BZPEERReading, trust and collaboration for research
Menu

Discover

GraphFollow connections around a paper, topic or saved view.

Workspaces

HomePick up where your research flow left off.InboxHandle requests, replies and notifications from one place.CollectionsCurate reading lists, evidence sets and shareable dossiers.ResearchSee your private provenance graph, trail and imports.CollaborationMove from discovery into focused discussion rooms.PublishDraft, preview and publish full-text research articles.

Network

ExpertsFind specialists worth following or asking for help.CommunitiesJoin research circles organized around shared work.PartnersSee external organizations active around the same topics.

Opportunities

ListingsBrowse roles, calls and collaborations with clearer fit signals.

Account

Log inReturn to your reading and collaboration workspace.Create accountStart saving work, following people and joining teams.
Log inCreate account

Researcher profile

Gabriele Lenzini

Gabriele Lenzini contributes to research discovery and scholarly infrastructure.

ResearcherAffiliation not importedOpen to collaborate
Cryptography and Securitycs.CYInformation Theorymath.ITSocial and Information Networks

Trust snapshot

Quick read

Trust 19 - UnverifiedVerification L1Unclaimed author
5works
0followers
5topics
4close collaborators

Actions

Decide how to stay connected

Follow researcher0

Identity and collaboration

How to connect with this researcher

Claiming links this public author record to a researcher profile and unlocks direct collaboration workflows.

Log in to claim

Direct collaboration

Open a focused conversation when the fit is right

Claim this author entity first to unlock direct invitations.

Research graph

See the researcher in context

Open full explorer

Inspect adjacent work, topics, institutions and collaborators without jumping out to a separate graph page.

Building this graph slice

BZPEER is loading the nearby papers, people, topics and institutions for this page.

Published work

5 published item(s)

preprint2026arXiv

When "Likers'' Go Private: Engagement With Reputationally Risky Content on X

In June 2024, X/Twitter changed likes' visibility from public to private, offering a rare, platform-level opportunity to study how the visibility of engagement signals affects users' behavior. Here, we investigate whether hiding liker identities increases the number of likes received by high-reputational-risk content, content for which public endorsement may carry high social or reputational costs due to its topic (e.g., politics) or the account context in which it appears (e.g., partisan accounts). To this end, we conduct two complementary studies: 1) a Difference-in-Differences analysis of engagement with 154,122 posts by 1068 accounts before and after the policy change. 2) a within-subject survey experiment with 203 X users on participants' self-reported willingness to like different kinds of content. We find no detectable platform-level increase in likes for high-reputational-risk content (Study 1). This finding is robust for both between-group comparison of high- versus low-reputational-risk accounts and within-group comparison across engagement types (i.e., likes vs. reposts). Additionally, while participants in the survey experiment report modest increases in willingness to like high-reputational-risk content under private versus public visibility, these increases do not lead to significant changes in the group-level average likelihood of liking posts (Study 2). Taken together, our results suggest that hiding likes produces a limited behavioral response at the platform level. This may be caused by a gap between user intention and behavior, or by engagement driven by a narrow set of high-usage or automated accounts.

0 citations0 reviewsNo code linkedOpen access
preprint2022arXiv

Secure Internet Exams Despite Coercion

We study coercion-resistance for online exams. We propose two properties, Anonymous Submission and Single-Blindness which, if hold, preserve the anonymity of the links between tests, test takers, and examiners even when the parties coerce one another into revealing secrets. The properties are relevant: not even Remark!, a secure exam protocol that satisfied anonymous marking and anonymous examiners results to be coercion resistant. Then, we propose a coercion-resistance protocol which satisfies, in addition to known anonymity properties, the two novel properties we have introduced. We prove our claims formally in ProVerif. The paper has also another contribution: it describes an attack (and a fix) to an exponentiation mixnet that Remark! uses to ensure unlinkability. We use the secure version of the mixnet in our new protocol.

0 citations0 reviewsNo code linkedOpen access
preprint2020arXiv

A Formal Security Analysis of the pEp Authentication Protocol for Decentralized Key Distribution and End-to-End Encrypted Email

To send encrypted emails, users typically need to create and exchange keys which later should be manually authenticated, for instance, by comparing long strings of characters. These tasks are cumbersome for the average user. To make more accessible the use of encrypted email, a secure email application named pEp automates the key management operations; pEp still requires the users to carry out the verification, however, the authentication process is simple: users have to compare familiar words instead of strings of random characters, then the application shows the users what level of trust they have achieved via colored visual indicators. Yet, users may not execute the authentication ceremony as intended, pEp's trust rating may be wrongly assigned, or both. To learn whether pEp's trust ratings (and the corresponding visual indicators) are assigned consistently, we present a formal security analysis of pEp's authentication ceremony. From the software implementation in C, we derive the specifications of an abstract protocol for public key distribution, encryption and trust establishment; then, we model the protocol in a variant of the applied pi calculus and later formally verify and validate specific privacy and authentication properties. We also discuss alternative research directions that could enrich the analysis.

0 citations0 reviewsNo code linkedOpen access
preprint2020arXiv

Authentication and Key Management Automation in Decentralized Secure Email and Messaging via Low-Entropy Secrets

We revisit the problem of entity authentication in decentralized end-to-end encrypted email and secure messaging to propose a practical and self-sustaining cryptographic solution based on password-authenticated key exchange (PAKE). This not only allows users to authenticate each other via shared low-entropy secrets, e.g., memorable words, without a public key infrastructure or a trusted third party, but it also paves the way for automation and a series of cryptographic enhancements; improves security by minimizing the impact of human error and potentially improves usability. First, we study a few vulnerabilities in voice-based out-of-band authentication, in particular a combinatorial attack against lazy users, which we analyze in the context of a secure email solution. Next, we propose solving the problem of secure equality test using PAKE to achieve entity authentication and to establish a shared high-entropy secret key. Our solution lends itself to offline settings, compatible with the inherently asynchronous nature of email and modern messaging systems. The suggested approach enables enhancements in key management such as automated key renewal and future key pair authentications, multi-device synchronization, secure secret storage and retrieval, and the possibility of post-quantum security as well as facilitating forward secrecy and deniability in a primarily symmetric-key setting. We also discuss the use of auditable PAKEs for mitigating a class of online guess and abort attacks in authentication protocols.

0 citations0 reviewsNo code linkedOpen access
preprint2011arXiv

A Group Signature Based Electronic Toll Pricing System

With the prevalence and development of GNSS technologies, location-based vehicle services (LBVS) have experienced a rapid growth in recent years. However, location is a sensitive and private piece of information, so the design and development of such services just take the clients' privacy concerns into account. In this paper, we propose a new electronic toll pricing system based on group signatures, which provides a strong guarantee for the clients' anonymity within groups. Our system achieves a balance between privacy and the communication overhead imposed upon the users.

0 citations0 reviewsNo code linkedOpen access