Privacy-Preserving Accountability Online
Abstract
Technologies that enable confidential communication and anonymous authentication are important for improving privacy for users of internet services. Unfortunately, encryption and anonymity, while good for privacy, make it hard to hold bad actors accountable for misbehavior. Internet services rely on seeing message content to detect spam and other harmful content; services must also be able to identify users to attribute and respond to abuse complaints. This tension between privacy and accountability leads to one of two suboptimal outcomes: Services require excessive trust in centralized entities to hold users accountable for misbehavior, or services leave themselves and/or their users open to abuse.
In this talk, I will highlight two deployed applications, end-to-end encrypted messaging and anonymous web browsing, where this tension arises and how gaps in accountability can and do lead to real-world attacks. I will discuss how I have addressed this tension through the design of new cryptographic protocols that preserve user privacy while also providing mechanisms for holding bad actors accountable. In particular, I will cover new protocols for anonymous blocklisting, one-time-use credentials, and transparent key infrastructure.
Bio:
Nirvan Tyagi is a Ph.D. candidate in the Department of Computer Science at Cornell University, advised by Tom Ristenpart and based at the NYC Cornell Tech campus. Over the past two years, he has held visiting student appointments at University of Washington and Stanford. His research interests span broadly across computer security, applied cryptography, and systems. Most recently, his focus has been on building systems that provide strong user privacy while also providing appropriate accountability against misbehavior. He is the recipient of an NSF Graduate Research Fellowship, a Facebook Ph.D. Fellowship, and a Digital Life Initiative Doctoral Fellowship. Nirvan received an Early Career Award at CRYPTO 2020 and his work on one-time-use credentials is being standardized by the IETF.