Research Pulse #57 03/21/22

  1. zkKYC in DeFi: An approach for implementing the zkKYC solution concept in Decentralized Finance
    Authors: Pieter Pauwels, Joni Pirovich, Peter Braunz, and Jack Deeb

Decentralized Finance (DeFi) protocols have triggered a paradigm shift in the world of finance: intermediaries as known in traditional finance risk becoming redundant because DeFi creates an inherent state of “trustlessness”; financial transactions are executed in a deterministic, trustless and censorship resistant manner; the individual is granted verifiability, control and sovereignty. This creates challenges for compliance with jurisdictional Anti-Money Laundering and Combatting the Financing of Terrorism (AML/CFT) regulations, including Know-Your-Customer (KYC) policies, given that no personal information should be shared and stored on public, transparent blockchains. This paper presents a solution concept for where a DeFi protocol is required or finds it desirable to implement KYC policies. zkKYC in DeFi requires no personal identifiable information to be shared with DeFi protocols for the purpose of regulatory transparency. The presented approach extends the zkKYC solution concept (which leverages self-sovereign identity and zero-knowledge proofs) with the introduction of KYC Issuers and Decentralized Oracle Networks (DONs) as key solution components. KYC Issuers verify the identity of an individual, but have no knowledge about their digital asset wallets or DeFi activity. DeFi protocols interact with digital asset wallets, but have no knowledge about the identity of the individual controlling them. If and when deemed necessary, only a designated governance entity is able to reveal the identity of an individual that is under strong suspicion of being a bad actor in a DeFi protocol. The presented solution architecture demonstrates flexibility in being agnostic to blockchain platforms and SSI implementations and extensibility in being forward compatible with on-chain identity and reputation systems. Similar to the original zkKYC solution concept, zkKYC in DeFi breaks the regulatory transparency vs. user privacy trade-off.


  1. Thora: Atomic And Privacy-Preserving Multi-Channel Updates
    Authors: Lukas Aumayr, Kasra Abbaszadeh, and Matteo Maffei

Most blockchain-based cryptocurrencies suffer from a heavily limited transaction throughput, which is a barrier to their growing adoption. Payment channel networks (PCNs) are one of the most promising solutions to this problem. PCNs reduce the on-chain load of transactions and increase the throughput by processing many payments off-chain. In fact, any two users connected via a path of payment channels (i.e., joint addresses between the two channel end-points) can perform payments and the underlying blockchain is used only when there is a dispute between users. Unfortunately, payments in PCNs can only be conducted securely along a path, which prevents the design of many interesting applications. Moreover, the most widely used implementation, the Lightning Network in Bitcoin, suffers from a collateral lock time linear in the path length, it is affected by security issues, and it relies on specific scripting features called Hash Timelock Contracts that restricts its applicability.
In this work, we present Thora, the first Bitcoin-compatible off-chain protocol that enables atomic multi-channel updates across generic topologies beyond paths. Thora allows payments through distinct PCNs sharing the same blockchain and enables new applications such as secure and trustless crowdfunding, mass payments, and channel rebalancing in off-chain ways. Our construction requires only constant collateral and no specific scripting functionalities other than digital signatures and time-locks, thereby being applicable to a wider range of blockchains. We formally define security and privacy in the Universal Composability framework and show that our cryptographic protocol is a realization thereof. In our performance evaluation we show that our construction requires constant collateral, is independent of the number of channels, and has only a moderate off-chain communication as well as computation overhead.


  1. Exploring Unfairness on Proof of Authority: Order Manipulation Attacks and Remedies
    Authors: Qin Wang, Rujia Li, Qi Wang, Shiping Chen, and Yang Xiang

Proof of Authority (PoA) is a type of permissioned consensus algorithm with a fixed committee. PoA has been widely adopted by communities and industries due to its better performance and faster finality. In this paper, we explore the unfairness issue existing in the current PoA implementations. We have investigated 2,500+ in the wild projects and selected 10+ as our main focus (covering Ethereum, Binance smart chain, etc.). We have identified two types of order manipulation attacks to separately break the transaction-level (a.k.a. transaction ordering) and the block-level (sealer position ordering) fairness. Both of them merely rely on honest-but-profitable sealer assumption without modifying original settings. We launch these attacks on the forked branches under an isolated environment and carefully evaluate the attacking scope towards different implementations. To date (as of Nov 2021), the potentially affected PoA market cap can reach up to 681, 087 million USD. Besides, we further dive into the source code of selected projects, and accordingly, propose our recommendation for the fix. To the best of knowledge, this work provides the first exploration of the unfairness issue in PoA algorithms.


  1. Usability of Cryptocurrency Wallets Providing CoinJoin Transactions
    Authors: Simin Ghesmati, Walid Fdhila, and Edgar Weippl

Over the past years, the interest in Blockchain technology and its applications has tremendously increased. This increase of interest was however accompanied by serious threats that raised concerns over user data privacy. Prominent examples include transaction traceability and identification of senders, receivers, and transaction amounts. This resulted in a multitude of privacy-preserving techniques that offer different guarantees in terms of trust, decentralization, and traceability. CoinJoin [19] is one of the promising techniques that adopts a decentralized approach to achieve privacy on the Unspent Transaction Output (UTXO) based blockchain. Despite the advantages of such a technique in obfuscating user transaction data, making them usable to common users requires considerable development and integration efforts. This paper provides a comprehensive usability study of three main Bitcoin wallets that integrate the CoinJoin technique, i.e., Joinmarket, Wasabi, and Samourai. The evaluation includes usability and fundamental design criteria to find the ease of use of these wallets based on cognitive walkthrough during coin mixing. The comparison of the wallets with respect to usability and privacy criteria can be used for future evaluation of privacy wallets. The finding of this study can provide better insights for UTXO-based wallet developers.


  1. Practical algorithm substitution attack on extractable signatures
    Authors: Yi Zhao, Kaitai Liang, Yanqi Zhao, Bo Yang, Yang Ming, and Emmanouil Panaousis

An algorithm substitution attack (ASA) can undermine the security of cryptographic primitives by subverting the original implementation. An ASA succeeds when it extracts secrets without being detected. To launch an ASA on signature schemes, existing studies often needed to collect signatures with successive indices to extract the signing key. However, collection with successive indices requires uninterrupted surveillance of the communication channel and a low transmission loss rate in practice. This hinders the practical implementation of current ASAs, thus causing users to misbelieve that the threat incurred by ASA is only theoretical and far from reality. In this study, we first classify a group of schemes called extractable signatures that achieve traditional security (unforgeability) by reductions ending with key extraction, thus demonstrating that there is a generic and practical approach for ASA with this class of signatures. Further, we present the implementation of ASAs in which only two signatures and no further requirements are needed for the extraction of widely used discrete log-based signatures such as DSA, Schnorr, and modified ElGamal signature schemes. Our attack presents a realistic threat to current signature applications, which can also be implemented in open and unstable environments such as vehicular ad hoc networks. Finally, we prove that the proposed ASA is undetectable against polynomial time detectors and physical timing analysis.

Link: Practical algorithm substitution attack on extractable signatures - Designs, Codes and Cryptography

  1. Automated Auditing of Price Gouging TOD Vulnerabilities in Smart Contracts
    Authors: Sidi Mohamed Beillahi, Eric Keilty, Keerthi Nelaturu, Andreas Veneris, and Fan Long

With the emergence of decentralized finance, smart contracts and their users become more and more susceptible to expensive exploitations. This paper investigates the price gouging transaction order dependency vulnerabilities in smart contracts. A static analysis based approach is proposed to automatically locate and rectify such vulnerabilities, and a prototype tool using Slither, a static analyzer for Solidity, is also developed. All in all, empirical results on a benchmark suite containing 51 Solidity smart contracts show that the proposed methodology can be used successfully to both detect such vulnerabilities and rectify them, or to certify that a Solidity smart contract under question does not contain such vulnerabilities.



Research Pulse #57 is out!

In zkKYC in DeFi, the authors propose an AML/KYC verification system that could be layered atop DeFi decentralized exchanges. While it is uncertain whether there is demand for such a service, it is nevertheless interesting to see the use of ZKPs in this context given their privacy-preserving properties. If such a DEX were to in fact launch, it could be interesting to see whether it can attain volumes proportionate to existing DEXs.

In Thora: Atomic And Privacy-Preserving Multi-Channel Updates, the authors showcase a new off-chain Payment Channel Network (PCN) designed to provide a balance of privacy and security. Critically, their design only requires constant collateral. It does not call for new scripting functionalities other than digital signatures and time-locks, which makes this solution more feasible to be implemented atop Bitcoin.

Finally, in Usability of Cryptocurrency Wallets Providing CoinJoin Transactions, the authors provide an evaluation of three major privacy-preserving wallets in Bitcoin: Joinmarket, Wasabi, and Samourai. Recently, there has been much debate over the drawbacks and merits of these systems. The authors do a good job in their analysis of usability and attack vectors, which will hopefully contribute to better discussions around Bitcoin privacy.