Ian Goldberg

Ian Goldberg
Canada Research Chair in Privacy Enhancing Technologies
Professor, Cheriton School of Computer Science
University of Waterloo
200 University Ave W
Waterloo, Ontario, Canada
N2L 3G1

Office: DC 3518
Phone: 519-888-4567 x36168


Here is some of my current and planned research.

Privacy-preserving communications networks

Privacy-preserving communications networks allow people to communicate with each other, and to access online information, without automatically revealing personal information such as their Internet addresses. The largest such network (Tor) sees about 500,000 users daily. However, Tor is pushing the limits of its scalability, and it is unlikely that Tor's current design could handle millions or tens of millions of users.

Our group works on many aspects of these networks, with the goal of improving their security, privacy, efficiency, and scalability. We have a considerable amount of experience in this topic, and a number of our improvements have been incorporated into the standard Tor software.

Off-the-Record Messaging

Off-the-Record Messaging, or OTR, enables people to use existing instant messaging systems while maintaining the security and privacy of the contents of their messages. Our flagship implementation, an OTR plugin for the Pidgin instant messenger, is used by hundreds of thousands of people around the world. There are independent libraries and plugins written by third parties in a variety of programming languages, including Java, Javascript, Scheme, Python, and Go, implementing our OTR protocol.

We continue to work on a number of aspects of OTR, including user interface improvements, robustness to user errors, and a version of OTR suitable for group communication.

Censorship Resistance

Free and open communications on the Internet are a boon to the exchange of ideas, information, culture, and democracy around the world. Unfortunately, a number of national governments aim to restrict the ability of their citizens to freely communicate. Censorship resistance technologies use information hiding techniques to allow communication between a citizen inside a censored regime and the outside. There have been a number of recent approaches to this problem, including Telex, a project between our group and a group at the University of Michigan.

Our work on censorship resistance explores the topic both from the technical side of designing, developing, and deploying censorship resistance technologies, but also from the economic and political side, examining the motivations of the censor and the resister, and analyzing the game-theoretic aspects of their interactions.

Private Information Retrieval

Private Information Retrieval, or PIR, enables people to perform online queries to databases while protecting the privacy of their queries even from the database operators themselves. Long considered too impractical for real-world use, our group and others have shown that PIR can indeed be practical for many realistic scenarios.

Our group works on creating PIR protocols that are computationally and communicationally efficient, while also providing for Byzantine robustness: the ability to withstand database servers that provide erroneous results, either through faults or through malice. Our group has produced PIR protocols that can withstand the largest possible number of misbehaving servers, while being thousands of times faster than previous work.

A major challenge in this area is that the cost of performing the private query increases with the size of the underlying database. While we have shown success in implementing PIR systems that can efficiently handle databases in the gigabyte range for a small number of simultaneous clients, in order to achieve large-scale deployment, we are working on new protocols that can efficiently handle many more simultaneous queries, as well as larger, terabyte-sized databases.

Efficient Zero-Knowledge Proofs

A common building block in privacy-preserving systems is the zero-knowledge proof (ZKP). In a ZKP, one party in the protocol (the prover) convinces another party (the verifier) of the truth of some statement, without revealing any more information. For example, the ZKP may assert that "the prover is authorized to access this website", without revealing the identity of the prover. Another example is the assertion that "the prover knows the correct password", without revealing the password itself to the verifier (or to an eavesdropper).

There are a number of useful simple statements—for example, that the prover knows a particular private key—for which efficient ZKPs are known. There are known ways to combine these simple statements using connectives such as AND, OR, and NOT, in order to form more complex statements, with correspondingly less efficient proofs. For certain kinds of complex statements, there are batch techniques that can be used to lower the cost of proving and/or verifying the complex statement to not much more than that of a simple statement; however, in general, complex ZKPs have high cost.

Our group has developed new batch techniques that make a larger variety of complex ZKPs more efficient. We are also developing a software library that can be easily used by programmers without expertise in ZKPs to prove and verify simple, complex, and batched statements.

Back to home
Ian Goldberg, iang@uwaterloo.ca
PGP fingerprint: 4096R/505DA62B A792 EF32 7B5B DDF9 3FAC 7E6F 4675 64B7 505D A62B

Last updated 2016-10-18

Created with vim Valid XHTML 1.0 Transitional Valid CSS!