October list
If you feel a paper should belong to another category, or that we missed a relevant paper just let us know. Participation is most welcome!
Categories:
- Attacks and defenses
- Blockchain-general
- Blockchain-noncrypto uses
- Ethereum
- Financial
- Internet of Things (IoT)
- Proof of Work (PoW) alternatives
Attacks and defenses
Analyzing Hack Subnetworks in the Bitcoin Transaction Graph
Authors: Daniel Goldsmith, Kim Grauer, Yonah Shmalo
Abstract: Hacks are one of the most damaging types of cryptocurrency related crime, accounting for billions of dollars in stolen funds since 2009. Professional investigators at Chainalysis have traced these stolen funds from the initial breach on an exchange to off-ramps, i.e. services where criminals are able to convert the stolen funds into fiat or other cryptocurrencies. We analyzed six hack subnetworks of bitcoin transactions known to belong to two prominent hacking groups. We analyze each hack according to eight network features, both static and temporal, and successfully classify each hack to its respective hacking group through our newly proposed method. We find that the static features, such as node balance, in degree, and out degree are not as useful in classifying the hacks into hacking groups as temporal features related to how quickly the criminals cash out. We validate our operating hypothesis that the key distinction between the two hacking groups is the acceleration with which the funds exit through terminal nodes in the subnetworks.
An investigation of MMM Ponzi scheme on Bitcoin
Authors: Yazan Boshmaf, Charitha Elvitigala, Al Husam Jawaheri, Primal Wijesekera, Al Mashael Sabah
Abstract: Cybercriminals exploit cryptocurrencies, such as Bitcoin, to carry out various illicit activities. In this paper, we focus on Ponzi schemes that operate on Bitcoin and perform an in-depth analysis of MMM, one of the oldest and most popular Ponzi schemes. Based on 423K transactions involving 16K addresses, we show that: (1) Starting Sep 2014, the scheme goes through three phases over three years. At its peak, MMM circulated more than 150M dollars a day, after which it collapsed by the end of Jun 2016. (2) There is a high income inequality among MMM members, with the daily Gini index reaching more than 0.9. The scheme also exhibits a zero-sum investment model, in which one member’s loss is another member’s gain. The percentage of victims who never made any profit has grown from 0% to 41% in five months, during which the top-earning scammer has made 765K dollars in profit. (3) The scheme has a global reach with 80 different member countries, but a highly-asymmetrical flow of money between them. While India and Indonesia have the largest pairwise flow in MMM, members in Indonesia have received 12x more money than they have sent to their counterparts in India.
Crypto Mining Makes Noise
Authors: Maurantonio Caprolu, Simone Raponi, Gabriele Oligeri, Roberto Pietro Di
Abstract: A new cybersecurity attack (cryptojacking) is emerging, in both the literature and in the wild, where an adversary illicitly runs Crypto-clients software over the devices of unaware users. This attack has been proved to be very effective given the simplicity of running a Crypto-client into a target device, e.g., by means of web-based Java scripting. In this scenario, we propose Crypto-Aegis, a solution to detect and identify Crypto-clients network traffic–even when it is VPN-ed. In detail, our contributions are the following: (i) We identify and model a new type of attack, i.e., the sponge-attack, being a generalization of cryptojacking; (ii) We provide a detailed analysis of real network traffic generated by 3 major cryptocurrencies; (iii) We investigate how VPN tunneling shapes the network traffic generated by Crypto-clients by considering two major VPNbrands; (iv) We propose Crypto-Aegis, a Machine Learning (ML) based framework that builds over the previous steps to detect crypto-mining activities; and, finally, (v) We compare our results against competing solutions in the literature. Evidence from of our experimental campaign show the exceptional quality and viability of our solution–Crypto-Aegis achieves an F1-score of 0.96 and an AUC of 0.99. Given the extent and novelty of the addressed threat we believe that our approach and our results, other than being interesting on their own, also pave the way for further research in this area.
Security analysis of a blockchain-based protocol for the certification of academic credentials
Authors: Marco Baldi, Franco Chiaraluce, Migelan Kodra, Luca Spalazzi
Abstract: We consider a blockchain-based protocol for the certification of academic credentials named Blockcerts, which is currently used worldwide for validating digital certificates of competence compliant with the Open Badges standard. We study the certification steps that are performed by the Blockcerts protocol to validate a certificate, and find that they are vulnerable to a certain type of impersonation attacks. More in detail, authentication of the issuing institution is performed by retrieving an unauthenticated issuer profile online, and comparing some data reported there with those included in the issued certificate. We show that, by fabricating a fake issuer profile and generating a suitably altered certificate, an attacker is able to impersonate a legitimate issuer and can produce certificates that cannot be distinguished from originals by the Blockcerts validation procedure. We also propose some possible countermeasures against an attack of this type, which require the use of a classic public key infrastructure or a decentralized identity system integrated with the Blockcerts protocol.
Coded Merkle Tree: Solving Data Availability Attacks in Blockchains
Authors: Mingchao Yu, Saeid Sahraei, Songze Li, Salman Avestimehr, Sreeram Kannan, Pramod Viswanath
Abstract: In this paper, we propose coded Merkle tree (CMT), a novel hash accumulator that offers a constant-cost protection against data availability attacks in blockchains, even if the majority of the network nodes are malicious. A CMT is constructed using a family of sparse erasure codes on each layer, and is recovered by iteratively applying a peeling-decoding technique that enables a compact proof for data availability attack on any layer. Our algorithm enables any node to verify the full availability of any data block generated by the system by just downloading a $Θ(1)$ byte block hash commitment and randomly sampling $Θ(\log b)$ bytes, where $b$ is the size of the data block. With the help of only one honest node in the system, our method also allows any node to verify any tampering of the coded Merkle tree by just downloading $Θ(\log b)$ bytes. We provide a modular library for CMT in Rust and Python and demonstrate its efficacy inside the Parity Bitcoin client.
Blockchain-general
CDAG: A Serialized blockDAG for Permissioned Blockchain
Authors: Himanshu Gupta, Dharanipragada Janakiram
Abstract: Blockchain is maintained as a global log between a network of nodes and uses cryptographic distributed protocols to synchronize the updates. As adopted by Bitcoin and Ethereum these update operations to the ledger are serialized, and executed in batches. To safeguard the system against the generation of conflicting sets of updates and maintain the consistency of the ledger, the frequency of the updates is controlled, which severely affects the performance of the system. This paper presents Converging Directed Acyclic Graph (CDAG), as a substitute for the chain and DAG structures used in other blockchain protocols. CDAG allows multiple parallel updates to the ledger and converges them at the next step providing finality to the blocks. It partitions the updates into non-intersecting buckets of transactions to prevent the generation of conflicting blocks and divide the time into slots to provide enough time for them to propagate in the network. Multiple simultaneous updates improve the throughput of CDAG, and the converging step helps to finalize them faster, even in the presence of conflicts. Moreover, CDAG provides a total order among the blocks of the ledger to support smart contracts, unlike some of the other blockDAG protocols. We evaluate the performance of CDAG on Google Cloud Platform using Google Kubernetes Engine, simulating a real-time network. Experimental results show that CDAG achieves a throughput of more than 2000 transactions per second and confirms them well in under 2 minutes. Also, the protocol scales well in comparison to other permissioned protocols, and the capacity of the network only limits the performance.
Kriptosare.gen, a dockerized Bitcoin testbed: analysis of server performance
Authors: Francesco Zola, Cristina Pérez-Solá, Egaña Jon Zubia, Maria Eguimendia, Jordi Herrera-Joancomartí
Abstract: Bitcoin is a peer-to-peer distributed cryptocurrency system, that keeps all transaction history in a public ledger known as blockchain. The Bitcoin network is implicitly pseudoanonymous and its nodes are controlled by independent entities making network analysis difficult. This calls for the development of a fully controlled testing environment. This paper presents Kriptosare.gen, a dockerized automatized Bitcoin testbed, for deploying full-scale custom Bitcoin networks. The testbed is deployed in a single machine executing four different experiments, each one with different network configuration. We perform a cost analysis to investigate how the resources are related with network parameters and provide experimental data quantifying the amount of computational resources needed to run the different types of simulations. Obtained results demonstrate that it is possible to run the testbed with a configuration similar to a real Bitcoin system.
Differential Privacy in Blockhain Technology: A Futuristic Approach
Authors: Ul Muneeb Hassan, Husain Mubashir Rehmani, Jinjun Chen
Abstract: Blockchain has received a pervasive attention because of its decentralized, tamper-proof, and transparent nature. Blockchain works over the principle of distributed, secured, and shared ledger, which is used to record, and track data within a decentralized network. This technology has successfully replaced certain systems of economic transactions in organizations and has the potential to overtake various industrial business models in future. Blockchain works over peer-to-peer (P2P) phenomenon for its operation and does not require any trusted-third party authorization for data tracking and storage. The information stored in blockchain is distributed throughout the decentralized network and is usually protected using cryptographic hash functions. Since the beginning of blockchain technology, its use in different applications is increasing exponentially, but this increased use has also raised some questions regarding privacy and security of data being stored in it. Protecting privacy of blockchain data using data perturbation strategy such as differential privacy could be a novel approach to overcome privacy issues in blockchain. In this article, we discuss integration of differential privacy in certain blockchain based scenarios. Moreover, we highlight some future application scenarios in which integration of differential privacy in blockchain can produce fruitful results.
Fairness and Efficiency in DAG-based Cryptocurrencies
Authors: Georgios Birmpas, Elias Koutsoupias, Philip Lazos, J. Francisco Marmolejo-Cossío
Abstract: Bitcoin is a decentralised digital currency that serves as an alternative to existing transaction systems based on an external central authority for security. Although Bitcoin has many desirable properties, one of its fundamental shortcomings is its inability to process transactions at high rates. To address this challenge, many subsequent protocols either modify the rules of block acceptance (longest chain rule) and reward, or alter the graphical structure of the public ledger from a tree to a directed acyclic graph (DAG). Motivated by these approaches, we introduce a new general framework that captures ledger growth for a large class of DAG-based implementations. With this in hand, and by assuming honest miner behaviour, we (experimentally) explore how different DAG-based protocols perform in terms of fairness, i.e., if the block reward of a miner is proportional to their hash power, as well as efficiency, i.e. what proportion of user transactions a ledger deems valid after a certain length of time. Our results demonstrate fundamental structural limits on how well DAG-based ledger protocols cope with a high transaction load. More specifically, we show that even in a scenario where every miner on the system is honest in terms of when they publish blocks, what they point to, and what transactions each block contains, fairness and efficiency of the ledger can break down at specific hash rates if miners have differing levels of connectivity to the P2P network sustaining the protocol.
Deep Ocean: A blockchain-agnostic dark pool protocol
Authors: Bruno França
Abstract: We introduce a new cryptographic protocol, called Deep Ocean, that implements a blockchain-agnostic dark pool for cryptocurrencies. Deep Ocean is a layer-two protocol, meaning that it can work with any two cryptocurrencies, as long as there exists an underlying settlement mechanism, for example performing atomic swaps.
Blockchain-noncrypto uses
Blockchain Based Secured E-voting by Using the Assistance of Smart Contract
Authors: Kazi Sadia, Md. Masuduzzaman, Kumar Rajib Paul, Anik Islam
Abstract: Voting is a very important issue which can be beneficial in term of choosing the right leader in an election. A good leader can bring prosperity to a country and also can lead the country in the right direction every time. However, elections are surrounds with ballot forgery, coercion and multiple voting issues. Moreover, while giving votes, a person has to wait in a long queue and it is a very time consuming process. Blockchain is a distributed database in which data are shared with the participant of the node and each participant holds the same copy of the data. Blockchain has properties like distributed, pseudonymous, data integrity etc. In the paper, a fully decentralized evoting system based on blockchain technology is proposed. This protocol utilizes smart contract into the evoting system to deal with security issues, accuracy and voters privacy during the vote. The protocol results in a transparent, non editable and independently verifiable procedure that discards all the intended fraudulent activities occurring during the election process by removing the least participation of the third party and enabling voters right during the election. Both transparency and coercion are obtained at the same time.
User Data Sharing Frameworks: A Blockchain-Based Incentive Solution
Authors: Kumar Ajay Shrestha, Julita Vassileva
Abstract: Currently, there is no universal method to track who shared what, with whom, when and for what purposes in a verifiable way to create an individual incentive for data owners. A platform that allows data owners to control, delete, and get rewards from sharing their data would be an important enabler of user data-sharing. We propose a usable blockchain- and smart contracts-based framework that allows users to store research data locally and share without losing control and ownership of it. We have created smart contracts for building automatic verification of the conditions for data access that also naturally supports building up a verifiable record of the provenance, incentives for users to share their data and accountability of access. The paper presents a review of the existing work of research data sharing, the proposed blockchain-based framework and an evaluation of the framework by measuring the transaction cost for smart contracts deployment. The results show that nodes responded quickly in all tested cases with a befitting transaction cost.
A blockchain-orchestrated Federated Learning architecture for healthcare consortia
Authors: Jonathan Passerat-Palmbach, Tyler Farnan, Robert Miller, S. Marielle Gross, Leigh Heather Flannery, Bill Gleim
Abstract: We propose a novel architecture for federated learning within healthcare consortia. At the heart of the solution is a unique integration of privacy preserving technologies, built upon native enterprise blockchain components available in the Ethereum ecosystem. We show how the specific characteristics and challenges of healthcare consortia informed our design choices, notably the conception of a new Secure Aggregation protocol assembled with a protected hardware component and an encryption toolkit native to Ethereum. Our architecture also brings in a privacy preserving audit trail that logs events in the network without revealing identities.
Blockchain Tree as Solution for Distributed Storage of Personal ID Data and Document Access Control
Authors: Sergii Kushch, Yurii Baryshev, Yurii Baryshev
Abstract: This paper introduces a new method of Blockchain formation for reliable storage of personal data of ID-card holders. In particular, the model of the information system is presented, the new structure of smart ID-cards and information on these cards are proposed. The new structure of Blockchain – “Blockchain Tree” allows not only to store information from ID-cards but also to increase the level of security and access control to this information. The proposed Subchains system allows to integrate Blockchain of the lower level to Blockchain of the higher level, allowing to create a multilevel protected system.
A Distributed Ledger Based Infrastructure for Smart Transportation System and Social Good
Authors: Mirko Zichichi, Stefano Ferretti, Gabriele D’Angelo
Abstract: This paper presents a system architecture to promote the development of smart transportation systems. Thanks to the use of distributed ledgers and related technologies, it is possible to create, store and share data generated by users through their sensors, while moving. In particular, IOTA and IPFS are used to store and certify data (and their related metadata) coming from sensors or by the users themselves. Ethereum is exploited as the smart contract platform that coordinates the data sharing and provisioning. The necessary privacy guarantees are provided by the usage of Zero Knowledge Proof. We show some results obtained from some use case scenarios that demonstrate how such technologies can be integrated to build novel smart services and to promote social good in user mobility.
PubChain: A Decentralized Open-Access Publication Platform with Participants Incentivized by Blockchain Technology
Authors: Taotao Wang, Chang Soung Liew, Shengli Zhang
Abstract: We design and implement Publication Chain (PubChain), a decentralized open-access publication platform built on decentralized and distributed technologies of blockchain and IPFS peer-to-peer file sharing systems. The existing publication platforms are mostly owned by publishers with profit as their central goal. Instead of promoting widespread knowledge sharing, access to publications on these platforms is often on a fee basis. The stakeholders (the people who are doing the real work), including the authors, reviewers, and readers, do not derive financial gain, from these platforms. Indeed, authors sometimes have to pay exorbitant page charges to have their papers published, and readers have to pay membership fee or other fees to access the papers. On these platforms, you have to pay before you are allowed to stand on the shoulders of giants; but the giants do not get paid, neither do the gate-keepers (the reviewer). PubChain is a decentralized publication platform, where the ownerships of the published papers, reviews, and comments on the papers, belong to the authors, readers and reviewers, rather than a central third party that exploits the free services and contributions of others. On PubChain, key stakeholders are incentivized to participate in a meaningful and substantive manner by earning credits and rewards through self-motivated interactions. Pubchain makes use of blockchain technology to set up an incentive scheme to encourage participations by authors, readers and reviewers. No central party owns Pubchain (just like nobody owns the Bitcoin blockchain). We have implemented a prototype of PubChain to demonstrate its key concepts.
Ethereum
The Economics of Smart Contracts
Authors: Kirk Baird, Seongho Jeong, Yeonsoo Kim, Bernd Burgstaller, Bernhard Scholz
Abstract: Ethereum is a distributed blockchain that can execute smart contracts, which inter-communicate and perform transactions automatically. The execution of smart contracts is paid in the form of gas, which is a monetary unit used in the Ethereum blockchain. The Ethereum Virtual Machine (EVM) provides the metering capability for smart contract execution. Instruction costs vary depending on the instruction type and the approximate computational resources required to execute the instruction on the network. The cost of gas is adjusted using transaction fees to ensure adequate payment of the network. In this work, we highlight the “real” economics of smart contracts. We show that the actual costs of executing smart contracts are disproportionate to the computational costs and that this gap is continuously widening. We show that the gas cost-model of the underlying EVM instruction-set is wrongly modeled. Specifically, the computational cost for the SLOAD instruction increases with the length of the blockchain. Our proposed performance model estimates gas usage and execution time of a smart contract at a given block-height. The new gas-cost model incorporates the block-height to eliminate irregularities in the Ethereum gas calculations. Our findings are based on extensive experiments over the entire history of the EVM blockchain.
GasFuzz: Generating High Gas Consumption Inputs to Avoid Out-of-Gas Vulnerability
Authors: Fuchen Ma, Ying Fu, Meng Ren, Wanting Sun, Zhe Liu, Yu Jiang, Jun Sun, Jiaguang Sun
Abstract: The out-of-gas error occurs when smart contract programs are provided with inputs that cause excessive gas consumption, and would be easily exploited to make the DoS attack. Multiple approaches have been proposed to estimate the gas limit of a function in smart contracts to avoid such error. However, under estimation often happens when the contract is complicated. In this work, we propose GasFuzz, which could automatically generate inputs that maximizes the gas cost and reduce the under estimation cases. GasFuzz is designed based on feedback-directed mutational fuzz testing. First, GasFuzz builds the gas weighted control flow graph (CFG) of functions in smart contracts. Then, GasFuzz develops gas consumption guided selection and mutation strategies to generate the input that maximize the gas consumption. For evaluation, we implement GasFuzz based on js-evm, a widely used ethereum virtual machine written in javascript, and conduct experiments on 736 real-world transactions recorded on Ethereum. 44.02\% of the transactions would have out-of-gas errors under the estimation results given by solc, means that the recorded real gas consumption for those recorded transactions is larger than the gas limit value estimated by solc. While GasFuzz could reduce the under estimation ratio to 13.86\%. Compared with other well-known feedback-directed fuzzing engines such as PerFuzz and SlowFuzz, GasFuzz can generate a same or higher gas estimation value on 97.8\% of the recorded transactions with less time, usually within 5 minutes. Furthermore, GasFuzz has exposed 25 previously unknown out-of-gas vulnerabilities in those widely-used smart contracts, 5 of which have been assigned unique CVE identifiers in the US National Vulnerability Database.
A Data Science Approach for Honeypot Detection in Ethereum
Authors: Ramiro Camino, Ferreira Christof Torres, Radu State
Abstract: Ethereum smart contracts have recently drawn a considerable amount of attention from the media, the financial industry and academia. With the increase in popularity, malicious users found new opportunities to profit from deceiving newcomers. Consequently, attackers started luring other attackers into contracts that seem to have exploitable flaws, but that actually contain a complex hidden trap that in the end benefits the contract creator. This kind of contracts are known in the blockchain community as Honeypots. A recent study, proposed to investigate this phenomenon by focusing on the contract bytecode using symbolic analysis. In this paper, we present a data science approach based on the contract transaction behavior. We create a partition of all the possible cases of fund movement between the contract creator, the contract, the sender of the transaction and other participants. We calculate the frequency of every case per contract, and extract as well other contract features and transaction aggregated features. We use the collected information to train machine learning models that classify contracts as honeypot or non-honeypots, and also measure how well they perform when classifying unseen honeypot types. We compare our results with the bytecode analysis method using labels from a previous study, and discuss in which cases each solution has advantages over the other.
Financial
Econoquantumphysics and econonetwork: do correlations and eigenstates shape the taxonomy of the cryptocurrency market?
Authors: Requião Carlo Cunha da, Roberto Silva da
Abstract: We investigate 17 digital currencies making an analogy with quantum systems and develop the concept of eigenportfolios. We show that the density of states of the correlation matrix of these assets shows a behavior between that of the Wishart ensemble and one whose elements are Cauchy distributed. A metric for the participation matrix based on superposition of Gaussian functions is proposed and we show that small eigenvalues correspond to localized states. Nonetheless, some level of localization is also present for bigger eigenvalues probably caused by the fat tails of the distribution of returns of these assets. We also show through a clustering study that the digital currencies tend to stagger together. We conclude the paper showing that this correlation structure leads to an Epps effect.
Fragmentation of Distributed Exchanges
Authors: Zoican Marius, Zoican Sorin
Abstract: Distributed securities exchanges may become de facto fragmented if they span geographical regions with asymmetric computer infrastructure. First, we build an economic model of a decentralized exchange with two miner clusters, standing in for compact areas of economic activity (e.g., cities). “Local” miners in the area with relatively higher trading activity only join a decentralized exchange if they enjoy a large speed advantage over “long-distance” competitors. This is due to a transfer of economic value across miners, specifically from high- to low-activity clusters. Second, we estimate the speed advantage of “local” over “long-distance” miners in a series of Monte Carlo experiments over a two-cluster, unstructured peer-to-peer network simulated in C. We find that the speed advantage increases in the level of infrastructure asymmetry between clusters. Cross-region DEX blockchains are feasible as long as the asymmetry levels in trading activity and infrastructure availability across regions are positively correlated.
Internet of Things (IoT)
ChainSplitter: Towards Blockchain-based Industrial IoT Architecture for Supporting Hierarchical Storage
Authors: Gang Wang, Jerry Zhijie Shi, Mark Nixon, Song Han
Abstract: The fast developing Industrial Internet of Things (IIoT) technologies provide a promising opportunity to build large-scale systems to connect numerous heterogeneous devices into the Internet. Most existing IIoT infrastructures are based on a centralized architecture, which is easier for management but cannot effectively support immutable and verifiable services among multiple parties. Blockchain technology provides many desired features for large-scale IIoT infrastructures, such as decentralization, trustworthiness, trackability, and immutability. This paper presents a blockchain-based IIoT architecture to support immutable and verifiable services. However, when applying blockchain technology to the IIoT infrastructure, the required storage space posts a grant challenge to resource-constrained IIoT infrastructures. To address the storage issue, this paper proposes a hierarchical blockchain storage structure, \textit{ChainSplitter}. Specially, the proposed architecture features a hierarchical storage structure where the majority of the blockchain is stored in the clouds, while the most recent blocks are stored in the overlay network of the individual IIoT networks. The proposed architecture seamlessly binds local IIoT networks, the blockchain overlay network, and the cloud infrastructure together through two connectors, the \textit{blockchain connector} and the \textit{cloud connector}, to construct the hierarchical blockchain storage. The blockchain connector in the overlay network builds blocks in blockchain from data generated in IIoT networks, and the cloud connector resolves the blockchain synchronization issues between the overlay network and the clouds. We also provide a case study to show the efficiency of the proposed hierarchical blockchain storage in a practical Industrial IoT case.
Proof of Work (PoW) alternatives
Proof-of-Stake Longest Chain Protocols Revisited
Authors: Xuechao Wang, Govinda Kamath, Vivek Bagaria, Sreeram Kannan, Sewoong Oh, David Tse, Pramod Viswanath
Abstract: The Nakamoto longest chain protocol has served Bitcoin well in its decade long existence. It is remarkably simple and uses only basic cryptographic primitives, but its proof-of-work framework is energy wasting. Proof-of-stake (PoS) protocols are an energy efficient alternative; however they are significantly complicated and promise weaker security guarantees. An effort to mimic the Nakamoto protocol directly in the PoS setting is made in [10] with security shown only for a class of purely private attacks. In this paper we demonstrate a new, and fatal, attack on the protocol of [10]. This attack motivates the design of a new family of Nakamoto-style longest chain PoS protocols, with a formal proof of their security against all possible attacks in a general security model.
Leave a Comment