DECO: Liberating Web Data Using Decentralized Oracles for TLS

Fri 25Oct2019

Fan Zhang, Cornell Tech

From 12.00 until 13.30

At CNB/F/110 (Lunch) + CAB/F/100.9 (Seminar), ETH Zurich

Universitätstrasse 6, 8092 Zurich


Thanks to the widespread deployment of TLS, users can access
private data over channels with end-to-end confidentiality and
integrity. What they cannot do, however, is prove to third parties the
provenance of such data, i.e., that it genuinely came from a
particular website. Existing approaches either introduce undesirable
trust assumptions or require server-side modifications.
As a result, the value of users' private data is locked up in its
point of origin. Users cannot export their data with preserved
integrity to other applications without help and permission from the
current data holder. Even the value of public date on the web cannot
be fully realized as there is no secure way to relay it to systems
without network connections, such as smart contracts.
We propose DECO (short for DECentralized Oracle) to address the above
problems. DECO allows users to prove that a piece of data accessed via
TLS came from a particular website and optionally prove statements
about such data in zero-knowledge, keeping the data itself secret.
DECO is the first such system that works without trusted hardware or
server-side modifications.
DECO can liberate data from centralized web-service silos, making it
accessible to a rich spectrum of applications. To demonstrate the
power of DECO, we implement three applications that are hard to
achieve without it: a private financial instrument using smart
contracts, converting legacy credentials to anonymous credentials, and
verifiable claims against price discrimination.  (Work in submission:

Download Event to Calendar