Contributions to Proceedings:
M. Matteo, P. Moreno-Sanchez, A. Kate, G. Malavolta:
"SilentWhispers: Enforcing Security and Privacy in Decentralized Credit Networks";
in: "2017 Network and Distributed System Security Symposium",
Reston, Virginia, USA,
Abstract-Credit networks model transitive trust (or credit) between users in a distributed environment and have recently seen a rapid increase of popularity due to their ﬂexible design and robustness against intrusion. They serve today as a backbone of real-world IOweYou transaction settlement networks such as Ripple and Stellar, which are deployed by various banks worldwide, as well as several other systems, such as spamresistant communication protocols and Sybil-tolerant social networks.Currentsolutions,however,raiseseriousprivacyconcerns, asthenetworktopologyaswellasthecreditvalueofthelinksare madepublicforapparenttransparencypurposesandanychanges are logged. In payment scenarios, for instance, this means that all transactions have to be public and everybody knows who paid what to whom. In this work, we question the necessity of a privacy-invasive transaction ledger. In particular, we present SilentWhispers, the ﬁrst distributed, privacy-preserving credit network that does not require any ledger to protect the integrity of transactions. Yet, SilentWhispers guarantees integrity and privacy of link values and transactions even in the presence of distrustful users and malicious neighbors, whose misbehavior in changing link values is detected and such users can be held accountable. We formalize these properties as ideal functionalities in the universal composability framework and present a secure realization based on a novel combination of secret-sharing-based multiparty computation and digital signature chains. SilentWhispers can handle network churn, and it is efﬁcient as demonstrated with a prototype implementation evaluated using payments data extracted from the currently deployed Ripple payment system.
"Official" electronic version of the publication (accessed through its Digital Object Identifier - DOI)
Electronic version of the publication:
Created from the Publication Database of the Vienna University of Technology.