Read on Twitter
This is disappointing & bizarre.
The InstaHide authors created a challenge & their system was broken. Instead of accepting this, they now say the challenge was not realistic enough.
This is not how we advance the science of privacy and security.
1/9
http://web.archive.org/web/20201211174253/https://hazelsuko07.github.io/Response_to_carlini_blogpost/ https://twitter.com/prfsanjeevarora/status/1337447341058568194
The InstaHide authors created a challenge & their system was broken. Instead of accepting this, they now say the challenge was not realistic enough.
This is not how we advance the science of privacy and security.
1/9
http://web.archive.org/web/20201211174253/https://hazelsuko07.github.io/Response_to_carlini_blogpost/ https://twitter.com/prfsanjeevarora/status/1337447341058568194
The Carlini et al. attack does run in cubic time, yes.
That's because the InstaHide challenge didn't ask for sub-cubic time! It just said "break this".
The InstaHide authors' responses still don't say what runtime they would consider acceptable.
2/9
https://arxiv.org/abs/2011.05315
That's because the InstaHide challenge didn't ask for sub-cubic time! It just said "break this".
The InstaHide authors' responses still don't say what runtime they would consider acceptable.
2/9
https://arxiv.org/abs/2011.05315
This attack being cubic time does not imply that every attack must run in cubic time.
It's entirely possible (likely, I'd say) that an even faster attack can be devised.
The attack certainly should not be dismissed like this.
3/9 https://twitter.com/machanavajjhala/status/1337519788952784898
It's entirely possible (likely, I'd say) that an even faster attack can be devised.
The attack certainly should not be dismissed like this.
3/9 https://twitter.com/machanavajjhala/status/1337519788952784898
We need to make clear, refutable claims. InstaHide does not.
The reason there is a back-and-forth now is because the authors keep moving the goalposts.
If the attack is improved, will the InstaHide authors just move the goalposts again?
4/9 https://twitter.com/jhasomesh/status/1337463789218885638
The reason there is a back-and-forth now is because the authors keep moving the goalposts.
If the attack is improved, will the InstaHide authors just move the goalposts again?
4/9 https://twitter.com/jhasomesh/status/1337463789218885638
The onus is on those proposing a system to specify how to use it.
This response from the InstaHide authors has this backwards.
It critiques the attack, as if somehow the onus is on the attack to show that no possible variant of InstaHide could work under any circumstances.
5/9
This response from the InstaHide authors has this backwards.
It critiques the attack, as if somehow the onus is on the attack to show that no possible variant of InstaHide could work under any circumstances.
5/9
I appreciate where InstaHide is coming from. We desperately need better privacy-preserving technologies.
Heuristics have been wildly successful in other areas, but they are up against a long history of failure when it comes to adversarial settings.
6/9 https://twitter.com/shortstein/status/1326592746048557056
Heuristics have been wildly successful in other areas, but they are up against a long history of failure when it comes to adversarial settings.
6/9 https://twitter.com/shortstein/status/1326592746048557056
I'm pained that this discussion has become heated.
Perhaps I shouldn't be engaging?
But I feel an obligation to refute misleading claims & explain why security/privacy researchers are so skeptical (but also not closed-minded). Ultimately, we must engage to advance science.
7/9
Perhaps I shouldn't be engaging?
But I feel an obligation to refute misleading claims & explain why security/privacy researchers are so skeptical (but also not closed-minded). Ultimately, we must engage to advance science.
7/9
Breaking InstaHide was a collaboration across 7 institutions, including some of my Google colleagues. (I'm not involved.)
I hope people recognize the value of cryptanalysis work like this. Breaking a system often requires understanding it better than its designers do.
8/9
I hope people recognize the value of cryptanalysis work like this. Breaking a system often requires understanding it better than its designers do.
8/9
For context,
the post at the top is a response to
https://nicholas.carlini.com/writing/2020/instahide_disappointingly_wins_bell_labs_prize.html
which is, in turn, a response to
http://offconvex.org/2020/11/11/instahide/
(Also see comments on that last post.)
The InstaHide paper appeared at ICML 2020: https://arxiv.org/abs/2010.02772
9/9 https://twitter.com/shortstein/status/1326906178685837312
the post at the top is a response to
https://nicholas.carlini.com/writing/2020/instahide_disappointingly_wins_bell_labs_prize.html
which is, in turn, a response to
http://offconvex.org/2020/11/11/instahide/
(Also see comments on that last post.)
The InstaHide paper appeared at ICML 2020: https://arxiv.org/abs/2010.02772
9/9 https://twitter.com/shortstein/status/1326906178685837312
