01-30, 14:30–15:15 (Europe/Zurich), Beacon Stage
In a world where everyone uses anonymous crypto-currencies for all payment needs and anonymous credentials and private smart contracts for all other digital interactions, it is impossible to trace wrongdoers, by design. This makes legitimate controls, such as tracing illicit trade and terror suspects, impossible to carry out. Here, we propose a privacy-preserving blueprint capability that allows an auditor to publish an encoding of the function f(x, - ) for a publicly known function f and a secret input x. For example, x may be a secret watchlist, and f(x, y) may return y if y in x. On input her data y and the auditor's pk_x, a user can compute an escrow Z such that anyone can verify that Z was computed correctly from the user's credential attributes, and moreover, the auditor can recover f(x,y) from Z.
Decentralized accountability or inclusive accountability refers to everyone holding everyone accountable. In the sense that opportunities and rights come with responsibilities and obligations.
Maybe not everyone will be involved in this law making and law enforcing process, but I like to think in terms of a solidarity understood in the broadest possible way, with participants understood as in a sense equal partners.
For systems with privacy there is a clear conflict here between confidentiality vs availability and performance. For instance, if n parties perform an n-out-of-n secret sharing, this will be slow and won’t allow us to recover anything if even a single party drops out or refuses to participate.
We thus need a smaller committee that ideally proves in ZK that it follows the rules set my the majority correctly before compromising a participants privacy. That’s what blueprints allow us to do.
I am a professor in the Security and Privacy research group at the University of Edinburgh. I hold a PhD in cryptography from COSIC at the K.U. Leuven and previously was a researcher at Microsoft Research Cambridge in the Programming Principles and Tools group. I worked on the Identity Mixer anonymous credential system at IBM Research Zurich and I am a founding member of the miTLS project, now project Everest, a verified implementation of the TLS standard. For the latter work I am a co-recipient of received the Levchin prize for real-world cryptography.
I am the director of the Edinburgh ZK-Lab.