Fog-of-Trust protocol audit

In alignment with the main topic of ConcreteConctracts, Code Blau was involved in the evaluation of the “Fog of Trust” (FoT) protocol, which was considered as an extension of the GNU Taler protocol suite.

The purpose of FoT was to provide a privacy-preserving mechanism which allows parties to build trust into the validity of certain attributes of another user, such as the email adresses, phone numbers or IBAN’s, without disclosing anything about the set of trustees involved. This is especially important in the context of peer-to-peer payments.

Code Blau of ConcreteContracts has performed a security audit of FoT. Unfortunately, the security audit has revealed severe flaws in the protocol that renders it insecure with respect to its privacy promisses. The results of this security audit have been published in a joint paper with Christian Grothoff from BFH, see https://dl.acm.org/doi/10.1145/3694848.3694853.