May 2020 list
If you feel a paper should belong to another category, or that we missed a relevant paper just let us know. Participation is most welcome!
Categories:
- Attacks and defenses
- Blockchain-general
- Blockchain-noncrypto uses
- Financial
- Internet of Things (IoT)
- Mathematical
- Proof of Work (PoW) alternatives
- Smart contracts
Attacks and defenses
Griefing-Penalty: Countermeasure for Griefing Attack in Bitcoin-compatible PCNs
Authors: Prabal Banerjee, Subhra Mazumdar, Sushmita Ruj
Abstract: Payment Channel Networks or PCNs have gained prominence ensuring faster relaying of transactions. However, this Layer-two solution has its own fair share of problems. Topological analysis on Lightning Network reveals that Griefing Attack is a major problem whereby an adversary intentionally exhausts the channel capacity of the network. It can be used for mounting series of targeted attacks like Denial-of-Service Attack, Node Isolation Attack and Channel Exhaustion Attack on honest participants as well. Though the attack does not always result in a direct monetary gain of the attacker, blocking of channel capacity for several days prevented several nodes from processing any future transaction request, leading to substantial collateral damage. Certain portions of the payment channel network get stalled which hampers the throughput and utility of the network. Mitigating Griefing Attack still remains an open problem. In this paper, we propose an efficient countermeasure for the attack, known as Griefing-Penalty. Mounting such an attack requires the attacker to pay a penalty proportional to the collateral cost of executing a payment. The penalty is used for compensating parties who incurred loss by locking funds. Our proposed strategy works for any timelock based payment protocol and ensures faster resolution of payments. To illustrate it, we propose a new payment protocol HTLC-GP or Hashed Timelock Contract with Griefing-Penalty. It not only preserves privacy but also ensures that an attacker cannot ascribe blame on any honest intermediary present in the path relaying a payment.
Pump and Dumps in the Bitcoin Era: Real Time Detection of Cryptocurrency Market Manipulations
Authors: Massimo Morgia La, Alessandro Mei, Francesco Sassi, Julinda Stefa
Abstract: In the last years, cryptocurrencies are increasingly popular. Even people who are not experts have started to invest in these securities and nowadays cryptocurrency exchanges process transactions for over 100 billion US dollars per month. However, many cryptocurrencies have low liquidity and therefore they are highly prone to market manipulation schemes. In this paper, we perform an in-depth analysis of pump and dump schemes organized by communities over the Internet. We observe how these communities are organized and how they carry out the fraud. Then, we report on two case studies related to pump and dump groups. Lastly, we introduce an approach to detect the fraud in real time that outperforms the current state of the art, so to help investors stay out of the market when a pump and dump scheme is in action.
Contra-*: Mechanisms for Countering Spam Attacks on Blockchain Memory Pools
Authors: Muhammad Saad, Joongheon Kim, DaeHun Nyang, David Mohaisen
Abstract: Blockchain-based cryptocurrencies, such as Bitcoin, have seen on the rise in their popularity and value, making them a target to several forms of Denial-of-Service (DoS) attacks, and calling for a better understanding of their attack surface from both security and distributed systems standpoints. In this paper, and in the pursuit of understanding the attack surface of blockchains, we explore a new form of attack that can be carried out on the memory pools (mempools) and mainly targets blockchain-based cryptocurrencies. We study this attack on Bitcoin mempool and explore the attack effects on transactions fee paid by benign users. To counter this attack, this paper further proposes Contra-*:, a set of countermeasures utilizing fee, age, and size (thus, Contra-F, Contra-A, and Contra-S) as prioritization mechanisms. Contra-*: optimize the mempool size and help in countering the effects of DoS attacks due to spam transactions. We evaluate Contra-* by simulations and analyze their effectiveness under various attack conditions.
Blockchain-general
Blockchain is Watching You: Profiling and Deanonymizing Ethereum Users
Authors: Ferenc Béres, András István Seres, A. András Benczúr, Mikerah Quintyne-Collins
Abstract: Ethereum is the largest public blockchain by usage. It applies an account-based model, which is inferior to Bitcoin’s unspent transaction output model from a privacy perspective. As the account-based models for blockchains force address reuse, we show how transaction graphs and other quasi-identifiers of users such as time-of-day activity, transaction fees, and transaction graph analysis can be used to reveal some account owners. To the best of our knowledge, we are the first to propose and implement Ethereum user profiling techniques based on user quasi-identifiers. Due to the privacy shortcomings of the account-based model, recently several privacy-enhancing overlays have been deployed on Ethereum, such as non-custodial, trustless coin mixers and confidential transactions. We assess the strengths and weaknesses of the existing privacy-enhancing solutions and quantitatively assess the privacy guarantees of the Etherum blockchain and ENS. We identify several heuristics as well as profiling and deanonymization techniques against some popular and emerging privacy-enhancing tools.
Aquareum: A Centralized Ledger Enhanced with Blockchain and Trusted Computing
Authors: Ivan Homoliak, Pawel Szalachowski
Abstract: Distributed ledger systems (i.e., blockchains) have received a lot of attention recently. They promise to enable mutually untrusted participants to execute transactions, while providing the immutability of the transaction history and censorship resistance. Although decentralized ledgers may become a disruptive innovation, as of today, they suffer from scalability, privacy, or governance issues. Therefore, they are inapplicable for many important use cases, where interestingly, centralized ledger systems quietly gain adoption and find new use cases. Unfortunately, centralized ledgers have also several drawbacks, like a lack of efficient verifiability or a higher risk of censorship and equivocation. In this paper, we present Aquareum, a novel framework for centralized ledgers removing their main limitations. By combining a trusted execution environment with a public blockchain platform, Aquareum provides publicly verifiable, non-equivocating, censorship-evident, private, and high-performance ledgers. Aquareum ledgers are integrated with a Turing-complete virtual machine, allowing arbitrary transaction processing logics, including tokens or client-specified smart contracts. Aquareum is fully implemented and deployment-ready, even with currently existing technologies.
Custody Protocols Using Bitcoin Vaults
Authors: Jacob Swambo, Spencer Hommel, Bob McElrath, Bryan Bishop
Abstract: A bitcoin \textit{covenant} is a mechanism to enforce conditions on future bitcoin transactions. A bitcoin \textit{vault} is a specific type of covenant transaction that enforces a time-lock on the transfer of control of funds to a hot wallet, but enables an immediate transfer of funds into a deep cold recovery wallet. This paper demonstrates how to integrate a bitcoin vault into a custody protocol and demonstrates the security properties of that protocol. The vault is implemented using pre-signed transactions with secure key deletion (as proposed in \cite{Swambo2020cov}). It is shown that vault-custody protocols enable the wallet owner to specify their desired balance for an inherent trade-off between the security of and accessibility of bitcoin holdings by adjusting the length of time-locks used. It is also demonstrated that wallet owners have increased control of risk-management by compartmentalizing funds across numerous vault transactions. While it isn’t realistic to completely prevent theft, the most likely theft scenarios (compromising the hot wallet) have severely limited profitability for an attacker, deterring attempts at theft from the beginning. The proposed architecture was designed to offer defence-in-depth through redundancy and fault-tolerant functionality as well as countermeasures for class breaks through diversity across hardware and software layers. Finally, the architecture employs a detection (a watchtower) and response system that enables fail-safe recovery from attempted or partial thefts through a second type of covenant transaction, a push-to-recovery-wallet transaction.
Design Patterns for Blockchain-based Self-Sovereign Identity
Authors: Yue Liu, Qinghua Lu, Hye-Young Paik, Xiwei Xu
Abstract: Self-sovereign identity is a new identity management paradigm that allows entities to really have the ownership of their identity data and control their use without involving any intermediary. Blockchain is an enabling technology for building self-sovereign identity systems by providing a neutral and trustable storage and computing infrastructure and can be viewed as a component of the systems. Both blockchain and self-sovereign identity are emerging technologies which could present a steep learning curve for architects. We collect and propose 12 design patterns for blockchain-based self-sovereign identity systems to help the architects understand and easily apply the concepts in system design. Based on the lifecycles of three main objects involved in self-sovereign identity, we categorise the patterns into three groups: key management patterns, decentralised identifier management patterns, and credential design patterns. The proposed patterns provide a systematic and holistic guide for architects to design the architecture of blockchain-based self-sovereign identity systems.
Scaling Blockchains Without Giving up Decentralization and Security
Authors: Gianmaria Monte Del, Diego Pennino, Maurizio Pizzonia
Abstract: Public blockchains should be able to scale with respect to the number of nodes and to the transactions load. Despite the large research and experimental effort, all known approaches turn out to be tradeoffs that sacrifice security or decentralization to achieve scalability. Actually, the blockchain scalability trilemma has been informally proposed. This is related to scalability, security and decentralization, stating that any improvement in one of these aspects should negatively impact on at least one of the other two aspects. We introduce a new blockchain architecture that scales to arbitrarily high transactions workload provided that a corresponding proportional increment of nodes is provided. In this scalability process, no tradeoff on security or decentralization is required. To the best of our knowledge, this is the first result of this kind. While our result is currently only theoretic, we believe that our approach could stimulate significant practical contributions.
Enabling Deletion in Append-Only Blockchains (Short Summary / Work in Progress)
Authors: Michael Kuperberg
Abstract: Conventional blockchain implementations with append-only semantics do not support deleting or overwriting data in confirmed blocks. However, many industry-relevant use cases require the ability to delete data, especially when personally identifiable information is stored or when data growth has to be constrained. Existing attempts to reconcile these contradictions compromise on core qualities of the blockchain paradigm, as they include backdoor-like approaches such as central authorities with elevated rights or usage of specialized chameleon hash algorithms in chaining of the blocks. In this technical report, we outline a novel architecture for the blockchain ledger and consensus, which uses a tree of context chains with simultaneous validity. A context chain captures the transactions of a closed group of entities and persons, thus structuring blocks in a precisely defined way. The resulting context isolation enables consensus-steered deletion of an entire context without side effects to other contextes. This architecture opens the possibility of truncation, data rollover and separation of concerns, and can help to fulfill the GDPR regulations.
A Difficulty in Controlling Blockchain Mining Costs via Cryptopuzzle Difficulty
Authors: Siddhardh Sriram Venkata Nadendla, R. Lav Varshney
Abstract: Blockchain systems often employ proof-of-work consensus protocols to validate and add transactions into hashchains. These protocols stimulate competition among miners in solving cryptopuzzles (e.g. SHA-256 hash computation in Bitcoin) in exchange for a monetary reward. Here, we model mining as an all-pay auction, where miners’ computational efforts are interpreted as bids, and the allocation function is the probability of solving the cryptopuzzle in a single attempt with unit (normalized) computational capability. Such an allocation function captures how blockchain systems control the difficulty of the cryptopuzzle as a function of miners’ computational abilities (bids). In an attempt to reduce mining costs, we investigate designing a mining auction mechanism which induces a logit equilibrium amongst the miners with choice distributions that are unilaterally decreasing with costs at each miner. We show it is impossible to design a lenient allocation function that does this. Specifically, we show that there exists no allocation function that discourages miners to bid higher costs at logit equilibrium, if the rate of change of difficulty with respect to each miner’s cost is bounded by the inverse of the sum of costs at all the miners.
An Attestation Architecture for Blockchain Networks
Authors: Thomas Hardjono, Ned Smith
Abstract: If blockchain networks are to become the building blocks of the infrastructure for the future digital economy, then several challenges related to the resiliency and survivability of blockchain networks need to be addressed. The survivability of a blockchain network is influenced by the diversity of its nodes. Trustworthy device-level attestations permits nodes in a blockchain network to provide truthful evidence regarding their current configuration, operational state, keying material and other system attributes. In the current work we review the recent developments towards a standard attestation architecture and evidence conveyance protocols. We explore the applicability and benefits of a standard attestation architecture to blockchain networks. Finally, we discuss a number of open challenges related to node attestations that has arisen due to changing model of blockchain network deployments, such as the use virtualization and containerization technologies for nodes in cloud infrastructures.
From Byzantine Replication to Blockchain: Consensus is only the Beginning
Authors: Alysson Bessani, Eduardo Alchieri, João Sousa, André Oliveira, Fernando Pedone
Abstract: The popularization of blockchains leads to a resurgence of interest in Byzantine Fault-Tolerant (BFT) state machine replication protocols. However, much of the work on this topic focuses on the underlying consensus protocols, with emphasis on their lack of scalability, leaving other subtle limitations unaddressed. These limitations are related to the effects of maintaining a durable blockchain instead of a write-ahead log and the requirement for reconfiguring the set of replicas in a decentralized way. We demonstrate these limitations using a digital coin blockchain application and BFT-SMaRt, a popular BFT replication library. We show how they can be addressed both at a conceptual level, in a protocol-agnostic way, and by implementing SMaRtChain, a blockchain platform based on BFT-SMaRt. SMaRtChain improves the performance of our digital coin application by a factor of eight when compared with a naive implementation on top of BFT-SMaRt. Moreover, SMaRtChain achieves a throughput $8\times$ and $33\times$ better than Tendermint and Hyperledger Fabric, respectively, when ensuring strong durability on its blockchain.
Blockchain-noncrypto uses
SoK: Blockchain Solutions for Forensics
Authors: K. Thomas Dasaklis, Fran Casino, Constantinos Patsakis
Abstract: As the digitization of information-intensive processes gains momentum in nowadays, the concern is growing about how to deal with the ever-growing problem of cybercrime. To this end, law enforcement officials and security firms use sophisticated digital forensics techniques for analyzing and investigating cybercrimes. However, multi-jurisdictional mandates, interoperability issues, the massive amount of evidence gathered (multimedia, text etc.) and multiple stakeholders involved (law enforcement agencies, security firms etc.) are just a few among the various challenges that hinder the adoption and implementation of sound digital forensics schemes. Blockchain technology has been recently proposed as a viable solution for developing robust digital forensics mechanisms. In this paper, we provide an overview and classification of the available blockchain-based digital forensic tools, and we further describe their main features. We also offer a thorough analysis of the various benefits and challenges of the symbiotic relationship between blockchain technology and the current digital forensics approaches, as proposed in the available literature. Based on the findings, we identify various research gaps, and we suggest future research directions that are expected to be of significant value both for academics and practitioners in the field of digital forensics.
VerifyMed — A blockchain platform for transparent trust in virtualized healthcare: Proof-of-concept
Authors: Hanssen Jens-Andreas Rensaa, Danilo Gligoroski, Katina Kralevska, Anton Hasselgren, Arild Faxvaag
Abstract: Patients living in a digitized world can now interact with medical professionals through online services such as chat applications, video conferencing or indirectly through consulting services. These applications need to tackle several fundamental trust issues: 1. Checking and confirming that the person they are interacting with is a real person; 2. Validating that the healthcare professional has competence within the field in question; and 3. Confirming that the healthcare professional has a valid license to practice. In this paper, we present VerifyMed — the first proof-of-concept platform, built on Ethereum, for transparently validating the authorization and competence of medical professionals using blockchain technology. Our platform models trust relationships within the healthcare industry to validate professional clinical authorization. Furthermore, it enables a healthcare professional to build a portfolio of real-life work experience and further validates the competence by storing outcome metrics reported by the patients. The extensive realistic simulations show that with our platform, an average cost for creating a smart contract for a treatment and getting it approved is around 1 USD, and the cost for evaluating a treatment is around 50 cents.
DHP Framework: Digital Health Passports Using Blockchain
Authors: Marios Constantinos Angelopoulos, Amalia Damianou, Vasilios Katos
Abstract: In order to contain the COVID-19 pandemic, several countries enforced extended social distancing measures for several weeks, effectively pausing the majority of economic activities. In an effort to resume economic activity safely, several Digital Contact Tracing applications and protocols have been introduced with success. However, DCT is a reactive method, as it aims to break existing chains of disease transmission in a population. Therefore DCT is not suitable for proactively preventing the spread of a disease; an approach that relevant to certain use cases, such as international tourism, where individuals travel across borders. In this work, we first identify the limitations characterising DCT related to privacy issues, unwillingness of the public to use DCT mobile apps due to privacy concerns, lack of interoperability among different DCT applications and protocols, and the assumption that there is limited, local mobility in the population. We then discuss the concept of a Health Passport as a means of verifying that individuals are disease risk-free and how it could be used to resume the international tourism sector. Following, we present the DHP Framework that uses a private blockchain and Proof of Authority for issuing Digital Health Passports. The framework provides a distributed infrastructure supporting the issuance of DHPs by foreign health systems and their verification by relevant stakeholders, such as airline companies and border control authorities. We discuss the attributes of the system in terms of its usability and performance, security and privacy. Finally, we conclude by identifying future extensions of our work on formal security and privacy properties that need to be rigorously guaranteed via appropriate security protocols.
BlockRoam: Blockchain-based Roaming Management System for Future Mobile Networks
Authors: T. Cong Nguyen, N. Diep Nguyen, Thai Dinh Hoang, Hoang-Anh Pham, Huynh Nguyen Tuong, Yong Xiao, Eryk Dutkiewicz
Abstract: Mobile service providers (MSPs) are particularly vulnerable to roaming frauds, especially ones that exploit the long delay in the data exchange process of the contemporary roaming management systems, causing multi-billion dollars loss each year. In this paper, we introduce BlockRoam, a novel blockchain-based roaming management system that provides an efficient data exchange platform among MSPs and mobile subscribers. Utilizing the Proof-of-Stake (PoS) consensus mechanism and smart contracts, BlockRoam can significantly shorten the information exchanging delay, thereby addressing the roaming fraud problems. Through intensive analysis, we show that the security and performance of such PoS-based blockchain network can be further enhanced by incentivizing more users (e.g., subscribers) to participate in the network. Moreover, users in such networks often join stake pools (e.g., formed by MSPs) to increase their profits. Therefore, we develop an economic model based on Stackelberg game to jointly maximize the profits of the network users and the stake pool, thereby encouraging user participation. We also propose an effective method to guarantee the uniqueness of this game’s equilibrium. The performance evaluations show that the proposed economic model helps the MSPs to earn additional profits, attracts more investment to the blockchain network, and enhances the network’s security and performance.
Pay as You Go: A Generic Crypto Tolling Architecture
Authors: Paulo Bartolomeu, Emanuel Vieira, Joaquim Ferreira
Abstract: The imminent pervasive adoption of vehicular communication, based on dedicated short-range technology (ETSI ITS G5 or IEEE WAVE), 5G, or both, will foster a richer service ecosystem for vehicular applications. The appearance of new cryptography based solutions envisaging digital identity and currency exchange are set to stem new approaches for existing and future challenges. This paper presents a novel tolling architecture that harnesses the availability of 5G C-V2X connectivity for open road tolling using smartphones, IOTA as the digital currency and Hyperledger Indy for identity validation. An experimental feasibility analysis is used to validate the proposed architecture for secure, private and convenient electronic toll payment.
A Blockchain Architecture for Industrial Applications
Authors: Lodovica Marchesi, Michele Marchesi, Roberto Tonelli
Abstract: The Blockchain and the programs running on it, called Smart Contracts, are more and more applied in all fields requiring trust and strong certifications. In this work we compare public and permissioned blockchains for industrial applications. We propose a complete, original solution based on Ethereum to implement a decentralized application. This solution is characterized by a set of validator nodes running the blockchain using Proof-of-Authority consensus, and including an Explorer enabling users to check blockchain state, and the source code of the Smart Contracts running on it. From time to time, the hash digest of the last mined block is written into a public blockchain to guarantee immutability. The right to send transactions is granted by validator nodes to users by endowing them with the local Ethers mined. Overall, the proposed approach has the same transparency and immutability of a public blockchain, without its drawbacks.
Carbon Trading with Blockchain
Authors: Andreas Richardson, Jiahua Xu
Abstract: Blockchain has the potential to accelerate the deployment of emissions trading systems (ETS) worldwide and improve upon the efficiency of existing systems. In this paper, we present a model for a permissioned blockchain implementation based on the successful European Union (EU) ETS and discuss its potential advantages over existing technology. We propose an ETS model that is both backwards compatible and future-proof, characterised by interconnectedness, transparency, tamper-resistance and high liquidity. Further, we identify key challenges to implementation of a blockchain ETS, as well as areas of future work required to enable a fully-decentralised blockchain ETS.
Financial
Stocks and Cryptocurrencies: Anti-fragile or Robust?
Authors: Darío Alatorre, Carlos Gershenson, José Mateos
Abstract: Antifragility was recently defined as a property of complex systems that benefit from disorder. However, its original formal definition is difficult to apply. Our approach has been to define and test a much simpler measure of antifragility for complex systems. In this work we use our antifragility measure to analyze real data from the stock market and cryptocurrency prices. Results vary between different antifragility interpretations and for each system. Our results suggest that the stock market favors robustness rather than antifragility, as in most cases the highest and lowest antifragility values are reached either by young agents or constant ones. There are no clear correlations between antifragility and different good-performance measures, while the best performers seem to fall within a robust threshold. In the case of cryptocurrencies, there is an apparent correlation between high price and high antifragility.
Internet of Things (IoT)
Blockchain and Fog Computing for Cyber-Physical Systems: Case of Smart Industry
Authors: Ouns Bouachir, Moayad Aloqaily, Lewis Tesng, Azzedine Boukerche
Abstract: Blockchain has revolutionized how transactions are conducted by ensuring secure and auditable peer-to-peer coordination. This is due to both the development of decentralization, and the promotion of trust among peers. Blockchain and fog computing are currently being evaluated as potential support for software and a wide spectrum of applications, ranging from banking practices and digital transactions to cyber-physical systems. These systems are designed to work in highly complex, sometimes even adversarial, environments, and to synchronize heterogeneous machines and manufacturing facilities in cyber computational space, and address critical challenges such as computational complexity, security, trust, and data management. Coupling blockchain with fog computing technologies has the potential to identify and overcome these issues. Thus, this paper presents the knowledge of blockchain and fog computing required to improve cyber-physical systems in terms of quality-of-service, data storage, computing and security.
Rethinking Blockchains in the Internet of Things Era from a Wireless Communication Perspective
Authors: Hongxin Wei, Wei Feng, Yunfei Chen, Cheng-Xiang Wang, Ning Ge
Abstract: Due to the rapid development of Internet of Things (IoT), a massive number of devices are connected to the Internet. For these distributed devices in IoT networks, how to ensure their security and privacy becomes a significant challenge. The blockchain technology provides a promising solution to protect the data integrity, provenance, privacy, and consistency for IoT networks. In blockchains, communication is a prerequisite for participants, which are distributed in the system, to reach consensus. However, in IoT networks, most of the devices communicate through wireless links, which are not always reliable. Hence, the communication reliability of IoT devices influences the system security. In this article, we rethink the roles of communication and computing in blockchains by accounting for communication reliability. We analyze the tradeoff between communication reliability and computing power in blockchain security, and present a lower bound to the computing power that is needed to conduct an attack with a given communication reliability. Simulation results show that adversarial nodes can succeed in tampering a block with less computing power by hindering the propagation of blocks from other nodes.
Trade-offs in the Design of Blockchain of Finite-Lifetime Blocks for Edge-IoT Applications
Authors: Shravan Garlapati
Abstract: Unlike cryptocurrency transactions in bitcoin that are stored indefinitely, the data of certain applications like IoT have finite-lifetime. In this context, one of the recent research works proposed LiTiChain – a new architecture for Blockchain of finite-lifetime blocks with applications to Edge-IoT. The novelty of LiTiChain lies in ensuring the connectivity of the chain even after the expired blocks are deleted from the chain. To provide the same level of security as conventional blockchain, in LiTiChain, some blocks are stored longer than their lifetime, which incurs additional storage cost. This paper presents two new blockchain architectures i.e. p-LiTiChain and s-LiTiChain that are variants of LiTiChain. The proposed architectures offer a degree of freedom in the design of blockchain of finite-lifetime blocks in terms of a tradeoff between storage cost, security and computational cost. With extensive simulations and analysis, it is demonstrated that the proposed architectures have the potential to decrease the additional storage cost incurred by LiTiChain to zero and improve security at the expense of computational cost.
A Cost-efficient IoT Forensics Framework with Blockchain
Authors: Suat Mercan, Mumin Cebe, Ege Tekiner, Kemal Akkaya, Melissa Chang, Selcuk Uluagac
Abstract: IoT devices have been adopted widely in the last decade which enabled collection of various data from different environments. The collected data is crucial in certain applications where IoT devices generate data for critical infrastructure or systems whose failure may result in catastrophic results. Specifically, for such critical applications, data storage poses challenges since the data may be compromised during the storage and the integrity might be violated without being noticed. In such cases, integrity and data provenance are required in order to be able to detect the source of any incident and prove it in legal cases if there is a dispute with the involved parties. To address these issues, blockchain provides excellent opportunities since it can protect the integrity of the data thanks to its distributed structure. However, it comes with certain costs as storing huge amount of data in a public blockchain will come with significant transaction fees. In this paper, we propose a highly cost effective and reliable digital forensics framework by exploiting multiple inexpensive blockchain networks as a temporary storage before the data is committed to Ethereum. To reduce Ethereum costs,we utilize Merkle trees which hierarchically stores hashes of the collected event data from IoT devices. We evaluated the approach on popular blockchains such as EOS, Stellar, and Ethereum by presenting a cost and security analysis. The results indicate that we can achieve significant cost savings without compromising the integrity of the data.
Mathematical
Temporal mixture ensemble models for intraday volume forecasting in cryptocurrency exchange markets
Authors: Nino Antulov-Fantulin, Tian Guo, Fabrizio Lillo
Abstract: We study the problem of the intraday short-term volume forecasting in cryptocurrency exchange markets. The predictions are built by using transaction and order book data from different markets where the exchange takes place. Methodologically, we propose a temporal mixture ensemble model, capable of adaptively exploiting, for the forecasting, different sources of data and providing a volume point estimate, as well as its uncertainty. We provide evidence of the outperformance of our model by comparing its outcomes with those obtained with different time series and machine learning methods. Finally, we discuss the difficulty of volume forecasting when large quantities are abruptly traded.
Toward Equilibria and Solvability of Blockchain Pooling Strategies: A Topological Approach
Authors: Dongfang Zhao
Abstract: In 2015, Eyal proposed the first game-theoretical model for analyzing the equilibrium of blockchain pooling: when the blockchain pools are abstracted as a non-cooperative game, two pools can reach a Nash equilibrium with a closed-form formula; Moreover, an arbitrary number of pools still exhibit an equilibrium as long as the pools have an equal number of miners. Nevertheless, whether an equilibrium exists for three or more pools of distinct sizes remains an open problem. To this end, this paper studies the equilibrium in a blockchain of arbitrary pools. First, we show that the equilibrium among $q$ identical pools, coinciding the result demonstrated by Eyal through game theory, can be constructed using a topological approach. Second, if the pools are of different size, we show that (i) if the blockchain’s pools exhibit two distinct sizes, an equilibrium can be reached, and (ii) if the blockchain has at least three distinct pool sizes, there does not exist an equilibrium.
Proof of Work (PoW) alternatives
Better Late than Never; Scaling Computations in Blockchain by Delaying Transactions
Authors: Sourav Das, Nitin Awathare, Ling Ren, Joseph Vinay Ribeiro, Umesh Bellur
Abstract: Proof-of-Work~(PoW) based blockchains typically allocate only a tiny fraction (e.g., less than 1% for Ethereum) of the average interarrival time~($\mathbb{I}$) between blocks for validating transactions. A trivial increase in validation time~($τ$) introduces the popularly known Verifier’s Dilemma, and as we demonstrate, causes more forking and increases unfairness. Large $τ$ also reduces the tolerance for safety against a Byzantine adversary. Solutions that offload validation to a set of non-chain nodes (a.k.a. off-chain approaches) suffer from trust issues that are non-trivial to resolve. In this paper, we present Tuxedo, the first on-chain protocol to theoretically scale $τ/\mathbb{I} \approx 1$ in PoW blockchains. The key innovation in Tuxedo is to separate the consensus on the ordering of transactions from their execution. We achieve this by allowing miners to delay validation of transactions in a block by up to $ζ$ blocks, where $ζ$ is a system parameter. We perform security analysis of Tuxedo considering all possible adversarial strategies in a synchronous network with end-to-end delay $Δ$ and demonstrate that Tuxedo achieves security equivalent to known results for longest chain PoW Nakamoto consensus. Additionally, we also suggest a principled approach for practical choices of parameter $ζ$ as per the application requirement. Our prototype implementation of Tuxedo atop Ethereum demonstrates that it can scale $τ$ without suffering the harmful effects of naive scaling in existing blockchains.
Smart contracts
Towards Smart Hybrid Fuzzing for Smart Contracts
Authors: Ferreira Christof Torres, Ken Antonio Iannillo, Arthur Gervais, Radu State
Abstract: Smart contracts are Turing-complete programs that are executed across a blockchain network. Unlike traditional programs, once deployed they cannot be modified. As smart contracts become more popular and carry more value, they become more of an interesting target for attackers. In recent years, smart contracts suffered major exploits, costing millions of dollars, due to programming errors. As a result, a variety of tools for detecting bugs has been proposed. However, majority of these tools often yield many false positives due to over-approximation or poor code coverage due to complex path constraints. Fuzzing or fuzz testing is a popular and effective software testing technique. However, traditional fuzzers tend to be more effective towards finding shallow bugs and less effective in finding bugs that lie deeper in the execution. In this work, we present CONFUZZIUS, a hybrid fuzzer that combines evolutionary fuzzing with constraint solving in order to execute more code and find more bugs in smart contracts. Evolutionary fuzzing is used to exercise shallow parts of a smart contract, while constraint solving is used to generate inputs which satisfy complex conditions that prevent the evolutionary fuzzing from exploring deeper paths. Moreover, we use data dependency analysis to efficiently generate sequences of transactions, that create specific contract states in which bugs may be hidden. We evaluate the effectiveness of our fuzzing strategy, by comparing CONFUZZIUS with state-of-the-art symbolic execution tools and fuzzers. Our evaluation shows that our hybrid fuzzing approach produces significantly better results than state-of-the-art symbolic execution tools and fuzzers.
EthScope: A Transaction-centric Security Analytics Framework to Detect Malicious Smart Contracts on Ethereum
Authors: Lei Wu, Siwei Wu, Yajin Zhou, Runhuai Li, Zhi Wang, Xiapu Luo, Cong Wang, Kui Ren
Abstract: As one of the representative blockchain platforms, Ethereum has attracted lots of attacks. Due to the potential financial loss, there is a pressing need to detect malicious smart contracts and understand their behaviors. Though there exist multiple systems for smart contract analysis, they cannot efficiently analyze a large number of transactions and re-execute smart contracts to introspect malicious behaviors. In this paper, we urge for a transaction-centric security analytics framework for Ethereum, which provides an efficient way to quickly locate suspicious ones from a large number of transactions and extensible way to detect malicious smart contracts with analyst-provided scripts. We present the system design in the paper, which solves three technical challenges, i.e., incomplete states, scalability and extensibility. We have implemented a prototype system named EthScope to solve these challenges. In particular, the first component Data Aggregator collects and recovers critical blockchain states. The second component Replay Engine is able to {replay} arbitrary and a large number of transactions. The third component Instrumentation Framework exposes interfaces for an analyst to dynamically instrument smart contracts and introspect the execution of suspicious transactions. The comprehensive evaluation with six types of attacks demonstrated the effectiveness of our system. The performance evaluation shows that our system can perform a large-scale analysis on suspicious transactions (more than 8 million ones) and has a speed up of around 2,300x compared with the JSTracer provided by Go-Ethereum. To engage the community, we will release our system and a dataset of detected attacks on https://github.com/zjuicsr/ethscope.
eThor: Practical and Provably Sound Static Analysis of Ethereum Smart Contracts
Authors: Clara Schneidewind, Ilya Grishchenko, Markus Scherer, Matteo Maffei
Abstract: Ethereum has emerged as the most popular smart contract development platform, with hundreds of thousands of contracts stored on the blockchain and covering a variety of application scenarios, such as auctions, trading platforms, and so on. Given their financial nature, security vulnerabilities may lead to catastrophic consequences and, even worse, they can be hardly fixed as data stored on the blockchain, including the smart contract code itself, are immutable. An automated security analysis of these contracts is thus of utmost interest, but at the same time technically challenging for a variety of reasons, such as the specific transaction-oriented programming mechanisms, which feature a subtle semantics, and the fact that the blockchain data which the contract under analysis interacts with, including the code of callers and callees, are not statically known. In this work, we present eThor, the first sound and automated static analyzer for EVM bytecode, which is based on an abstraction of the EVM bytecode semantics based on Horn clauses. In particular, our static analysis supports reachability properties, which we show to be sufficient for capturing interesting security properties for smart contracts (e.g., single-entrancy) as well as contract-specific functional properties. Our analysis is proven sound against a complete semantics of EVM bytecode and an experimental large-scale evaluation on real-world contracts demonstrates that eThor is practical and outperforms the state-of-the-art static analyzers: specifically, eThor is the only one to provide soundness guarantees, terminates on 95% of a representative set of real-world contracts, and achieves an F-measure (which combines sensitivity and specificity) of 89%.
Context-based smart contracts for appendable-block blockchains
Authors: C. Henry Nunes, C. Roben Lunardi, F. Avelin Zorzo, A. Regio Michelin, S. Salil Kanhere
Abstract: Currently, blockchain proposals are being adopted to solve security issues, such as data integrity, resilience, and non-repudiation. To improve certain aspects, e.g., energy consumption and latency, of traditional blockchains, different architectures, algorithms, and data management methods have been recently proposed. For example, appendable-block blockchain uses a different data structure designed to reduce latency in block and transaction insertion. It is especially applicable in domains such as Internet of Things (IoT), where both latency and energy are key concerns. However, the lack of some features available to other blockchains, such as Smart Contracts, limits the application of this model. To solve this, in this work, we propose the use of Smart Contracts in appendable-block blockchain through a new model called context-based appendable-block blockchain. This model also allows the execution of multiple smart contracts in parallel, featuring high performance in parallel computing scenarios. Furthermore, we present an implementation for the context-based appendable-block blockchain using an Ethereum Virtual Machine (EVM). Finally, we execute this implementation in four different testbed. The results demonstrated a performance improvement for parallel processing of smart contracts when using the proposed model.
Leave a Comment