Meet the Team Behind Boquila: Winning Project of the 2024 IC3 Blockchain Camp Hackathon
Left to right: Surya Bakshi (UIUC, IC3, Offchain Labs), Sarah Allen (IC3, Flashbots), Lorenz Breidenbach (IC3, Chainlink Labs), Jim Ballingall (IC3), Haaroon Yousaf (IC3), Patrick McCorry (IC3, Arbitrum Foundation), Giannis Kaklamanis (Yale University), Vivian Jeng (Ethereum Foundation), Jayamine Alupotha (IC3, University of Bern), Mariarosaria Barbaraci (IC3, University of Bern), Abhimanyu Rawat (UPF Barcelona)
The team behind Boquila, a proof of concept to obscure identifiable information from third-party websites, took the top spot at this year’s hackathon. We sat down with Mariarosaria Barbaraci and Jayamine Alupotha, two members of the winning team, to talk about what they built and their experience at this year’s IC3 Blockchain Camp:
Q: Congrats on winning the 2024 IC3 hackathon! Tell me about yourselves and where you come from.
M: I’m originally from Italy and a PhD student at the University of Bern in Switzerland. I’m interested in distributed cryptography and its practical integration in real-world systems, with an emphasis on blockchain technology.
J: I’m from Sri Lanka and completed my PhD in computer science at the Queensland University of Technology in Australia. My research revolves around blockchains and quantum-safe cryptography. I’m particularly interested in privacy-preserving protocols where users control their data.
Q: Why did you sign up for the IC3 Blockchain Camp?
M: I really liked the idea of participating in a week-long event. It gives you a good opportunity to meet other researchers, ideate, and work on something new together. This was our first time participating in an IC3 hackathon, it was a lot of fun.
Q: Tell me about Boquila. What was the original idea behind the project?
M: The original idea came from Jayamine’s research as a PhD student. We wanted to focus on designing and building something that gives everyday users more privacy online without giving up their personal data. Jayamine wanted to work on this project with me and we started talking about it the week before the IC3 Camp. We thought it would be great from a research perspective, and it also has a positive social impact.
J: The core idea is giving users more privacy when it comes to their digital identities, but in a way that is easy to use. This is why we decided to look at self-issued decentralized identities that are stored locally so people who use Boquila don’t have to give up data. It’s not just about research, it’s more about the social impact, which is why we wanted to submit it as a hackathon project and not just write a research paper.
Q: What sparked the idea?
J: So this idea surfaced about two years ago. We talked about decentralized identity with blockchains, but on public blockchains, everything is visible to everyone. Blockchains provide an availability solution in the sense data is protected against data loss, but it doesn’t solve issues around privacy and, in fact, can make it worse. In terms of the project, we had a rough idea about what we wanted to do, and worked on our pitch while on the plane. It wasn’t until the hackathon and collaborating with other team members that things really started to come together.
M: During the first two days of the camp, we finalized the architecture, figured out how different entities should communicate, and how the authentication should work. Then we worked on the proof of concept and cryptography.
Q: Can you explain how it works?
M: In a normal scenario, you use your email address to log into different websites or applications. If you use the same email address (as most people do), these different accounts, or websites, collect data under your email address. They end up linking all of your online activity together to identify you. So what we are trying to do is give these websites different public keys that authenticate a user, but the public keys are not able to be associated with one another. This prevents third parties from identifying patterns of behavior. The idea is that you can have a new login with Boquila, and it will use a local application that handles the creation of new credentials but gives the user the same experience they have when they log into different sites with one email. Basically from the user’s point of view, they just use the same identifier, and then this application creates credentials for services.
J: Your behavior remains somewhat anonymous in the sense that your data is put into different boxes. We want to make it so that if a user logs into their social media account that other companies can’t make recommendations for this person based on their social media activity. What we accomplished during the hackathon is a proof of concept. While we were able to make a lot of progress, we still have work to do.
Q: Did you experience any technical setbacks?
J: The biggest technical challenge we encountered was programming. We used many different languages — C, C++, Java Script, Golang, and had initially written everything, like all of the server programs, in Python. Then Mariarosaria and Abhi had to replace everything from Python to Golang because we kept running into errors.
M: The cryptographic library is in C, a low-level language. However, we needed to use a higher-level language, like Go or Python, for implementation which proved to be a challenge when we tried to integrate these different languages. On top of that, we had some Solidity for smart contracts. This part we managed to show.
Q: What was an important takeaway from your experience?
M: We were fortunate to have Vivian Jeng from the Ethereum Foundation on our team who has experience with SNARKS. As a result, we were able to explore different primitives and provide two cryptographic libraries. This is interesting from a research perspective because we can actually compare the two libraries and how they perform in a practical setting.
J: If I had to summarize it for a non-technical audience: We had a cryptographic idea in mind and then we optimized that initial idea. Now we have an initial idea and the optimized version. So we actually came up with two implementations. The optimization works perfectly when the public key set size is small. Basically, when the systems are small, the initial idea works perfectly. And when the system grows to support thousands of users, we can use the optimized version. So it’s actually sustainable for any system in that case.
Q: Will Boquila eventually be a consumer-facing application that users can log into and protect their identities?
J: That’s the goal. Imagine a web browser extension or local desktop application. Users can login and access different websites through Boquila. The nice thing is that the user is the only party that stores their data.
Q: What’s next for this project? How do you plan on furthering your research?
M: This is the proof of concept and we actually want to go for test subjects. We can open source the project and allow people to use it, and from there improve it and eventually deploy it in our system.
Q: What advice would you give to others who want to participate in future IC3 hackathons?
J: I would say the hackathon is a good opportunity because different people with different skill sets come together to solve problems. If you have an idea in mind and feel it’s something that can have real-world impact, but you are afraid that you might not have all of the skills to put it together, this is a great environment to learn and collaborate to make it work.
Want access to the latest IC3 research? Sign up to join our mailing list and get newly published papers straight to your inbox.
Interviewer: Ashley Stanhope (IC3, Hardfork Media, ashley@hardfork.media)
Editor: Bria Han (IC3, jh2584@cornell.edu)
