December list
If you feel a paper should belong to another category, or that we missed a relevant paper just let us know. Participation is most welcome!
Categories:
- Attacks and defenses
- Blockchain-general
- Blockchain-noncrypto uses
- Ethereum
- Financial
- Internet of Things (IoT)
- Mathematical
- Proof of Work (PoW) alternatives
Attacks and defenses
BDoS: Blockchain Denial of Service
Authors: Michael Mirkin, Yan Ji, Jonathan Pang, Ariah Klages-Mundt, Ittay Eyal, Ari Jules
Abstract: Proof-of-work (PoW) cryptocurrency blockchains like Bitcoin secure vast amounts of money. Participants expend resources to participate and receive monetary rewards for their efforts. Despite rivalry among cryptocurrencies and financial incentive to disrupt blockchain availability, Denial of Service (DoS) attacks against blockchains are rare. Arguably, this is due to their cost: Known attacks either target individual participants or require the control of the majority of the system resources. In this work, we present an incentive-based attack on blockchain availability, \emph{Blockchain-DoS} (BDoS), with a significantly lower cost. Despite a plethora of work on revenue-driven attacks, to the best of our knowledge, this is the first incentive-based sabotage DoS attack. We consider an attacker with an exogenous motivation, who is willing to spend resources in order to stop blockchain progress. The attacker commits to a behavior that incentivizes the other participants to stop mining, bringing the blockchain to a halt. We analyze the miner behavior as a game with iterated elimination of strictly dominated strategies (IESDS). We observe that the success of the attack depends on a variety of factors: the mining power of the attacker, the mining power of the largest non-attacking miner, and the profitability of the mining process. We find that under realistic conditions, based on a new analysis of public data, an attack on Bitcoin-like cryptocurrencies requires as little as 20% of the mining power. The situation is even worse if miners can use their equipment in another blockchain rather than turn it off. We propose countermeasures to deter BDoS.
A Statistical Explanation of the Timing Attack on QC-MDPC Code Crypto-system
Authors: Han Li
Abstract: The McEliece cryptosystem based on quasi-cyclic moderate-density parity-check (QC-MDPC) codes is first purposed in 2013\cite{QCMDPC} and is considered a promising contender in the post-quantum era. Understanding its security is hence essential. Till now, the most effective attacks are the reaction attack\cite{Reaction} and the timing attack\cite{Timing}. Both of these attacks rely on the decoding performance to recover the private key. The reaction attack relies on the decoding failure rate and the timing attack relies on the iterations during decoding. However, the mechanics behind these attacks remain elusive. In this paper, a mathematical model is proposed to explain both attacks by connecting the spectrum of private key and first-layer performance of the decoder.
SquirRL: Automating Attack Discovery on Blockchain Incentive Mechanisms with Deep Reinforcement Learning
Authors: Charlie Hou, Mingxun Zhou, Yan Ji, Phil Daian, Florian Tramer, Giulia Fanti, Ari Juels
Abstract: Incentive mechanisms are central to the functionality of permissionless blockchains: they incentivize participants to run and secure the underlying consensus protocol. Designing incentive-compatible incentive mechanisms is notoriously challenging, however. Even systems with strong theoretical security guarantees in traditional settings, where users are either Byzantine or honest, often exclude analysis of rational users, who may exploit incentives to deviate from honest behavior. As a result, most public blockchains today use incentive mechanisms whose security properties are poorly understood and largely untested. In this work, we propose SquirRL, a framework for using deep reinforcement learning to identify attack strategies on blockchain incentive mechanisms. With minimal setup, SquirRL replicates known theoretical results on the Bitcoin protocol. In more complex and realistic settings, as when mining power varies over time, it identifies attack strategies superior to those known in the literature. Finally, SquirRL yields results suggesting that classical selfish mining attacks against Bitcoin lose effectiveness in the presence of multiple attackers. These results shed light on why selfish mining, which is unobserved to date in the wild, may be a poor attack strategy.
Blockchain-general
Cerberus: A Blockchain-Based Accreditation and Degree Verification System
Authors: Aamna Tariq, Binte Hina Haq, Taha Syed Ali
Abstract: Credential fraud is a widespread practice that undermines investment and confidence in higher education systems and bears significant economic and social costs. Legacy credential verification systems are typically time-consuming, costly, and bureaucratic, and struggle against certain classes of credential fraud. In this paper, we propose a comprehensive blockchain-based credential verification solution, Cerberus, which is considerably more efficient, easy and intuitive to use, and effectively mitigates widespread manifestations of credential fraud. Cerberus also improves significantly upon other blockchain-based solutions in the research literature: it adheres closely to the existing credential verification ecosystem, it addresses a threat model informed by real-world fraud scenarios. Moreover, Cerberus uses on-chain smart contracts for credential revocation, and it does not entail students or employers to manage digital identities or cryptographic credentials to use the system. We prototype our solution and describe our attempt to design an online verification service with a rich feature set, including data privacy, transcript verification, and selective disclosure of data. We hope this effort contributes positively to towards alleviating the problem of fake credentials.
Implementing a Protocol Native Managed Cryptocurrency
Authors: Peter Mell, Aurelien Delaitre, Frederic Vaulx de, Philippe Dessauw
Abstract: Previous work presented a theoretical model based on the implicit Bitcoin specification for how an entity might issue a protocol native cryptocurrency that mimics features of fiat currencies. Protocol native means that it is built into the blockchain platform itself and is not simply a token running on another platform. Novel to this work were mechanisms by which the issuing entity could manage the cryptocurrency but where their power was limited and transparency was enforced by the cryptocurrency being implemented using a publicly mined blockchain. In this work we demonstrate the feasibility of this theoretical model by implementing such a managed cryptocurrency architecture through forking the Bitcoin code base. We discovered that the theoretical model contains several vulnerabilities and security issues that needed to be mitigated. It also contains architectural features that presented significant implementation challenges; some aspects of the proposed changes to the Bitcoin specification were not practical or even workable. In this work we describe how we mitigated the security vulnerabilities and overcame the architectural hurdles to build a working prototype.
Augmenting Fiat Currency with an Integrated Managed Cryptocurrency
Authors: Peter Mell
Abstract: In this work, we investigate how the governance features of a managed currency (e.g., a fiat currency) can be built into a cryptocurrency in order to leverage potential benefits found in the use of blockchain technology and smart contracts. The resulting managed cryptocurrency can increase transparency and integrity, while potentially enabling the emergence of novel monetary instruments. It has similarities to cash in that it enables the general public to immediately transfer funds to a recipient without intermediary systems being involved. However, our system is account-based, unlike circulating bank notes that are self-contained. Our design would allow one to satisfy know your customer laws and be subject to law enforcement actions following legal due process (e.g., account freezing and fund seizure), while mitigating counterparty risk with checks and balances. Funds can thus be transferred only between approved and authenticated users. Our system has on-chain governance capabilities using smart contracts deployed on a dedicated, permissioned blockchain that has different sets of control mechanisms for who can read data, write data, and publish blocks. To enable the governance features, only authorized identity proofed entities can submit transactions. To enable privacy, only the block publishers can read the blockchain; the publishers maintain dedicated nodes that provide access controlled partial visibility of the blockchain data. Being permissioned, we can use a simple consensus protocol with no transaction fees. A separate security layer prevents denial of service and a balance of power mechanism prevents any small group of entities from having undue control. While permissioned, we ensure that no one entity controls the blockchain data or block publishing capability through a voting system with publicly visible election outcomes.
Blockchain Intelligence: When Blockchain Meets Artificial Intelligence
Authors: Zibin Zheng, Hong-Ning Dai
Abstract: Blockchain is gaining extensive attention due to its provision of secure and decentralized resource sharing manner. However, the incumbent blockchain systems also suffer from a number of challenges in operational maintenance, quality assurance of smart contracts and malicious behaviour detection of blockchain data. The recent advances in artificial intelligence bring the opportunities in overcoming the above challenges. The integration of blockchain with artificial intelligence can be beneficial to enhance current blockchain systems. This article presents an introduction of the convergence of blockchain and artificial intelligence (namely blockchain intelligence). This article also gives a case study to further demonstrate the feasibility of blockchain intelligence and point out the future directions.
Designing for Privacy and Confidentiality on Distributed Ledgers for Enterprise (Industry Track)
Authors: Allison Irvin, Isabell Kiral
Abstract: Distributed ledger technology offers numerous desirable attributes to applications in the enterprise context. However, with distributed data and decentralized computation on a shared platform, privacy and confidentiality challenges arise. Any design for an enterprise system needs to carefully cater for use case specific privacy and confidentiality needs. With the goal to facilitate the design of enterprise solutions, this paper aims to provide a guide to navigate and aid in decisions around common requirements and mechanisms that prevent the leakage of private and confidential information. To further contextualize key concepts, the design guide is then applied to three enterprise DLT protocols: Hyperledger Fabric, Corda, and Quorum.
Cross-Blockchain Databases for Governments: The Technology for Public Registries and Smart Laws
Authors: Oleksii Konashevych
Abstract: There is an ongoing competition among blockchain technologies and the existence of one ultimate blockchain is impossible for many reasons. On the other hand, such variety can create difficulties in adoption, especially for the governments and corporations. The proposed technology ensures a blockchain agnostic approach and aimed to create a unified ecosystem of multiple networks. The cross-blockchain protocol can be used to develop services where end-users decide for themselves their most preferred blockchain. The invention solves problems of duplication of tokens in the result of hardforks, issues with scalability, digital identity and even the “problem” of immutability (enforceability). A cross-blockchain DB means a consistent non-conflicting key-value database across a bunch of defined blockchains. It is not a new blockchain, but a protocol for developing databases on existing blockchains. The protocol is also a basis for a “smart law” which is a framework for public registries and their governance.
Randpay: The Technology for Blockchain Micropayments and Transactions Which Require Recipient’s Consent
Authors: Oleksii Konashevych, Oleg Khovayko
Abstract: Randpay is a technology developed in Emercoin for blockchain micropayments that can be more effective in some scenarios than the Lightning Network as we show in the paper. The protocol is based on the concept of Ronald L. Rivest and published in the paper “Electronic Lottery Tickets as Micropayments” (1997). The “lottery ticket” was designed for centralized systems where a trusted third party is required to provide payments, and in some scenarios is also a lottery facilitator. The existing blockchain protocol cannot accommodate peer-to-peer “lottery” micropayments at least without the need to create payment channels, which is analysed in the paper. Therefore, the implementation required the development of an update to the blockchain core. In the result, RandpayUTXO was introduced – infinitely spendable zero output that requires the payee’s signature to be published in the blockchain. Randpay is considered to be the first blockchain protocol to require the payee to sign the transaction by their private key. This is a significant feature to improve not only microtransactions but also extend the use of the blockchain for legal deeds that require a payee’s consent to be recognised in legal applications. The second important innovation of this research is the implementation of Blum’s “coin flipping by telephone” problem to design a “lottery ticket” that does not require any third party to facilitate the lottery. The paper offers an API description, an analysis of the mathematical model, and proof of how “lottery” can be beneficial. There is also an attack analysis and overview of existing solutions.
Blockchain-noncrypto uses
PIRATE: A Blockchain-based Secure Framework of Distributed Machine Learning in 5G Networks
Authors: Sicong Zhou, Huawei Huang, Wuhui Chen, Zibin Zheng, Song Guo
Abstract: In the fifth-generation (5G) networks and the beyond, communication latency and network bandwidth will be no more bottleneck to mobile users. Thus, almost every mobile device can participate in the distributed learning. That is, the availability issue of distributed learning can be eliminated. However, the model safety will become a challenge. This is because the distributed learning system is prone to suffering from byzantine attacks during the stages of updating model parameters and aggregating gradients amongst multiple learning participants. Therefore, to provide the byzantine-resilience for distributed learning in 5G era, this article proposes a secure computing framework based on the sharding-technique of blockchain, namely PIRATE. A case-study shows how the proposed PIRATE contributes to the distributed learning. Finally, we also envision some open issues and challenges based on the proposed byzantine-resilient learning framework.
SilentDelivery: Practical Timed-delivery of Private Information using Smart Contracts
Authors: Chao Li, Balaji Palanisamy
Abstract: This paper proposes SilentDelivery, a secure, scalable and cost-efficient protocol for implementing timed-delivery of private information in a decentralized blockchain network. SilentDelivery employs a novel combination of threshold secret sharing and decentralized smart contracts. The protocol maintains shares of the decryption key of the private information of an information sender using a group of trustees recruited in a blockchain network before the specified future time-frame and restores the information to the information recipient at the required time-frame. To tackle the key challenges that limit the security and scalability of the protocol, SilentDelivery incorporates two novel countermeasure strategies. The first strategy, namely silent recruitment, enables a trustee to get recruited by a sender silently without the knowledge of any third party. The second strategy, namely dual-mode execution, makes the protocol run in a lightweight mode by default, where the cost of running smart contracts is reduced from O(n) to O(1). We implement the protocol over the Ethereum official test network. The results demonstrate that SilentDelivery is more secure and scalable compared to the state of the art and reduces the cost of running smart contracts by 85%.
Proof of file access in a private P2P network using blockchain
Authors: Uwe Roth
Abstract: While sharing files in a peer-to-peer (P2P) system significantly increases both the speed of retrieving the contents and the robustness of the system, tracing the access of files is not straightforward, even in the case of private P2P networks. In fact, a participant that has uploaded a file to a P2P network is not necessarily involved in its download. Additionally, due to the nature of the P2P network it is possible for a participant to already have all the fragments of a file, even before requesting it. This work tries to address the problem of tracing file access in a private P2P file sharing network through the use of blockchains to improve quality of service and auditability. To this end, the proposed solution combines three elements: (1) A distributed hash table network that is used to distribute encrypted files with redundancy amongst the partner peers; (2) Shamir’s secret sharing scheme to split the secret keys of each file; (3) A blockchain network to distribute and manage the secret shares amongst the partner peers. In fact, the latter makes access to a file undeniable to every node of the network. The solution is relevant for consortia that manage a shared data pool on base of P2P technology with unrestricted access to files but where access to a file has to be recorded due to legal or billing reasons.
Privacy-Preserving Blockchain Based Federated Learning with Differential Data Sharing
Authors: Anudit Nagar
Abstract: For the modern world where data is becoming one of the most valuable assets, robust data privacy policies rooted in the fundamental infrastructure of networks and applications are becoming an even bigger necessity to secure sensitive user data. In due course with the ever-evolving nature of newer statistical techniques infringing user privacy, machine learning models with algorithms built with respect for user privacy can offer a dynamically adaptive solution to preserve user privacy against the exponentially increasing multidimensional relationships that datasets create. Using these privacy aware ML Models at the core of a Federated Learning Ecosystem can enable the entire network to learn from data in a decentralized manner. By harnessing the ever-increasing computational power of mobile devices, increasing network reliability and IoT devices revolutionizing the smart devices industry, and combining it with a secure and scalable, global learning session backed by a blockchain network with the ability to ensure on-device privacy, we allow any Internet enabled device to participate and contribute data to a global privacy preserving, data sharing network with blockchain technology even allowing the network to reward quality work. This network architecture can also be built on top of existing blockchain networks like Ethereum and Hyperledger, this lets even small startups build enterprise ready decentralized solutions allowing anyone to learn from data across different departments of a company, all the way to thousands of devices participating in a global synchronized learning network.
Blockchain Applications in Power Systems: A Bibliometric Analysis
Authors: Mohammadi Hossein Rouzbahani, Hadis Karimipour, Ali Dehghantanha, M. Reza Parizi
Abstract: Power systems are growing rapidly, due to the ever-increasing demand for electrical power. These systems require novel methodologies and modern tools and technologies, to better perform, particularly for communication among different parts. Therefore, power systems are facing new challenges such as energy trading and marketing and cyber threats. Using blockchain in power systems, as a solution, is one of the newest methods. Most studies aim to investigate innovative approach-es of blockchain application in power systems. Even though, many articles published to support the research activities, there has not been any bibliometric analysis which specifies the research trends. This paper aims to present a bibliographic analysis of the blockchain application in power systems related literature, in the Web of Science (WoS) database between January 2009 and July 2019. This paper discusses the research activities and performed a detailed analysis by looking at the number of articles published, citations, institutions, research areas, and authors. From the analysis, it was concluded that there are several significant impacts of research activities in China and the USA, in comparison to other countries.
Managing Collaboration in Heterogeneous Swarms of Robots with Blockchains
Authors: Peña Jorge Queralta, Tomi Westerlund
Abstract: One of the key challenges in the collaboration within heterogeneous multi-robot systems is the optimization of the amount and type of data to be shared between robots with different sensing capabilities and computational resources. In this paper, we present a novel approach to managing collaboration terms in heterogeneous multi-robot systems with blockchain technology. Leveraging the extensive research of consensus algorithms in the blockchain domain, we exploit key technologies in this field to be integrated for consensus in robotic systems. We propose the utilization of proof of work systems to have an online estimation of the available computational resources at different robots. Furthermore, we define smart contracts that integrate information about the environment from different robots in order to evaluate and rank the quality and accuracy of each of the robots’ sensor data. This means that the key parameters involved in heterogeneous robotic collaboration (computational resources and sensing capabilities) are integrated within the Blockchain and estimated at all robots equally without explicitly sharing information about the robots’ hardware or sensors. Trustability is based on the verification of data samples that are submitted to the blockchain within each data exchange transaction, and validated by other robots operating in the same environment.
A journey in applying blockchain for cyberphysical systems
Authors: Volkan Dedeoglu, Ali Dorri, Raja Jurdak, A. Regio Michelin, C. Roben Lunardi, S. Salil Kanhere, F. Avelino Zorzo
Abstract: Cyberphysical Systems (CPS) are transforming the way we interact with the physical world around us. However, centralised approaches for CPS systems are not capable of addressing the unique challenges of CPS due to the complexity, constraints, and dynamic nature of the interactions. To realize the true potential of CPS, a decentralized approach that takes into account these unique features is required. Recently, blockchain-based solutions have been proposed to address CPS challenges.Yet, applying blockchain for diverse CPS domains is not straight-forward and has its own challenges. In this paper, we share our experiences in applying blockchain technology for CPS to provide insights and highlight the challenges and future opportunities.
Ethereum
DClaims: A Censorship Resistant Web Annotations System using IPFS and Ethereum
Authors: João Santos, Nuno Santos, David Dias
Abstract: The proliferation of unreliable and biased information is a significant problem on the Internet. To assess the credibility of the information retrieved from news websites and other sources, users often resort to social platforms looking for confirmation with trustworthy parties. However, users may be faced with considerable obstacles posed by the platform provider, who can prevent access to certain content. This paper presents DClaims, a system that provides a censorship-resistant distributed service for the exchange of information over the Internet using web annotations. DClaims’ fully decentralized architecture relies on Inter-Planetary File System (IPFS) and Ethereum blockchain, both of which offer desirable censorship resistant properties. DClaims is implemented as a web annotations browser extension which allows for the classification of news articles, on news websites. From our evaluation of the system, we conclude that a large scale implementation of the system is practical and economically viable.
Financial
Investigating the Investment Behaviors in Cryptocurrency
Authors: Dingli Xi, Ian Timothy O’Brien, Elnaz Irannezhad
Abstract: This study investigates the socio-demographic characteristics that individual cryptocurrency investors exhibit and the factors which go into their investment decisions in different Initial Coin Offerings. A web based revealed preference survey was conducted among Australian and Chinese blockchain and cryptocurrency followers, and a Multinomial Logit model was applied to inferentially analyze the characteristics of cryptocurrency investors and the determinants of the choice of investment in cryptocurrency coins versus other types of ICO tokens. The results show a difference between the determinant of these two choices among Australian and Chinese cryptocurrency folks. The significant factors of these two choices include age, gender, education, occupation, and investment experience, and they align well with the behavioural literature. Furthermore, alongside differences in how they rank the attributes of ICOs, there is further variance between how Chinese and Australian investors rank deterrence factors and investment strategies.
BitMEX Funding Correlation with Bitcoin Exchange Rate
Authors: Srikar Sai Nimmagadda, Sasanka Pawan Ammanamanchi
Abstract: This paper examines the relationship between Inverse Perpetual Swap contracts, a Bitcoin derivative akin to futures and the margin funding interest rates levied on BitMEX. This paper proves the Heteroskedastic nature of funding rates and goes onto establish a causal relationship between the funding rates and the Bitcoin inverse Perpetual swap contracts based on Granger causality. The paper further dwells into developing a predictive model for funding rates using best-fitted GARCH models. Implications of the results are presented, and funding rates as a predictive tool for gauging the market trend is discussed.
Internet of Things (IoT)
Towards Efficient Integration of Blockchain for IoT Security: The Case Study of IoT Remote Access
Authors: Chenglong Fu, Qiang Zeng, Xiaojiang Du
Abstract: The booming Internet of Things (IoT) market has drawn tremendous interest from cyber attackers. The centralized cloud-based IoT service architecture has serious limitations in terms of security, availability, and scalability, and is subject to single points of failure (SPOF). Recently, accommodating IoT services on blockchains has become a trend for better security, privacy, and reliability. However, blockchain’s shortcomings of high cost, low throughput, and long latency make it unsuitable for IoT applications. In this paper, we take a retrospection of existing blockchain-based IoT solutions and propose a framework for efficient blockchain and IoT integration. Following the framework, we design a novel blockchain-assisted decentralized IoT remote accessing system, RS-IoT, which has the advantage of defending IoT devices against zero-day attacks without relying on any trusted third-party. By introducing incentives and penalties enforced by smart contracts, our work enables “an economic approach” to thwarting the majority of attackers who aim to achieve monetary gains. Our work presents an example of how blockchain can be used to ensure the fairness of service trading in a decentralized environment and punish misbehaviors objectively. We show the security of RS-IoT via detailed security analyses. Finally, we demonstrate its scalability, efficiency, and usability through a proof-of-concept implementation on the Ethereum testnet blockchain.
Mathematical
On Profitability of Nakamoto double spend
Authors: Cyril Grunspan, Ricardo Pérez-Marco
Abstract: Nakamoto double spend strategy, described in Bitcoin foundational article, leads to total ruin with positive probability and does not make sense from the profitability point of view. The simplest strategy that can be profitable incorporates a stopping threshold when success is unlikely. We solve and compute the exact profitability for this strategy. We compute the minimal amount of the double spend that is profitable. For a given amount of the transaction, we determine the minimal number of confirmations to be requested by the recipient such that this double spend strategy is non-profitable. We find that this number of confirmations is only 1 or 2 for average transactions and a small hashrate of the attacker. This is substantially lower than the original Nakamoto numbers that are widely used and are only based on the success probability instead of the profitability.
Proof of Work (PoW) alternatives
Delegated Proof of Reputation: a novel Blockchain consensus
Authors: Thuat Do, Thao Nguyen, Hung Pham
Abstract: Consensus mechanism is the heart of any blockchain network. Many projects have proposed alternative protocols to improve restricted scalability of Proof of Work originated since Bitcoin. As an improvement of Delegated Proof of Stake, in this paper, we introduce a novel consensus, namely, Delegated Proof of Reputation, which is scalable, secure with an acceptable decentralization. Our innovative idea is replacing pure coinstaking by a reputation ranking system essentially based on ranking theories (PageRank, NCDawareRank and HodgeRank).
Selfish Behavior in the Tezos Proof-of-Stake Protocol
Authors: Michael Neuder, J. Daniel Moroz, Rithvik Rao, C. David Parkes
Abstract: Proof-of-Stake consensus protocols give rise to complex modeling challenges. We analyze the recently-updated Tezos Proof-of-Stake protocol and demonstrate that, under certain conditions, rational participants are incentivized to behave dishonestly. In doing so, we provide a theoretical analysis of the feasibility and profitability of a block stealing attack that we call \textit{selfish endorsing}, a concrete instance of an attack previously only theoretically considered. We propose and analyze a simple change to the Tezos protocol which significantly reduces the (already small) profitability of this dishonest behavior, and introduce a new delay and reward scheme that is provably secure against length-1 and length-2 selfish endorsing attacks. Our framework provides a template for analyzing other Proof-of-Stake implementations for selfish behavior.
Leave a Comment