Harry Halpin

Harry Halpin

In this study, we overview the problems associated with the usability of cryptocurrency wallets, such as those used by ZCash, for end-users. The concept of "holistic privacy," where information leaks in one part of a system can violate the privacy expectations of different parts of the system, is introduced as a requirement. To test this requirement with real-world software, we did a 60 person task-based evaluation of the usability of a ZCash cryptocurrency wallet by having users install and try to both send and receive anonymized ZCash transactions, as well as install a VPN and Tor. While the initial wallet installation was difficult, we found even a larger amount of difficulty integrating the ZCash wallet into network-level protection like VPNs or Tor, so only a quarter of users could complete a real-world purchase using the wallet.

Harry Halpin

Due to the widespread COVID-19 pandemic, there has been a push for `immunity passports' and even technical proposals. Although the debate about the medical and ethical problems of immunity passports has been widespread, there has been less inspection of the technical foundations of immunity passport schemes. These schemes are envisaged to be used for sharing COVID-19 test and vaccination results in general. The most prominent immunity passport schemes have involved a stack of little-known standards, such as Decentralized Identifiers (DIDs) and Verifiable Credentials (VCs) from the World Wide Web Consortium (W3C). Our analysis shows that this group of technical identity standards are based on under-specified and often non-standardized documents that have substantial security and privacy issues, due in part to the questionable use of blockchain technology. One concrete proposal for immunity passports is even susceptible to dictionary attacks. The use of `cryptography theater' in efforts like immunity passports, where cryptography is used to allay the privacy concerns of users, should be discouraged in standardization. Deployment of these W3C standards for `self-sovereign identity' in use-cases like immunity passports could just as well lead to a dangerous form identity totalitarianism.

Harry Halpin

The vast majority of applications at this moment rely on centralized servers to relay messages between clients, where these servers are considered trusted third-parties. With the rise of blockchain technologies over the last few years, there has been a move away from both centralized servers and traditional federated models to more decentralized peer-to-peer alternatives. However, there appears to be a trilemma between security, scalability, and decentralization in blockchain-based systems. Deconstructing this trilemma using well-known threat models, we define a typology of centralized, federated, and decentralized architectures. Each of the different architectures has this trilemma play out differently. Facing a possible decentralized future, we outline seven hard problems facing decentralization and theorize that the differences between centralized, federated, and decentralized architectures depend on differing social interpretations of trust.

Harry Halpin

Pretty Good Privacy (PGP) has long been the primary IETF standard for encrypting email, but suffers from widespread usability and security problems that have limited its adoption. As time has marched on, the underlying cryptographic protocol has fallen out of date insofar as PGP is unauthenticated on a per message basis and compresses before encryption. There have been an increasing number of attacks on the increasingly outdated primitives and complex clients used by the PGP eco-system. However, attempts to update the OpenPGP standard have failed at the IETF except for adding modern cryptographic primitives. Outside of official standardization, Autocrypt is a "bottom-up" community attempt to fix PGP, but still falls victim to attacks on PGP involving authentication. The core reason for the inability to "fix" PGP is the lack of a simple AEAD interface which in turn requires a decentralized public key infrastructure to work with email. Yet even if standards like MLS replace PGP, the deployment of a decentralized PKI remains an open issue.

Carmela Troncoso, Marios Isaakidis, George Danezis et al.

Decentralized systems are a subset of distributed systems where multiple authorities control different components and no authority is fully trusted by all. This implies that any component in a decentralized system is potentially adversarial. We revise fifteen years of research on decentralization and privacy, and provide an overview of key systems, as well as key insights for designers of future systems. We show that decentralized designs can enhance privacy, integrity, and availability but also require careful trade-offs in terms of system complexity, properties provided, and degree of decentralization. These trade-offs need to be understood and navigated by designers. We argue that a combination of insights from cryptography, distributed systems, and mechanism design, aligned with the development of adequate incentives, are necessary to build scalable and successful privacy-preserving decentralized systems.