Mechanisms for ensuring confidentiality in decentralized public systems

The system for privacy protection and suppression of users' digital footprint in a public decentralized cloud content processing service is considered. This service is a universal decentralized operating system designed to protect distributed computing. The model of the interaction between users and computing resource providers is presented. The modeling involved a metadata management system, a search subsystem, and a task and reward distribution subsystem. The privacy protection mechanisms are proposed and justified. The limitations and possibilities of their application are discussed. The obtained model protects by masking transformations of personal data of network participants and technical data of their nodes, cryptographic methods of protection of computations in a decentralized cloud. The proposed privacy protection system protects the subsystems of user management, access delimitation, transport protocols, billing, and data from the owners of computing resources serving the service. The privacy protection model includes a system of tasks executing with complex distribution task parts between technical nodes. To protect the user from deanonymization by IP address, it includes an obfuscating routing subsystem, which allows the hiding of the user's metadata from his counterparties within the service and from the owners of the telecommunications infrastructure servicing the service. To protect against identification by smart contract metadata and interactions with performer nodes, the service has an integrated algorithm for substituting accounts and user identifiers. The same algorithm allows the protection of user data from other users during interactions of various types if these interactions are organized through the smart contract subsystem of the service. The listed subsystems form an algorithmic layer that allows complete abstraction of the system's clients from the owners of the service's cloud infrastructure, which in turn will enable users to safely store and process data within the service even in cases where the technical nodes of the service belong to untrusted and/or directly compromised owners.