Research Pulse Issue #21 07/12/21

  1. W-OTS+ up my Sleeve! A Hidden Secure Fallback for Cryptocurrency Wallets
    Authors: David Chaum, Mario Larangeira, Mario Yaksetig, and William Carter

We introduce a new key generation mechanism where users can generate a “back up key”, securely nested inside the secret key of a signature scheme. Our main motivation is that in case of leakage of the secret key, established techniques based on zero-knowledge proofs of knowledge are void since the key becomes public. On the other hand, the “back up key”, which is secret, can be used to generate a “proof of ownership”, i.e., only the real owner of this secret key can generate such a proof. To the best of our knowledge, this extra level of security is novel, and could have already been used in practice, if available, in digital wallets for cryptocurrencies that suffered massive leakage of account private keys. In this work, we formalize the notion of “Proof of Ownership” and “Fallback” as new properties. Then, we introduce our construction, which is compatible with major designs for wallets based on ECDSA, and adds a W-OTS+ signing key as a “back up key”. Thus offering a quantum secure fallback. This design allows the hiding of any quantum secure signature key pair, and is not exclusive to W-OTS+. Finally, we briefly discuss the construction of multiple generations of proofs of ownership.


  1. Miner revenue optimization algorithm based on Pareto artificial bee colony in blockchain network
    Authors: Yourong Chen, Hao Chen, Meng Han, Banteng Liu, Qiuxia Chen, Zhenghua Ma, and Zhangquan Wang

In order to improve the revenue of attacking mining pools and miners under block withholding attack, we propose the miner revenue optimization algorithm (MROA) based on Pareto artificial bee colony in blockchain network. MROA establishes the revenue optimization model of each attacking mining pool and revenue optimization model of entire attacking mining pools under block withholding attack with the mathematical formulas such as attacking mining pool selection, effective computing power, mining cost and revenue. Then, MROA solves the model by using the modified artificial bee colony algorithm based on the Pareto method. Namely, the employed bee operations include evaluation value calculation, selection probability calculation, crossover operation, mutation operation and Pareto dominance method, and can update each food source. The onlooker bee operations include confirmation probability calculation, crowding degree calculation, neighborhood crossover operation, neighborhood mutation operation and Pareto dominance method, and can find the optimal food source in multidimensional space with smaller distribution density. The scout bee operations delete the local optimal food source that cannot produce new food sources to ensure the diversity of solutions. The simulation results show that no matter how the number of attacking mining pools and the number of miners change, MROA can find a reasonable miner work plan for each attacking mining pool, which increases minimum revenue, average revenue and the evaluation value of optimal solution, and reduces the spacing value and variance of revenue solution set. MROA outperforms the state of the arts such as ABC, NSGA2 and MOPSO.


  1. A Fully Anonymous e-Voting Protocol Employing Universal zk-SNARKs and Smart Contracts
    Author: Aritra Banerjee

The idea of smart contracts has been around for a long time. The introduction of Ethereum has taken the concept of smart contracts to new heights because of its integration with Blockchain technology. As a result, the applications of smart contracts have also surged in areas such as e-Voting, Insurance, Crowdfunding, etc. In this paper, we aim to present the construction of a “Fully Anonymous e-Voting” protocol using the concepts of zkHawk and Zcash. zkHawk is a novel smart contract protocol designed during this Ph.D. that improves upon the Hawk protocol by solving the underlying anonymity problem of a trusted manager. We will leverage the concept of zk-SNARKs in Zcash to carry out the voting phase of the election and the zkHawk smart contract protocol to tally the results of the election. The voting phase employing Zcash will be initially designed with Non-Universal zk-SNARKs and improved upon with Universal zk-SNARKs.


  1. Nomos: A Protocol-Enforcing, Asset-Tracking, and Gas-Aware Language for Smart Contracts
    Authors: Ankush Das, Jan Hoffmann, and Frank Pfenning

Nomos is a programming language based on resource-aware session types that has been developed to address the domain-specific challenges developers face while programming smart contracts. This article presents the instantiation of Nomos to a concrete blockchain similar to Ethereum with modifications that make use of Nomos’ unique features. This Nomos Blockchain organizes smart contracts in a novel process-oriented fashion where contracts correspond to processes that can be accessed by a session-typed channel that the process offers service on. Session types are central to expressing and statically enforcing contract protocols, essentially prescribing interaction sequences between contracts and their clients. Being in a Curry-Howard isomorphism with linear logic, session types also provide a natural representation of assets and guaranteeing that they are preserved across transactions. Gas is the only intrinsic currency of the Nomos Blockchain, thus users and miners are provided with exclusive gas accounts to pay for the execution cost of transactions. Resourceaware types automatically infer this execution cost in gas units, deduct them from the sender’s account and ensures that execution is always free of out-of-gas errors. This article also presents the various components of the Nomos toolchain, highlighting two aspects: simplicity of programming and efficiency of the system. For the former, we present language features designed to improve programmer experience such as precise error messages, built-in maps, and support for designing Non-Fungible Tokens. For the latter, our virtual machine features linear-time type checking, fast inference of resource bounds via off-the-shelf linear programming (LP) solvers, and an interpreter that no longer needs to track execution cost at runtime (since it is statically inferred).


  1. TokenHook: Secure ERC-20 smart contract
    Author: Reza Rahimian and Jeremy Clark

ERC-20 is the most prominent Ethereum standard for fungible tokens. Tokens implementing the ERC-20 interface can interoperate with a large number of already deployed internet-based services and Ethereum-based smart contracts. In recent years, security vulnerabilities in ERC-20 have received special attention due to their widespread use and increased value. We systemize these vulnerabilities and their applicability to ERC-20 tokens, which has not been done before. Next, we use our domain expertise to provide a new implementation of the ERC-20 interface that is freely available in Vyper and Solidity, and has enhanced security properties and stronger compliance with best practices compared to the sole surviving reference implementation (from OpenZeppelin) in the ERC-20 specification. Finally, we use our implementation to study the effectiveness of seven static analysis tools, designed for general smart contracts, for identifying ERC-20 specific vulnerabilities. We find large inconsistencies across the tools and a high number of false positives which shows there is room for further improvement of these tools.


  1. Efficient Attribute-Based Smart Contract Access Control Enhanced by Reputation Assessment
    Authors: Yang Liu, Terry Guo, Zhe Chen, and Xueying Jiang

Blockchain’s immutability can resist unauthorized changes of ledgers, thus it can be used as a trust enhancement mechanism to a shared system. Indeed, blockchain has been considered to solve the security and privacy issues of the Internet of Things (IoT). In this regard, most researches currently focus on the realization of various access control models and architectures, and are working towards making full use of the blockchain to secure IoT systems. It is worth noting that there has been an increasingly heavy pressure on the blockchain storage caused by dealing with massive IoT data and handling malicious access behaviors in the system, and not many countermeasures have been seen to curb the increase. However, this problem has not been paid enough attention. In this paper, we implement an attribute-based access control scheme using smart contracts in Quorum blockchain. It provides basic access control functions and conserves storage by reducing the number of smart contracts. In addition, a reputation-based technique is introduced to cope with malicious behaviors. Certain illegal transactions can be blocked by the credit-assessment algorithm, which deters possibly malicious nodes and gives more chance to well-behaved nodes. The feasibility of our proposed scheme is demonstrated by doing experiment on a testbed and conducting a case study. Finally, the system performance is assessed based on experimental measurement.


  1. ETHTID: Deployable Threshold Information Disclosure on Ethereum
    Authors: Oliver Stengele, Markus Raiber, Jorn Muller-Quade, and Hannes Hartenstein

We address the Threshold Information Disclosure (TID) problem on Ethereum: An arbitrary number of users commit to the scheduled disclosure of their individual messages recorded on the Ethereum blockchain if and only if all such messages are disclosed. Before a disclosure, only the original sender of each message should know its contents. To accomplish this, we task a small council with executing a distributed generation and threshold sharing of an asymmetric key pair. The public key can be used to encrypt messages which only become readable once the threshold-shared decryption key is reconstructed at a predefined point in time and recorded on-chain. With blockchains like Ethereum, it is possible to coordinate such procedures and attach economic stakes to the actions of participating individuals. In this paper, we present ETHTID, an Ethereum smart contract application to coordinate Threshold Information Disclosure. We base our implementation on ETHDKG [1], a smart contract application for distributed key generation and threshold sharing, and adapt it to fit our differing use case as well as add functionality to oversee a scheduled reconstruction of the decryption key. For our main cost saving optimisation, we show that the security of the underlying cryptographic scheme is maintained. We evaluate how the execution costs depend on the size of the council and the threshold and show that the presented protocol is deployable on Ethereum with a council of more than 200 members with gas savings of 20–40% compared to ETHDKG.


  1. An Identity-Based Blind Signature and Its Application for Privacy Preservation in Bitcoin [Paywalled]
    Authors: Yitao Chen, Qi Feng, Min Luo, Li Li, and Debiao He

The privacy preservation in Bitcoin is increasingly important, partly due to its huge market capitalization and potential applications in distributed architectures. To protect the privacy of users in Bitcoin, a number of mechanisms have been proposed, where mixing service is a simple and frequently-used mechanism. The work, named Blindcoin, believes that an unlinkable blind signature scheme can help to guarantee the anonymity of users at the mixer side. Recently, Sarde and Banerjee presented an identity-based blind signature scheme. However, we found their scheme is vulnerable to a linkability attack. In this paper, we improve their scheme on this weakness and construct two unlinkable identity-based blind signature schemes, where one is in the standard setting and the other is in the proxy setting. Our approaches delinearize the two blinding factors so that malicious signer or proxy signer cannot find any helpful information from what she knows. The security, including unlinkability, of our schemes relies on the computational Diffie-Hellman assumption in the random oracle model as analyzed in this paper. We typically show that this is of great important to hide the relationship between message-signature pairs for the privacy-protecting in Bitcoin.

Link: An Identity-Based Blind Signature and Its Application for Privacy Preservation in Bitcoin | SpringerLink

  1. Unnecessary Input Heuristics and PayJoin Transactions [Paywalled]
    Authors: Simin Ghesmati, Andreas Kern, Aljosha Judmayer, Nicholas Stifter, and Edgar Weippl

Over the years, several privacy attacks targeted at UTXO-based cryptocurrencies such as Bitcoin have been proposed. This has led to an arms race between increasingly sophisticated analysis approaches and a continuous stream of proposals that seek to counter such attacks against users’ privacy. Recently, PayJoin was presented as a new technique for mitigating one of the most prominent heuristics, namely common input ownership. This heuristic assumes that the inputs of a transaction, and thus the associated addresses, belong to the same entity. However, a problem with PayJoin is that implementations can accidentally reveal such transactions if the corresponding inputs from involved parties are not chosen carefully. Specifically, if a transaction is formed in a way such that it contains seemingly unnecessary inputs, it can be identified through so-called unnecessary input heuristic (UIH). What is not yet clear is the impact of naive coin selection algorithms within PayJoin implementations that may flag such transactions as PayJoin. This paper investigates the resemblance of PayJoin transactions to ordinary payment transactions by examining the significance of the unnecessary input heuristic in transactions with more than one input and exactly two outputs which is the common template of recent PayJoin transactions.

Link: Unnecessary Input Heuristics and PayJoin Transactions | SpringerLink

  1. Stochastic modelling of blockchain consensus
    Authors: Claudio J. Tessone, Paolo Tasca, and Flavio Iannelli

Blockchain and general purpose distributed ledgers are foundational technologies which bring significant innovation in the infrastructures and other underpinnings of our socio-economic systems. These P2P technologies are able to securely diffuse information within and across networks, without need for trustees or central authorities to enforce consensus. In this contribution, we propose a minimalistic stochastic model to understand the dynamics of blockchain-based consensus. By leveraging on random-walk theory, we model block propagation delay on different network topologies and provide a classification of blockchain systems in terms of two emergent properties. Firstly, we identify two performing regimes: a functional regime corresponding to an optimal system function; and a non-functional regime characterised by a congested or branched state of sub-optimal blockchains. Secondly, we discover a phase transition during the emergence of consensus and numerically investigate the corresponding critical point. Our results provide important insights into the consensus mechanism and sub-optimal states in decentralised systems.

Link: Stochastic Modelling of Blockchain Consensus by Claudio Tessone, Paolo Tasca, Flavio Iannelli :: SSRN

  1. Visualization of Ethereum P2P network topology and peer properties [Paywalled]
    Authors: Soohoon Maeng, Meryam Essaid, Changhyun Lee, Sejin Park, and Hongteak Ju

Ethereum is arguably the second most popular cryptocurrency-based network after Bitcoin. Both use the distributed ledger technology known as the blockchain, which is considered secure. However, the provided security level is proportional to the number of connected nodes, the number of influential nodes, and the supported amount of hash power. Thus, the knowledge of the network properties and nodes’ behavior is helpful to protect the network from possible attacks such as double-spending attacks, DDoS attacks, 51% attacks, and Sybil attacks. This paper proposes a node discovery mechanism, which performs a P2P link discovery on the Ethereum main network. For that, we develop Search-node, a modified version of Ethereum client that searches for all participating nodes in the blockchain network, stores the node information in the Bucket, and then processes the peer discovery method. Based on the collected data, we first visualize the Ethereum network topology and analyze the attributes of the network such as node degree, path length, diameter, and clustering coefficient. We then analyze the node properties and provide analytical results regarding the relationship between nodes, heavily connected nodes, node geo-distribution, security issues, and possible attacks over the influential nodes. As a result, we have identified 68,406 nodes with a total of 642,034 edges. By analyzing the collected data, we have found that the diameter in the Ethereum network is equal to 8. The node degree is over 19, which is two times higher than the default configuration.



Interesting set of papers on Research Pulse this week!

In W-OTS+ up my Sleeve! A Hidden Secure Fallback for Cryptocurrency Wallets, David Chaum et. al provide a novel framework for the creation of additional security layers to cryptocurrency wallets. Rather than producing signatures for every transaction, W-OTS+ enables users to provide so-called Proofs-of-Asset Ownership. In certain use-cases, these proofs could be used as a replacement for a digital signature and ultimately increase the security of cold wallets.

In An Identity-Based Blind Signature and Its Application for Privacy Preservation in Bitcoin, the authors iterate upon identity-based blind signature schemes. Such schemes can be used in CoinJoin transactions, which are intended to obfuscate the identity of a single sender by mixing it with other senders within a batched transaction. The scheme presented in this paper is interesting as it can considerably increase the privacy assurances of CoinJoin transactions even with relatively low participation.

Finally, in Stochastic modelling of blockchain consensus, the authors provide a rigorous analysis of the performance of Nakamoto Consensus in Bitcoin and Litecoin, as well as the GHOST variant used in Ethereum. The model uses empirical data collected on-chain and compares it with a variety of simulations. This analysis sheds light on how different network topologies can fundamentally impact consensus, especially as it relates to block propagation.