Pesca: A Privacy-Enhancing Smart-Contract Architecture*
Author: Wei Dai
Public blockchains are state machines replicated via distributed consensus protocols. Information on blockchains is public by default— marking privacy as one of the key challenges.
We identify two shortcomings of existing approaches to building blockchains for general privacy-preserving applications, namely (1) the reliance on external trust assumptions and (2) the dependency on execution environments (on-chain, off-chain, zero-knowledge, etc.) with heterogeneous programming frameworks.
Towards solving these problems, we propose Pesca—a privacyenhancing smart contract architecture. Pesca utilizes generic building blocks such as threshold fully-homomorphic encryption (FHE), distributed key generation (DKG), dynamic proactive secrete sharing (DPSS), Byzantine-fault-tolerant (BFT) consensus, and universal succinct non-interactive zero-knowledge proofs (zk-SNARKs).
First, we formalize the problem of replicating state machines augmented with threshold decryption protocols and discuss how existing BFT consensus protocols can be adapted to this setting. We describe how to instantiate a blockchain with a fixed FHE public key and have FHE-encrypted chain states programmatically decrypted via consensus.
Next, we describe a smart-contract framework for engineering privacy-preserving applications, where programs are expressed—in a unified manner—between four types of computation: transparent on-chain, confidential (FHE) on-chain, user off-chain, and zeroknowledge off-chain.
Lastly, to showcase the generality and expressiveness of Pesca, we provide two simple application designs for constant function market makers (CFMMs) and first-price sealed-bid auctions (FPSBAs), both with maximal privacy guarantees.
The DAO to DeSci: AI for Free, Fair, and Responsibility Sensitive Sciences
Authors: Fei-Yue Wang, Wenwen Ding, Xiao Wang, Jon Garibaldi, Siyu Teng, Rudas Imre, and Cristina Olaverri-Monreal
This article discusses the impact and significance of the autonomous science movement and the role and potential uses of intelligent technology in DAO-based decentralized science (DeSci) organizations and operations. What is DeSci? How does it relate the science of team science? What are its potential contributions to multidisciplinary, interdisciplinary, and/or transdisciplinary studies? Does it have any correspondence to the social movement organizations in traditional social sciences or the cyber movement organizations in the new digital age? Particularly, issues on DeSci to current professional communities, such as IEEE and its societies, conferences, and publications, are addressed, and the effort for the framework and process of DAO-based DeSci for free, fair, and responsibility sensitive sciences is reviewed.
Anonymous Voting in DAO’s
Authors: Fausto Uribe, Isaak Hernandez, Luann Jung, and Peter Amenewolde
The current state of decentralized autonomous organizations (DAOs) involves transactions on a blockchain and voting schemes which are not anonymous. This presents numerous issues when it comes to confidentiality, voter influence, and voter turnout in DAOs. Due to the decentralized, immutable, and public nature of the blockchain, there are currently no clearly effective ways to achieve anonymous voting in DAOs. In this work, we present solutions for implementing a voting scheme in blockchains that allows for confidentiality, while maintaining integrity and security through the use of zero-knowledge arguments of knowledge and other cryptographic protocols. We propose three approaches and discuss the assumptions and limitations for each.
Risks and Returns of Uniswap V3 Liquidity Providers
Authors: Lioba Heimbach, Eric Schertenleib, and Roger Wattenhofer
Trade execution on Decentralized Exchanges (DEXes) is automatic and does not require individual buy and sell orders to be matched. Instead, liquidity aggregated in pools from individual liquidity providers enables trading between cryptocurrencies. The largest DEX measured by trading volume, Uniswap V3, promises a DEX design optimized for capital efficiency. However, Uniswap V3 requires far more decisions from liquidity providers than previous DEX designs.
In this work, we develop a theoretical model to illustrate the choices faced by Uniswap V3 liquidity providers and their implications. Our model suggests that providing liquidity on Uniswap V3 is highly complex and requires many considerations from a user. Our supporting data analysis of the risks and returns of real Uniswap V3 liquidity providers underlines that liquidity providing in Uniswap V3 is incredibly complicated, and performances can vary wildly. While there are simple and profitable strategies for liquidity providers in liquidity pools characterized by negligible price volatilities, these strategies only yield modest returns. Instead, significant returns can only be obtained by accepting increased financial risks and at the cost of active management. Thus, providing liquidity has become a game reserved for sophisticated players with the introduction of Uniswap V3, where retail traders do not stand a chance.
DiaLekTos: Privacy-preserving Smart Contracts
Author: Tadas Vaitiekunas
Digital ledger technologies supporting smart contracts usually does not ensure any privacy for user transactions or state. Most solutions to this problem either use private network setups, centralized parties, hardware enclaves, or cryptographic primitives, which are novel, complex, and computationally expensive. This paper looks into an alternative way of implementing smart contracts. Our construction of a protocol for smart contracts employs an overlay protocol design pattern for decentralized applications, which separates transaction ordering from transaction validation. This enables consensus on application state while revealing only encrypted versions of transactions to public consensus protocol network. UTXO-based smart contract model allows partitioning state of distributed ledger in a way that participants would need to decrypt and reach consensus only on those transactions, which are relevant to them. We present security analysis, which shows that, assuming presence of a secure consensus protocol, our construction achieves consensus on UTXO-based transactions, while hiding most of transaction details from all protocol parties, except a limited subset of parties, which need particular transactions for construction of their state.
Mitigating Frontrunning Attacks in Ethereum
Authors: Maddipati Varun, Balaji Palanisamy, and Shamik Sural
With the rising popularity of Ethereum, there is also an uptick in the number of smart contract based decentralized applications (DApps). Consequently, Ethereum transaction volume is growing steadily over the last few years, but so are the various types of attacks on it. In Ethereum vulnerable smart contracts are always taken advantage of by adversaries. One of the primary ways of exploiting Ethereum with malicious intent is through frontrunning attacks that take advantage of the waiting time of transactions in the pending pool by adjusting the gas price. Attackers willing to execute such attacks constantly monitor the pending transaction pool and try to frontrun transactions. Mitigating such attacks is a critical step for ensuring secure DApp operations in Ethereum. In this paper, we propose a model-based attack detection and prevention scheme. We extract specific features for each transaction and transform each transaction into a feature vector which is then analyzed by a machine learning model to detect if it is a frontrunning attack transaction or not in real time. Extensive experiments on a large dataset of transactions establish the effectiveness of our approach.
GasSaver: A Tool for Solidity Smart Contract Optimization
Authors: Quang-Thang Nguyen, Bao Son Do, Thi Tam Nguyen, and Ba-Lam Do
Currently, the number of smart contracts using Solidity language in Ethereum increases at a breakneck speed. In this context, optimizing gas fees in smart contracts becomes necessary to save costs for both developers and users who interact directly with these contracts. To optimize gas, developers typically need to have deep knowledge of blockchain and programming languages, making it a significant challenge for new programmers. In this paper, we introduce GasSaver – an open-source tool that analyzes Solidity-based contracts and suggests modifications to reduce transaction fees. Our tool, which relies on a set of seven rules for identifying non-optimized codes, shows that 6,333 in a total of 10,245 top most interactive contracts on Ethereum contain at least one optimization problem and the total problems are more than 30,000. Hence, the use of this tool can reduce a considerable cost for the deployment and interaction of smart contracts.
DeDa: A DeFi-enabled Data Sharing and Trading System
Authors: Minfeng Qi, Zhiyu Xu, Ziyuan Wang, Shiping Chen, and Yang Xiang
Without relying on centralized intermediaries to participate in financial services such as exchanging and lending assets, Decentralized Finance (DeFi) has set off a new paradigm of asset selfmanagement. On the other hand, data as an emerging asset becomes increasingly significant in our daily life. How to self-manage our data assets to raise their value deserves further exploration. Inspired by DeFi, we envision a decentralized eco-system/community where people can donate or trade data end-to-end for the public good and/or maximize data value. This paper explores this vision by building a DeFi-based data sharing and trading system. In order to explore the actual value of data in the market, we propose an elastic data pricing scheme that can dynamically adjust data prices based on data usage and timing. Finally, we implement and integrate these critical components into a prototyping system deployed onto Ethereum - the current leading blockchain system, and evaluate the system service performance, smart contracts functionality, and the robustness of the data pricing scheme.
BMP: An Evaluation System for Bitcoin Mining Pools
Authors: Xinwei Guo and Wei Cui
With the in-depth research and cross-domain applications of blockchain in various industries, blockchain mining attracts great attention. A comprehensive and in-depth evaluation of mining pool is essential to the Bitcoin network supervision as well as the reduction of carbon emission. However, due to the difficulty of obtaining mining pool internal data, the current evaluation is limited to a single mining power indicator. In this article, we build a four-layer mining pool evaluation model, named BMP, based on the analytic hierarchy process (AHP). The model contains three first-level indicators and nine second-level indicators, covering various aspects of the performance of mining pool. Miner address extraction provides basic data for the calculation of these indicators. By utilizing the model proposed, we evaluated and ranked eight mainstream mining pools, which broadcasted 71.69% of the blocks during the period January 1, 2021-July 31, 2021. Through comparative analysis of evaluation result, we find that the 65% decline of mining power in June did not pose a threat to the stability of Bitcoin system. In addition, we also revealed the reasons for various fluctuations.
Security Analysis of DeFi: Vulnerabilities, Attacks and Advances
Authors: Wenkai Li, Jiuyang Bu, Xiaoqi Li, and Xianyi Chen
Decentralized finance (DeFi) in Ethereum is a financial ecosystem built on the blockchain that has locked over 200 billion USD until April 2022. All transaction information is transparent and open when transacting through the DeFi protocol, which has led to a series of attacks. Several studies have attempted to optimize it from both economic and technical perspectives. However, few works analyze the vulnerabilities and optimizations of the entire DeFi system. In this paper, we first systematically analyze vulnerabilities related to DeFi in Ethereum at several levels, then we investigate real-world attacks. Finally, we summarize the achievements of DeFi optimization and provide some future directions.
SplitBFT: Improving Byzantine Fault Tolerance Safety Using Trusted Compartments
Authors: Ines Messadi, Markus Horst Becker, Kai Bleeke, Leander Jehl, Sonia Ben Mokhtar, and Rüdiger Kapitza
Byzantine fault-tolerant agreement (BFT) in a partially synchronous system usually requires 3𝑓 + 1 nodes to tolerate 𝑓 faulty replicas. Due to their high throughput and finality property BFT algorithms build the core of recent permissioned blockchains. As a complex and resource-demanding infrastructure, multiple cloud providers have started offering Blockchain-as-a-Service. This eases the deployment of permissioned blockchains but places the cloud provider in a central controlling position, thereby questioning blockchains’ fault tolerance and decentralization properties and their underlying BFT algorithm.
This paper presents SplitBFT, a new way to utilize trusted execution technology (TEEs), such as Intel SGX, to harden the safety and confidentiality guarantees of BFT systems thereby strengthening the trust in could-based deployments of permissioned blockchains. Deviating from standard assumptions, SplitBFT acknowledges that code protected by trusted execution may fail. We address this by splitting and isolating the core logic of BFT protocols into multiple compartments resulting in a more resilient architecture. We apply SplitBFT to the traditional practical byzantine fault tolerance algorithm (PBFT) and evaluate it using SGX. Our results show that SplitBFT adds only a reasonable overhead compared to the non-compartmentalized variant.