Overview of Topics

Topics are marked with either building block (BB) or system (SYS).

 

BB: Private Information Retrieval (Single Server) (Omkar Kute)

Private information retrieval schemes retrieve records from a server without revealing to the server(s) which records they retrieved. This is a key building block in many privacy-enhancing systems. The papers in this block only use a single server.

• Main Paper: Eyal Kushilevitz, Rafail Ostrovsky: Replication is NOT Needed: SINGLE Database, Computationally-Private Information Retrieval. FOCS 1997: 364-373
• Follow-up Paper: Alexandra Henzinger, Matthew M. Hong, Henry Corrigan-Gibbs, Sarah Meiklejohn, Vinod Vaikuntanathan: One Server for the Price of Two: Simple and Fast Single-Server Private Information Retrieval. USENIX Security Symposium 2023: 3889-3905.

#crypto

 

BB: Private Information Retrieval (Multiple Servers) (Fatjon Kuci)

Private information retrieval schemes retrieve records from a server without revealing to the server(s) which records they retrieved. This is a key building block in many privacy-enhancing systems. The papers in this block use multiple servers and a non-collusion assumption.

• Main Paper: Ian Goldberg: Improving the Robustness of Private Information Retrieval. S&P 2007: 131-148.
• Follow-up Paper: Dmitry Kogan, Henry Corrigan-Gibbs: Private Blocklist Lookups with Checklist. USENIX Security Symposium 2021: 875-892

#crypto #lotsofcrypto

 

BB: Anonymous Communication (Onion/Mix) (Animesh Kumar Aashu)

Anonymous communication systems hide who is communicating with whom. In this week you'll be reading two legendary papers in this area. Loopix provides better protection than Tor, but this protection comes at a cost.

• Main Paper: Roger Dingledine, Nick Mathewson, Paul F. Syverson: Tor: The Second-Generation Onion Router. USENIX Security Symposium 2004: 303-320
• Follow-up Paper: Ania M. Piotrowska, Jamie Hayes, Tariq Elahi, Sebastian Meiser, George Danezis: The Loopix Anonymity System. USENIX Security Symposium 2017: 1199-1216

 

BB: Anonymous Communication (DC-Nets) (Jonas Birtel)

Anonymous communication systems hide who is communicating with whom. Whereas in the previous week, we looked at system that would admit a small amount of leakage, protocols based on dining cryptographer networks can provide much stronger guarantees.

• Classic Paper: David Chaum: The Dining Cryptographers Problem: Unconditional Sender and Recipient Untraceability. J. Cryptol. 1(1): 65-75 (1988)
• Follow-up Paper: Henry Corrigan-Gibbs, Bryan Ford: Dissent: accountable anonymous group messaging. CCS 2010: 340-350

 

BB: Anonymous Communication (Wrapup) (Robin Wiesen)

Anonymous communication systems hide who is communicating with whom. In this week, we'll look at two systems that try to balance leakage and performance in anonymous communication.

• Main Paper: David Lazar, Yossi Gilad, Nickolai Zeldovich: Karaoke: Distributed Private Messaging Immune to Passive Traffic Analysis. OSDI 2018: 711-725
• Follow-up Paper: Saba Eskandarian, Henry Corrigan-Gibbs, Matei Zaharia, Dan Boneh:
  Express: Lowering the Cost of Metadata-hiding Communication with Cryptographic Privacy. USENIX Security Symposium 2021: 1775-179

 

BB: Private Set Intersection (Tim Rausch)

Private set intersection protocols compute the intersection of two sets without leaking any other information. These protocols are for example used for private contact discovery.

• Classic Paper: Emiliano De Cristofaro, Paolo Gasti, Gene Tsudik: Fast and Private Computation of Cardinality of Set Intersection and Union. CANS 2012: 218-231
• Follow-up Paper: Ágnes Kiss, Jian Liu, Thomas Schneider, N. Asokan, Benny Pinkas: Private Set Intersection for Unequal Set Sizes with Mobile Applications. Proc. Priv. Enhancing Technol. 2017(4): 177-197 (2017)

#crypto

 

SYS: Content Moderation (Mahmoud Altaha)

These content moderation systems aims to mitigate the damage that might result from end-to-end encryption online.

• Main Paper: Sarah Scheffler, Jonathan R. Mayer: SoK: Content Moderation for End-to-End Encryption. Proc. Priv. Enhancing Technol. 2023(2): 403-429 (2023)
• Follow-up Paper: Hal Abelson, Ross J. Anderson, Steven M. Bellovin, Josh Benaloh, Matt Blaze, Jon Callas, Whitfield Diffie, Susan Landau, Peter G. Neumann, Ronald L. Rivest, Jeffrey I. Schiller, Bruce Schneier, Vanessa Teague, Carmela Troncoso:
  Bugs in our Pockets: The Risks of Client-Side Scanning. CoRR abs/2110.07450 (2021)

These papers are a bit lighter on hard scientific content, but raise a lot of interesting questions for discussion.

 

SYS: Compromised Credential Checking (Luc Seyler)

Compromised Credential Checking (C3) systems (such as Have I Been Powned) let users check whether their passwords have been leaked, without creating new risks for users.

• Main Paper: Lucy Li, Bijeeta Pal, Junade Ali, Nick Sullivan, Rahul Chatterjee, Thomas Ristenpart: Protocols for Checking Compromised Credentials. CCS 2019: 1387-1403
• Follow-up Paper: Bijeeta Pal, Mazharul Islam, Marina Sanusi Bohuk, Nick Sullivan, Luke Valenta, Tara Whalen, Christopher A. Wood, Thomas Ristenpart, Rahul Chatterjee:
  Might I Get Pwned: A Second Generation Compromised Credential Checking Service. USENIX Security Symposium 2022: 1831-1848

 

SYS: Systems for Journalists (Simran Munot)

The first paper is a bit of a weird one, instead looking at the needs of a community. All the technical weight (and there is plenty) is in the second paper.

• Main Paper: Susan E. McGregor, Polina Charters, Tobin Holliday, Franziska Roesner:
  Investigating the Computer Security Practices and Needs of Journalists. USENIX Security Symposium 2015: 399-414
• Follow-up Paper: Kasra Edalatnejad, Wouter Lueks, Julien Pierre Martin, Soline Ledésert, Anne L'Hôte, Bruno Thomas, Laurent Girod, Carmela Troncoso:
  DatashareNetwork: A Decentralized Privacy-Preserving Search Engine for Investigative Journalists. USENIX Security Symposium 2020: 1911-1927

 

SYS: Systems for Humanitarians (Sahibzada Amin)

As for the journalist setting, the first paper is actually an HCI paper, studying the needs of a community. The second paper has a lot of technical depth.

• Main Paper: Stevens Le Blond, Alejandro Cuevas, Juan Ramón Troncoso-Pastoriza, Philipp Jovanovic, Bryan Ford, Jean-Pierre Hubaux:
  On Enforcing the Digital Immunity of a Large Humanitarian Organization. IEEE Symposium on Security and Privacy 2018: 424-440
• Follow-up Paper: Boya Wang, Wouter Lueks, Justinas Sukaitis, Vincent Graf Narbel, Carmela Troncoso: Not Yet Another Digital ID: Privacy-Preserving Humanitarian Aid Distribution. SP 2023: 645-663

 

SYS: Reputation Systems (not assigned)

Another way to combat misbehaviour by anonymous users is to assign them a reputation. In this week, we would look at privacy-friendly ways to track a user's reputation.

• Main Paper: Ennan Zhai, David Isaac Wolinsky, Ruichuan Chen, Ewa Syta, Chao Teng, Bryan Ford: AnonRep: Towards Tracking-Resistant Anonymous Reputation. NSDI 2016: 583-596
• Follow-up Paper: Stan Gurtler, Ian Goldberg: SoK: Privacy-Preserving Reputation Systems. Proc. Priv. Enhancing Technol. 2021(1): 107-127 (2021)

(A review for this week should be for the main paper, not the follow-up paper.)

#crypto

 

SYS: "Blocking" Users (not assigned)

In this week we look at two (quite different) ways to block users or avoid blocking users.

• Main Paper: Patrick P. Tsang, Man Ho Au, Apu Kapadia, Sean W. Smith: Blacklistable anonymous credentials: blocking misbehaving users without TTPs. CCS 2007: 72-81
• Follow-up Paper: Alex Davidson, Ian Goldberg, Nick Sullivan, George Tankersley, Filippo Valsorda:
  Privacy Pass: Bypassing Internet Challenges Anonymously. Proc. Priv. Enhancing Technol. 2018(3): 164-180 (2018)

 

SYS: Digital Contact Tracing (not assigned)

Digital contact tracing systems aim to help mitigate pandemics. These papers have a little bit of crypto, but are overall quite readable.

• Classic Paper: Carmela Troncoso, Mathias Payer, Jean-Pierre Hubaux, Marcel Salathé, James R. Larus, Edouard Bugnion, Wouter Lueks, Theresa Stadler, Apostolos Pyrgelis, Daniele Antonioli, Ludovic Barman, Sylvain Chatel, Kenneth G. Paterson, Srdjan Capkun, David A. Basin, Jan Beutel, Dennis Jackson, Marc Roeschlin, Patrick Leu, Bart Preneel, Nigel P. Smart, Aysajan Abidin, Seda F. Gürses, Michael Veale, Cas Cremers, Michael Backes, Nils Ole Tippenhauer, Reuben Binns, Ciro Cattuto, Alain Barrat, Dario Fiore, Manuel Barbosa, Rui Oliveira, José Pereira:
  Decentralized Privacy-Preserving Proximity Tracing. CoRR abs/2005.12273 (2020)
• Follow-up Paper: Antoine Boutet, Claude Castelluccia, Mathieu Cunche, Cédric Lauradou, Vincent Roca, Adrien Baud, Pierre-Guillaume Raverdy: Desire: Leveraging the Best of Centralized and Decentralized Contact Tracing Systems. Digit. Threat.: Res. Pract. 3, 3, Article 28 (September 2022)

I deliberately left the "original" DP3T paper here, but calling this a paper would be a little bit of a stretch. For something a little bit more retrospective, you might also enjoy reading:

• Carmela Troncoso, Dan Bogdanov, Edouard Bugnion, Sylvain Chatel, Cas Cremers, Seda F. Gürses, Jean-Pierre Hubaux, Dennis Jackson, James R. Larus, Wouter Lueks, Rui Oliveira, Mathias Payer, Bart Preneel, Apostolos Pyrgelis, Marcel Salathé, Theresa Stadler, Michael Veale: Deploying decentralized, privacy-preserving proximity tracing. Commun. ACM 65(9): 48-57 (2022)