publications

2024

1. Argumentation Schemes for Blockchain Deanonymisation

   Dominic Deuber, Jan Gruber, Merlin Humml, Viktoria Ronge, and Nicole Scheler

   FinTech, 2024

   Abstract URL

   Cryptocurrency forensics have become standard tools for law enforcement. Their basic idea is to deanonymise cryptocurrency transactions to identify the people behind them. Cryptocurrency deanonymisation techniques are often based on premises that largely remain implicit, especially in legal practice. On the one hand, this implicitness complicates investigations. On the other hand, it can have far-reaching consequences for the rights of those affected. Argumentation schemes could remedy this untenable situation by rendering the underlying premises more transparent. Additionally, they can aid in critically evaluating the probative value of any results obtained by cryptocurrency deanonymisation techniques. In the argumentation theory and AI community, argumentation schemes are influential as they state the implicit premises for different types of arguments. Through their critical questions, they aid the argumentation participants in critically evaluating arguments. We specialise the notion of argumentation schemes to legal reasoning about cryptocurrency deanonymisation. Furthermore, we demonstrate the applicability of the resulting schemes through an exemplary real-world case. Ultimately, we envision that using our schemes in legal practice can solidify the evidential value of blockchain investigations, as well as uncover and help to address uncertainty in the underlying premises—thus contributing to protecting the rights of those affected by cryptocurrency forensics.

2023

1. Assessing Anonymity Techniques Employed in German Court Decisions: A De-Anonymization Experiment

   Dominic Deuber, Michael Keuchen, and Nicolas Christin

   In Proceedings of the 32nd USENIX Security Symposium (USENIX Security ’23), 2023

   Abstract URL Talk

   Democracy requires transparency. Consequently, courts of law must publish their decisions. At the same time, the interests of the persons involved in these court decisions must be protected. For this reason, court decisions in Europe are anonymized using a variety of techniques. To understand how well these techniques protect the persons involved, we conducted an empirical experiment with 54 law students, whom we asked to de-anonymize 50 German court decisions. We found that all anonymization techniques used in these court decisions were vulnerable, most notably the use of initials. Since even supposedly secure anonymization techniques proved vulnerable, our work empirically reveals the complexity involved in the anonymization of court decisions, and thus calls for further research to increase anonymity while preserving comprehensibility. Toward that end, we provide recommendations for improving anonymization quality. Finally, we provide an empirical notion of “reasonable effort,” to flesh out the definition of anonymity in the legal context. In doing so, we bridge the gap between the technical and the legal understandings of anonymity.

2. Anonymisierung von Gerichtsentscheidungen im Lichte der IT-Sicherheit - Nachweis der Unsicherheit eines geheim gehaltenen Anonymisierungsverfahrens und Alternativen

   Dominic Deuber, and Michael Keuchen

   MultiMedia und Recht, 2023

   Abstract URL

   Wie anonymisieren Gerichte ihre Entscheidungen vor deren Veröffentlichung? Ein Kläger begehrte Informationszugang zur Methode der Anonymisierung, den das VG Düsseldorf im Urt. v. 23.11.2020 – 29 K 13336/17 ablehnte. Die Methode der Anonymisierung, bei der u.a. ein Verschlüsselungsverfahren zum Einsatz kommt, müsse der Geheimhaltung unterliegen. Andernfalls seien bisherige Anonymisierungen wirkungslos und ein Persönlichkeitsschutz wegen nachträglicher Rückschlüsse auf Beteiligte nicht mehr möglich. Die Aussage – ein Anonymisierungsverfahren bedürfe der Geheimhaltung – steht im Widerspruch zu einem Grundprinzip der IT-Sicherheit. Vielmehr indiziert diese Aussage die Verwendung eines unsicheren Verschlüsselungsverfahrens zur Anonymisierung, wie der vorliegende Beitrag mit Methoden der Kryptoanalyse empirisch bestätigt. Abschließend wird erläutert welche sicheren Anonymisierungsverfahren und -techniken stattdessen verwendet werden können.

2022

1. SoK: Assumptions Underlying Cryptocurrency Deanonymizations

   Dominic Deuber, Viktoria Ronge, and Christian Rückert

   In Proceedings of the Privacy Enhancing Technologies Symposium (PETS 2022), 2022

   Abstract URL Talk

   In recent years, cryptocurrencies have increasingly been used in cybercrime and have become the key means of payment in darknet marketplaces, partly due to their alleged anonymity. Furthermore, the research attacking the anonymity of even those cryptocurrencies that claim to offer anonymity by design is growing and is being applied by law enforcement agencies in the fight against cybercrime. Their investigative measures require a certain degree of suspicion and it is unclear whether findings resulting from attacks on cryptocurrencies’ anonymity can indeed establish that required degree of suspicion. The reason for this is that these attacks are partly based upon uncertain assumptions which are often not properly addressed in the corresponding papers. To close this gap, we extract the assumptions in papers that are attacking Bitcoin, Monero and Zcash, major cryptocurrencies used in darknet markets which have also received the most attention from researchers. We develop a taxonomy to capture the different nature of those assumptions in order to help investigators to better assess whether the required degree of suspicion for specific investigative measures could be established. We found that assumptions based on user behaviour are in general the most unreliable and thus any findings of attacks based on them might not allow for intense investigative measures such as pre-trial detention. We hope to raise awareness of the problem so that in the future there will be fewer unlawful investigations based upon uncertain assumptions and thus fewer human rights violations.

2. Veröffentlichungspraxis in den öffentlich zugänglichen Rechtsprechungsportalen von Bund und Ländern von 2011 bis 2020

   Michael Keuchen, and Dominic Deuber

   2022

   Abstract URL

   Bei den vorliegenden Daten handelt es sich um einen Begleitdatensatz zu den Veröffentlichungen von Keuchen/Deuber in den Heften 05 (S. 189 - 196) und 06/2022 (S. 229 - 236) der Zeitschrift "Recht Digital" (RDi). Darin wurde die Veröffentlichungspraxis in öffentlich zugänglichen Rechtsprechungsportalen von Bund und Ländern für den Zeitraum von 2011 bis 2020 untersucht. Betrachtet wurde die Veröffentlichungsquote sowie die Art und Weise der Bereitstellung, insbesondere im Lichte des Datennutzungsgesetzes (DNG) auf den Portale.

3. Argumentation Schemes for Blockchain Deanonymization

   Dominic Deuber, Jan Gruber, Merlin Humml, Viktoria Ronge, and Nicole Scheler

   In Sixteenth International Workshop on Juris-informatics (JURISIN 2022), 2022

   Abstract URL

   Cryptocurrency forensics became standard tools for law enforcement. Their basic idea is to deanonymise cryptocurrency transactions to identify the people behind them. Cryptocurrency deanonymisation techniques are often based on premises that largely remain implicit, especially in legal practice. On the one hand, this implicitness complicates investigations. On the other hand, it can have far-reaching consequences for the rights of those affected. Argumentation schemes could remedy this untenable situation by rendering underlying premises transparent. Additionally, they can aid in critically evaluating the probative value of any results obtained by cryptocurrency deanonymisation techniques. In the argumentation theory and AI community, argumentation schemes are influential as they state implicit premises for different types of arguments. Through their critical questions, they aid the argumentation participants in critically evaluating arguments. We specialise the notion of argumentation schemes to legal reasoning about cryptocurrency deanonymisation. Furthermore, we demonstrate the applicability of the resulting schemes through an exemplary real-world case. Ultimately, we envision that using our schemes in legal practice can solidify the evidential value of blockchain investigations as well as uncover and help address uncertainty in underlying premises – thus contributing to protect the rights of those affected by cryptocurrency forensics.

4. Öffentlich zugängliche Rechtsprechung für Legal Tech – Eine rechtliche und empirische Betrachtung im Lichte des DNG – Teil 1

   Michael Keuchen, and Dominic Deuber

   Recht Digital, 2022

   Abstract URL

   Öffentlich zugängliche Gerichtsentscheidungen sind für Legal Tech-Anwendungen essenziell. Gerichtsentscheidungen können als Trainingsdaten für maschinelle Lernverfahren herangezogen werden. Der Beitrag erläutert welche technischen Rahmenbedingungen dafür mit Blick auf die Bereitstellung von Entscheidungen erfüllt sein sollten. Neben der Anzahl an veröffentlichten Entscheidungen („Ob“) ist die Art und Weise der Bereitstellung („Wie“) maßgeblich. Vor diesem Hintergrund werden die rechtlichen Grundlagen für das „Ob“ und „Wie“ der Veröffentlichung untersucht (Teil 1). Dafür wird anknüpfend an eine allgemeine Veröffentlichungspflicht für Rechtsprechung eine Anwendbarkeit des Datennutzungsgesetzes (DNG) geprüft. Die Anforderungen an die Bereitstellung aus dem DNG werden für die Konstellation der Veröffentlichung von Gerichtsentscheidungen diskutiert. In einem zweiten Teil (Heft 6/2022) erfolgt eine empirische Erhebung zum „Ob“ und „Wie“ der Veröffentlichung im letzten Jahrzehnt auf den öffentlich zugänglichen Rechtssprechungsportalen von Bund und Ländern.

5. Öffentlich zugängliche Rechtsprechung für Legal Tech – Eine rechtliche und empirische Betrachtung im Lichte des DNG – Teil 2

   Michael Keuchen, and Dominic Deuber

   Recht Digital, 2022

   Abstract URL

   Für Legal Tech-Anwendungen basierend auf maschinellen Lernverfahren werden eine Vielzahl an öffentlich zugänglichen und maschinenlesbaren Gerichtsentscheidungen als Trainingsdaten benötigt. Neben der Anzahl an veröffentlichten Entscheidungen („Ob“) ist die Art und Weise der Bereitstellung („Wie“) von Bedeutung. In einem ersten Teil (RDi 2022, 189) wurde gezeigt, dass den Staat eine verfassungsunmittelbare Pflicht zur Entscheidungsveröffentlichung trifft und Gerichtsentscheidungen nach den Anforderungen des Datennutzungsgesetzes (DNG) bereitgestellt werden müssen. Das „Ob“ und „Wie“ der Veröffentlichung und deren Entwicklung werden für die öffentlich zugänglichen Rechtsprechungsportale von Bund und Ländern vor dem Hintergrund des DNG empirisch untersucht. Die Untersuchung zeigt, dass im letzten Jahrzehnt auf diesen Portalen nur 2,3 % der Gerichtsentscheidungen veröffentlicht wurden. Ebenso bestehen bei zahlreichen der 31 untersuchten Portale Verbesserungspotenziale betreffend die Bereitstellung in Hinblick auf Maschinenlesbarkeit und Metadaten. Um die Nutzung von Gerichtsentscheidungen in Legal Tech-Anwendungen zu erleichtern, werden Erweiterungen des DNG sowie Empfehlungen zur Bereitstellung vorgeschlagen.

2021

1. CoinJoin in the Wild - An Empirical Analysis in Dash

   Dominic Deuber, and Dominique Schröder

   In Proceedings of the 26th European Symposium on Research in Computer Security (ESORICS 2021), 2021

   Abstract URL

   CoinJoin is the predominant means to enhance privacy in non-private cryptocurrencies, such as Bitcoin. The basic idea of CoinJoin is to create transactions that combine equal-valued coins of multiple users. This mixing of coins aims to prevent linkage of the users’ transactional in- and outputs. The cryptocurrency Dash employs a built-in CoinJoin service and, therefore, is ideal for empirically studying CoinJoin. This paper presents the first empirical analysis of Dash, which reveals that over 40 % of all private transactions can be de-anonymized depending on underlying assumptions. The main issue of these attacks is the coin-aggregation problem, i.e. the need to combine outputs of several CoinJoin transactions. The coin aggregation problem is not specific to Dash and affects other cryptocurrencies as empirical evidence in Bitcoin suggests. We show that the logical solution to the problem, namely CoinJoin transactions with non-fixed arbitrary values, suffers from other privacy weaknesses. We propose a novel mixing algorithm to mitigate the need for coin aggregation without introducing additional privacy vulnerabilities. In contrast to prior mixing algorithms, our approach removes the need for fixed values by dynamically creating equal-valued CoinJoin transactions. The mixing algorithm is not specific to Dash, and integration into other cryptocurrencies, especially into Bitcoin, is possible.

2. Controlling my genome with my smartphone: first clinical experiences of the PROMISE system

   Ali Amr, Marc Hinderer, Lena Griebel, Dominic Deuber, Christoph Egger, Farbod Sedaghat-Hamedani, Elham Kayvanpour, Daniel Huhn, Jan Haas, Karen Frese, Marc Schweig, Ninja Marnau, Annika Kraemer, Claudia Durand, Florian Battke, Hans-Ulrich Prokosch, Michael Backes, Andreas Keller, Dominique Schröder, Hugo A. Katus, Norbert Frey, and Benjamin Meder

   Clinical Research in Cardiology, 2021

   Abstract URL

   Background: The development of Precision Medicine strategies requires high-dimensional phenotypic and genomic data, both of which are highly privacy-sensitive data types. Conventional data management systems lack the capabilities to sufficiently handle the expected large quantities of such sensitive data in a secure manner. PROMISE is a genetic data management concept that implements a highly secure platform for data exchange while preserving patient interests, privacy, and autonomy. Methods: The concept of PROMISE to democratize genetic data was developed by an interdisciplinary team. It integrates a sophisticated cryptographic concept that allows only the patient to grant selective access to defined parts of his genetic information with single DNA base-pair resolution cryptography. The PROMISE system was developed for research purposes to evaluate the concept in a pilot study with nineteen cardiomyopathy patients undergoing genotyping, questionnaires, and longitudinal follow-up. Results: The safety of genetic data was very important to 79 %, and patients generally regarded the data as highly sensitive. More than half the patients reported that their attitude towards the handling of genetic data has changed after using the PROMISE app for 4 months (median). The patients reported higher confidence in data security and willingness to share their data with commercial third parties, including pharmaceutical companies (increase from 5 to 32 %). Conclusion: PROMISE democratizes genomic data by a transparent, secure, and patient-centric approach. This clinical pilot study evaluating a genetic data infrastructure is unique and shows that patient’s acceptance of data sharing can be increased by patient-centric decision-making.

2020

1. The Patient as Genomic Data Manager - Evaluation of the PROMISE App

   Lena Griebel, Marc Hinderer, Ali Amr, Benjamin Meder, Marc Schweig, Dominic Deuber, Christoph Egger, Claudia Kawohl, Annika Krämer, Isabell Flade, Dominique Schröder, and Hans-Ulrich Prokosch

   In Digital Personalized Health and Medicine, 2020

   Abstract URL

   PROMISE (Personal Medical Safe) was a German research project which aimed to provide the responsibility of genomic data to the patient via a mobile app. The patient should accept or decline study requests to use his/her genomic data via the app. In the evaluation of the app the experiences with mobile health as well as the opinion on being the genomic data manager were measured. Furthermore, the test patients were asked about their opinion and their concerns on the PROMISE app. Most of the 19 test patients were aware of the high sensibility of genomic data and thought that the PROMISE app was a suitable solution. The largest part found it good that they were the responsible data owner. However, several participants also found it important to have a permanent contact person when it comes to questions on inquiries or the app.

2. Liechtensteiner Blockchain-Gesetzgebung: Vorbild für Deutschland? Lösungsansatz für eine zivilrechtliche Behandlung von Token

   Dominic Deuber, and Helena Khorrami Jahromi

   MultiMedia und Recht, 2020

   Abstract URL

   Immer mehr europäische Länder entwickeln Strategien zur zivilrechtlichen Behandlung von Token. Allen voran hat Liechtenstein mit dem TVTG ein Gesetz verabschiedet, das sämtliche Fragestellungen der Token-Ökonomie abschließend regeln soll. Dabei galt es insbesondere Übertragung und Rückübertragung von Token zu regeln. Grund dafür ist, dass Token typischerweise auf digitalen Transaktionsregistern basieren, die technisch durch grundsätzlich unveränderbare Blockchains realisiert sind. Um der Unveränderbarkeit Rechnung zu tragen, wurde mit dem TVTG das Abstraktionsprinzip in das liechtensteinische Recht eingeführt.
   
   Neben einer kritischen Untersuchung der liechtensteinischen Initiative wird die bisherige Behandlung von Token in der deutschen zivilrechtlichen Diskussion analysiert. Im Wege des Vergleichs wird daneben ein Blick auf eine deutsche Lösung de lege ferenda geworfen.

3. Minting Mechanism for Proof of Stake Blockchains

   Dominic Deuber, Nico Döttling, Bernardo Magri, Giulio Malavolta, and Sri Aravinda Krishnan Thyagarajan

   In Proceedings of the 18th International Conference on Applied Cryptography and Network Security (ACNS 2020), 2020

   Abstract URL

   As an alternative for the computational waste generated by proof-of-work (PoW) blockchains, proof-of-stake (PoS) systems gained a lot of popularity, being adopted by many existing cryptocurrencies. Unfortunately, as we show, PoS-based currencies, where newly minted coins are assigned to the slot leader, inevitably incentivises coin hoarding, as players maximise their utility by holding their stakes and not trading. As a result, existing PoS-based cryptocurrencies do not mimic the properties of fiat currencies, but are rather regarded as investment vectors.
   
   In this work we initiate the study of minting mechanisms in cryptocurrencies as a primitive on its own right, and as a first step to a solution to mitigate coin hoarding in PoS currencies we propose a novel minting mechanism based on waiting-time first-price auctions. Our main technical tool is a protocol to run an auction over any blockchain. Moreover, our protocol is the first to securely implement an auction without requiring a semi-trusted party, i.e., where every miner in the network is a potential bidder. Our approach is generically applicable and we show that it is incentive-compatible with the underlying blockchain, i.e., the best strategy for a player is to behave honestly. Our proof-of-concept implementation shows that our system is efficient and scales to tens of thousands of bidders.

2019

1. My Genome Belongs to Me: Controlling Third Party Computation on Genomic Data

   Dominic Deuber, Christoph Egger, Katharina Fech, Giulio Malavolta, Dominique Schröder, Sri Aravinda Krishnan Thyagarajan, Florian Battke, and Claudia Durand

   In Proceedings of the Privacy Enhancing Technologies Symposium (PETS 2019), 2019

   Abstract URL

   An individual’s genetic information is possibly the most valuable personal information. While knowledge of a person’s DNA sequence can facilitate the diagnosis of several heritable diseases and allow personalized treatment, its exposure comes with significant threats to the patient’s privacy. Currently known solutions for privacy-respecting computation require the owner of the DNA to either be heavily involved in the execution of a cryptographic protocol or to completely outsource the access control to a third party. This motivates the demand for cryptographic protocols which enable computation over encrypted genomic data while keeping the owner of the genome in full control. We envision a scenario where data owners can exercise arbitrary and dynamic access policies, depending on the intended use of the analysis results and on the credentials of who is conducting the analysis. At the same time, they are not required to maintain a local copy of their entire genetic data and do not need to exhaust their computational resources in an expensive cryptographic protocol.
   
   In this work, we present METIS, a system that assists the computation over encrypted data stored in the cloud while leaving the decision on admissible computations to the data owner. A critical feature of our system is that the data owner is free from computational overload and her communication complexity is independent of the size of the input data and only linear in the size of the circuit’s output. METIS is based on garbled circuits and supports any polynomially-computable function. We demonstrate the practicality of our approach with an implementation and an evaluation of several functions over real dataset.

2. Redactable Blockchain in the Permissionless Setting

   Dominic Deuber, Bernardo Magri, and Sri Aravinda Krishnan Thyagarajan

   In Proceedings of the 40th IEEE Symposium on Security and Privacy (Oakland 2019), 2019

   Abstract URL

   Bitcoin is an immutable permissionless blockchain system that has been extensively used as a public bulletin board by many different applications that heavily relies on its immutability. However, Bitcoin’s immutability is not without its fair share of demerits. Interpol exposed the existence of harmful and potentially illegal documents, images and links in the Bitcoin blockchain, and since then there have been several qualitative and quantitative analysis on the types of data currently residing in the Bitcoin blockchain. Although there is a lot of attention on blockchains, surprisingly the previous solutions proposed for data redaction in the permissionless setting are far from feasible, and require additional trust assumptions. Hence, the problem of harmful data still poses a huge challenge for law enforcement agencies like Interpol (Tziakouris, IEEE S&P’18).
   
   We propose the first efficient redactable blockchain for the permissionless setting that is easily integrable into Bitcoin, and that does not rely on heavy cryptographic tools or trust assumptions. Our protocol uses a consensus-based voting and is parameterised by a policy that dictates the requirements and constraints for the redactions; if a redaction gathers enough votes the operation is performed on the chain. As an extra feature, our protocol offers public verifiability and accountability for the redacted chain. Moreover, we provide formal security definitions and proofs showing that our protocol is secure against redactions that were not agreed by consensus. Additionally, we show the viability of our approach with a proof-of-concept implementation that shows only a tiny overhead in the chain validation of our protocol when compared to an immutable one.

2018

1. Functional Credentials

   Dominic Deuber, Matteo Maffei, Giulio Malavolta, Max Rabkin, Dominique Schröder, and Mark Simkin

   In Proceedings on Privacy Enhancing Technologies Symposium (PETS 2018), 2018

   Abstract URL

   A functional credential allows a user to anonymously prove possession of a set of attributes that fulfills a certain policy. The policies are arbitrary polynomially computable predicates that are evaluated over arbitrary attributes. The key feature of this primitive is the delegation of verification to third parties, called designated verifiers. The delegation protects the privacy of the policy: A designated verifier can verify that a user satisfies a certain policy without learning anything about the policy itself. We illustrate the usefulness of this property in different applications, including outsourced databases with access control. We present a new framework to construct functional credentials that does not require (non-interactive) zero-knowledge proofs. This is important in settings where the statements are complex and thus the resulting zero-knowledge proofs are not efficient. Our construction is based on any predicate encryption scheme and the security relies on standard assumptions. A complexity analysis and an experimental evaluation confirm the practicality of our approach.