Skip to content

Instantly share code, notes, and snippets.

@ept

ept/trve-2016-05.md

Created May 28, 2016 11:23
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save ept/59e0309f5ca088db585ef860d1426f86 to your computer and use it in GitHub Desktop.
Save ept/59e0309f5ca088db585ef860d1426f86 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
trve-2016-05.md

TRVE DATA monthly update: May 2016

Hi everyone, the month of May has flown by, and it's time for our second monthly update for the TRVE DATA project.

In case you missed it, last month's update is here: https://gist.github.com/ept/627b4f102a0a036cee0b941a8b8e31c2

Here's what's new in May:

  • Stephan has been doing some measurements to determine the overhead of running a Tor hidden service on a smartphone, which could be used to exchange messages between devices directly in a privacy-preserving way. He found that just keeping the hidden service alive produces several hundreds of megabytes per month in traffic. To a large extent this seems to be caused by regularly downloading information about the status of all Tor relays. As this amount of overhead is not acceptable for many users with a limited data allowance, an open question is whether we can reduce the amount of data that needs to be downloaded, and what the trade-offs are.

  • Diana has been exploring the use of zero-knowledge proofs, the J-PAKE key agreement protocol, and Schnorr signatures within the context of gossip protocols to verify user identity. The goal is to consistently verify that users have the correct public key for the people they are collaborating with. This should be done without relying on manual fingerprint checking or a trusted authority, but also preserve user privacy: the protocol should leak as little information as possible about who is communicating with whom. It turns out this is a difficult set of trade-offs which we're still trying to fully understand.

  • Martin has figured out how to make a JSON CRDT work (see April update), and has written up formal semantics for its operations. It turned out to be quite hard, and it's not obvious from inspection that the algorithm is correct. To increase our confidence, we want to try proving it correct — in particular, prove that it always converges (i.e. after all messages have been delivered, all collaborators have the same document on their screen). We have started on a pen-and-paper proof, but may also try using an automated theorem prover such as Isabelle.

  • Diana and Martin's proposal to speak at Strange Loop has been accepted. They will be doing a joint presentation on "End-to-end encryption: Behind the scenes", which will explain the technical aspects behind modern secure messaging protocols to an audience of non-cryptographers.

  • We have recruited two undergraduate students as summer interns, who will be working with us on some prototype implementations of the ideas we're developing.

If you would like to talk to us about any of the above topics, please get in touch!

Martin

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment