DeFi liquidity management via Optimal Control: Ohm as a case study
Authors: Tarun Chitra, Kshitij Kulkarni, Guillermo Angeris, Alex Evans, and Victor Xu
As decentralized finance grows to autonomously managing hundreds of billions of dollars of assets, capital efficiency has become an ever increasing component of protocol design. Recently, the Olympus protocol (also known as Ω) has utilized a novel liquidity provisioning mechanism that improves capital efficiency. This system introduces the concepts of a decentralized protocol renting, leasing, and buying liquidity when it is required for protocol functioning. In this note, we formalize the notions used by Ohm smart contracts in probabilistic and control theoretic terms. In particular, one can view the Ohm system as a stochastic non-linear control system. We show that the non-linear control mechanism is actually approximating the behavior of a simpler stochastic linear-quadratic regulator. We construct an associated Hamilton-JacobiBellman equation for a mean-variance portfolio optimization problem, and show that the protocol can stabilize price by choosing appropriate portfolios. Our main result shows that the Ω protocol enjoys increasing ability to control price as the number of bond durations increases, but that this ability has diminishing marginal returns. Therefore, using this formalism, we show that with proper dynamic tuning and adjustments, the Ohm protocol can both improve capital efficiency and reduce risk to protocol users. We conclude by generalizing the Ohm controller model to a generic mechanism for optimizing risk and incentives in decentralized protocols, which includes other mechanisms like Tokemak and ve.
Cryptoeconomics as a Limitation on Governance
Author: Nathan Schneider
Governance practices in distributed-ledger systems have grown increasingly diverse and diffuse, while retaining a commitment to cryptoeconomics—the use of economic incentives to guide user behavior, in tandem with cryptographic technology. In the space of a few years, cryptoeconomics has introduced advances in techniques for self-governance. But reliance on cryptoeconomics also introduces limitations on governance possibilities. Drawing on earlier critiques of how economic logics can erode democracy, this paper identifies specific limitations that cryptoeconomic governance faces. It contends that, to overcome these limitations, designers should envelop cryptoeconomics within a logic of politics capable of seeing beyond economic metrics for human flourishing and the common good.
Cache-22: A Highly Deployable End-To-End Encrypted Cache System with Post-Quantum Security*
Authors: Keita Emura, Shiho Moriai, Takuma Nakajima, and Masato Yoshimi
Cache systems are crucial for reducing communication overhead on the Internet. The importance of communication privacy is being increasingly and widely recognized; therefore, we anticipate that nearly all end-to-end communication will be encrypted via secure sockets layer/transport layer security (SSL/TLS) in the near future. Herein we consider a catch-22 situation, wherein the cache server checks whether content has been cached or not, i.e., the cache server needs to observe it, thereby violating end-to-end encryption. We avoid this catch22 situation by proposing an encrypted cache system which we call Cache-22. To maximize its deployability, we avoid heavy, advanced cryptographic tools, and instead base our Cache22 system purely on traditional SSL/TLS communication. It employs tags for searching, and its design concept enables the service provider to decide, e.g., via an authentication process, whether or not a particular user should be allowed to access particular content. We provide a prototype implementation of the proposed system using the color-based cooperative cache proposed by Nakajima et al. (IEICE Trans. 2017) under several ciphersuites containing postquantum key exchanges in addition to ECDHE (Elliptic Curve-based). We consider NIST Post-Quantum Cryptography round 3 finalists and alternate candidates: lattice-based (Kyber, SABER, NTRU), code-based (BIKE), and isogeny-based (SIKE). Compared to direct HTTPS communication between a service provider and a user, employing our Cache-22 system has a merit to drastically reduce communications between a cache server and the service provider (approximately 95%) which is effective in a hierarchical network with a cost disparity.
Identifying Ethereum traffic based on an active node library and DEVp2p features
Authors: Xiaoyan Hu, Cheng Zhu, Zhongqi Tong, Wenjie Gao, Guang Cheng, Ruidong Li, Hua Wu, and Jian Gong
With the prevalence of blockchain technology, Ethereum, as the second-largest blockchain, with the capabilities of running smart contracts, grows fast. A user on the Ethereum platform can implement smart contracts as well as remit its cryptocurrency. Cyber-attacks often target cryptocurrency. Besides, Ethereum may be exploited by malicious users for launching attacks. Therefore, the demand for Ethereum network supervision is increasing. To protect interior users on Ethereum from attacks, an Internet Service Provider (ISP) should supervise the Ethereum traffic from or to its internal users. Ethereum traffic identification is the first step towards supervision. Ethereum is a peer-to-peer communication network implemented by DEVp2p. DEVp2p is designed to realize data interaction and adopts encryption to enhance anonymity on Ethereum. It is difficult to identify Ethereum traffic accurately at line speed in a high-speed network. So far, Ethereum traffic identification has not been explored yet. This paper designs an efficient Ethereum traffic identification system with high identification accuracy, dubbed ETI (Ethereum Traffic Identification), for an ISP to supervise its internal users on Ethereum without Deep Packet Inspection (DPI). ETI first constructs an active node library consisting of core nodes on Ethereum and active Ethereum peers in the ISP. Then potential Ethereum flows are filtered by checking if their sources or destinations are in the active node library. As active Ethereum nodes may generate non-Ethereum traffic, machine learning classifiers are further adopted to judge if the potential Ethereum traffic is actually from Ethereum. The classification is based on the unique packet/payload-length and port number-related traffic features on Ethereum implemented by DEVp2p. Our experimental studies validate that ETI outperforms state-of-the-art network traffic classification methods in identification accuracy and time efficiency. ETI achieves an identification accuracy of 0.9998 and relatively high time efficiency.
Aurora-Trinity: A Super-Light Client for Distributed Ledger Networks Extending the Ethereum Trinity Client
Authors: Federico Matteo Bencic and Ivana Podnar Žarko
Light clients for distributed ledger networks can verify blockchain integrity by downloading and analyzing blockchain headers. They are designed to circumvent the high resource requirements, i.e., the large bandwidth and memory requirements that full nodes must meet, which are unsuitable for consumer-grade hardware and resource-constrained devices. Light clients rely on full nodes and trust them implicitly. This leaves them vulnerable to various types of attacks, ranging from accepting maliciously forged data to Eclipse attacks. We introduce Aurora-Trinity, a novel version of light clients that addresses the above-mentioned vulnerability by relying on our original Aurora module, which extends the Ethereum Trinity client. The Aurora module efficiently discovers the presence of malicious or Byzantine nodes in distributed ledger networks with a predefined and acceptable error rate and identifies at least one honest node for persistent or ephemeral communication. The identified honest node is used to detect the latest canonical chain head or to infer the state of an entry in the ledger without downloading the header chain, making the Aurora-Trinity client extremely efficient. It can run on consumer-grade hardware and resource-constrained devices, as the Aurora module consumes about 0.31 MB of RAM and 1 MB of storage at runtime.
Cuproof: Range Proof with Constant Size
Authors: Cong Deng, Lin You, Xianghong Tang, Gengran Hu and Shuhong Gao
Zero-Knowledge Proof is widely used in blockchains. For example, zk-SNARK is used in Zcash as its core technology to identifying transactions without the exposure of the actual transaction values. Up to now, various range proofs have been proposed, and their efficiency and range-flexibility have also been improved. Bootle et al. used the inner product method and recursion to construct an efficient Zero-Knowledge Proof in 2016. Later, Benediky Bünz et al. proposed an efficient range proof scheme called Bulletproofs, which can convince the verifier that a secret number lies in [0, 2κ − 1] with κ being a positive integer. By combining the inner-product and Lagrange’s four-square theorem, we propose a range proof scheme called Cuproof. Our Cuproof can make a range proof to show that a secret number v lies in an interval [a, b] with no exposure of the real value v or other extra information leakage about v. It is a good and practical method to protect privacy and information security. In Bulletproofs, the communication cost is 6 + 2 log κ, while in our Cuproof, all the communication cost, the proving time and the verification time are of constant sizes.
Half-Aggregation of Schnorr Signatures with Tight Reductions
Authors: Yanbo Chen and Yunlei Zhao
An aggregate signature (AS) scheme allows an unspecified aggregator to compress many signatures into a short aggregation. AS schemes can save storage costs and accelerate verification. They are desirable for applications where many signatures need to be stored, transferred, or verified together, like blockchain systems, network routing, e-voting, and certificate chains. However, constructing AS schemes based on general groups, only requiring the hardness of the discrete logarithm problem, is quite tricky and has been a long-standing research question. Recently, Chalkias et al.  proposed a half-aggregate scheme for Schnorr signatures. We observe the scheme lacks a tight security proof and does not well support incremental aggregation, i.e., adding more signatures into a pre-existing aggregation. Chalkias et al. also presented an aggregate scheme for Schnorr signatures whose security can be tightly reduced to the security of Schnorr signatures in the random oracle model (ROM). However, the scheme is rather expensive and does not achieve half-aggregation. It is a fundamental question whether there exists half-aggregation of Schnorr signatures with tight reduction in the ROM, of both theoretical and practical interests.
This work’s contributions are threefold. We first give a tight security proof for the scheme in  in the ROM and the algebraic group model (AGM). Second, we provide a new half-aggregate scheme for Schnorr signatures that perfectly supports incremental aggregation, whose security also tightly reduces to Schnorr’s security in the AGM+ROM. Third, we present a Schnorr-based sequential aggregate signature (SAS) scheme that is tightly secure as Schnorr signature scheme in the ROM (without the AGM). Our work may pave the way for applying Schnorr aggregation in real-world cryptographic applications.
Quantum Bitcoin Mining
Authors: Robert Benkoczi, Daya Gaur, Naya Nagy, Marius Nagy, and Shahadat Hossain
This paper studies the effect of quantum computers on Bitcoin mining. The shift in computational paradigm towards quantum computation allows the entire search space of the golden nonce to be queried at once by exploiting quantum superpositions and entanglement. Using Grover’s algorithm, a solution can be extracted in time, where t is the target value for the nonce. This is better using a square root over the classical search algorithm that requires tries. If sufficiently large quantum computers are available for the public, mining activity in the classical sense becomes obsolete, as quantum computers always win. Without considering quantum noise, the size of the quantum computer needs to be ≈104 qubits.
Functional Classification of Bitcoin Addresses*
Authors: Manuel Febrero-Bande, Wenceslao Gonzalez-Manteiga, Brenda Prallon, and Yuri F. Saporito
This paper proposes a classification model for predicting the main activity of bitcoin addresses based on their balances. Since the balances are functions of time, we apply methods from functional data analysis; more specifically, the features of the proposed classification model are the functional principal components of the data. Classifying bitcoin addresses is a relevant problem for two main reasons: to understand the composition of the bitcoin market, and to identify accounts used for illicit activities. Although other bitcoin classifiers have been proposed, they focus primarily on network analysis rather than curve behavior. Our approach, on the other hand, does not require any network information for prediction. Furthermore, functional features have the advantage of being straightforward to build, unlike expert-built features. Results show improvement when combining functional features with scalar features, and similar accuracy for the models using those features separately, which points to the functional model being a good alternative when domain-specific knowledge is not available.
zk-AuthFeed: Protecting Data Feed to Smart Contracts with Authenticated Zero Knowledge Proof
Authors: Zhiguo Wan, Yan Zhou, and Kui Ren
The blockchain technology is expected to transform traditional applications with decentralization. When the blockchain technology is applied to decentralize traditional applications (DApps), blockchain validators may need to take in sensitive off-chain data to execute a smart contract. On the one hand, DApps require the off-chain input data to be authentic for correction execution of business procedures. On the other hand, users are afraid of exposing their sensitive privacy on the blockchain. Therefore, it is critical to guarantee authenticity and privacy of the data sent to the smart contract. However, no satisfactory solution has been proposed to attain privacy and authenticity simultaneously. In this work, we first present an authenticated zero knowledge proof scheme called zk-DASNARK by extending the classical zk-SNARK scheme. Based on zk-DASNARK, we design zk-AuthFeed, a zero-knowledge authenticated off-chain data feed scheme to achieve both data privacy and authenticity for blockchain-based DApps. We fully implement zk-AuthFeed, and conduct comprehensive experiments on a medical insurance DApp. We consider 4 typical computation models for insurance premium/reimbursement in the experiments. It shows that zk-AuthFeed is highly efficient: key generation takes about 10 seconds only, proof generation takes less than 4 seconds, and proof verification takes less than 40 ms.
ScrawlD: A Dataset of Real World Ethereum Smart Contracts Labelled with Vulnerabilities
Authors: Chavhan Sujeet Yashavant, Saurabh Kumar, and Amey Karkare
Smart contracts on Ethereum handle millions of U.S. Dollars and other financial assets. In the past, attackers have exploited smart contracts to steal these assets. The Ethereum community has developed plenty of tools to detect vulnerable smart contracts. However, there is no standardized data set to evaluate these existing tools, or any new tools developed. There is a need for an unbiased standard benchmark of real-world Ethereum smart contracts. We have created ScrawlD: an annotated data set of real-world smart contracts taken from the Ethereum network. The data set is labelled using 5 tools that detect various vulnerabilities in smart contracts, using majority voting.