Research Pulse Issue #10 04/23/21

  1. EtherClue: Digital investigation of attacks on Ethereum smart contracts
    Authors: Simon Joseph Aquilina, Fran Casino, Mark Vella, Joshua Ellul, and Constantinos Patsakis

Programming errors in Ethereum smart contracts can result in catastrophic financial losses from stolen cryptocurrency. While vulnerability detectors can prevent vulnerable contracts from being deployed, this does not mean that such contracts will not be deployed. Once a vulnerable contract is instantiated on the blockchain and becomes the target of attacks, the identification of exploit transactions becomes indispensable in assessing whether it has been actually exploited and identifying which malicious or subverted accounts were involved.
In this work, we study the problem of post-factum investigation of Ethereum attacks using Indicators of Compromise (IoCs) specially crafted for use in the blockchain. IoC definitions need to capture the side-effects of successful exploitation in the context of the Ethereum blockchain. Therefore, we define a model for smart contract execution, comprising multiple abstraction levels that mirror the multiple views of code execution on a blockchain. Subsequently, we compare IoCs defined across the different levels in terms of their effectiveness and practicality through EtherClue, a prototype tool for investigating Ethereum security incidents. Our results illustrate that coarse-grained IoCs defined over blocks of transactions can detect exploit transactions with less computation; however, they are contract-specific and suffer from false negatives. On the other hand, fine-grained IoCs defined over virtual machine instructions can avoid these pitfalls at the expense of increased computation which are nevertheless applicable for practical use.


  1. Ethereum Name Service: the Good, the Bad, and the Ugly
    Authors: Pengcheng Xia, Haoyu Wang, Zhou Yu, Xinyu Liu, Xiapu Luo, and Guoai Xu

DNS has always been criticized for its inherent design flaws, making the system vulnerable to kinds of attacks. Besides, DNS domain names are not fully controlled by the users, which can be easily taken down by the authorities and registrars. Since blockchain has its unique properties like immutability and decentralization, it seems to be promising to build a decentralized name service on blockchain. Ethereum Name Service (ENS), as a novel name service built atop Etheruem, has received great attention from the community. Yet, no existing work has systematically studied this emerging system, especially the security issues and misbehaviors in ENS. To fill the void, we present the first large-scale study of ENS by collecting and analyzing millions of event logs related to ENS. We characterize the ENS system from a number of perspectives. Our findings suggest that ENS is showing gradually popularity during its four years’ evolution, mainly due to its distributed and open nature that ENS domain names can be set to any kinds of records, even censored and malicious contents. We have identified several security issues and misbehaviors including traditional DNS security issues and new issues introduced by ENS smart contracts. Attackers are abusing the system with thousands of squatting ENS names, a number of scam blockchain addresses and malicious websites, etc. Our exploration suggests that our community should invest more effort into the detection and mitigation of issues in Blockchain-based Name Services towards building an open and trustworthy name service.


  1. SoK: How (not) to Design and Implement Post-Quantum Cryptography
    Authors: James Howe, Thomas Prest, and Daniel Apon

Post-quantum cryptography has known a Cambrian explosion in the last decade. What started as a very theoretical and mathematical area has now evolved into a sprawling research field, complete with side-channel resistant embedded implementations, large scale deployment tests and standardization efforts. This study systematizes the current state of knowledge on post-quantum cryptography. Compared to existing studies, we adopt a transversal point of view and center our study around three areas: (i) paradigms, (ii) implementation, (iii) deployment. Our point of view allows to cast almost all classical and post-quantum schemes into just a few paradigms. We highlight trends, common methodologies, and pitfalls to look for and recurrent challenges.


  1. LightPIR: Privacy-Preserving Route Discovery for Payment Channel Networks
    Authors: Krzysztof Pietrzak, Iosif Salem, Stefan Schmid, and Michelle Yeo

Payment channel networks are a promising approach to improve the scalability of cryptocurrencies: they allow to perform transactions in a peer-to-peer fashion, along multi-hop routes in the network, without requiring consensus on the blockchain. However, during the discovery of cost-efficient routes for the transaction, critical information may be revealed about the transacting entities.
This paper initiates the study of privacy-preserving route discovery mechanisms for payment channel networks. In particular, we present LightPIR, an approach which allows a source to efficiently discover a shortest path to its destination without revealing any information about the endpoints of the transaction. The two main observations which allow for an efficient solution in LightPIR are that: (1) surprisingly, hub labelling algorithms – which were developed to preprocess “street network like” graphs so one can later efficiently compute shortest paths – also work well for the graphs underlying payment channel networks, and that (2) hub labelling algorithms can be directly combined with private information retrieval.
LightPIR relies on a simple hub labeling heuristic on top of existing hub labeling algorithms which leverages the specific topological features of cryptocurrency networks to further minimize storage and bandwidth overheads. In a case study considering the Lightning network, we show that our approach is an order of magnitude more efficient compared to a privacy-preserving baseline based on using private information retrieval on a database that stores all pairs shortest paths.


  1. Property-based testing of ERC-721 Ethereum smart contracts
    Author: Isac Daniel de Figueiredo Novo

There are several documentations for Ethereum that aims to improve smart contract functionality and implementation; one such document - ERC-721 - provides a standard interface for non-fungible tokens.
In this project, we tested five Ethereum smart contracts for errors. The contracts in question were 0xcert, Decentraland, Ethereum Name Service, OpenZeppelin, and Su Squares; that implement the ERC-721 standard.
Verification on those contracts was done by property-based testing, an approach that generates a 2 random number of test cases according to predefined strategies and derives test cases following a set of given rules following a model of correctness which, as mentioned, was based on the ERC-721 standard. By employing this method, a programmer can focus their attention on the desired properties of the software alongside a model for input generation, rather than having to construct a finite set of test cases - as is the case for unit testing.
This approach allows for more tests to be executed with less lines and code, and does not have to rely on the programmers insight regarding the code. Thus, being more efficient at deriving tests that detect edge cases and less common interaction that could otherwise be missed.
The entire project code and environment - including the five tested contracts - is available as a public GitHub repository.
The remainder of this report is organised as follows. Section 2 provides the necessary background for this project, regarding blockchains, smart contracts, and the ERC-721 standard. Section 3 describes the ERC-721 test framework implemented in this project. Section 4 describes an evaluation of the test framework for 5 ERC-721 implementations. Finally, Section 5 concludes the report with an overall assessment.


  1. Size, Speed, and Security: An Ed25519 Case Study
    Authors: Cesar Pereida García and Sampo Sovio

Ed25519 has significant performance benefits compared to ECDSA using Weierstrass curves such as NIST P-256, therefore it is considered a good digital signature algorithm, specially for low performance IoT devices. However, such devices often have very limited resources and thus, implementations for these devices need to be as small and as performant as possible while being secure. In this paper we describe a scenario in which an obvious strategy to aggressively optimize an Ed25519 implementation for code size leads to a small memory footprint that is functionally correct but vulnerable to side-channel attacks. This strategy serves as an example of aggressive optimizations that might be considered by cryptography engineers, developers, and practitioners unfamiliar with the power of Side-Channel Analysis (SCA). As a solution to the flawed implementation example, we use a computer-aided cryptography tool generating formally verified finite field arithmetic to generate two secure Ed25519 implementations fulfilling different size requirements. After benchmarking and comparing these implementations to other widely used implementations our results show that computer-aided cryptography is capable of generating competitive code in terms of security, speed, and size.


  1. CoinPrune: Shrinking Bitcoin’s Blockchain Retrospectively
    Authors: Roman Matzutt, Benedikt Kalde, Jan Pennekamp, Arthur Drichel, Martin Henze, and Klaus Wehrle

Popular cryptocurrencies continue to face serious scalability issues due to their ever-growing blockchains. Thus, modern blockchain designs began to prune old blocks and rely on recent snapshots for their bootstrapping processes instead. Unfortunately, established systems are often considered incapable of adopting these improvements. In this work, we present CoinPrune, our block-pruning scheme with full Bitcoin compatibility, to revise this popular belief. CoinPrune bootstraps joining nodes via snapshots that are periodically created from Bitcoin’s set of unspent transaction outputs (UTXO set). Our scheme establishes trust in these snapshots by relying on CoinPrune-supporting miners to mutually reaffirm a snapshot’s correctness on the blockchain. This way, snapshots remain trustworthy even if adversaries attempt to tamper with them. Our scheme maintains its retrospective deployability by relying on positive feedback only, i.e., blocks containing invalid reaffirmations are not rejected, but invalid reaffirmations are outpaced by the benign ones created by an honest majority among CoinPrune-supporting miners. Already today, CoinPrune reduces the storage requirements for Bitcoin nodes by two orders of magnitude, as joining nodes need to fetch and process only 6 GiB instead of 271 GiB of data in our evaluation, reducing the synchronization time of powerful devices from currently 7 h to 51 min, with even larger potential drops for less powerful devices. CoinPrune is further aware of higher-level application data, i.e., it conserves otherwise pruned application data and allows nodes to obfuscate objectionable and potentially illegal blockchain content from their UTXO set and the snapshots they distribute.


  1. EOSafe: Security Analysis of EOSIO Smart Contracts
    Authors: Ningyu He, Ruiyi Zhang, Haoyu Wang, Lei Wu, Xiapu Luo, Yao Guo, Ting Yu , and Xuxian Jiang

The EOSIO blockchain, one of the representative Delegated Proof-of-Stake (DPoS) blockchain platforms, has grown rapidly recently. Meanwhile, a number of vulnerabilities and high-profile attacks against top EOSIO DApps and their smart contracts have also been discovered and observed in the wild, resulting in serious financial damages. Most of the EOSIO smart contracts are not open-sourced and typically compiled to WebAssembly (Wasm) bytecode, thus making it challenging to analyze and detect the presence of possible vulnerabilities. In this paper, we propose EOSAFE, the first static analysis framework that can be used to automatically detect vulnerabilities in EOSIO smart contracts at the bytecode level. Our framework includes a practical symbolic execution engine for Wasm, a customized library emulator for EOSIO smart contracts, and four heuristic-driven detectors to identify the presence of the four most popular vulnerabilities in EOSIO smart contracts. Experiments have shown that EOSAFE achieves promising results in detecting vulnerabilities, with an F1-measure of 98%. We have applied EOSAFE to all active 53,666 smart contracts in the ecosystem (as of November 15, 2019). Our results show that over 25% of the smart contracts are labeled vulnerable. We further analyze possible exploitation attempts on these vulnerable smart contracts and identify 48 in-the-wild attacks (27 of them have been confirmed by DApp developers), which have resulted in financial loss of at least 1.7 million USD.


  1. Analytical Study of Blockchain Enabled Security Enhancement Methods for Healthcare Data
    Authors: Moumita Roy and Dr. Monisha Singh

Healthcare data protection is very much required in the present time due to the rate of growth in data volume and sensitivity of the data. The data is collected through EHR, diagnostic image like scan or x-ray or IoT wearable devices which has sensors and shared with stakeholders who can analyse the data and use it for betterment of the processes. Benefits of medical data sharing among the entities makes it even more vulnerable. In this paper we have studied and analysed few blockchain based methods of securing healthcare data which is stored in cloud. The methods studied is successful in keeping the data safe from unauthorized access.


  1. Dividend or No Dividend in Delegated Blockchain Governance: A Game Theoretic Analysis
    Authors: Dapeng Pan, J. Leon Zhao, Shaokun Fan, and Ziqiong Zhang

Delegated blockchain governance is the frontier of blockchain design issues that is to improve the scalability of blockchain networks. Delegated proof of stake (DPoS) blockchains such as EOS must select a few super nodes for transaction verification. In particular, the blockchain community has debated recently on whether dividend should be allowed when electing super nodes, which might be considered as unethical or unfair, leading to an open research topic and a new research gap that has theoretical value for both academia and industry. In this paper, we build a theoretical framework to study how dividend affects user decisions and welfare in a DPoS blockchain. Based on game theory, we propose a three-player Hotelling model with two policies to study the behaviors of voters and candidates. We first use a static game analysis to show that the benefits of dividend for voters and for candidates vary with the size of reward and there exists an interval, in which the zero dividend policy would be good for the welfare of both candidates and voters. Then, we use an evolutionary game analysis to examine the process dynamics of super node selection, we find that the campaign strategy of candidates has to do with the size of platform reward given to the candidates by the blockchain platform. Especially in the asymmetric case, we find that higher level of platform reward turns to benefit candidates with large number of votes even more. Our findings are instrumental for designing dividend policies in DPoS blockchains and can stimulate more potential research in blockchain governance.


  1. Viaduct
    Authors: Coşku Acay, Rolph Recto, Joshua Gancher Cornell, Andrew C. Myers, and Elaine Shi

Modern distributed systems involve interactions between principals with limited trust, so cryptographic mechanisms are needed to protect confidentiality and integrity. At the same time, most developers lack the training to securely employ cryptography. We present Viaduct, a compiler that transforms high-level programs into secure, efficient distributed realizations. Viaduct’s source language allows developers to declaratively specify security policies by annotating their programs with information flow labels. The compiler uses these labels to synthesize distributed programs that use cryptography efficiently while still defending the source-level security policy. The Viaduct approach is general, and can be easily extended with new security mechanisms.
Our implementation of the Viaduct compiler comes with an extensible runtime system that includes plug-in support for multiparty computation, commitments, and zero-knowledge proofs. We have evaluated the system on a set of benchmarks, and the results indicate that our approach is feasible and can use cryptography in efficient, nontrivial ways.


  1. RENOIR: Accelerating Blockchain Validation using State Caching
    Authors: Nitin Awathare, Sourav Das, Vinay J. Ribeiro, and Umesh Bellur

A Blockchain system such as Ethereum is a peer to peer network where each node works in three phases: creation, mining, and validation phases. In the creation phase, it executes a subset of locally cached transactions to form a new block. In the mining phase, the node solves a cryptographic puzzle (Proof of Work-PoW) on the block it forms. On receiving a block from another peer, it starts the validation phase, where it executes the transactions in the received block in order to ensure all transactions are valid. This execution also updates the blockchain state, which must be completed before creating the next block. A long block validation time lowers the system’s overall throughput and brings the well known Verifier’s dilemma into play. Additionally, this leads to wasted mining power utilization (MPU).
Through extensive measurement of 2000 nodes from the production Ethereum network we find that during block validation, nodes redundantly execute more than 80% of the transactions in greater than 75% of the blocks they receive - this points to significant potential to save time and computation during block validation.
Motivated by this, we present RENOIR, a novel mechanism that caches state from transaction execution during the block creation phase and reuses it to enable nodes to skip (re)executing these transactions during block validation. Our detailed evaluation of RENOIR on a 50 node testbed mimicking the top 50 Ethereum miners illustrates that when gas limit is increased to 20 times the default value, to accommodate computationally intensive transactions, RENOIR reduces validation time by 90% compared to Ethereum. In addition, throughput of Ethereum reduces from 35326 tx/hour to 24716 tx/hour and MPU from 96% to 67% but these barely change for RENOIR. Furthermore, we deploy a node running RENOIR on the production Ethereum network. Our measurement illustrates that RENOIR reduces the block validation time by as much as 50%.


Fun week for research pulse – this is the largest issue to date with a total of 12 curated papers!

Last week, a consensus failure in Open Ethereum (formerly known as Parity) entailed several disruptions to Ethereum users and applications. Since the Geth client kept on going, Open Ethereum users quick began syncing that client instead, which may take a long time. Conveniently, a new paper was just published describing a mechanism that can speed up sync times considerably by reducing validation times by as much as 90%. RENOIR: Accelerating Blockchain Validation using State Caching provides an interesting way to achieve that through the caching of state from transaction execution during the block creation phase.

If you are a ENS user, read Ethereum Name Service: the Good, the Bad, and the Ugly. It is the first large scale study of ENS and provides an interesting data-driven analysis of this increasingly popular service. It features a particularly interesting exploration of existing security/privacy issues; some inherent to DNS itself, others specific to the ENS implementation.

Finally, there is an ongoing debate about the “real” privacy guarantees of the Lightning Network. Current analyses of the vectors where user privacy is broken tend to be flawed since there is not enough tooling available for privacy-oriented users to minimize the data their transactions leak. LightPIR: Privacy-Preserving Route Discovery for Payment Channel Networks is an interesting addition to the lnd privacy toolbox. It uses a relatively straightforward labeling system to enable users to increase the efficiency of their payments without revealing any information about the endpoints of the transaction.