Research Pulse #69 06/13/22

  1. Formal Analysis of Lending Pools in Decentralized Finance
    Authors: Massimo Bartoletti, James Chiang, Tommi Junttila, Alberto Lluch Lafuente, Massimiliano Mirelli, and Andrea Vandin

Decentralised Finance (DeFi) applications constitute an entire financial ecosystem deployed on blockchains. Such applications are based on complex protocols and incentive mechanisms whose financial safety is hard to determine. Besides, their adoption is rapidly growing, hence imperilling an increasingly higher amount of assets. Therefore, accurate formalisation and verification of DeFi applications is essential to assess their safety. We present a tool for the formal analysis of one of the most widespread DeFi applications: Lending Pools (LP). This was achieved by leveraging an existing formal model for LPs, the Maude verification environment and the MultiVeStA statistical analyser. The tool supports several analyses including reachability analysis, LTL model checking and statistical model checking. We show how the tool can be used to statistically analyse several parameters of LPs that are fundamental to assess and predict their behaviour.


  1. Not so immutable: Upgradeability of Smart Contracts on Ethereum
    Authors: Mehdi Salehi, Jeremy Clark, and Mohammad Mannan

A smart contract that is deployed to a blockchain system like Ethereum is, under reasonable circumstances, expected to be immutable and tamper-proof. This is both a feature (promoting integrity and transparency) and a bug (preventing security patches and feature updates). Modern smart contracts use software tricks to enable upgradeability, raising the research questions of how upgradeability is achieved and who is authorized to make changes. In this paper, we summarize and evaluate six upgradeability patterns. We develop a measurement framework for finding how many upgradeable contracts are on Ethereum that use certain prominent upgrade patters. We find 1.4 million proxy contracts which 8,225 of them are unique upgradeable proxy contracts. We also measure how they implement access control over their upgradeability: about 50% are controlled by a single Externally Owned Address (EOA), and about 14% are controlled by multi-signature wallets in which a limited number of persons can change the whole logic of the contract.


  1. Squirrel: Efficient Synchronized Multi-Signatures from Lattices
    Authors: Nils Fleischhacker, Mark Simkin, and Zhenfei Zhang

The focus of this work are multi-signatures schemes in the synchronized setting. A multisignature scheme allows multiple signatures for the same message but from independent signers to be compressed into one short aggregated signature, which allows verifying all of the signatures simultaneously. In the synchronized setting, the signing algorithm takes the current time step as an additional input. It is assumed that no signer signs more than one message per time step and we aim to aggregate signatures for the same message and same time step. This setting is particularly useful in the context of blockchains, where validators are naturally synchronized by the blocks they sign. We present Squirrel, a concretely efficient lattice-based multi-signature scheme in the synchronized setting that works for a bounded number of 2τ time steps and allows for aggregating up to ρ signatures at each step, where both τ and ρ are public parameters upon which the efficiency of our scheme depends. Squirrel allows for non-interactive aggregation of independent signatures and is proven secure in the random oracle model in the presence of rogue-key attacks assuming the hardness of the short integer solution problem in a polynomial ring.
We provide a careful analysis of all parameters and show that Squirrel can be instantiated with good concrete efficiency. For τ = 24 and ρ = 4096, a signer could sign a new message every 10 seconds for 5 years non-stop. Assuming the signer has a cache of 112 MB, signing takes 68 ms and verification of an aggregated signature takes 36 ms. The size of the public key is 1 KB, the size of an individual signature is 52 KB, and the size of an aggregated signature is 771 KB.


  1. An Efficient Block Validation Mechanism for UTXO-based Blockchains
    Authors: Xiaohai Dai, Bin Xiao, Jiang Xiao, and Hai Jin

It has been recognized that one of the bottlenecks in the UTXO-based blockchain systems is the slow block validation – the process of validating a newly-received block by a node before locally storing it and further broadcasting it. As a block contains multiple inputs, the block validation mainly involves checking the inputs against the status data, which is also known as the Unspent Transaction Outputs (UTXO) set. As time goes by, the UTXO set becomes more and more expansive, most of which can only be stored on disks. This considerably slows down the input checking and thus block validation, which can potentially compromise system security. To deal with the above problem, we disassemble the function of input checking into three parts: existence validation (EV), unspent validation (UV), and script validation (SV). Based on the disassembly, we propose EBV, an efficient block validation mechanism to speed up EV, UV, and SV individually. First, EBV changes the representation of status data, from UTXO set to a bit-vector set, which drastically reduces its size. The smaller status data can be entirely maintained in memory, thereby accelerating UV and also block validation. Second, EBV requires each transaction to carry the proof data, which enables EV and SV without accessing the disks. Furthermore, we also cope with two challenges in the design of EBV, namely transaction inflation and fake positions. To evaluate the EBV mechanism, we implement a prototype on top of Bitcoin, the most widely known UTXO-based blockchain, and conduct extensive experiments to compare EBV and Bitcoin. The experimental results demonstrate that EBV successfully reduces the memory requirement by 93.1% and the block validation time by up to 93.5%.


  1. Decentralizing Watchtowers for Payment Channels using IPFS
    Authors: Hannes Bonisch and Matthias Grundmann

Payment channels have been proposed as a way to improve the scalability of blockchains such as Bitcoin. However, payment channel protocols require that participating parties watch the blockchain regularly for new transactions. If a party observes, in a given period of time, a fraudulent transaction that closes the payment channel in an outdated state, the fraudulent transaction can be revoked. Previous work has proposed to outsource this task to a third party, a so called watchtower. A user of a payment channel employs a dedicated watchtower and sends the data to the watchtower that the watchtower requires to revoke fraudulent transactions. In this paper, we replace the strict binding of a user to a watchtower by a decentralized approach for watchtowers that requires no direct interaction between a party of a payment channel and the watchtower. This decentralized approach uses IPFS to publicly store the information required by a watchtower. With this approach, anyone can detect and revoke a fraud by watching the blockchain and reading a file from IPFS that contains information for each outdated commitment transaction. A reward for successful revocations can be used as incentive.


  1. Practical Escrow Protocol for Cryptocurrencies
    Author: Yang Xiao

Escrow protocol for cryptocurrencies is a two-party protocol that enables the fair exchange of goods or services with digital coins. An escrow protocol allows digital coins to be escrowed (i.e., locked) in a way that only the seller can claim the coins (when the deal is completed) or the buyer can claim the coin (when the deal is canceled) with the help of a trusted third party (TTP).
Existing escrow protocols for cryptocurrencies are built based on various approaches with various security and efficiency trade-offs. In this thesis, we introduce a new approach based on verifiably encrypted signature (VES), a specific kind of digital signature whose validity can be verified in encrypted form. Escrow protocols constructed from our approach enjoy many desirable features, including (a) round-efficient; (b) privacy-preserving for participants; and (c) minimal TTP involvement.
ECDSA is the signature scheme adopted by major cryptocurrencies such as Bitcoin and Ethereum. To construct escrow protocols for these cryptocurrencies based on our approach, we develop an efficient verifiably encrypted ECDSA, which may be of independent interest. Besides ECDSA, EdDSA and Schnorr digital signatures are adopted in popular cryptocurrencies. To build escrow protocols to fit these popular cryptocurrencies, we generalize the above signature schemes as an EdDSA-like signature and propose a generic construction of verifiably encrypted signature scheme for EdDSA-like signature.
We conduct a thorough complexity analysis of the escrow protocol obtained from the above VES schemes and demonstrate its feasibility.