The claim
In a room of just 23 people, the probability that at least two of them share a birthday is slightly above 50%.
Most people, when first told this, think it must be wrong. Twenty-three people, 365 days — 23/365 is about 6%. Where does the 50% come from?
The answer reveals a common probability illusion: we tend to count individuals, when the relevant count is pairs.
Why it feels wrong
If you're in a room of 22 strangers, the chance that any specific person shares your birthday is small. With 22 other people and 365 possible birthdays, the probability of a match with you is about 22/365 ≈ 6%.
But the birthday problem doesn't ask about you. It asks: among all the pairs in the room, is there any pair that shares a birthday?
In a room of 23 people, the number of distinct pairs is:
23 × 22 / 2 = 253 pairs
That's 253 chances to find a shared birthday. Each pair has a 1/365 ≈ 0.27% chance of matching. The probability of no match anywhere is roughly (364/365)²⁵³, which is about 0.495 — so the probability of at least one match is about 50.5%.
The chance feels low because we count people. The actual computation requires counting pairs, and pairs grow quadratically with the number of people.
The full curve
Number of people → probability of at least one shared birthday:
| People | Probability |
|---|---|
| 5 | 2.7% |
| 10 | 11.7% |
| 15 | 25.3% |
| 20 | 41.1% |
| 23 | 50.7% |
| 30 | 70.6% |
| 40 | 89.1% |
| 50 | 97.0% |
| 60 | 99.4% |
| 70 | 99.9% |
By 70 people, you almost certainly have a shared birthday. By 366, you're guaranteed (pigeonhole principle — there are only 365 possible birthdays).
How to derive it
The cleanest way: compute the probability of no matches and subtract from 1.
For each new person added to the room, the chance their birthday doesn't match anyone already there is (365 − k)/365 if k people are already in. Multiply all these together for n people:
P(no match) = (365/365) × (364/365) × (363/365) × ... × ((365 − n + 1)/365)
P(at least one match) = 1 − P(no match)
For n = 23, this calculation gives about 0.507. For n = 22, it's about 0.476 — just below 50/50. So 23 is indeed the smallest group where the probability crosses 50%.
Why the math wants pairs
The general principle: when you're looking for any match in a pool, the relevant count is how many comparisons happen, not how many items you have. Comparisons grow as n²/2, much faster than n.
This is the same logic behind many other "rapid growth in collision probability" results:
- Hash collisions. A hash function maps inputs to fixed-size outputs. With enough inputs hashed, you'll eventually get two that map to the same output. The number of inputs you need scales as the square root of the output space, not linearly.
- Document de-duplication. Finding any pair of similar documents in a large set is much easier than finding a specific match.
- Anomaly clustering. If you have many random events and many time windows, you'll find apparent clusters somewhere — just by chance.
These all follow the same "pair-counting beats element-counting" pattern.
The birthday attack on cryptography
The most famous application: a birthday attack on hash functions.
Suppose a hash function produces 256-bit outputs. There are 2²⁵⁶ possible outputs — far more than the number of atoms in the observable universe. You'd think breaking it would require 2²⁵⁶ guesses.
But to find any two inputs that hash to the same output (a collision), you only need about 2¹²⁸ guesses, by the birthday-paradox logic. That's the square root, which is still astronomically large — but much smaller than 2²⁵⁶.
This is why "256-bit security" really means about 2¹²⁸ effective security against collision attacks. Older hash functions with 128-bit outputs (like MD5) gave only 2⁶⁴ collision security — borderline feasible with today's hardware, and broken in practice. SHA-256, with 256-bit outputs, is the current standard.
Where intuition catches up
If you re-cast the problem in different language, intuition does better.
"Each pair of people has a 0.27% chance of matching. With 253 pairs, the expected number of matches is 0.69. Probability of at least one match should be close to that, modulo dependencies."
Or: "Each person added to the room compares with everyone already there. By the 23rd person, you've made 1 + 2 + 3 + ... + 22 = 253 comparisons. With 253 shots at a 1/365 target, you're more likely than not to hit."
Both framings recover the answer. The original "23 out of 365" framing is just the wrong mental model.
Other birthday-paradox-like effects
Once you see the pattern, you spot it in unexpected places:
- Coincidence ranks. If 30 people each list their 10 favourite books, the probability that some two people overlap on a book is much higher than you'd guess.
- Crowdsourcing duplicates. Reviews, photos, problem reports — once you have enough of them, duplicates appear from chance alone.
- Online identities. With billions of social-media users, having the same handle as a stranger is common; the pool isn't large enough to make collisions rare.
Want to internalize a few more probability illusions this fast? NerdSip can generate a 5-minute course on the birthday paradox and related effects.
The takeaway
The birthday paradox is real, well-defined, and counterintuitive. Twenty-three people gives roughly even odds for a shared birthday because the relevant count is pairs (253 of them) rather than people. The same logic powers hash-collision attacks in cryptography and explains why "duplicates appear surprisingly fast in any growing collection." Once you've seen it, you'll catch yourself reaching for the wrong mental model on similar problems.