. The number of short paragraphs in English which make sense and describe a prediction is much, much smaller than the number of SHA1 values. However, if Quirrel's prediction turns out to be very wordy, or comes in a form other than plain text, your suspicion will be confirmed.

comment by Clippy · 2011-01-28T16:30:31.763Z · LW(p) · GW(p)

Interesting. I made a prediction yesterday that hashes to the same sha1sum.

Just goes to show, great algorithms produce isomorphic output!

Edit: Oops, no I didn't. I don't have a prediction that hashes to tha sha1sum, I made a mistake.

comment by drethelin · 2012-03-04T09:45:29.605Z · LW(p) · GW(p)

Write an article already.

comment by NancyLebovitz · 2013-12-26T20:52:27.255Z · LW(p) · GW(p)

Just as a general point.... if I wanted to protect the hash from Quirrell modifying it, I'd have stored it as a private prediction at predictionbook, and possibly on a blog or two.

Replies from: gwern
comment by gwern · 2013-12-26T21:35:05.500Z · LW(p) · GW(p)

A general solution would be something like my archiving setup, which resulted in this page being crawled by the Internet Archive in early 2012: https://web.archive.org/web/*/http://lesswrong.com/r/discussion/lw/421/a_sealed_prediction/

comment by JoshuaZ · 2011-01-28T04:30:25.790Z · LW(p) · GW(p)

Note that if the predicted event occurs less than six hours from now we should assume that Quirrell brought a time-turner with him when he fled the story.