On June 17th 2024 at 10:00, Ruben De Smet will defend their PhD entitled “RAPID PROTOYPING AND DEPLOYMENT OF PRIVACY-ENHANCING TECHNOLOGIES”.
Everybody is invited to attend the presentation in room D.2.01, or digitally via this link.
Since its inception, the internet has quickly become a public service utility. The combination of its commercial exploitation, and the rather intimate nature of how humans actively use the internet, gives rise to some paradoxical situations. As a citizen of Belgium, I would probably not expect to give my name and phone number to a company in the United States to talk to my brother, 50 km up north. However, for over two billion people, this is their rather paradoxical reality: the company Meta, owning WhatsApp, collects and stores these data for their users. This cherry-picked scenario stands example for a wider trend in the industry.
Cryptographers have worked on several privacy-enhancing technologies (PETs). These PETs aim to minimize the amount of personal data to fulfil a service for users. Although these technologies exist on paper, several practical issues arise. These practicalities are the subject of this thesis.
One practical issue is the performance. PETs that run on end-user devices should both be fast and require little bandwidth. We investigate how implementation details may lead to significant speedups or bandwidth savings. Specifically, we devise a zero-knowledge proof (ZKP) tailored to electronic road pricing (ERP). ERP is a privacy-sensitive topic, and our ERP system achieves some notable performance improvements over preexisting proposals.
A second practical issue is the challenging nature of implementing PETs. We present “Circuitree” and “Whisperfish”, to study how to bring PETs to an actual application. Circuitree is a high-level framework to tailor ZKPs to specific scenarios, using a bespoke logic programming language. The language is designed such that the resulting ZKP is highly efficient.
Whisperfish is effectively a reimplementation of the Signal instant messaging client, and allows us to present in detail how Signal deploys their PETs to users. All ideas put forward in this thesis were evaluated by means of their implementation in the Rust programming language.