2017-bocovich-lavinia
findings extracted from this paper
-
The Lavinia audit protocol is designed so that auditors are cryptographically indistinguishable from ordinary readers: an auditor cannot reveal her status to a server without forfeiting her own payment, and servers are therefore forced to serve content in response to every request. Any reader may additionally claim to be an auditor, and servers cannot verify such claims, further preventing selective serving.
-
The burn contract mechanism defends against deliberate auditor-chain termination attacks, in which a malicious actor poses as an auditor and refuses to post her secret, preventing all subsequent auditors from performing their audits. If the previous auditor fails, the current auditor can burn both her predecessor's payment and her own, receive a small fraction of those funds as incentive, and forward the chain secret to the next auditor — preventing a single compromised link from collapsing the entire revenue stream for a document.
-
Lavinia requires its underlying payment system to satisfy four properties for suitability in censorship-resistant contexts: (1) coercion-resistance through geo-political distribution or anonymization, (2) redeemable with a distributable secret, (3) time-locked escrow preventing early redemption, and (4) an append-only public log. The paper demonstrates that Bitcoin satisfies all four properties, with Zerocash extensions providing payment anonymization to prevent linking payments to specific documents.
-
Theorem 1 proves a dominant strategy Nash equilibrium in which all rational servers honestly store and serve all files, subject to the constraint that per-server audit payment exceeds routing cost and file-serving payment exceeds storage cost. At 2017 prices, storage hardware cost approximately $0.03/GB and bandwidth cost approximately $0.03/GB, so the minimum per-file hosting payment must exceed (η + BR) × $0.03/GB × |f|.
-
Lavinia allows a publisher to publish content, submit payments, and then cease all interaction with the system — continued document availability is not contingent on the original publisher remaining online or reachable. This specifically protects against out-of-band coercion tactics such as rubber-hose cryptanalysis in the case that the publisher is captured or prosecuted.