77 research outputs found
Towards an Adequate Energy Policy Response to the Environmental Threat of Cryptocurrency Mining
Bringing data minimization to digital wallets at scale with general-purpose zero-knowledge proofs
Today, digital identity management for individuals is either inconvenient and
error-prone or creates undesirable lock-in effects and violates privacy and
security expectations. These shortcomings inhibit the digital transformation in
general and seem particularly concerning in the context of novel applications
such as access control for decentralized autonomous organizations and
identification in the Metaverse. Decentralized or self-sovereign identity (SSI)
aims to offer a solution to this dilemma by empowering individuals to manage
their digital identity through machine-verifiable attestations stored in a
"digital wallet" application on their edge devices. However, when presented to
a relying party, these attestations typically reveal more attributes than
required and allow tracking end users' activities. Several academic works and
practical solutions exist to reduce or avoid such excessive information
disclosure, from simple selective disclosure to data-minimizing anonymous
credentials based on zero-knowledge proofs (ZKPs). We first demonstrate that
the SSI solutions that are currently built with anonymous credentials still
lack essential features such as scalable revocation, certificate chaining, and
integration with secure elements. We then argue that general-purpose ZKPs in
the form of zk-SNARKs can appropriately address these pressing challenges. We
describe our implementation and conduct performance tests on different edge
devices to illustrate that the performance of zk-SNARK-based anonymous
credentials is already practical. We also discuss further advantages that
general-purpose ZKPs can easily provide for digital wallets, for instance, to
create "designated verifier presentations" that facilitate new design options
for digital identity infrastructures that previously were not accessible
because of the threat of man-in-the-middle attacks
Addressing the sustainability of distributed ledger technology
The work proposes policies to improve the environmental sustainability of distributed ledger technology (DLT). While the proof-of-work (PoW) consensus protocol requires large amounts of electricity, several DLT protocols consume much less, while still being sufficiently reliable and decentralized. To move from a PoW protocol to a greener system, such as proof-of-stake (PoS) or proof-of-authority (PoA), the consensus of the majority of miners (measured by their computing power) is required during the transition period to preserve the security requirements. Given that miners have an incentive to maintain the status quo, this paper illustrates various policies designed to bring about the transition. We aim to show that the current policy approach adopted by banking and financial regulators, based on the principle of technological neutrality, may need a reappraisal in order to consider the âsustainabilityâ criterion. Policymakers should not stifle financial innovation; nevertheless they should intervene if technology is a source of negative externalities
MEDIATING THE TENSION BETWEEN DATA SHARING AND PRIVACY: THE CASE OF DMA AND GDPR
The Digital Markets Act (DMA) constitutes a crucial part of the European legislative framework addressing the dominance of âBig Techâ. It intends to foster fairness and competition in Europeâs digital platform economy by imposing obligations on âgatekeepersâ to share end-user-related information with business users. Yet, this may involve the processing of personal data subject to the General Data Protection Regulation (GDPR). The obligation to provide access to personal data in a GDPR-compliant manner poses a regulatory and technical challenge and can serve as a justification for gatekeepers to refrain from data sharing. In this research-in-progress paper, we analyze key tensions between the DMA and the GDPR through the paradox perspective. We argue through a task-technology fit approach how privacyenhancing technologies â particularly anonymization techniques â and portability could help mediate tensions between data sharing and privacy. Our contribution provides theoretical and practical insights to facilitate legal compliance
Mediating the Tension between Data Sharing and Privacy: The Case of DMA and GDPR
The Digital Markets Act (DMA) constitutes a crucial part of the European legislative framework addressing the dominance of 'Big Tech'. It intends to foster fairness and competition in Europe's digital platform economy by imposing obligations on 'gatekeepers' to share end-user-related information with business users. Yet, this may involve the processing of personal data subject to the General Data Protection Regulation (GDPR). The obligation to provide access to personal data in a GDPR-compliant manner poses a regulatory and technical challenge and can serve as a justification for gatekeepers to refrain from data sharing. In this research-in-progress paper, we analyze key tensions between the DMA and the GDPR through the paradox perspective. We argue through a task-technology fit approach how privacy-enhancing technologies-particularly anonymization techniques-and portability could help mediate tensions between data sharing and privacy. Our contribution provides theoretical and practical insights to facilitate legal compliance
Yes, I Do: Marrying Blockchain Applications with GDPR
Due to blockchainsâ intrinsic transparency and immutability, blockchain-based applications are challenged by privacy regulations, such as the EU General Data Protection Regulation. Hence, scaling blockchain use cases to production often fails to owe to a lack of compliance with legal constraints. As current research mainly focuses on specific use cases, we aim to offer comprehensive guidance regarding the development of blockchain solutions that comply with privacy regulations. Following the action design research method, we contribute a generic framework and design principles to the research domain. In this context, we also emphasize the need for distinguishing between applications based on blockchainsâ data integrity and computational integrity guarantees
An In-Depth Investigation of Performance Characteristics of Hyperledger Fabric
Private permissioned blockchains, such as Hyperledger Fabric, are widely
deployed across the industry to facilitate cross-organizational processes and
promise improved performance compared to their public counterparts. However,
the lack of empirical and theoretical results prevent precise prediction of the
real-world performance. We address this gap by conducting an in-depth
performance analysis of Hyperledger Fabric. The paper presents a detailed
compilation of various performance characteristics using an enhanced version of
the Distributed Ledger Performance Scan. Researchers and practitioners alike
can use the results as guidelines to better configure and implement their
blockchains and utilize the DLPS framework to conduct their measurements
Love at First Sight? A User Experience Study of Self-Sovereign Identity Wallets
Todayâs systems for digital identity management exhibit critical security, efficiency, and privacy issues. A new paradigm, called Self-Sovereign Identity (SSI), addresses these shortcomings by equipping users with mobile wallets and empowering them to manage their digital identities. Various companies and governments back this paradigm and promote its development and diffusion. User experience often plays a subordinate role in these efforts, even though it is crucial for user satisfaction and adoption. We thus conduct a comprehensive user experience study of four prominent SSI wallets using a mixed-method approach that involves moderated and remote interviews and the User Experience Questionnaire (UEQ). We find that the examined wallets already provide a decent level of user experience, yet further improvements need to be done. In particular, the examined wallets do not make their novelty and benefits sufficiently apparent to users. Our analysis contributes to user experience research and offers guidance for SSI practitioners
- âŠ