Distributed Virtual Private Networks (dVPNs) are new VPN solutions aiming to solve the trust-privacy concern of a VPN's central authority by leveraging a distributed architecture. In this paper, we first review the existing dVPN ecosystem and debate on its privacy requirements. Then, we present VPN0, a dVPN with strong privacy guarantees and minimal performance impact on its users. VPN0 guarantees that a dVPN node only carries traffic it has "whitelisted", without revealing its whitelist or knowing the traffic it tunnels. This is achieved via three main innovations. First, an attestation mechanism which leverages TLS to certify a user visit to a specific domain. Second, a zero knowledge proof to certify that some incoming traffic is authorized, e.g., falls in a node's whitelist, without disclosing the target domain. Third, a dynamic chain of VPN tunnels to both increase privacy and guarantee service continuation while traffic certification is in place. The paper demonstrates VPN0 functioning when integrated with several production systems, namely BitTorrent DHT and ProtonVPN.
翻译:分布式虚拟私人网络(dVPN)是新的VPN解决方案,目的是通过利用分布式架构解决VPN中央当局的信任隐私问题。 在本文中,我们首先审查现有的dVPN生态系统,并就其隐私要求进行辩论。然后,我们提出VPN0, 一个具有强大隐私保障和最低性能影响的DVPN网络。 VPN0保证DVPN节点只携带“白名单”的交通,不透露其白名单或不知晓其隧道的交通。这是通过三大创新实现的。首先,一个证明机制,利用TLS认证用户访问特定领域。第二,一个证明某些进入的交通是授权的零知识证明,例如,在不披露目标领域的情况下,属于节点的白名单。第三,一个动态的VPN隧道链,既能增加隐私,又能保证在交通认证到位时继续提供服务。该文件显示VPN0在与几个生产系统(即BitTorrent DHT和ProtonVPN)整合时功能。