DECO: Liberating Web Data Using Decentralized Oracles for TLS

  title={DECO: Liberating Web Data Using Decentralized Oracles for TLS},
  author={Fan Zhang and Sai Krishna Deepak Maram and Harjasleen Malvai and Steven Goldfeder and Ari Juels},
  journal={Proceedings of the 2020 ACM SIGSAC Conference on Computer and Communications Security},
Thanks to the widespread deployment of TLS, users can access private data over channels with end-to-end confidentiality and integrity. What they cannot do, however, is prove to third parties the provenance of such data, i.e., that it genuinely came from a particular website. Existing approaches either introduce undesirable trust assumptions or require server-side modifications. Users' private data is thus locked up at its point of origin. Users cannot export data in an integrity-protected way… 

Figures and Tables from this paper

A Sealed-bid Auction with Fund Binding: Preventing Maximum Bidding Price Leakage

In an open-bid auction, a bidder can know the budgets of other bidders. Thus, a sealed-bid auction that hides bidding prices is desirable. However, in previous sealed-bid auction protocols, it has

Verifiable Computing Applications in Blockchain

This paper provides an overview of common methods for verifying computation and presents how they are applied to blockchain technology, grouping the presented verifiable computing applications into five main application areas, i.e., multiparty approval for secure key management, sybil-resistance and consensus, smart contracts and oracles, scalability, and privacy.

ROSEN: RObust and SElective Non-repudiation (for TLS)

ROSEN is proposed, an extension for TLS that provides non-repudiation using an efficient checkpointing mechanism that minimizes loss of evidence in the presence of faults in order to increase robustness and ensure reliability.

N-for-1 Auth: N-wise Decentralized Authentication via One Authentication

N-for-1-Auth is presented, a system that preserves dis- tributed trust by enabling a user to authenticate to servers independently, with the work of only one authenti- cation, thereby offering the same user experience as in a typical centralized system.

Wolverine: Fast, Scalable, and Communication-Efficient Zero-Knowledge Proofs for Boolean and Arithmetic Circuits

A new protocol for constant-round interactive ZK proofs that simultaneously allows for a highly efficient prover and low communication and an improved subfield Vector Oblivious Linear Evaluation (sVOLE) protocol with malicious security that is of independent interest is presented.

Decentralized Reputation

This work develops a privacy-preserving reputation scheme for collaborative systems such as P2P networks in which peers can represent themselves with different pseudonyms when interacting with others, allowing honest peers to maintain their good record even when switching to a new pseudonym while preventing malicious ones from making a fresh start.

The Oracle Problem: Unlocking the Potential of Blockchain

This research thesis will explore the relationship between the blockchain and trustworthy oracle solutions and present a framework for further advancing oracle networks to unlock blockchain's potential.

More Efficient MPC from Improved Triple Generation and Authenticated Garbling

A new protocol for generating authenticated AND triples, which is a key building block in many recent works, is proposed and a new authenticated bit protocol is proposed in the two-party and multi-party settings from bare IKNP OT extension, allowing to reduce the communication by about $24% and eliminate many computation bottlenecks.

Being Accountable Never Cheats: An Incentive Protocol for DeFi Oracles

Recently emerging Decentralized Finance (DeFi) transforms traditional financial products into trustless and transparent protocols. However, these protocols often require real-time external price

ZEBRA: Anonymous Credentials with Practical On-chain Verification and Applications to KYC in DeFi

—ZEBRA is an Anonymous Credential (AC) scheme, supporting auditability and revocation, that provides practical on-chain verification for the first time. It realizes efficient access control on



TLS-N: Non-repudiation over TLS Enablign Ubiquitous Content Signing

TLS-N is presented, the first TLS extension that provides secure non-repudiation and enables a practical and decentralized blockchain oracle for web content and increases the accountability for content provided on the web.

ChainLink: A Decentralized Oracle Network.

  • 2017

Town Crier: An Authenticated Data Feed for Smart Contracts

An authenticated data feed system called Town Crier is presented, which acts as a bridge between smart contracts and existing web sites, which are already commonly trusted for non-blockchain applications and defines and proves its basic security properties in the Universal Composibility (UC) framework.

The Transport Layer Security (TLS) Protocol Version 1.3

This document specifies version 1.3 of the Transport Layer Security (TLS) protocol. TLS allows client/server applications to communicate over the Internet in a way that is designed to prevent

CanDID: Can-Do Decentralized Identity with Legacy Compatibility, Sybil-Resistance, and Accountability

CanDID provides strong confidentiality for user’s keys, real-world identities, and data, yet prevents users from spawning multiple identities and allows identification (and blacklisting) of sanctioned users.

A special price just for you: effects of personalized dynamic pricing on consumer fairness perceptions

Personalized dynamic pricing (PDP) involves dynamically setting individual-consumer prices for the same product or service according to consumer-identifying information. Despite its profitability,

Transport Layer Security (TLS) Evidence Extensions

This document specifies evidence creation extensions to the Transport Layer Security (TLS) Protocol to confirm that both parties support the protocol features needed to perform evidence creation.

Twenty Years of Web Scraping and the Computer Fraud and Abuse Act

"Web scraping" is a ubiquitous technique for extracting data from the World Wide Web, done through a computer script that will send tailored queries to websites to retrieve specific pieces of

Right to Data Portability

Signed HTTP Exchanges

This document specifies how a server can send an HTTP exchange--a request URL, content negotiation information, and a response--with signatures that vouch for that exchange's authenticity that contain countermeasures against downgrade and protocol- confusion attacks.