The UCL Carnival of Decentralization and Privacy

Over the past few years the UCL Information Security research group [0] has built a lot of expertise on decentralization and privacy, including through involvement in key projects like the EU-funded projects Panoramix [1], Nextleap [2] and our EPSRC project on “Strengthening Anonymity”. In that context we hosted the first “Carnival of Decentralization and Privacy[3] one-day event with a number of fantastic local and international speakers on May 22nd. The specific theme of this event was around “anonymity”, with key local contributions about other broader projects.

Prof. Claudia Diaz [Diaz], from KU Leuven, gave a lecture on web fingerprinting, specifically targeted against Tor hidden services [4]. Her presentation, included a very nice comparison between state of the art techniques for performing website fingerprinting attacks. Those assume that an observer has access to the local traffic of a Tor web browsing user, and using advanced statistics and machine learning uses the timing and volume characteristics leaked by Tor to infer which site they are visiting. This topic is close to our heart, since one of the techniques compared was k-fingerprinting [5] co-designed by Jamie Hayes. Prof. Diaz is a key collaborator in our EU Panoramix project, that aims to build and deploy secure mix-based infrastructures.

Dr Carmela Troncoso [Troncoso], then spoke about modern approaches to performing statistical disclosure attacks, using the least squares methods she has developed over the years [6]. Those attacks are very powerful: they assume that an adversary may observe messages going in and out of an anonymizing network. They can then apply statistics to infer any long-term relationships between communicating parties, despite the anonymity system being perfectly secure. Impressively, her results allow for an analytical understanding of parameters such as volume of traffic and dummy messages and their relationship to the anonymity provided by the system. Dr Troncoso works with us on the NEXTLEAP project, that aims to build better end-to-end encryption and associated decentralized infrastructures to support it. Our joined report systematizing knowledge on decentralization and privacy [7] is available on Arxiv.

Prof. Aggelos Kiayias [Aggelos] presented his recent work on the MCMix anonymity system (to be presented at USENIX Sec 2017). In my view MCMix takes quite a revolutionary design direction: instead of using cryptographic relays, it is based on a secure multi-party computation that allows senders to be matched with receivers, and subsequently exchange messages. I believe that the ideas behind achieving oblivious routing using SMPC might be of great relevance to future systems. Prof. Kiayias is the coordinator of the Panoramix project, and also has a keen interest in de-centralization through his work on proof-of-stake [8] as a replacement for the proof-of-work schemes in Bitcoin and other distributed ledgers.

Besides our keynote speakers we also had the privilege to hear from a number of local projects, and had a rump session of very short talks. Marios Isaakidis [9], from UCL and NEXTLEAP, presented our recent work on distributed key management; Michael Rogers from the Briar [10] project presented an update on their technology; and Matthew Hodgson from [11] presented the project as well as challenges related to encryption and privacy.