DECO: Liberating Web Data Using Decentralized Oracles for TLS
This addresses the issue of locked-up user data in web-service silos, enabling applications like private financial instruments and verifiable claims, though it is incremental as it builds on existing TLS and oracle concepts.
The paper tackles the problem of proving the provenance of private data accessed via TLS without server-side modifications or trusted hardware, resulting in DECO, a decentralized oracle system that enables users to prove data came from a specific website and make zero-knowledge statements about it.
Thanks to the widespread deployment of TLS, users can access private data over channels with end-to-end confidentiality and integrity. What they cannot do, however, is prove to third parties the {\em provenance} of such data, i.e., that it genuinely came from a particular website. Existing approaches either introduce undesirable trust assumptions or require server-side modifications. As a result, the value of users' private data is locked up in its point of origin. Users cannot export their data with preserved integrity to other applications without help and permission from the current data holder. We propose DECO (short for \underline{dec}entralized \underline{o}racle) to address the above problems. DECO allows users to prove that a piece of data accessed via TLS came from a particular website and optionally prove statements about such data in zero-knowledge, keeping the data itself secret. DECO is the first such system that works without trusted hardware or server-side modifications. DECO can liberate data from centralized web-service silos, making it accessible to a rich spectrum of applications. To demonstrate the power of DECO, we implement three applications that are hard to achieve without it: a private financial instrument using smart contracts, converting legacy credentials to anonymous credentials, and verifiable claims against price discrimination.