February 2025
·
1 Citation
What is this page?
This page lists works of an author who doesn't have a ResearchGate profile or hasn't added the works to their profile yet. It is automatically generated from public (personal) data to further our legitimate goal of comprehensive and accurate scientific recordkeeping. If you are this author and want this page removed, please let us know.
Publications (8)
December 2024
·
4 Reads
December 2024
·
7 Citations
May 2024
·
2 Reads
·
1 Citation
August 2022
·
26 Reads
·
4 Citations
CAPTCHAs are necessary to protect websites from bots and malicious crawlers, yet are increasingly solvable by automated systems. This has led to more challenging tests that require greater human effort and cultural knowledge; they may prevent bots effectively but sacrifice usability and discourage the human users they are meant to admit. We propose a new class of challenge: a Cryptographic Attestation of Personhood (CAP) as the foundation of a usable, pro-privacy alternative. Our challenge is constructed using the open Web Authentication API (WebAuthn) that is supported in most browsers. We evaluated the CAP challenge through a public demo, with an accompanying user survey. Our evaluation indicates that CAP has a strong likelihood of adoption by users who possess the necessary hardware, showing good results for effectiveness and efficiency as well as a strong expressed preference for using CAP over traditional CAPTCHA solutions. In addition to demonstrating a mechanism for more usable challenge tests, we identify some areas for improvement for the WebAuthn user experience, and reflect on the difficult usable privacy problems in this domain and how they might be mitigated.
January 2022
·
70 Reads
·
5 Citations
Lecture Notes in Computer Science
Cryptographic keys are increasingly stored in dedicated hardware or behind software interfaces. Doing so limits access, such as permitting only signing via ECDSA. This makes using them in existing ring and group signature schemes impossible as these schemes assume the ability to access the private key for other operations. We present a -protocol that uses a committed public key to verify an ECDSA or Schnorr signature on a message, without revealing the public key. We then discuss how this protocol may be used to derive ring signatures in combination with Groth–Kohlweiss membership proofs and other applications. This scheme has been implemented and source code is freely available.KeywordsRing signatureZero-knowledge proof-protocol
May 2021
·
92 Reads
·
126 Citations
October 2020
·
205 Reads
·
123 Citations
Citations (7)
... The nascent literature on Decentralized Physical Infrastructure Networks (DePIN) has studied Byzantine (i.e., arbitrary adversarial) behavior in information elicitation systems, with a focus on setting limits on the fraction of the population that can be Byzantine, and assuming that the rest are unconditionally honest, without the consideration of any incentives (Sheng et al. 2024a;Maram et al. 2021;Sheng et al. 2024b). Our work here crucially differs in that we study the players' rational behavior according to utility functions. ...
- Citing Chapter
February 2025
... Decentralized identity is deemed to be a new paradigm for replacing traditional centralized identity governance, promoting a higher-level privacy-preserving and user-centric approach to authentication and authorization [5,12,31]. World Wide Web Consortium (W3C) has standardized and formalized Decentralized Identifier (DID) and Verifiable Credential (VC) for decentralized identity. Specifically, a DID uniquely identifies an entity's identity and supports proof of ownership of identity attribute data. ...
- Citing Conference Paper
December 2024
... This phenomenon is similar to committing big batches of 2f + 1 blocks. Finally, (3) since all certified blocks need to be signed by a supermajority of validators, signature generation and verification consume a large amount of CPU on each validator, which grows with the number of validators [17], [18]. This burden is particularly heavy for a crashrecovered validator that typically needs to verify thousands of signatures when trying to catch up with the rest. ...
- Citing Conference Paper
May 2024
... This allowed us to benchmark their performance differences effectively. Initially inspired by Cloudflare's concept of using hardware security keys (HSKs) for the attestation of personhood [11], further elaborated by Whalen et al. [12], our design aimed to replace CAPTCHAs with HSK-based signature validation. This concept evolved into ZKAttest by Faz-Hernández et al. [13], using sigma-protocol ZKPs to attest to personhood while preserving HSK certificate privacy. ...
- Citing Conference Paper
- Full-text available
August 2022
... Such a scheme considers a prover and a verifier, where the prover holds a valid signature σ issued by a keypair sk, vk, and the verifier holds a list R = {vk i } i∈[m] of all valid public verification keys, where vk ∈ R. Previous work has produced practical schemes for proving knowledge of ECDSA signatures (e.g. see ZKAttest [62] and CDLS [61]), noting their similarity to ring signatures [79], in particular. Similar approaches for other TLS-compliant signature schemes (e.g. based on RSA) exist [80], but do not appear to be practical for our application (though practical constructions would have immediate value for our work). ...
- Citing Chapter
- Full-text available
January 2022
Lecture Notes in Computer Science
... Although initiatives like the W3C Decentralized Identifier Working Group seek to establish standards for decentralized identity [7,8], many proposed frameworks struggle to meet both technical and usability requirements. Recent efforts, such as CanDID, have made progress in areas like usable key recovery [66]. Building on concepts, such as, decentralized identifiers (DIDs), proof-of-personhood [49], anonymous credentials, and Personhood credentials (PHCs) have emerged as an alternative approach. ...
- Citing Conference Paper
May 2021
... One widely recognized approach involves decentralized identifiers (DIDs). Emerging proposed systems, DECO [96], Town-Crier [95] exemplify this model where users authorize the release of personal credentials from user devices to websites for proving certain characteristics about themselves. Although initiatives like the W3C Decentralized Identifier Working Group seek to establish standards for decentralized identity [7,8], many proposed frameworks struggle to meet both technical and usability requirements. ...
- Citing Conference Paper
October 2020