Research Pulse #89 10/31/2022

  1. SurferMonkey: A Decentralized Anonymous Blockchain Intercommunication System via Zero Knowledge Proofs
    Authors: Miguel Díaz Montiel, Rachid Guerraoui, and Pierre-Louis Roman

Blockchain intercommunication systems enable the exchanges of messages between blockchains. This interoperability promotes innovation, unlocks liquidity and access to assets. As of March 2022, the total value locked (TVL) in these systems was of $21.8 billion [22]. However, blockchains are isolated systems that originally were not designed for interoperability. This makes cross-chain communication, or bridges for short, insecure by nature. More precisely, cross-chain systems face security challenges in terms of selfish rational players such as maximal extractable value (MEV) and censorship. As of July 2022, the top 3 bridge hacks account for more than $1.5 billion in losses [20] and the aggregated value extracted from the users using MEV techniques is $663 million [12].
We propose to solve these challenges using zero knowledge proofs (ZKPs) for cross-chain communication. Securing cross-chain communication is remarkably more complex than securing single-chain events as such a system must preserve user security against both on- and off-chain analysis.
To achieve this goal, we propose the following pair of contributions: the DACT protocol and the SurferMonkey infrastructure that supports the DACT protocol. The decentralized anonymous agnostic cross-chain transfer (DACT) protocol is a global solution for the anonymity and security challenges of agnostic blockchain intercommunication. DACT breaks on- and off-chain analysis thanks to the use of ZKPs. SurferMonkey is a decentralized infrastructure that implements DACT in practice. Since SurferMonkey works at the blockchain application layer, any decentralized application (dApp) can use SurferMonkey to send any type of message to a dApp on another blockchain. With SurferMonkey, users can neither be censored nor be exposed to MEV. By applying decentralized proactive security, we obtain resilience against selfish rational players, and raise the security bar against cyberattacks. We have implemented a proof of concept (PoC) of SurferMonkey by reverse engineering Tornado Cash and by applying IDEN3 ZKP circuits. SurferMonkey enables new usecases, ranging from anonymous voting and gaming, to a new phase of anonymous decentralized finance (aDeFi).

Link to Paper

  • Over the course of 2022, we have witnessed an explosion of new Layer 1 protocols competing for market share in the smart contract ecosystem. The standardization of the Ethereum Virtual Machine (EVM) has contributed to this trend since it has decreased switching costs for application developers.

  • As applications become increasingly cross-chain, the need for better interoperability solutions is now salient. The current approach using so-called bridges has many drawbacks, especially related to security as evidenced by the number of hacks that bridges have faced.

  • This paper discusses an alternative cross-chain interoperability schema called SurferMonkey. Unlike public relayers, SurferMonkey uses Zero-Knowledge Proofs to intermediate cross-chain messages.

  1. Rational Ponzi Games in Algorithmic Stablecoin (Conceptual version)
    Authors: Shange Fu, Qin Wang, Jiangshan Yu, and Shiping Chen

Algorithmic stablecoins (AS) are one special type of stablecoins that are not backed by any asset (equiv. without collateral). They stand to revolutionize the way a sovereign fiat operates. As implemented, these coins are poorly stabilized in most cases, easily deviating from the price target or even falling into a catastrophic collapse (a.k.a. Death spiral), and are as a result dismissed as a Ponzi scheme. However, is this the whole picture? In this paper, we try to reveal the truth and clarify such a deceptive concept. We find that Ponzi is basically a financial protocol that pays existing investors with funds collected from new ones. Running a Ponzi, however, does not necessarily imply that any participant is in any sense losing out, as long as the game can be perpetually rolled over. Economists call such realization as a rational Ponzi game. We thereby propose a rational model in the context of AS and draw its holding conditions. We apply the model to examine: whether or not the algorithmic stablecoin is a rational Ponzi game. Accordingly, we discuss two types of algorithmic stablecoins (Rebase & Seigniorage shares) and dig into the historical market performance of two impactful projects (Ampleforth & TerraUSD, respectively) to demonstrate the effectiveness of our model.

Link to Paper

  • The collapse of TerraUSD highlighted the challenges of designing Algorithmic Stablecoins (AS) that continuously keep parity with a fiat currency.

  • This paper discusses the dynamics of two popular types of Algorithmic Stablecoins (AS): Rebase and Seigniorage Shares, and formalizes their economics using Terra and Ampleforth as examples.

  • Additionally, the paper showcases a very interesting framework to determine whether a stablecoin is a rational Ponzi scheme, i.e. its economics are based on Ponzi-like behaviors.

  1. Partially anonymous rollups
    Authors: Olivier Bégassat, Alexandre Belling, and Nicolas Liochon

This note contains the specification of partially anonymous rollups — a rollup design with anonymity and scalability properties halfway between those of a zk-rollup [1, 2] and those of a fully anonymous zk-rollup as specified in [3]. With partially anonymous rollups, the operator creating a batch has access to the transaction details before executing it. The protocol we propose here is account based and allows for a very high transaction throughput. Performances do not degrade with the number of transactions previously executed. However, account activity leaks globally in the form of account hash updates.

Link to Paper

  • Rollups have become an immensely popular construct to scale blockchain applications today, as evidenced by the number of applications deploying Rollup versions.

  • Generally speaking, blockchain rollups fall into two different categories: optimistic or zero-knowledge.

  • This paper discusses an alternative construct called Partially Anonymous Rollups, which may offer interesting trade-offs related to privacy and transactional throughput.

  1. Diablo: A Benchmark Suite for Blockchains
    Authors: Vincent Gramoli, Rachid Guerraoui, Andrei Lebedev, Chris Natoli, and Gauthier Voron

With the recent advent of blockchains, we have witnessed a plethora of blockchain proposals. These proposals range from using work to using time, storage or stake in order to select blocks to be appended to the chain. As a drawback it makes it difficult for the application developer to choose the right blockchain to support their applications. In particular, the scalability and performance one can obtain from a specific blockchain is typically unknown. The claimed results are often obtained in isolation by the developers of the blockchain themselves. The experimental conditions corresponding to these results are generally missing and the lack of details make these results irreproducible.
In this paper, we propose the most extensive evaluation of blockchain to date. First, we show how the experimental settings impact the performance of 6 state-of-the-art blockchains and argue for more detailed experiments. Second, and to cope with this limitation, we propose a unifying framework to evaluate blockchains on the same ground. The framework includes a suite of 5 realistic Decentralized Applications (DApps), helps deploy the blockchain nodes at different scales and evaluate their performance. Finally, we show that selecting a particular virtual machine or weakening guarantees can help handle computationally demanding workloads but that none of the tested blockchains can yet support the load of these realistic DApps.

Link to Paper

  • As mentioned previously, we are witnessing immense growth in the number of L1s available for application developers to pick from.

  • Since there has also been some convergence on the Ethereum Virtual Machine (EVM), it can be challenging to fully assess their trade-offs.

  • This paper showcases a schema called Diablo which can be used to benchmark the client of various competing L1 blockchains.

  1. Unjamming Lightning: A Systematic Approach
    Authors: Clara Shikhelman and Sergei Tikhomirov

Users of decentralized financial networks suffer from inventive security exploits. Identity-based fraud prevention methods are inapplicable in these networks, as they contradict their privacy-minded design philosophy. Novel mitigation strategies are therefore needed. Their rollout, however, may damage other desirable network properties. In this work, we introduce an evaluation framework for mitigation strategies in decentralized financial networks. This framework allows researchers and developers to examine and compare proposed protocol modifications along multiple axes, such as privacy, security, and user experience. As an example, we focus on the jamming attack in the Lightning Network. Lightning is a peer-to-peer payment channel network on top of Bitcoin. Jamming is a cheap denial-of-service attack that allows an adversary to temporarily disable Lightning channels by flooding them with failing payments.
We propose a practical solution to jamming that combines unconditional fees and peer reputation. Guided by the framework, we show that, while discouraging jamming, our solution keeps the protocol incentive compatible. It also preserves security, privacy, and user experience, and is straightforward to implement. We support our claims analytically and with simulations. Moreover, our anti-jamming solution may help alleviate other Lightning issues, such as malicious channel balance probing.

Link to Paper

  • There are many issues that may impact the adoption of Bitcoin’s Lightning Network as a payment network.

  • Amongst these exploits are so-called channel jamming attacks, which is a type of Denial of Service (DoS) attack.

  • This paper introduces a solution to channel jamming via a system that combines unconditional fees, which are mandatory, as well as a peer reputation system.

  1. TAP: Transparent and Privacy-Preserving Data Services
    Authors: Daniël Reijsbergen, Aung Maw, Zheng Yang, Tien Tuan Anh Dinh, and Jianying Zhou

Users today expect more security from services that handle their data. In addition to traditional data privacy and integrity requirements, they expect transparency, i.e., that the service’s processing of the data is verifiable by users and trusted auditors. Our goal is to build a multi-user system that provides data privacy, integrity, and transparency for a large number of operations, while achieving practical performance.
To this end, we first identify the limitations of existing approaches that use authenticated data structures. We find that they fall into two categories: 1) those that hide each user’s data from other users, but have a limited range of verifiable operations (e.g., CONIKS, Merkle2 , and Proofs of Liabilities), and 2) those that support a wide range of verifiable operations, but make all data publicly visible (e.g., IntegriDB and FalconDB). We then present TAP to address the above limitations. The key component of TAP is a novel tree data structure that supports efficient result verification, and relies on independent audits that use zero-knowledge range proofs to show that the tree is constructed correctly without revealing user data. TAP supports a broad range of verifiable operations, including quantiles and sample standard deviations. We conduct a comprehensive evaluation of TAP, and compare it against two state-of-the-art baselines, namely IntegriDB and Merkle2 , showing that the system is practical at scale.

Link to Paper

  • There exists a naturally conflicting relationship between transparency and data privacy. Some applications require transparency for their core use case at the expense of user privacy. This is the case with many social media networks today.

  • This paper discusses a data sharing schema called TAP: Transparent and Privacy-Preserving Data Services which aims to address this conflicting nature.


Thoroughly enjoyed this read. Contrary to the inherited vulnerability of algorithmic stablecoins, the mighty roles of algorithmic stablecoins cannot be overlooked despite the challenges. Algorithmic stablecoins are more convenient since they can run themselves and grow in size without needing to keep large reserves. The protocol supporting an algorithmic stablecoin essentially aims to function with “less than one-to-one backing” by adjusting the supply of tokens in “circulation” in reaction to price fluctuations. Hence, stablecoins based on algorithms provide a fertile environment for innovation. Even though, stablecoins are the greatest danger to government fiat-based money systems of any cryptocurrency.

Interestingly, the concept of algorithmic stablecoins is intriguing. Establishing a framework to determine whether a stablecoin is a rational Ponzi scheme is apt, especially after the TerraUSD incident. The authors propose the use of their framework to potentially alienate rational Ponzi models (with rebase methods being more balanced than the seigniorage share method). Nevertheless, many measures still need to be implemented before people use them as reliable forms of currency. At present, no algorithmic stablecoin has maintained a constant stable peg. Consequently, their applications are mainly relevant to speculative arbitrage traders. Remarkably, stablecoins have promise for the future of money because they establish the groundwork for a more open, transparent, and inclusive monetary system. However, much more work needs to be done. The major problem is to create innovative, friendly frameworks while addressing the increased dangers that crypto assets represent and guaranteeing security.

In today’s cryptocurrency world, the regulations that govern stablecoins are derived from the general rules that apply to cryptocurrencies. There is minimal regulation specific to stablecoins and their usage as digital assets. Due to the censorship-resistant nature of algorithmic stablecoins, the potential danger posed by these coins is significantly higher than that posed by their non-algorithmic counterparts. Moreover, legislators are devoting a growing amount of attention to stablecoins. For instance, in May 2022, United States Treasury Secretary Janet Yellen asked for stablecoin legislation. Today in the United States of America, the Stablecoin Tethering and Bank Licensing Enforcement (STABLE) Act requires stablecoin issuers to have a banking charter, be FDIC (Federal Deposit Insurance Corporation)-insured, and maintain adequate reserves. The STABLE Act is predicated on the concept that Congress has the authority “to coin money” and “control the value thereof” under Article I, Section 8, Clause 5 of the United States Constitution. More so, in Singapore, the Monetary Authority of Singapore (MAS) made it clear that stablecoins must comply with legal requirements. Though, the position is not the same across different countries. Regardless, the rapid pace at which countries try to put workable legislation to accommodate stablecoins is highly encouraging.

The goal of the vast majority of algorithmic stablecoins is to one day become the decentralized financial ecosystem’s reserve currency. This is a commendable objective, but in order for them to be sustainable over the long run, it is essential that they also have usefulness in addition to the stability that they provide. Above all, necessary efforts must be put in place to strengthen universal regulations and proper stabilization of algorithmic stablecoins.