Practice-Oriented Privacy in Cryptography

While formal cryptographic schemes can provide strong privacy guarantees, heuristic schemes that prioritize efficiency over formal rigor are often deployed in practice, which can result in privacy loss. Academic schemes that do receive rigorous attention often lack concrete efficiency or are difficult to implement. This creates tension between practice and research, leading to deployed privacy-preserving systems that are not backed by strong cryptographic guarantees. To address this tension between practice and research, we propose a practice-oriented privacy approach, which focuses on designing systems with formal privacy models that can effectively map to real-world use cases. This approach includes analyzing existing privacy-preserving systems to measure their privacy guarantees and how they are used. Furthermore, it explores solutions in the literature and analyzes gaps in their models to design augmented systems that apply more clearly to practice. We focus on two settings of privacy-preserving payments and communications. First, we introduce BlockSci, a software platform that can be used to perform analyses on the privacy and usage of blockchains. Specifically, we assess the privacy of the Dash cryptocurrency and analyze the velocity of cryptocurrencies, finding that Dash’s PrivateSend may still be vulnerable to clustering attacks and that a significant fraction of transactions on Bitcoin are “self-churn” transactions. Next, we build a technique for reducing bandwidth in mixing cryptocurrencies, which suffer from a practical limitation: the size of the transaction growing linearly with the size of the anonymity set. Our proposed technique efficiently samples cover traffic from a finite and public set of known values, while deriving a compact description of the resulting transaction set. We show how this technique can be integrated with various currencies and different cover sampling distributions. Finally, we look at the problem of establishing secure communication channels without access to a trusted public key infrastructure. We construct a scheme that uses network latency and reverse turing tests to detect the presence of eavesdroppers, prove our construction secure, and implement it on top of an existing communication protocol. This line of work bridges the gap between theoretical cryptographic research and real-world deployments to bring better privacy-preserving schemes to end users

SoK: Privacy-Preserving Signatures

Modern security systems depend fundamentally on the ability of users to authenticate their communications to other parties in a network. Unfortunately, cryptographic authentication can substantially undermine the privacy of users. One possible solution to this problem is to use privacy-preserving cryptographic authentication. These protocols allow users to authenticate their communications without revealing their identity to the verifier. In the non-interactive setting, the most common protocols include blind, ring, and group signatures, each of which has been the subject of enormous research in the security and cryptography literature. These primitives are now being deployed at scale in major applications, including Intel\u27s SGX software attestation framework. The depth of the research literature and the prospect of large-scale deployment motivate us to systematize our understanding of the research in this area. This work provides an overview of these techniques, focusing on applications and efficiency

nQUIC: Noise-Based QUIC Packet Protection

We present nQUIC, a variant of QUIC-TLS that uses the Noise protocol framework for its key exchange and basis of its packet protector with no semantic transport changes. nQUIC is designed for deployment in systems and for applications that assert trust in raw public keys rather than PKI-based certificate chains. It uses a fixed key exchange algorithm, compromising agility for implementation and verification ease. nQUIC provides mandatory server and optional client authentication, resistance to Key Compromise Impersonation attacks, and forward and future secrecy of traffic key derivation, which makes it favorable to QUIC-TLS for long-lived QUIC connections in comparable applications. We developed two interoperable prototype implementations written in Go and Rust. Experimental results show that nQUIC finishes its handshake in a comparable amount of time as QUIC-TLS

Practice-Oriented Privacy in Cryptography

While formal cryptographic schemes can provide strong privacy guarantees, heuristic schemes that prioritize efficiency over formal rigor are often deployed in practice, which can result in privacy loss. Academic schemes that do receive rigorous attention often lack concrete efficiency or are difficult to implement. This creates tension between practice and research, leading to deployed privacy-preserving systems that are not backed by strong cryptographic guarantees. To address this tension between practice and research, we propose a practice-oriented privacy approach, which focuses on designing systems with formal privacy models that can effectively map to real-world use cases. This approach includes analyzing existing privacy-preserving systems to measure their privacy guarantees and how they are used. Furthermore, it explores solutions in the literature and analyzes gaps in their models to design augmented systems that apply more clearly to practice. We focus on two settings of privacy-preserving payments and communications. First, we introduce BlockSci, a software platform that can be used to perform analyses on the privacy and usage of blockchains. Specifically, we assess the privacy of the Dash cryptocurrency and analyze the velocity of cryptocurrencies, finding that Dash’s PrivateSend may still be vulnerable to clustering attacks and that a significant fraction of transactions on Bitcoin are “self-churn” transactions. Next, we build a technique for reducing bandwidth in mixing cryptocurrencies, which suffer from a practical limitation: the size of the transaction growing linearly with the size of the anonymity set. Our proposed technique efficiently samples cover traffic from a finite and public set of known values, while deriving a compact description of the resulting transaction set. We show how this technique can be integrated with various currencies and different cover sampling distributions. Finally, we look at the problem of establishing secure communication channels without access to a trusted public key infrastructure. We construct a scheme that uses network latency and reverse turing tests to detect the presence of eavesdroppers, prove our construction secure, and implement it on top of an existing communication protocol. This line of work bridges the gap between theoretical cryptographic research and real-world deployments to bring better privacy-preserving schemes to end users

BlockSci: Design and applications of a blockchain analysis platform

Analysis of blockchain data is useful for both scientific research and commercial applications. We present BlockSci, an open-source software platform for blockchain analysis. BlockSci is versatile in its support for different blockchains and analysis tasks. It incorporates an in-memory, analytical (rather than transactional) database, making it orders of magnitudes faster than using general-purpose graph databases. We describe BlockSci's design and present four analyses that illustrate its capabilities, shedding light on the security, privacy, and economics of cryptocurrencies