Systematizing Decentralization and Privacy: Lessons from 15 Years of Research and Deployments

Decentralized systems are a subset of distributed systems where multiple authorities control different components and no authority is fully trusted by all. This implies that any component in a decentralized system is potentially adversarial. We revise fifteen years of research on decentralization and privacy, and provide an overview of key systems, as well as key insights for designers of future systems. We show that decentralized designs can enhance privacy, integrity, and availability but also require careful trade-offs in terms of system complexity, properties provided, and degree of decentralization. These trade-offs need to be understood and navigated by designers. We argue that a combination of insights from cryptography, distributed systems, and mechanism design, aligned with the development of adequate incentives, are necessary to build scalable and successful privacy-preserving decentralized systems

Cryptography for Bitcoin and friends

Numerous cryptographic extensions to Bitcoin have been proposed since Satoshi Nakamoto introduced the revolutionary design in 2008. However, only few proposals have been adopted in Bitcoin and other prevalent cryptocurrencies, whose resistance to fundamental changes has proven to grow with their success. In this dissertation, we introduce four cryptographic techniques that advance the functionality and privacy provided by Bitcoin and similar cryptocurrencies without requiring fundamental changes in their design: First, we realize smart contracts that disincentivize parties in distributed systems from making contradicting statements by penalizing such behavior by the loss of funds in a cryptocurrency. Second, we propose CoinShuffle++, a coin mixing protocol which improves the anonymity of cryptocurrency users by combining their transactions and thereby making it harder for observers to trace those transactions. The core of CoinShuffle++ is DiceMix, a novel and efficient protocol for broadcasting messages anonymously without the help of any trusted third-party anonymity proxies and in the presence of malicious participants. Third, we combine coin mixing with the existing idea to hide payment values in homomorphic commitments to obtain the ValueShuffle protocol, which enables us to overcome major obstacles to the practical deployment of coin mixing protocols. Fourth, we show how to prepare the aforementioned homomorphic commitments for a safe transition to post-quantum cryptography.Seit seiner revolutionären Erfindung durch Satoshi Nakamoto im Jahr 2008 wurden zahlreiche kryptographische Erweiterungen für Bitcoin vorgeschlagen. Gleichwohl wurden nur wenige Vorschläge in Bitcoin und andere weit verbreitete Kryptowährungen integriert, deren Resistenz gegen tiefgreifende Veränderungen augenscheinlich mit ihrer Verbreitung wächst. In dieser Dissertation schlagen wir vier kryptographische Verfahren vor, die die Funktionalität und die Datenschutzeigenschaften von Bitcoin und ähnlichen Kryptowährungen verbessern ohne deren Funktionsweise tiefgreifend verändern zu müssen. Erstens realisieren wir Smart Contracts, die es erlauben widersprüchliche Aussagen einer Vertragspartei mit dem Verlust von Kryptogeld zu bestrafen. Zweitens schlagen wir CoinShuffle++ vor, ein Mix-Protokoll, das die Anonymität von Benutzern verbessert, indem es ihre Transaktionen kombiniert und so deren Rückverfolgung erschwert. Sein Herzstück ist DiceMix, ein neues und effizientes Protokoll zur anonymen Veröffentlichung von Nachrichten ohne vertrauenswürdige Dritte und in der Präsenz von bösartigen Teilnehmern. Drittens kombinieren wir dieses Protokoll mit der existierenden Idee, Geldbeträge in Commitments zu verbergen, und erhalten so das ValueShuffle-Protokoll, das uns ermöglicht, große Hindernisse für den praktischen Einsatz von Mix-Protokollen zu überwinden. Viertens zeigen wir, wie die dabei benutzten Commitments für einen sicheren Übergang zu Post-Quanten-Kryptographie vorbereitet werden können

When social links are network links: The dawn of peer-to-peer social networks and its implications for privacy

International audienceDespite the success they enjoy among Internet users today, social networking tools are currently subject to several controversies, notably concerning the uses their administrators make of users' private data. Today, many projects and applications propose decentralised alternatives to such services, among which one of the most promising appears to be the construction of the social network on a peer-to-peer (P2P) architecture. This paper addresses and analyses the "first steps" of applications at the crossroads between social networks and P2P networks. More specifically, it discusses how such applications anticipate modifications in the management of users' right to privacy, by harnessing both anonymity and knowledge of identity - aspects generally identified with P2P networks and social networks, respectively - depending on the different functionalities and layers of the application

Privacy concerns and benefits of engagement with social media-enabled apps: A privacy calculus perspective

Privacy threats in a social media-enabled application (app) can originate from either the institution or other app users. Although privacy in social media is well studied, the role of social (peer) privacy concerns is largely unknown and most privacy studies on mobile apps focus on initial adoption and ignore long-term behavioral outcomes. Drawing on the privacy calculus theory, this study examines the impact of both institutional and social privacy concerns on long-term user engagement with social media-enabled apps. Findings from the analysis of 354 survey responses reveal that both institutional and social privacy concerns decrease engagement. Regarding the antecedents, the perceived sensitivity of information increases institutional privacy concerns. However, social privacy concerns are influenced by the perception of risk and control. Moreover, while the impacts of social and enjoyment benefits are expectedly positive, the perception of efficiency benefits decreases engagement. These findings are further investigated and validated through a follow-up text analysis study, suggesting that users who enjoy the functionality of these apps are more likely to express social privacy concerns and minimize their engagement. This study contributes to the literature of privacy on mobile apps by unraveling the intricate dynamics of privacy concerns and benefits in the social mobile era

Hail to the thief: a tribute to Kazaa

THIS PAPER CONSIDERS THE ONGOING LITIGATION against the peer-to-peer network KaZaA. Record companies and Hollywood studios have faced jurisdictional and legal problems in suing this network for copyright infringement. As Wired Magazine observes: “The servers are in Denmark. The software is in Estonia. The domain is registered Down Under, the corporation on a tiny island in the South Pacific. The users—60 million of them—are everywhere around the world.” In frustration, copyright owners have launched copyright actions against intermediaries—like against Internet Service Providers such as Verizon. They have also embarked on filing suits against individual users of file-sharing programs. In addition, copyright owners have called for domestic- and international-law reform with respect to digital copyright. The Senate Committee on Government Affairs of the United States Congress has reviewed the controversial use of subpoenas in suits against users of file-sharing peer-to-peer networks. The United States has encouraged other countries to adopt provisions of the Digital Millennium Copyright Act 1998 in bilateral and regional free-trade agreements

The state of peer-to-peer network simulators

Networking research often relies on simulation in order to test and evaluate new ideas. An important requirement of this process is that results must be reproducible so that other researchers can replicate, validate and extend existing work. We look at the landscape of simulators for research in peer-to-peer (P2P) networks by conducting a survey of a combined total of over 280 papers from before and after 2007 (the year of the last survey in this area), and comment on the large quantity of research using bespoke, closed-source simulators. We propose a set of criteria that P2P simulators should meet, and poll the P2P research community for their agreement. We aim to drive the community towards performing their experiments on simulators that allow for others to validate their results