Research Pulse Issue #16 06/04/21

  1. A Security Type Verifier for Smart Contracts
    Authors: Xinwen Hu, Yi Zhuang, Shang-Wei Lin, Fuyuan Zhang, Shuanglong Kan, and Zining Cao

The widespread adoption of smart contracts demands strong security guarantees. Our work is motivated by the problem of statically checking potential information tampering in smart contracts. This paper presents a security type verification framework for smart contracts based on type systems. We introduce a formal calculus for reasoning smart contract operations and interactions and design a lightweight type system for checking secure information flow in Solidity (a popular high-level programming language for writing smart contracts). The soundness of our type system is proved w.r.t. non-interference. In addition, a type verifier based on our type system is proposed to assist users to automatically find an optimal secure type assignment for state variables, which makes contracts well-typed. We also prove that finding the optimal secure type assignment is theoretically a NP-complete problem. We develop a prototype implementation of the Solidity Type Verifier () including the Solidity Type Checker () based on the K-framework, and demonstrate its effectiveness on real-world smart contracts.

Link: A Security Type Verifier for Smart Contracts - ScienceDirect

  1. PipeZK: Accelerating Zero-Knowledge Proof with a Pipelined Architecture
    Authors: Ye Zhang, Shuo Wang, Xian Zhang, Jiangbin Dong, Xingzhong Mao, Fan Long, Cong Wang, Dong Zhou, Mingyu Gao, and Guangyu Sun

Zero-knowledge proof (ZKP) is a promising cryptographic protocol for both computation integrity and privacy. It can be used in many privacy-preserving applications including verifiable cloud outsourcing and blockchains. The major obstacle of using ZKP in practice is its time-consuming step for proof generation, which consists of large-size polynomial computations and multi-scalar multiplications on elliptic curves. To efficiently and practically support ZKP in real-world applications, we propose PipeZK, a pipelined accelerator with two subsystems to handle the aforementioned two intensive compute tasks, respectively. The first subsystem uses a novel dataflow to decompose large kernels into smaller ones that execute on bandwidth-efficient hardware modules, with optimized off-chip memory accesses and on-chip compute resources. The second subsystem adopts a lightweight dynamic work dispatch mechanism to share the heavy processing units, with minimized resource underutilization and load imbalance. When evaluated in 28 nm, PipeZK can achieve 10x speedup on standard cryptographic benchmarks, and 5x on a widely-used cryptocurrency application, Zcash.


  1. Optimizations and Improvements to Cryptographic Libraries for zkSNARKs
    Author: Alexander Wu

With the rapid development of the theory of probabilistic proofs, zero knowledge proofs have started to gain traction in both academic circles and industry. As such, the demand has risen for convenient, high-performance cryptographic libraries that aid in the use of zero knowledge proofs and other cryptographic protocols. In this report, I will discuss my contributions to several cryptographic libraries that fulfill this demand. I will summarize the purpose of four cryptographic libraries and describe my work to make them more ergonomic and configurable through API reworks and other improvements. Then I will describe my performance optimizations, namely the cap hash optimization for the BCS Compiler. Finally, I will point out avenues for future work on these libraries.


  1. Blockchain based Secure Data Sharing Model
    Authors: Shi Wang and Jing Liu

There are mainly three traditional data sharing methods. The first is the most direct data copy, the second is to share data based on a data sharing protocol, and the third is to share data through a data center. These methods have a common feature, that is, the data requester will get the data of the data owner. This may cause serious problems in data security, such as data leakage and data abuse. As a data center is a centralized organization, there are risks such as data loss and data tampering. In addition, various countries have also issued a series of policies on data security issues, such as the GDPR implemented by the European Union in 2018. The blockchain technology using a decentralized model can be used as a new attempt to solve the above problems. This paper studies a data sharing scheme based on blockchain, and proposes a model that combines the Ethereum blockchain and federated learning ideas, and uses off-chain storage methods to share data. In this model, users can upload data description information to the blockchain through smart contracts, and can retrieve the required data through keywords, and then send the data identification and data processing model to the data owner in the form of transactions. The data owner can use this model to process the data, and finally return the result to the data requester. Because the data owner is in full control of his data and does not expose the source data to the outside, the use of this model for data sharing can effectively avoid problems such as data leakage, data loss, and data abuse.


  1. Agent-Based Modeling of Blockchain Decentralized Financial Protocols
    Authors: Igor Struchkov, Alexey Lukashin, Bogdan Kuznetsov, Igor Mikhalev, and Zoia Mandrusova

Decentralized financial applications running on blockchains using smart contracts have attracted a lot of attention recently. One important class of such applications is decentralized digital asset exchanges. In this paper we present an agent-based modeling approach for decentralized exchanges that allowed us to achieve realistic results both in normal and stress market conditions and also investigate the impact of front runners on the distribution of profits. We also compare the results of the two exchanges - Uniswap and Liquifi - to evaluate the effect of the proposed solution for the price slippage and front running problems.

Link: Agent-Based Modeling of Blockchain Decentralized Financial Protocols | IEEE Conference Publication | IEEE Xplore

  1. An open measurement dataset on the Bitcoin P2P Network
    Authors: Jean-Philippe Eisenbarth, Thibault Cholez, and Olivier Perrin

The Bitcoin blockchain is managed by an underlying peer-to-peer network. This network is responsible for the propagation of transactions carried out by users via the blocks (which contain the validated transactions), and to ensure consensus between the different nodes. The quality and safety of this network are therefore particularly essential. In this work, we present an open dataset on the peers composing the Bitcoin P2P Network that was made following a well defined and reproducible methodology. We also provide a first analysis of the dataset on three criteria: the number of public nodes and their client version and geographical distribution.


  1. Off-chain Transaction Routing in Payment Channel Networks: A Machine Learning Approach
    Authors: Heba Ahmed Kadry El-Riedy

Blockchain is a foundational technology that has the potential to create new prospects for our economic and social systems. However, the scalability problem limits the capability to deliver a target throughput and latency, compared to the traditional financial systems, with increasing workload. Layer-two is a collective term for solutions designed to help solve the scalability by handling transactions off the main chain, also known as layer one. These solutions have the capability to achieve high throughput, fast settlement, and cost efficiency without sacrificing network security. For example, bidirectional payment channels are utilized to allow the execution of fast transactions between two parties, thus forming the so-called payment channel networks (PCNs). Consequently, an efficient routing protocol is needed to find the payment path from the sender to the receiver, with the lowest transaction fees. This routing protocol needs to consider, among other factors, the unexpected online/offline behavior of the constituent payment nodes as well as payment channel imbalance. This study proposes a novel machine learning-based routing technique for fully distributed and efficient off-chain transactions to be used within the PCNs. For this purpose, the effect of the offline nodes and channel imbalance on the payment channels network are modeled. The simulation results demonstrate a good tradeoff among success ratio, transaction fees, routing efficiency, transaction overhead, and transaction maintenance overhead as compared to other techniques that have been previously proposed for the same purpose.

Link: "Off-chain Transaction Routing in Payment Channel Networks: A Machine L" by Heba Ahmed Kadry El-Riedy

  1. SCSGuard: Deep Scam Detection for Ethereum Smart Contracts
    Authors: Huiwen Hu and Yuedong Xu

Smart contract is the building block of blockchain systems that enables automated peer-to-peer transactions and decentralized services. With the increasing popularity of smart contracts, blockchain systems, in particular Ethereum, have been the “paradise” of versatile fraud activities in which Ponzi, Honeypot and Phishing are the prominent ones. Formal verification and symbolic analysis have been employed to combat these destructive scams by analyzing the codes and function calls, yet the vulnerability of each individual scam should be predefined discreetly. In this work, we present SCSGuard, a novel deep learning scam detection framework that harnesses the automatically extractable bytecodes of smart contracts as their new features. We design a GRU network with attention mechanism to learn from the Ngram bytecode patterns, and determines whether a smart contract is fraudulent or not. Our framework is advantageous over the baseline algorithms in three aspects. Firstly, SCSGuard provides a unified solution to different scam genres, thus relieving the need of code analysis skills. Secondly, the inference of SCSGuard is faster than the code analysis by several order of magnitudes. Thirdly, experimental results manifest that SCSGuard achieves high accuracy (0.92∼0.94), precision (0.94∼0.96%) and recall (0.97∼0.98) for both Ponzi and Honeypot scams under similar settings, and is potentially useful to detect new Phishing smart contracts.


  1. Mining in Logarithmic Space
    Authors: Aggelos Kiayias, Nikos Leonardos, and Dionysis Zindros

Blockchains maintain two types of data: Application data and consensus data. Towards long-term blockchain scalability, both of these must be pruned. While a large body of literature has explored the pruning of application data (UTXOs, account balances, and contract state), little has been said about the permanent pruning of consensus data (block headers). We present a protocol which allows pruning the blockchain by garbage collecting old blocks as they become unnecessary. These blocks can simply be discarded and are no longer stored by any miner. We show that all miners can be light miners with no harm to security. Our protocol is based on the notion of superblocks, blocks that have achieved an unusually high difficulty. We leverage them to represent underlying proof-of-work without ever illustrating it, storing it, or transmitting it. After our pruning is applied, the storage and communication requirements for consensus data is reduced exponentially. We develop new probabilistic mathematical methods to analyze our protocol in the random oracle model. We prove our protocol is both secure and succinct under an uninterrupted honest majority assumption for 1/3 adversaries. Our protocol is the first to achieve always secure, always succinct, and online Non-Interactive Proofs of Proof-of-Work, all necessary components for a logarithmic space mining scheme. Our work has applications beyond mining and also constitutes an improvement in state-of-the-art superlight clients and cross-chain bridges.


  1. Robustness analysis of Bitcoin confirmation times
    Authors: Ivo Stoepker, Rowel Gundlach, and Stella Kapodistria

Bitcoin payments require a random amount of time to get confirmed (i.e. to be grouped by the miners into a block and to be added to the Bitcoin blockchain). In [8, 11], the authors propose the modelling of the Bitcoin confirmation time by the so-called time to ruin of the Cramer-Lundberg (CL) model. This provides off-the-shelf results directly aimed at predicting the confirmation time. However, analyses suggest that the data may not fully conform with the CL model assumptions. In this manuscript, we show by means of a robustness analysis that the time to ruin of a CL model is near insensitive to small changes in the model assumptions and illustrate that the proposed heuristic model can be used to accurately predict the confirmation times even when the data deviate (to a small degree) from the model assumptions.



Graduation season is upon us, which means another busy week for Research Pulse!

While many new topics have emerged as recent grads showcase their work, smart contract security continues to be a huge research area within the industry given the challenges of writing “safe” smart contracts. In A Security Type Verifier for Smart Contracts, the authors introduce a formal calculus for Solidity that includes syntax and semantics analysis. Type verifiers have been underused in Solidity development, and initiatives like these can be instrumental to increase the security of critical smart contracts.

In SCSGuard: Deep Scam Detection for Ethereum Smart Contracts, a novel deep learning model is presented to automatically identify whether the functions of a smart contract replicate those commonly seen in pyramid and Ponzi schemes. This work can be critical when discerning the drivers of fee volatility in Ethereum and can ultimately help identify when gas prices are being pushed up by Ponzi schemes.

Finally, in Robustness analysis of Bitcoin confirmation times, the authors provide an interesting approach to determining how many Bitcoin block confirmations are enough to consider a transaction “final”. While the industry has converged on the 6-block confirmation rule, there hasn’t been much rigor in identifying when 6 confirmations are too much, or too little. To shed more light on this area, the authors apply the Cramer-Lundberg (CL) model to predict confirmation times. While the results are imperfect, this type of novel analysis is essential to increase the efficiency of critical industry infrastructure providers.

There is still a backlog of papers to go through, but it is nothing but reassuring to see how many novel publications on crypto are being pushed out by recent grads this semester.