Notable Works in Privacy

CTA: SCRF is building a list of key readings in each category area to orient researchers to notable works and previous research. Please comment in this thread with links to seminal research that would form part of an introductory graduate seminar in this category. Please include a 1) a brief summary of what the link is and 2) the rationale for including this particular piece in the SCRF Notable Works reading list. As with every post in SCRF, a discussion is highly encouraged. Please review one another’s suggestions and include your own. Syllabi and curated lists from other sources are also welcome.

• When the cookie meets the blockchain: Privacy risks of web payments via cryptocurrencies. By Steven Goldfeder; Harry Kalodner; Dillon Reisman; Arvind; Narayanan.
  • https://content.sciendo.com/view/journals/popets/2018/4/article-p179.xml?language=en
  • https://arxiv.org/abs/1708.04748
  • This paper proposes a 4-layer security reference architecture (SRA) for blockchains and identifies known threats, countermeasures, and dependencies at each layer.
  • This paper would be relevant for understanding how user behaviors with merchants can potentially impact the security of a blockchain via cookies deployed in cryptocurrency merchant APIs.

I saw this new paper by Maria Apostolaki, et al.: PERIMETER: A network-layer attack on the
anonymity of cryptocurrencies
It builds on a line of work on network-level attacks on anonymity, including “Hijacking Bitcoin” and “Bitcoin over Tor is not a good idea”.
The main new benefit of the attacks in this paper is that “unlike previous work on network-level attacks that require the attacker to control all connections of a victim, PERIMETER works with just a fraction.”
Comes with a nice interactive poster

• Tor: The Second Generation Onion Router. By Roger Dingledine; Nick Mathewson; Paul Syverson.

  • https://www.nrl.navy.mil/itd/chacs/sites/www.nrl.navy.mil.itd.chacs/files/pdfs/Dingledine%20etal2004.pdf
  • This paper revisits onion routing in the original Tor network and proposes overcoming limitations in the original design by adding perfect forward secrecy, congestion control, directory servers, integrity checking, configurable exit policies, and a practical design for location-hidden services via rendezvous points.
  • Tor is the largest and longest running publicly available network for private routing and communication.

• Untraceable electronic mail, return addresses, and digital pseudonyms. By David L. Chaum.

  • https://dl.acm.org/doi/10.1145/358549.358563
  • https://www.freehaven.net/anonbib/cache/chaum-mix.pdf
  • One of the first attempts to solve the “traffic analysis problem” (keeping confidential who converses with whom and when).
  • Introduces the concept of a Mix-Net which is foundational concept often revisited in privacy design.

• Zerocash: Decentralized Anonymous Payments from Bitcoin. By Eli Ben-Sasson.

  • https://ieeexplore.ieee.org/abstract/document/6956581
  • https://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6956581
  • Shows how Bitcoin can be extended to provide strong anonymity
    guarantees using zero-knowledge proofs.
  • Introduces using zero-knowledge proofs with blockchains and laid the foundation for z-cash and other zero-knowledge based blockchain constructions.

• The Double Ratchet Algorithm. By Trevor Perrin; Moxie Marlinspike.

  • https://signal.org/docs/specifications/doubleratchet/
  • https://signal.org/docs/specifications/doubleratchet/doubleratchet.pdf
  • The Double Ratchet algorithm is used by two parties to exchange encrypted
    messages where the parties derive new keys from every double message, ensuring that interception of keys for a given double message will not enable decoding an entire chain of messages.
  • Used in privacy focused messengers including Signal, Matrix and Status.

I’m currently writing research summary for zerocash, may publish to the forum soon:)