DECO: Liberating Web Data Using Decentralized Oracles for TLS

Zhang, Fan; Maram, Deepak; Malvai, Harjasleen; Goldfeder, Steven; Juels, Ari

doi:10.1145/3372297.3417239

Cited by 66 publications

(35 citation statements)

References 26 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The straightforward approach is to help them enable FIM or SSI. Either as an interim solution or if services do not want to cooperate, CanDID [154] based on DECO [155] may be another way. CanDID by Maram et al empowers the end user by issuing credentials from existing, unmodified web service providers.…”

Section: Technical Factorsmentioning

confidence: 99%

eID and Self-Sovereign Identity Usage: An Overview

2021

View full text Add to dashboard Cite

The COVID-19 pandemic helped countries to increase the use of their mobile eID solutions. These are based on traditional identity management systems, which suffer from weaknesses, such as the reliance on a central entity to provide the identity data and the lack of control of the user over her or his data. The introduction of self-sovereign identity (SSI) for e-government systems can strengthen the privacy of the citizens while enabling identification also for the weakest. To successfully initiate SSI, different factors have to be taken into account. In order to have a clear understanding of the challenges, but also lessons learned, we provide an overview of existing solutions and projects and conducted an analysis of their experiences. Based on a taxonomy, we identified strong points, as well as encountered challenges. The contribution of this paper is threefold: First, we enhanced existing taxonomies based on the literature for further evaluations. Second, we analyzed eID solutions for lessons learned. Third, we evaluated more recently started SSI projects in different states of their lifecycle. This led to a comprehensive discussion of the lessons learned and challenges to address, as well as further findings.

show abstract

Section: Technical Factorsmentioning

confidence: 99%

eID and Self-Sovereign Identity Usage: An Overview

2021

View full text Add to dashboard Cite

show abstract

“…Oracle with TLS There are studies that attempt to vote in a decentralized environment to implement Oracle, but it does not support the authentication process for users to bring their own data. On the other hand, Town Crier [11], TLS-N [13], and Deco [12] support data authentication by presenting a protocol for connecting TLS to the blockchain. In particular, in the case of Deco, in TLS 1.3 version, the protocol was configured so that the attestor can verify to the oracle (verifier) through a third-party handshake method without modifying the server for authentication to external sources.…”

Section: Related Workmentioning

confidence: 99%

“…TLS based schemes Research has been conducted to construct a protocol based on Transport Layers Security (TLS) [10] to provide cryptographic authentication of external data. There are methods of providing data based on hardware safety [11] and privacy preserving oracle to verify data with zero-knowledge proof [12]. An approach such as those in [11,12] requires a separate infrastructure that oracle can trust or participate as a verifier of data.…”

Section: Introductionmentioning

confidence: 99%

“…There are methods of providing data based on hardware safety [11] and privacy preserving oracle to verify data with zero-knowledge proof [12]. An approach such as those in [11,12] requires a separate infrastructure that oracle can trust or participate as a verifier of data. Therefore, on-chain automation is impossible, and execution of smart contracts may be delayed due to external data feeds.…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

Smart Contract Data Feed Framework for Privacy-Preserving Oracle System on Blockchain

Park

Kim

et al. 2020

Computers

View full text Add to dashboard Cite

As blockchain-based applications and research such as cryptocurrency increase, an oracle problem to bring external data in the blockchain is emerging. Among the methods to solve the oracle problem, a method of configuring oracle based on TLS, an existing internet infrastructure, has been proposed. However, these methods currently have the disadvantage of not supporting privacy protection for external data, and there are limitations in configuring the process of a smart contract based on external data verification for automation. To solve this problem, we propose a framework consisting of middleware of external source server, data prover, and verification contract. The framework converts the data signed in the web server into a proof that the owner can prove with zk-SNARKs and provides a smart contract that can verify this. Through these procedures, data owners not only protect their privacy by proving themselves, but they can also automate on-chain processing through smart contract verification. For the proposed framework, we create a proof using libsnark for server data and show the performance and cost to verify with Solidity the smart contract language of the Ethereum platform.

show abstract

“…This can be achieved via oracles, which are themselves smart contracts responsible for bringing external information into the system. Using an authenticated data feed [22][23][24], websites that provide real-time information can feed it into the platform in a way that ensures authenticity. Other solutions include those employed in the Augur 1 and Gnosis 2 prediction markets, which maintain that if enough users say the same thing, then what they say becomes the truth.…”

Section: Introductionmentioning

confidence: 99%

Reputable List Curation from Decentralized Voting

Crites

Maller²,

Meiklejohn

et al. 2020

Proceedings on Privacy Enhancing Technologies

View full text Add to dashboard Cite

Token-curated registries (TCRs) are a mechanism by which a set of users are able to jointly curate a reputable list about real-world information. Entries in the registry may have any form, so this primitive has been proposed for use—and deployed—in a variety of decentralized applications, ranging from the simple joint creation of lists to helping to prevent the spread of misinformation online. Despite this interest, the security of this primitive is not well understood, and indeed existing constructions do not achieve strong or provable notions of security or privacy. In this paper, we provide a formal cryptographic treatment of TCRs as well as a construction that provably hides the votes cast by individual curators. Along the way, we provide a model and proof of security for an underlying voting scheme, which may be of independent interest. We also demonstrate, via an implementation and evaluation, that our construction is practical enough to be deployed even on a constrained decentralized platform like Ethereum.

show abstract

DECO: Liberating Web Data Using Decentralized Oracles for TLS

Cited by 66 publications

References 26 publications

eID and Self-Sovereign Identity Usage: An Overview

eID and Self-Sovereign Identity Usage: An Overview

Smart Contract Data Feed Framework for Privacy-Preserving Oracle System on Blockchain

Reputable List Curation from Decentralized Voting

Contact Info

Product

Resources

About