A novel privacy-preserving oracle protocol, created by students and faculty at IC3.
An oracle is a service that provides data to smart contracts or other systems. Oracles obtain their data from trusted websites. But even those that relay data correctly cannot safely access users' web-session data. That's because they can't enforce privacy.
DECO is a privacy-preserving oracle protocol. Using cryptographic techniques, it lets users prove facts about their web (TLS) sessions to oracles while hiding privacy-sensitive data. With DECO a user can, for instance, prove to an oracle that:
- She's over 18, according to her online U.S. State Department account...without revealing her account password or birthdate (or even her name!) to the oracle.
- She's won a bet against another user in a smart contract...without revealing what the bet was.
- She walked 10,000 steps a day for the past month according to the data on her fitness tracker website...without revealing any other health or personal data.
DECO is the first protocol that supports such uses and also:
- works with modern TLS versions
- requires no trusted hardware
- requires no server-side modifications
Today, vast quantities of private data are locked up in websites, inaccessible by services on the outside. DECO liberates private web data for use in otherwise unachievable applications.
DECO can make private and public web data accessible to a rich spectrum of applications, for blockchains and traditional (non-blockchain) systems. These include:
- Decentralized identity, e.g., credential creation from legacy data.
- Decentralized finance (DeFi), with privacy-preserving smart contracts.
- Privacy-preserving medical research, in which users relay electronic-health-record data to researchers in a trustworthy but private way.
F. Zhang, S. K. D. Maram, H. Malvai, S. Goldfeder, and A. Juels. DECO: Liberating Web Data Using Decentralized Oracles for TLS. 2019. In ACM CCS 2020. To appear.