June 2020 list
If you feel a paper should belong to another category, or that we missed a relevant paper just let us know. Participation is most welcome!
Categories:
- Attacks and defenses
- Blockchain-general
- Blockchain-noncrypto uses
- Financial
- Internet of Things (IoT)
- Mathematical
- Proof of Work (PoW) alternatives
- Smart contracts
Attacks and defenses
Flood & Loot: A Systemic Attack On The Lightning Network
Authors: Jona Harris, Aviv Zohar
Abstract: The Lightning Network promises to alleviate Bitcoin’s known scalability problems. The operation of such second layer approaches relies on the ability of participants to turn to the blockchain to claim funds at any time, which is assumed to happen rarely. One of the risks that was identified early on is that of a wide systemic attack on the protocol, in which an attacker triggers the closure of many Lightning channels at once. The resulting high volume of transactions in the blockchain will not allow for the proper settlement of all debts, and attackers may get away with stealing some funds. This paper explores the details of such an attack and evaluates its cost and overall impact on Bitcoin and the Lightning Network. Specifically, we show that an attacker is able to simultaneously cause victim nodes to overload the Bitcoin blockchain with requests and to steal funds that were locked in channels. We go on to examine the interaction of Lightning nodes with the fee estimation mechanism and show that the attacker can continuously lower the fee of transactions that will later be used by the victim in its attempts to recover funds – eventually reaching a state in which only low fractions of the block are available for lightning transactions. Our attack is made easier even further as the Lightning protocol allows the attacker to increase the fee offered by his own transactions. We continue to empirically show that the vast majority of nodes agree to channel opening requests from unknown sources and are therefore susceptible to this attack. We highlight differences between various implementations of the Lightning Network protocol and review the susceptibility of each one to the attack. Finally, we propose mitigation strategies to lower the systemic attack risk of the network.
Time-Dilation Attacks on the Lightning Network
Authors: Antoine Riard, Gleb Naumenko
Abstract: Lightning Network (LN) is a widely-used network of payment channels enabling faster and cheaper Bitcoin transactions. In this paper, we outline three ways an attacker can steal funds from honest LN users. The attacks require dilating the time for victims to become aware of new blocks by eclipsing (isolating) victims from the network and delaying block delivery. While our focus is on the LN, time-dilation attacks may be relevant to any second-layer protocol that relies on a timely reaction. According to our measurements, it is currently possible to steal the total channel capacity by keeping a node eclipsed for as little as 2 hours. Since trust-minimized Bitcoin light clients currently connect to a very limited number of random nodes, running just 500 Sybil nodes allows an attacker to Eclipse 47\% of newly deployed light clients (and hence prime them for an attack). As for the victims running a full node, since they are often used by large hubs or service providers, an attacker may justify the higher Eclipse attack cost by stealing all their available liquidity. In addition, time-dilation attacks neither require access to hashrate nor purchasing from a victim. Thus, this class of attacks is a more practical way of stealing funds via Eclipse attacks than previously anticipated double-spending. We argue that simple detection techniques based on the slow block arrival alone are not effective, and implementing more sophisticated detection is not trivial. We suggest that a combination of anti-Eclipse/anti-Sybil measures are crucial for mitigating time-dilation attacks.
Tracing Cryptocurrency Scams: Clustering Replicated Advance-Fee and Phishing Websites
Authors: R. Phillips, H. Wilder
Abstract: Over the past few years, there has been a growth in activity, public knowledge, and awareness of cryptocurrencies and related blockchain technology. As the industry has grown, there has also been an increase in scams looking to steal unsuspecting individuals cryptocurrency. Many of the scams operate on visually similar but seemingly unconnected websites, advertised by malicious social media accounts, which either attempt an advance-fee scam or operate as phishing websites. This paper analyses public online and blockchain-based data to provide a deeper understanding of these cryptocurrency scams. The clustering technique DBSCAN is applied to the content of scam websites to discover a typology of advance-fee and phishing scams. It is found that the same entities are running multiple instances of similar scams, revealed by their online infrastructure and blockchain activity. The entities also manufacture public blockchain activity to create the appearance that their scams are genuine. Through source and destination of funds analysis, it is observed that victims usually send funds from fiat-accepting exchanges. The entities running these scams cash-out or launder their proceeds using a variety of avenues including exchanges, gambling sites, and mixers.
Blockchain-general
Perigee: Efficient Peer-to-Peer Network Design for Blockchains
Authors: Yifan Mao, Soubhik Deb, Bojja Shaileshh Venkatakrishnan, Sreeram Kannan, Kannan Srinivasan
Abstract: A key performance metric in blockchains is the latency between when a transaction is broadcast and when it is confirmed (the so-called, confirmation latency). While improvements in consensus techniques can lead to lower confirmation latency, a fundamental lower bound on confirmation latency is the propagation latency of messages through the underlying peer-to-peer (p2p) network (inBitcoin, the propagation latency is several tens of seconds). The de facto p2p protocol used by Bitcoin and other blockchains is based on random connectivity: each node connects to a random subset of nodes. The induced p2p network topology can be highly suboptimal since it neglects geographical distance, differences in bandwidth, hash-power and computational abilities across peers. We present Perigee, a decentralized algorithm that automatically learns an efficient p2p topology tuned to the aforementioned network heterogeneities, purely based on peers’ interactions with their neighbors. Motivated by the literature on the multi-armed bandit problem, Perigee optimally balances the tradeoff between retaining connections to known well-connected neighbors, and exploring new connections to previously-unseen neighbors. Experimental evaluations show that Perigee reduces the latency to broadcast by $33\%$. Lastly Perigee is simple, computationally lightweight, adversary-resistant, and compatible with the selfish interests of peers, making it an attractive p2p protocol for blockchains.
Equilibrium of Blockchain Miners with Dynamic Asset Allocation
Authors: Go Yamamoto, Aron Laszka, Fuhito Kojima
Abstract: We model and analyze blockchain miners who seek to maximize the compound return of their mining businesses. The analysis of the optimal strategies finds a new equilibrium point among the miners and the mining pools, which predicts the market share of each miner or mining pool. The cost of mining determines the share of each miner or mining pool at equilibrium. We conclude that neither miners nor mining pools who seek to maximize their compound return will have a financial incentive to occupy more than 50% of the hash rate if the cost of mining is at the same level for all. However, if there is an outstandingly cost-efficient miner, then the market share of this miner may exceed 50% in the equilibrium, which can threaten the viability of the entire ecosystem.
Leveraging Bitcoin Testnet for Bidirectional Botnet Command and Control Systems
Authors: Federico Franzoni, Ivan Abellan, Vanesa Daza
Abstract: Over the past twenty years, the number of devices connected to the Internet grew exponentially. Botnets benefited from this rise to increase their size and the magnitude of their attacks. However, they still have a weak point in their Command & Control (C&C) system, which is often based on centralized services or require a complex infrastructure to keep operating without being taken down by authorities. The recent spread of blockchain technologies may give botnets a powerful tool to make them very hard to disrupt. Recent research showed how it is possible to embed C&C messages in Bitcoin transactions, making them nearly impossible to block. Nevertheless, transactions have a cost and allow very limited amounts of data to be transmitted. Because of that, only messages from the botmaster to the bots are sent via Bitcoin, while bots are assumed to communicate through external channels. Furthermore, for the same reason, Bitcoin-based messages are sent in clear. In this paper we show how, using Bitcoin Testnet, it is possible to overcome these limitations and implement a cost-free, bidirectional, and encrypted C&C channel between the botmaster and the bots. We propose a communication protocol and analyze its viability in real life. Our results show that this approach would enable a botmaster to build a robust and hard-to-disrupt C&C system at virtually no cost, thus representing a realistic threat for which countermeasures should be devised.
Similarities and Learnings from Ancient Literature on Blockchain Consensus and Integrity
Authors: Ashish Kundu, Arun Ayachitula, Nagamani Sistla
Abstract: In this paper, we have studied how the text of an ancient literature on how their integrity has been preserved for several centuries. Specifically, The Vedas is an ancient literature, which has its text remained preserved without any corruption for thousands of years. As we studied the system that protects the integrity of the text, pronunciation and semantics of the The Vedas, we discovered a number of similarities it has with the current concept of blockchain technology. It is surprising that the notion of de-centralized trust and mathematical encodings have existed since thousands of years in order to protect this work of literature. We have presented our findings and analysis of the similarities. There are also certain technical mechanisms that The Vedic integrity system uses, which can be used to enhance the current digital blockchain platforms in terms of its security and robustness.
Blockchain-Based Differential Privacy Cost Management System
Authors: Mei Leong Han, Yang Zhao, Jun Zhao
Abstract: Privacy preservation is a big concern for various sectors. To protect individual user data, one emerging technology is differential privacy. However, it still has limitations for datasets with frequent queries, such as the fast accumulation of privacy cost. To tackle this limitation, this paper explores the integration of a secured decentralised ledger, blockchain. Blockchain will be able to keep track of all noisy responses generated with differential privacy algorithm and allow for certain queries to reuse old responses. In this paper, a demo of a proposed blockchain-based privacy management system is designed as an interactive decentralised web application (DApp). The demo created illustrates that leveraging on blockchain will allow the total privacy cost accumulated to decrease significantly.
A Survey on Blockchain Interoperability: Past, Present, and Future Trends
Authors: Rafael Belchior, André Vasconcelos, Sérgio Guerreiro, Miguel Correia
Abstract: Blockchain interoperability is emerging as one of the crucial features of blockchain technology, but the knowledge necessary for achieving it is fragmented. This fact makes it challenging for academics and the industry to seamlessly achieve interoperability among blockchains. Given the novelty and potential of this new domain, we conduct a literature review on blockchain interoperability, by collecting 262 papers, and 70 grey literature documents, constituting a corpus of 332 documents. From those 332 documents, we systematically analyzed and discussed 80 documents, including both peer-reviewed papers and grey literature. Our review classifies studies in three categories: Cryptocurrency-directed interoperability approaches, Blockchain Engines, and Blockchain Connectors. Each category is further divided into sub-categories based on defined criteria. We discuss not only studies within each category and subcategory but also across categories, providing a holistic overview of blockchain interoperability, paving the way for systematic research in this domain. Our findings show that blockchain interoperability has a much broader spectrum than cryptocurrencies. The present survey leverages an interesting approach: we systematically contacted the authors of grey literature papers and industry solutions to obtain an updated view of their work. Finally, this paper discusses supporting technologies, standards, use cases, open challenges, and provides several future research directions.
Wallet Attestations for Virtual Asset Service Providers and Crypto-Assets Insurance
Authors: Thomas Hardjono, Alexander Lipton, Alex Pentland
Abstract: The emerging virtual asset service providers (VASP) industry currently faces a number of challenges related to the Travel Rule, notably pertaining to customer personal information, account number and cryptographic key information. VASPs will be handling virtual assets of different forms, where each may be bound to different private-public key pairs on the blockchain. As such, VASPs also face the additional problem of the management of its own keys and the management of customer keys that may reside in a customer wallet. The use of attestation technologies as applied to wallet systems may provide VASPs with suitable evidence relevant to the Travel Rule regarding cryptographic key information and their operational state. Additionally, wallet attestations may provide crypto-asset insurers with strong evidence regarding the key management aspects of a wallet device, thereby providing the insurance industry with measurable levels of assurance that can become the basis for insurers to perform risk assessment on crypto-assets bound to keys in wallets, both enterprise-grade wallets and consumer-grade wallets.
The Ritva Blockchain: Enabling Confidential Transactions at Scale
Authors: Henri Aare, Peter Vitols
Abstract: The distributed ledger technology has been widely hailed as the break-through technology. It has realised a great number of application scenarios, and improved workflow of many domains. Nonetheless, there remain a few major concerns in adopting and deploying the distributed ledger technology at scale. In this white paper, we tackle two of them, namely the throughput scalability and confidentiality protection for transactions. We learn from the existing body of research, and build a scale-out blockchain platform that champions privacy called RVChain. RVChain takes advantage of trusted execution environment to offer confidentiality protection for transactions, and scales the throughput of the network in proportion with the number of network participants by supporting parallel shadow chains.
Blockchain-noncrypto uses
A framework of blockchain-based secure and privacy-preserving E-government system
Authors: Noe Elisa, Longzhi Yang, Fei Chao, Yi Cao
Abstract: Electronic government (e-government) uses information and communication technologies to deliver public services to individuals and organisations effectively, efficiently and transparently. E-government is one of the most complex systems which needs to be distributed, secured and privacy-preserved, and the failure of these can be very costly both economically and socially. Most of the existing e-government systems such as websites and electronic identity management systems (eIDs) are centralized at duplicated servers and databases. A centralized management and validation system may suffer from a single point of failure and make the system a target to cyber attacks such as malware, denial of service attacks (DoS), and distributed denial of service attacks (DDoS). The blockchain technology enables the implementation of highly secure and privacy-preserving decentralized systems where transactions are not under the control of any third party organizations. Using the blockchain technology, exiting data and new data are stored in a sealed compartment of blocks (i.e., ledger) distributed across the network in a verifiable and immutable way. Information security and privacy are enhanced by the blockchain technology in which data are encrypted and distributed across the entire network. This paper proposes a framework of a decentralized e-government peer-to-peer (p2p) system using the blockchain technology, which can ensure both information security and privacy while simultaneously increasing the trust of the public sectors. In addition, a prototype of the proposed system is presented, with the support of a theoretical and qualitative analysis of the security and privacy implications of such system.
Consortium Blockchain for Security and Privacy-Preserving in E-government Systems
Authors: Noe Elisa, Longzhi Yang, Honglei Li, Fei Chao, Nitin Naik
Abstract: Since its inception as a solution for secure cryptocurrencies sharing in 2008, the blockchain technology has now become one of the core technologies for secure data sharing and storage over trustless and decentralised peer-to-peer systems. E-government is amongst the systems that stores sensitive information about citizens, businesses and other affiliates, and therefore becomes the target of cyber attackers. The existing e-government systems are centralised and thus subject to single point of failure. This paper proposes a secure and decentralised e-government system based on the consortium blockchain technology, which is a semi-public and decentralised blockchain system consisting of a group of pre-selected entities or organisations in charge of consensus and decisions making for the benefit of the whole network of peers. In addition, a number of e-government nodes are pre-selected to perform the tasks of user and transaction validation before being added to the blockchain network. Accordingly, e-government users of the consortium blockchain network are given the rights to create, submit, access, and review transactions. Performance evaluation on single transaction time and transactions processed per second demonstrate the practicability of the proposed consortium blockchain-based e-government system for secure information sharing amongst all stakeholders.
Blockchain for Academic Credentials
Authors: Chaitanya Bapat
Abstract: Academic credentials are documents that attest to successful completion of any test, exam or act as a validation of an individual’s skill. Currently, the domain of academic credential management suffers from large time consumption, high cost, dependence on third-party and a lack of transparency. A blockchain based solution tries to resolve these pain-points by allowing any recruiter or company to verify the user credentials without dependence on any centralized third party. Our decentralized application is based off of BlockCerts, an MIT project that acts as an open standard for blockchain credentials. The project talks about the implementation details of the decentralized application built for BlockCerts Wallet. It is an attempt to leverage the power of the blockchain technology as a global notary for the verification of digital records.
Access Control Management for Computer-Aided Diagnosis Systems using Blockchain
Authors: Mayra Samaniego, Hosseinzadeh Sara Kassani, Cristian Espana, Ralph Deters
Abstract: Computer-Aided Diagnosis (CAD) systems have emerged to support clinicians in interpreting medical images. CAD systems are traditionally combined with artificial intelligence (AI), computer vision, and data augmentation to evaluate suspicious structures in medical images. This evaluation generates vast amounts of data. Traditional CAD systems belong to a single institution and handle data access management centrally. However, the advent of CAD systems for research among multiple institutions demands distributed access management. This research proposes a blockchain-based solution to enable distributed data access management in CAD systems. This solution has been developed as a distributed application (DApp) using Ethereum in a consortium network.
Simulation-Based Digital Twin Development for Blockchain Enabled End-to-End Industrial Hemp Supply Chain Risk Management
Authors: Keqi Wang, Wei Xie, Wencen Wu, Bo Wang, Jinxiang Pei, Mike Baker, Qi Zhou
Abstract: With the passage of the 2018 U.S. Farm Bill, Industrial Hemp production is moved from limited pilot programs to a regulated agriculture production system. However, Industrial Hemp Supply Chain (IHSC) faces critical challenges, including: high complexity and variability, very limited production knowledge, lack of data and information tracking. In this paper, we propose blockchain-enabled IHSC and develop a preliminary simulation-based digital twin for this distributed cyber-physical system (CPS) to support the process learning and risk management. Basically, we develop a two-layer blockchain with proof of authority smart contract, which can track the data and key information, improve the supply chain transparency, and leverage local authorities and state regulators to ensure the quality control verification. Then, we introduce a stochastic simulation-based digital twin for IHSC risk management, which can characterize the process spatial-temporal causal interdependencies and dynamic evolution to guide risk control and decision making. Our empirical study demonstrates the promising performance of proposed platform.
Distributed Attribute-Based Access Control System Using a Permissioned Blockchain
Authors: Sara Rouhani, Rafael Belchior, S. Rui Cruz, Ralph Deters
Abstract: Auditing provides an essential security control in computer systems, by keeping track of all access attempts, including both legitimate and illegal access attempts. This phase can be useful to the context of audits, where eventual misbehaving parties can be held accountable. Blockchain technology can provide trusted auditability required for access control systems. In this paper, we propose a distributed \ac{ABAC} system based on blockchain to provide trusted auditing of access attempts. Besides auditability, our system presents a level of transparency that both access requestors and resource owners can benefit from it. We present a system architecture with an implementation based on Hyperledger Fabric, achieving high efficiency and low computational overhead. The proposed solution is validated through a use case of independent digital libraries. Detailed performance analysis of our implementation is presented, taking into account different consensus mechanisms and databases. The experimental evaluation shows that our presented system can process 5,000 access control requests with the send rate of 200 per second and a latency of 0.3 seconds.
Is Blockchain Suitable for Data Freshness? — Age-of-Information Perspective
Authors: Sungho Lee, Minsu Kim, Jemin Lee, Ruei-Hau Hsu, S. Q. Tony Quek
Abstract: Recent advances in blockchain have led to a significant interest in developing blockchain-based applications. While data can be retained in blockchains, the stored values can be deleted or updated. From a user viewpoint that searches for the data, it is unclear whether the discovered data from the blockchain storage is relevant for real-time decision-making process for blockchain-based application. The data freshness issue serves as a critical factor especially in dynamic networks handling real-time information. In general, transactions to renew the data require additional processing time inside the blockchain network, which is called ledger-commitment latency. Due to this problem, some users may receive outdated data. As a result, it is important to investigate if blockchain is suitable for providing real-time data services. In this article, we first describe blockchain-enabled (BCE) networks with Hyperledger Fabric (HLF). Then, we define age of information (AoI) of BCE networks and investigate the influential factors in this AoI. Analysis and experiments are conducted to support our proposed framework. Lastly, we conclude by discussing some future challenges.
Lightweight Blockchain Framework for Location-aware Peer-to-Peer Energy Trading
Authors: Mohsen Khorasany, Ali Dorri, Reza Razzaghi, Raja Jurdak
Abstract: Peer-to-Peer (P2P) energy trading can facilitate integration of a large number of small-scale producers and consumers into energy markets. Decentralized management of these new market participants is challenging in terms of market settlement, participant reputation and consideration of grid constraints. This paper proposes a blockchain-enabled framework for P2P energy trading among producer and consumer agents in a smart grid. A fully decentralized market settlement mechanism is designed, which does not rely on a centralized entity to settle the market and encourages producers and consumers to negotiate on energy trading with their nearby agents truthfully. To this end, the electrical distance of agents is considered in the pricing mechanism to encourage agents to trade with their neighboring agents. In addition, a reputation factor is considered for each agent, reflecting its past performance in delivering the committed energy. Before starting the negotiation, agents select their trading partners based on their preferences over the reputation and proximity of the trading partners. An Anonymous Proof of Location (A-PoL) algorithm is proposed that allows agents to prove their location without revealing their real identity. The practicality of the proposed framework is illustrated through several case studies, and its security and privacy are analyzed in detail.
Financial
Stablecoins 2.0: Economic Foundations and Risk-based Models
Authors: Ariah Klages-Mundt, Dominik Harz, Lewis Gudgeon, Jun-You Liu, Andreea Minca
Abstract: Stablecoins are one of the most widely capitalized type of cryptocurrency. However, their risks vary significantly according to their design and are often poorly understood. In this paper, we seek to provide a sound foundation for stablecoin theory, with a risk-based functional characterization of the economic structure of stablecoins. First, we match existing economic models to the disparate set of custodial systems. Next, we characterize the unique risks that emerge in non-custodial stablecoins and develop a model framework that unifies existing models from economics and computer science. We further discuss how this modeling framework is applicable to a wide array of cryptoeconomic systems, including cross-chain protocols, collateralized lending, and decentralized exchanges. These unique risks yield unanswered research questions that will form the crux of research in decentralized finance going forward.
Re-evaluating cryptocurrencies’ contribution to portfolio diversification — A portfolio analysis with special focus on German investors
Authors: Tim Schmitz, Ingo Hoffmann
Abstract: In this paper, we investigate whether mixing cryptocurrencies to a German investor portfolio improves portfolio diversification. We analyse this research question by applying a (mean variance) portfolio analysis using a toolbox consisting of (i) the comparison of descriptive statistics, (ii) graphical methods and (iii) econometric spanning tests. In contrast to most of the former studies we use a (broad) customized, Equally-Weighted Cryptocurrency Index (EWCI) to capture the average development of a whole ex ante defined cryptocurrency universe and to mitigate possible survivorship biases in the data. According to Glas/Poddig (2018), this bias could have led to misleading results in some already existing studies. We find that cryptocurrencies can improve portfolio diversification in a few of the analyzed windows from our dataset (consisting of weekly observations from 2014-01-01 to 2019-05-31). However, we cannot confirm this pattern as the normal case. By including cryptocurrencies in their portfolios, investors predominantly cannot reach a significantly higher efficient frontier. These results also hold, if the non-normality of cryptocurrency returns is considered. Moreover, we control for changes of the results, if transaction costs/illiquidities on the cryptocurrency market are additionally considered.
Egalitarian and Just Digital Currency Networks
Authors: Gal Shahaf, Ehud Shapiro, Nimrod Talmon
Abstract: Cryptocurrencies are a digital medium of exchange with decentralized control that renders the community operating the cryptocurrency its sovereign. Leading cryptocurrencies use proof-of-work or proof-of-stake to reach consensus, thus are inherently plutocratic. This plutocracy is reflected not only in control over execution, but also in the distribution of new wealth, giving rise to “rich get richer” phenomena. Here, we explore the possibility of an alternative digital currency that is egalitarian in control and just in the distribution of created wealth. Such currencies can form and grow in grassroots and sybil-resilient way. A single currency community can achieve distributive justice by egalitarian coin minting, where each member mints one coin at every time step. Egalitarian minting results, in the limit, in the dilution of any inherited assets and in each member having an equal share of the minted currency, adjusted by the relative productivity of the members. Our main theorem shows that a currency network, where agents can be members of more than one currency community, can achieve distributive justice globally across the network by \emph{joint egalitarian minting}, where each agent mints one coin in only one community at each timestep. Equality and distributive justice can be achieved among people that own the computational agents of a currency community provided that the agents are genuine (unique and singular). We show that currency networks are sybil-resilient, in the sense that sybils (fake or duplicate agents) affect only the communities that harbour them, and not hamper the ability of genuine (sybil-free)communities in a network to achieve distributed justice.
Internet of Things (IoT)
Blockchain, Fog and IoT Integrated Framework: Review, Architecture and Evaluation
Authors: Tanweer Alam, Mohamed Benaida
Abstract: In the next-generation computing, the role of cloud, internet, and smart devices will be capacious. Nowadays we all are familiar with the word smart. This word is used a number of times in our daily life. The Internet of Things (IoT) will produce remarkable different kinds of information from different resources. It can store and process big data in the cloud. The fogging acts as an interface between cloud and IoT. The IoT nodes are also known as fog nodes, these nodes are able to access anywhere within the range of the network. The blockchain is a novel approach to record the transactions in a sequence securely. Developing new blockchains based integrated framework in the architecture of the IoT is one of the emerging approaches to solving the issue of communication security among the IoT public nodes. This research explores a novel approach to integrate blockchain technology with the fog and IoT networks and provides communication security to the internet of smart devices. The framework is tested and implemented in the IoT network. The results are found positive.
Mathematical
On the Security of Proofs of Sequential Work in a Post-Quantum World
Authors: Jeremiah Blocki, Seunghoon Lee, Samson Zhou
Abstract: A proof of sequential work allows a prover to convince a resource-bounded verifier that the prover invested a substantial amount of sequential time to perform some underlying computation. Proofs of sequential work have many applications including time-stamping, blockchain design, and universally verifiable CPU benchmarks. Mahmoody, Moran, and Vadhan (ITCS 2013) gave the first construction of proofs of sequential work in the random oracle model though the construction relied on expensive depth-robust graphs. In a recent breakthrough, Cohen and Pietrzak (EUROCRYPT 2018) gave a more efficient construction that does not require depth-robust graphs. In each of these constructions, the prover commits to a labeling of a directed acyclic graph $G$ with $N$ nodes and the verifier audits the prover by checking that a small subset of labels are locally consistent, e.g., $L_v = H(L_{v_1},\ldots,L_{v_δ})$, where $v_1,\ldots,v_δ$ denote the parents of node $v$. Provided that the graph $G$ has certain structural properties (e.g., depth-robustness), the prover must produce a long $\mathcal{H}$-sequence to pass the audit with non-negligible probability. An $\mathcal{H}$-sequence $x_0,x_1\ldots x_T$ has the property that $H(x_i)$ is a substring of $x_{i+1}$ for each $i$, i.e., we can find strings $a_i,b_i$ such that $x_{i+1} = a_i \cdot H(x_i) \cdot b_i$. In the parallel random oracle model, it is straightforward to argue that any attacker running in sequential time $T-1$ will fail to produce an $\mathcal{H}$-sequence of length $T$ except with negligible probability — even if the attacker submits large batches of random oracle queries in each round. (See the paper for the full abstract.)
Stateless Distributed Ledgers
Authors: François Bonnet, Quentin Bramas, Xavier Défago
Abstract: In public distributed ledger technologies (DLTs), such as Blockchains, nodes can join and leave the network at any time. A major challenge occurs when a new node joining the network wants to retrieve the current state of the ledger. Indeed, that node may receive conflicting information from honest and Byzantine nodes, making it difficult to identify the current state. In this paper, we are interested in protocols that are stateless, i.e., a new joining node should be able to retrieve the current state of the ledger just using a fixed amount of data that characterizes the ledger (such as the genesis block in Bitcoin). We define three variants of stateless DLTs: weak, strong, and probabilistic. Then, we analyze this property for DLTs using different types of consensus.
GHAST: Breaking Confirmation Delay Barrier in Nakamoto Consensus via Adaptive Weighted Blocks
Authors: Chenxing Li, Fan Long, Guang Yang
Abstract: Initiated from Nakamoto’s Bitcoin system, blockchain technology has demonstrated great capability of building secure consensus among decentralized parties at Internet-scale, i.e., without relying on any centralized trusted party. Nowadays, blockchain systems find applications in various fields. But the performance is increasingly becoming a bottleneck, especially when permissionless participation is retained for full decentralization. In this work, we present a new consensus protocol named GHAST (Greedy Heaviest Adaptive Sub-Tree) which organizes blocks in a Tree-Graph structure (i.e., a directed acyclic graph (DAG) with a tree embedded) that allows fast and concurrent block generation. GHAST protocol simultaneously achieves a logarithmically bounded liveness guarantee and low confirmation latency. More specifically, for maximum latency $d$ and adversarial computing power bounded away from 50\%, GHAST guarantees confirmation with confidence $\ge 1-\varepsilon$ after a time period of $O(d\cdot \log(1/\varepsilon))$. When there is no observable attack, GHAST only needs $3d$ time to achieve confirmation at the same confidence level as six-block-confirmation in Bitcoin, while it takes roughly $360d$ in Bitcoin.
Proof of Work (PoW) alternatives
Time-Variant Proof-of-Work Using Error-Correction Codes
Authors: Sangjun Park, Haeung Choi, Heung-No Lee
Abstract: The protocol for cryptocurrencies can be divided into three parts, namely consensus, wallet, and networking overlay. The aim of the consensus part is to bring trustless rational peer-to-peer nodes to an agreement to the current status of the blockchain. The status must be updated through valid transactions. A proof-of-work (PoW) based consensus mechanism has been proven to be secure and robust owing to its simple rule and has served as a firm foundation for cryptocurrencies such as Bitcoin and Ethereum. Specialized mining devices have emerged, as rational miners aim to maximize profit, and caused two problems: i) the re-centralization of a mining market and ii) the huge energy spending in mining. In this paper, we aim to propose a new PoW called Error-Correction Codes PoW (ECCPoW) where the error-correction codes and their decoder can be utilized for PoW. In ECCPoW, puzzles can be intentionally generated to vary from block to block, leading to a time-variant puzzle generation mechanism. This mechanism is useful in repressing the emergence of the specialized mining devices. It can serve as a solution to the two problems of recentralization and energy spending.
Democratising blockchain: A minimal agency consensus model
Authors: Marcin Abram, David Galindo, Daniel Honerkamp, Jonathan Ward, Jin-Mann Wong
Abstract: We propose a novel consensus protocol based on a hybrid approach, that combines a directed acyclic graph (DAG) and a classical chain of blocks. This architecture allows us to enforce collective block construction, minimising the monopolistic power of the round-leader. In this way, we decrease the possibility for collusion among senders and miners, as well as miners themselves, allowing the use of more incentive compatible and fair pricing strategies. We investigate these possibilities alongside the ability to use the DAG structure to minimise the risk of transaction censoring. We conclude by providing preliminary benchmarks of our protocol and by exploring further research directions.
ProPoS: A Probabilistic Proof-of-Stake Protocol
Authors: Daniel Reijsbergen, Pawel Szalachowski, Junming Ke, Zengpeng Li, Jianying Zhou
Abstract: We present ProPoS, a Proof-of-Stake protocol dedicated, but not limited, to cryptocurrencies. ProPoS is a chain-based protocol that minimizes interactions between nodes through lightweight committee voting, resulting in a more simple, robust, and scalable proposal than competing systems. It also mitigates other drawbacks of previous systems, such as high reward variance and long confirmation times. ProPoS can support large node numbers by design, and provides probabilistic safety guarantees whereby a client makes commit decisions by calculating the probability that a transaction is reverted based on its blockchain view. We present a thorough analysis of ProPoS and report on its implementation and evaluation. Furthermore, our new technique of proving safety can be applied more broadly to other Proof-of-Stake protocols.
Smart contracts
Smart Contract-based Computing ResourcesTrading in Edge Computing
Authors: Jinyue Song, Tianbo Gu, Yunjie Ge, Prasant Mohapatra
Abstract: In recent years, there is an emerging trend that some computing services are moving from cloud to the edge of the networks. Compared to cloud computing, edge computing can provide services with faster response, lower expense, and more security. The massive idle computing resources closing to the edge also enhance the deployment of edge services. Instead of using cloud services from some primary providers, edge computing provides people with a great chance to actively join the market of computing resources. However, edge computing also has some critical impediments that we have to overcome. In this paper, we design an edge computing service platform that can receive and distribute the computing resources from the end-users in a decentralized way. Without centralized trade control, we propose a novel hierarchical smart contract-based decentralized technique to establish the trading trust among users and provide flexible smart contract interfaces to satisfy users. Our system also considers and resolves a variety of security and privacy challenges when utilizing the encryption and distributed access control mechanism. We implement our system and conduct extensive experiments to show the feasibility and effectiveness of our proposed system.
DEPOSafe: Demystifying the Fake Deposit Vulnerability in Ethereum Smart Contracts
Authors: Ru Ji, Ningyu He, Lei Wu, Haoyu Wang, Guangdong Bai, Yao Guo
Abstract: Cryptocurrency has seen an explosive growth in recent years, thanks to the evolvement of blockchain technology and its economic ecosystem. Besides Bitcoin, thousands of cryptocurrencies have been distributed on blockchains, while hundreds of cryptocurrency exchanges are emerging to facilitate the trading of digital assets. At the same time, it also attracts the attentions of attackers. Fake deposit, as one of the most representative attacks (vulnerabilities) related to exchanges and tokens, has been frequently observed in the blockchain ecosystem, causing large financial losses. However, besides a few security reports, our community lacks of the understanding of this vulnerability, for example its scale and the impacts. In this paper, we take the first step to demystify the fake deposit vulnerability. Based on the essential patterns we have summarized, we implement DEPOSafe, an automated tool to detect and verify (exploit) the fake deposit vulnerability in ERC-20 smart contracts. DEPOSafe incorporates several key techniques including symbolic execution based static analysis and behavior modeling based dynamic verification. By applying DEPOSafe to 176,000 ERC-20 smart contracts, we have identified over 7,000 vulnerable contracts that may suffer from two types of attacks. Our findings demonstrate the urgency to identify and prevent the fake deposit vulnerability.
Leave a Comment