DiStefano: Decentralized Infrastructure for Sharing Trusted Encrypted Facts and Nothing More
Sofia Celi
Network and Distributed System Security (NDSS) Symposium 2025 · Day 2 · Secure Protocols
In an era increasingly concerned with data privacy and the pervasive collection of personal information, the DiStefano protocol emerges as a pivotal advancement in enabling privacy-preserving interactions online. Presented by Sofia Celi at the NDSS Symposium, this work introduces a novel decentralized infrastructure designed for sharing trusted, encrypted facts without revealing the underlying sensitive data. The core innovation lies in its ability to generate cryptographic commitments over **TLS 1.3 encrypted data**, which can then be used to construct **zero-knowledge proofs (ZKPs)** about specific attributes of that data.
AI review
Solid, original cryptographic systems work that earns its complexity. DiStefano ships a real TLS 1.3-compatible DCTLS protocol with a working BoringSSL implementation, identifies and patches a concrete AES-GCM key-committing vulnerability, and uses ring-signature ZKPs to solve a privacy problem that prior three-party handshake schemes quietly ignored. The ZKP layer over commitments being punted to future work is a genuine limitation, but the foundation laid here is non-trivial.