SCRF is crowd-sourcing a list of key readings in each forum category to point readers to notable works and foundational research. Please comment in this thread with links to seminal research that could form part of an introductory graduate seminar in this category.

Please format your additions using the template below:

## [Category Name]

### [Full Paper Title]

- **Source:** <[Link]>
- **Authors:** [Author 1, Author 2, etc.]
- **Description:** [One sentence description of the work]
- **Relevance:** [Once sentence explaining the special relevance of this work]
- **Citation:** [Citation and abstract in plaintext]
- **Tags:** [Relevant forum tags, if any]

As with every post in SCRF, a discussion is highly encouraged, please be prepared to explain why your link should be added to the canonical list.

We are also offering a bounty for all successful additions.

Notable Works in Privacy

When the cookie meets the blockchain: Privacy risks of web payments via cryptocurrencies

• Source: https://arxiv.org/abs/1708.04748
• Authors: Steven Goldfeder, Harry Kalodner, Dillon Reisman, and Arvind Narayanan
• Description: This paper proposes a 4-layer security reference architecture (SRA) for blockchains and identifies known threats, countermeasures, and dependencies at each layer.
• Relevance: This paper would be relevant for understanding how user behaviors with merchants can potentially impact the security of a blockchain via cookies deployed in cryptocurrency merchant APIs.

PERIMETER: A network-layer attack on the anonymity of cryptocurrencies

• Source: https://scholar.google.com/citations?view_op=view_citation&hl=fr&user=fVgBFrUAAAAJ&citation_for_view=fVgBFrUAAAAJ:8k81kl-MbHgC
• Authors: Maria Apostolaki, Cedric Maire, Laurent Vanbever
• Description: This paper presents a stealthier and harder-to-mitigate attack exploiting the interactions between the networking and application layers.
• Relevance: It builds on a line of work on network-level attacks on anonymity, including “Hijacking Bitcoin” and “Bitcoin over Tor is not a good idea”.

Tor: The Second-Generation Onion Router

• Source: https://www.nrl.navy.mil/itd/chacs/sites/www.nrl.navy.mil.itd.chacs/files/pdfs/Dingledine%20etal2004.pdf
• Authors: Roger Dingledine, Nick Mathewson, and Paul Syverson
• Description: This paper revisits onion routing in the original Tor network and proposes overcoming limitations in the original design by adding perfect forward secrecy, congestion control, directory servers, integrity checking, configurable exit policies, and a practical design for location-hidden services via rendezvous points.
• Relevance: Tor is the largest and longest-running publicly available network for private routing and communication.

Untraceable electronic mail, return addresses, and digital pseudonyms

• Source: https://dl.acm.org/doi/10.1145/358549.358563
• Authors: David L. Chaum
• Description: One of the first attempts to solve the “traffic analysis problem” (keeping confidential who converses with whom and when).
• Relevance: Introduces the concept of a Mix-Net which is a foundational concept often revisited in privacy design.

Zerocash: Decentralized Anonymous Payments from Bitcoin

• Source: https://ieeexplore.ieee.org/abstract/document/6956581
• Authors: Eli Ben-Sasson, Alessandro Chiesa, Christina Garman, Matthew Green, Ian Miers, Eran Tromer, and Madars Virza
• Description: Shows how Bitcoin can be extended to provide strong anonymity guarantees using zero-knowledge proofs.
• Relevance: Introduces using zero-knowledge proofs with blockchains and laid the foundation for z-cash and other zero-knowledge-based blockchain constructions.

The Double Ratchet Algorithm

• Source: https://signal.org/docs/specifications/doubleratchet/doubleratchet.pdf
• Authors: Trevor Perrin and Moxie Marlinspike
• Description: The Double Ratchet algorithm is used by two parties to exchange encrypted messages where the parties derive new keys from every double message, ensuring that interception of keys for a given double message will not enable decoding an entire chain of messages.
• Relevance: Used in privacy-focused messengers including Signal, Matrix, and Status.

I saw this new paper by Maria Apostolaki, et al.: PERIMETER: A network-layer attack on the
anonymity of cryptocurrencies
It builds on a line of work on network-level attacks on anonymity, including “Hijacking Bitcoin” and “Bitcoin over Tor is not a good idea”.
The main new benefit of the attacks in this paper is that “unlike previous work on network-level attacks that require the attacker to control all connections of a victim, PERIMETER works with just a fraction.”
Comes with a nice interactive poster

• Tor: The Second Generation Onion Router. By Roger Dingledine; Nick Mathewson; Paul Syverson.

  • https://www.nrl.navy.mil/itd/chacs/sites/www.nrl.navy.mil.itd.chacs/files/pdfs/Dingledine%20etal2004.pdf
  • This paper revisits onion routing in the original Tor network and proposes overcoming limitations in the original design by adding perfect forward secrecy, congestion control, directory servers, integrity checking, configurable exit policies, and a practical design for location-hidden services via rendezvous points.
  • Tor is the largest and longest running publicly available network for private routing and communication.

• Untraceable electronic mail, return addresses, and digital pseudonyms. By David L. Chaum.

  • https://dl.acm.org/doi/10.1145/358549.358563
  • https://www.freehaven.net/anonbib/cache/chaum-mix.pdf
  • One of the first attempts to solve the “traffic analysis problem” (keeping confidential who converses with whom and when).
  • Introduces the concept of a Mix-Net which is foundational concept often revisited in privacy design.

• Zerocash: Decentralized Anonymous Payments from Bitcoin. By Eli Ben-Sasson.

  • Zerocash: Decentralized Anonymous Payments from Bitcoin | IEEE Conference Publication | IEEE Xplore
  • IEEE Xplore Full-Text PDF:
  • Shows how Bitcoin can be extended to provide strong anonymity
    guarantees using zero-knowledge proofs.
  • Introduces using zero-knowledge proofs with blockchains and laid the foundation for z-cash and other zero-knowledge based blockchain constructions.

• The Double Ratchet Algorithm. By Trevor Perrin; Moxie Marlinspike.

  • Signal >> Specifications >> The Double Ratchet Algorithm
  • https://signal.org/docs/specifications/doubleratchet/doubleratchet.pdf
  • The Double Ratchet algorithm is used by two parties to exchange encrypted
    messages where the parties derive new keys from every double message, ensuring that interception of keys for a given double message will not enable decoding an entire chain of messages.
  • Used in privacy focused messengers including Signal, Matrix and Status.

I’m currently writing research summary for zerocash, may publish to the forum soon:)

Helen Nissenbaum could be added to this list