VPN0: A Privacy-Preserving Decentralized Virtual Private Network
This addresses privacy concerns for users of decentralized VPNs by providing strong guarantees against traffic exposure, though it is incremental as it builds on existing dVPN architectures.
The paper tackles the problem of trust and privacy in distributed VPNs by introducing VPN0, which ensures nodes only carry whitelisted traffic without revealing the whitelist or traffic details, achieving this with minimal performance impact as demonstrated through integration with systems like BitTorrent DHT and ProtonVPN.
Distributed Virtual Private Networks (dVPNs) are new VPN solutions aiming to solve the trust-privacy concern of a VPN's central authority by leveraging a distributed architecture. In this paper, we first review the existing dVPN ecosystem and debate on its privacy requirements. Then, we present VPN0, a dVPN with strong privacy guarantees and minimal performance impact on its users. VPN0 guarantees that a dVPN node only carries traffic it has "whitelisted", without revealing its whitelist or knowing the traffic it tunnels. This is achieved via three main innovations. First, an attestation mechanism which leverages TLS to certify a user visit to a specific domain. Second, a zero knowledge proof to certify that some incoming traffic is authorized, e.g., falls in a node's whitelist, without disclosing the target domain. Third, a dynamic chain of VPN tunnels to both increase privacy and guarantee service continuation while traffic certification is in place. The paper demonstrates VPN0 functioning when integrated with several production systems, namely BitTorrent DHT and ProtonVPN.