Cryptology ePrint Archive: Report 2020/648

Ghostor: Toward a Secure Data-Sharing System from Decentralized Trust

Yuncong Hu and Sam Kumar and Raluca Ada Popa

Abstract: Data-sharing systems are often used to store sensitive data. Both academia and industry have proposed numerous solutions to protect user privacy and data integrity from a compromised server. Practical state-of-the-art solutions, however, use weak threat models based on centralized trust—they assume that part of the server will remain uncompromised, or that the adversary will not perform active attacks. We propose Ghostor, a data-sharing system that, using only decentralized trust, (1) hides user identities from the server, and (2) allows users to detect server-side integrity violations. To achieve (1), Ghostor avoids keeping any per-user state at the server, requiring us to redesign the system to avoid common paradigms like per-user authentication and user-specific mailboxes. To achieve (2), Ghostor develops a technique called verifiable anonymous history. Ghostor leverages a blockchain rarely, publishing only a single hash to the blockchain for the entire system once every epoch. We measured that Ghostor incurs a 4–5x throughput overhead compared to an insecure baseline. Although significant, Ghostor's overhead may be worth it for security- and privacy-sensitive applications.

Category / Keywords: applications / data-sharing system, anonymity, verifiable linearizability, blockchain

Original Publication (with minor differences): 17th USENIX Symposium on Networked Systems Design and Implementation

Date: received 29 May 2020, last revised 31 May 2020

Contact author: yhu at eecs berkeley edu, samkumar@eecs berkeley edu, raluca@eecs berkeley edu

Available format(s): PDF | BibTeX Citation

Version: 20200603:095130 (All versions of this report)

Short URL: ia.cr/2020/648


[ Cryptology ePrint archive ]