Research Pulse #62 04/25/22

  1. A Survey of Layer-Two Blockchain Protocols
    Authors: Ankit Gangwal, Haripriya Ravali Gangavalli, and Apoorva Thirupathi

After the success of the Bitcoin blockchain, came several cryptocurrencies and blockchain solutions in the last decade. Nonetheless, Blockchain-based systems still suffer from low transaction rates and high transaction processing latencies, which hinder blockchains’ scalability. An entire class of solutions, called Layer-1 scalability solutions, have attempted to incrementally improve such limitations by adding/modifying fundamental blockchain attributes. Recently, a completely different class of works, called Layer-2 protocols, have emerged to tackle the blockchain scalability issues using unconventional approaches. Layer-2 protocols improve transaction processing rates, periods, and fees by minimizing the use of underlying slow and costly blockchains. In fact, the main chain acts just as an instrument for trust establishment and dispute resolution among Layer2 participants, where only a few transactions are dispatched to the main chain. Thus, Layer-2 blockchain protocols have the potential to transform the domain. However, rapid and discrete developments have resulted in diverse branches of Layer2 protocols. In this work, we systematically create a broad taxonomy of such protocols and implementations. We discuss each Layer-2 protocol class in detail and also elucidate their respective approaches, salient features, requirements, etc. Moreover, we outline the issues related to these protocols along with a comparative discussion. Our thorough study will help further systematize the knowledge dispersed in the domain and help the readers to better understand the field of Layer-2 protocols.


  1. Efficient Multi-Key Verifiable Shuffles from Short Arguments for Randomized Algorithms
    Authors: Benedikt Bunz, Mariana Raykova, and Jayshree Sarathy

Verifiable shuffles are a key building block for mixnets, which are used to provide anonymity in electronic communication, payment, and voting systems. Existing constructions of verifiable shuffles are only able to shuffle ciphertexts encrypted under the same public key, which limits the functionality of the mix-net to one-way communication. We introduce the first multi-key verifiable shuffle, which shuffles ciphertexts encrypted under different public keys, along with the public keys themselves. This shuffle enables a powerful, bi-directional mixnet, which allows users to participate in a protocol even after the mixing is complete. For instance, users can use the output of the multi-key shuffle to authenticate, send, and receive private messages, and perform zero-knowledge proofs about their ciphertexts.
We provide a zero-knowledge argument for the correctness of the multi-key shuffle that has O(log(n)) proof size and O(n) prover and verifier time when shuffling n k-bit elements. This improves upon the previous state-of-the-art, Bulletproofs (Bunz et al. S&P2018), which has O(log(kn log(n))) proof size and O(kn log(n)) prover and verifier time.
In addition, we present an improved non-interactive zero-knowledge argument protocol for arbitrary arithmetic circuits that inherits the short proofs and lack of trusted setup from Bulletproofs, and additionally offers the new ability to perform proofs on randomized algorithms, yielding concrete improvements in proof size for the class of problems with faster randomized verification. The protocol also enables proofs over committed vectors, which was previously not possible in a black-box manner, and maintains zero-knowledge even under subversion of the common reference string.


  1. Performance Analysis of SSL/TLS Crypto Libraries: Based on Operating Platform
    Authors: Suresh Prasad Kannojia and Jitendra Kurmi

Security in Computer Network Communication is of great importance because unauthorized users attempt to steal, modify, misuse, interrupt, and try to un-stabilize, smartly our network systems. Therefore up to some extent, the secure communication provided by Transport Layer Protocol, implementation of the TLS function, and distinct libraries were designed by researchers, of which each library has the broad support of the encryption algorithms. But security can be compromised and seen in an offensive maneuver of the digital world as the main challenge in communication. In this paper, performance analysis of the most authentic six libraries: OpenSSL, AWS s2n, GnuTLS, NSS, BoringSSL, and Cryptlib performed to find appropriate TLS libraries for uncompromised communication based on throughput, CPU usage in the different virtual operating environments.


  1. Blindfold: Keeping private keys in PKIs and CDNs out of sight
    Authors: Hisham Galal, Mohammad Mannan, and Amr Youssef

Public key infrastructure (PKI) is a certificate-based technology that helps in authenticating systems identities. HTTPS/TLS relies mainly on PKI to minimize fraud over the Internet. Nowadays, websites utilize CDNs to improve user experience, performance, and resilience against cyber attacks. However, combining HTTPS/TLS with CDNs has raised new security challenges. In any PKI system, keeping private keys private is of utmost importance. However, it has become the norm for CDN-powered websites to violate that fundamental assumption. Several solutions have been proposed to make HTTPS CDN-friendly. However, protection of private keys from the very instance of generation; and how they can be made secure against exposure by malicious (CDN) administrators and malware remain unexplored. We utilize trusted execution environments to protect private keys by never exposing them to human operators or untrusted software. We design Blindfold to protect private keys in HTTPS/TLS infrastructures, including CAs, website on-premise servers, and CDNs. We implemented a prototype to assess Blindfold’s performance and performed several experiments on both the micro and macro levels. We found that Blindfold slightly outperforms SoftHSM in key generation by 1% while lagging by 0.01% for certificate issuance operations.

Link: Blindfold: Keeping private keys in PKIs and CDNs out of sight - ScienceDirect

  1. Bodyless Block Propagation: TPS Fully Scalable Blockchain with Pre-Validation
    Authors: Chonghe Zhao, Shengli Zhang, Taotao Wang, and Soung Chang Liew

The fundamental tradeoff between transaction per second (TPS) and security in blockchain systems persists despite numerous prior attempts to boost TPS. To increase TPS without compromising security, we propose a bodyless block propagation (BBP) scheme for which the block body is not validated and transmitted during the block propagation process. Rather, the nodes in the blockchain network anticipate the transactions and their ordering in the next upcoming block so that these transactions can be pre-executed and pre-validated before the birth of the block. It is critical, however, all nodes have a consensus on the transaction content of the next block.
This paper puts forth a transaction selection, ordering, and synchronization algorithm to drive the nodes to reach such a consensus. Yet, the coinbase address of the miner of the next block cannot be anticipated, and therefore transactions that depend on the coinbase address cannot be pre-executed and prevalidated. This paper further puts forth an algorithm to deal with such unresolvable transactions for an overall consistent and TPS-efficient scheme. With our scheme, most transactions do not need to be validated and transmitted during block propagation, ridding the dependence of propagation time on the number of transactions in the block, and making the system fully TPS scalable. Experimental results show that our protocol can reduce propagation time by 4x with respect to the current Ethereum blockchain, and its TPS performance is limited by the node hardware performance rather than block propagation.


  1. Shaduf: Non-Cycle Payment Channel Rebalancing
    Authors: Zhonghui Ge, Yi Zhang, Yu Long, and Dawu Gu

A leading approach to enhancing the performance and scalability of permissionless blockchains is to use the payment channel, which allows two users to perform off-chain payments with almost unlimited frequency. By linking payment channels together to form a payment channel network, users connected by a path of channels can perform off-chain payments rapidly. However, payment channels risk encountering fund depletion, which threatens the availability of both the payment channel and network. The most recent method needs a cycle-based channel rebalancing procedure, which requires a fair leader and users with rebalancing demands forming directed cycles in the network. Therefore, its large-scale applications are restricted.
In this work, we introduce Shaduf, a novel non-cycle offchain rebalancing protocol that offers a new solution for users to shift coins between channels directly without relying on the cycle setting. Shaduf can be applied to more general rebalancing scenarios. We provide the details of Shaduf and formally prove its security under the Universal Composability framework. Our prototype demonstrates its feasibility and the experimental evaluation shows that Shaduf enhances the Lighting Network performance in payment success ratio and volume. Moreover, our protocol prominently reduces users’ deposits in channels while maintaining the same amount of payments.


  1. A Multi-path Routing for Payment Channel Networks for Internet-of-Things Micro-Transactions
    Authors: Hongliang Bi, Yanjiao Chen, and Xiaotian Zhu

The blockchain with a distributed network structure can provide a reliable and secure environment for Internet of Things (IoT) transactions, which also suffers from low throughput, high computation overhead and large transaction fee. Payment channel networks (PCNs) are developed to address the scalability issue of blockchain. A key enabler of PCNs is the path-finding services. Most of existing routing algorithms target at finding a single feasible path, which may lead to failure of large payments. Moreover, previous solutions did not consider the transaction fee of the chosen path, which is extremely important to cost-sensitive users. In this work, we design a new multi-path routing algorithm for PCNs that aims at minimizing transaction fees. Together considering the determination of the optimal number of paths, the optimal path routes and the optimal allocation leads to difficulty of the problem. In addition, the transaction fees along the path are closely related to the amount of payment, and the capacity of a payment channel limits the payment that can be carried. To address these challenges, we propose , a cost-effective multi-path routing framework for PCNs. We develop a genetic algorithm based routing determination algorithm with carefully-designed genetic operations. We evaluate based on the real trace of the Lightning Network, and verify that can reduce the transaction fee by 33.56% and improve the payment success rate by 14.45%.

Link: A Multi-path Routing for Payment Channel Networks for Internet-of-Things Micro-Transactions | IEEE Journals & Magazine | IEEE Xplore

  1. ReDefender: Detecting Reentrancy Vulnerabilities in Smart Contracts Automatically
    Authors: Bixin Li, Zhenyu Pan, and Tianyuan Hu

As one of the most complex types of vulnerabilities, reentrancy poses a significant threat to smart contract development. Indeed, millions of dollars have evaporated due to reentrancy vulnerabilities of smart contracts in past years. In this article, we propose a new approach to detect reentrancy vulnerabilities using fuzz testing and develop a novel tool named ReDefender. Our approach consists of three main steps: 1) preprocess contract to be detected: when a contract is uploaded, its source code will be preprocessed to extract candidate pool for fuzzing and dependency graph which guides the automatic deployment of contracts; 2) fuzzing input generation: fuzzing input is generated to constitute transactions which will be sent to an agent contract to stimulate attacks, where runtime information is collected and recorded in the execution log during each execution; and 3) vulnerability verification: the execution log is analyzed to determine whether a reentrancy process occurs and whether the reentrancy process is malicious. We conduct comparative experiments on 204 tagged smart contracts and 90 injected contracts. The results show higher accuracy and lower false negative rate of ReDefender than that of the other three famous tools. Moreover, we conduct an experiment on 4776 real-world contracts demonstrating the ability of ReDefender to find reentrancy vulnerabilities that really cause economic losses.

Link: ReDefender: Detecting Reentrancy Vulnerabilities in Smart Contracts Automatically | IEEE Journals & Magazine | IEEE Xplore