Research Pulse Issue #25 08/03/21

  1. A Decision Model for Decentralized Autonomous Organization Platform Selection: Three Industry Case Studies
    Authors: Elena Baninemeh, Siamak Farshidi, and Slinger Jansen

Context: Decentralized autonomous organizations as a new form of online governance are collections of smart contracts deployed on a blockchain platform that intercede groups of people. A growing number of Decentralized Autonomous Organization Platforms, such as Aragon and Colony, have been introduced in the market to facilitate the development process of such organizations. Selecting the best fitting platform is challenging for the organizations, as a significant number of decision criteria, such as popularity, developer availability, governance issues, and consistent documentation of such platforms, should be considered. Additionally, decision-makers at the organizations are not experts in every domain, so they must continuously acquire volatile knowledge regarding such platforms and keep themselves updated. Accordingly, a decision model is required to analyze the decision criteria using systematic identification and evaluation of potential alternative solutions for a development project.
Method: We have developed a theoretical framework to assist software engineers with a set of Multi-Criteria Decision- Making problems in software production. This study presents a decision model as a Multi-Criteria Decision-Making problem for the decentralized autonomous organization platform selection problem to capture knowledge regarding such platforms and concepts systematically.
Results: We conducted three industry case studies in the context of three decentralized autonomous organizations to evaluate the effectiveness and efficiency of the decision model in assisting decision-makers. The case study participants declared that the decision model provides significantly more insight into their selection process and reduces the cost of the decision-making process.
Conclusion: We find that with empirical evidence from the case studies, that decision-makers can make more rational, efficient, and effective decisions with the decision model when they meet their requirements and priorities. Furthermore, the captured reusable knowledge regarding platforms and concepts while building the decision model can be employed by other researchers to develop new concepts and solutions for future challenges.


  1. Assessment of Quantum Threat To Bitcoin and Derived Cryptocurrencies
    Authors: Stephen Holmes and Liqun Chen

All cryptocurrencies are not the same. Today, they share a common quantum vulnerability through use of non-quantum safe Elliptic Curve Digital Signature Algorithm (ECDSA) digital signatures yet they have very different risks of quantum attack. The risk of attack for a cryptocurrency depends on a number of identified factors such as the block interval time, the vulnerability to an attack that delays the time for an unprocessed transaction to be completed and the behaviour of a cryptocurrency user to increase the cost of a quantum computer attack. Shor’s algorithm can be used to break ECDSA signatures with a quantum computer. This research addresses the two questions: When will a quantum computer be powerful enough to execute Shor’s algorithm? How fast would a quantum computer need to be to break a specific cryptocurrency? In this paper we observe that by benchmarking the speed of circuits and the time for quantum addition on quantum computers we can determine when there is a potential threat to a specific cryptocurrency.


  1. Financial intermediation and risk in decentralized lending protocols
    Authors: Carlos Castro-Iragorri, Julián Ramírez, and Sebastián Vélez

We provide an overview of decentralized protocols like Compound and Aave that offer collateralized loans for cryptoasset investors. Compound and Aave are two of the most important application in the decentralized finance (DeFi) ecosystem. Using publicly available information on rates, supply and borrow activity, and accounts we analyze different elements of the protocols. In particular, we estimate ex-post margins that give a comprehensive account of the cost of financial intermediation. We find that ex-post margins considering all markets are 1% and lower for stablecoin markets. In addition, we estimate quarterly indicators regarding solvency, asset quality, earnings and market risk similar to the ones used in traditional banking. This provides a first look at the use of these metrics and a comparison between the similarities and challenges to our understanding of financial intermediation in these protocols based on tools used for traditional banking.


  1. Vulnerability Assessment on Ethereum Based Smart Contract Applications
    Author: Nurul Aida Noor Aidee, Md Gapar Md Johar, Mohammed Hazim Alkawaz, Asif Iqbal Hajamydeen, and Mohammed Sabbih Hamoud Al-Tamimi

A Smart Contract is an agreement in the form of computer code that is made between two individuals. In a blockchain environment, smart contracts executed and stored in a shared ledger that are not modifiable. Ethereum is one of the major platforms used for smart contracts, where solidity basically is a high-level programming language used in the Ethereum to build smart contracts. Recent vulnerabilities found by the coders were not updated in analysis tool (SmartCheck) and therefore incapable of detecting vulnerabilities. No definitions of patterns were existing to detect these vulnerabilities. This paper focuses on the improvement of the Smartcheck analysis method to convert the source code of solidity into an intermediate representation based on XML and verifies this against the XPath patterns. Moreover, the latest vulnerabilities were listed to create new patterns to detect such vulnerabilities. The proposed method was evaluated with real world datasets and the results were compared with similar tools.

Link: Vulnerability Assessment on Ethereum Based Smart Contract Applications | IEEE Conference Publication | IEEE Xplore

  1. A Comparative Analysis of the Platforms for Decentralized Autonomous Organizations in the Ethereum Blockchain
    Authors: Youssef Faqir-Rhazoui, Javier Arroyo, and Samer Hassan

Blockchain technology has enabled a new kind of distributed systems. Beyond its early applications in Finance, it has also allowed the emergence of novel new ways of governance and coordination. The most relevant of these are the so-called Decentralized Autonomous Organizations (DAOs). DAOs typically implement decision-making systems to make it possible for their online community to reach agreements. As a result of these agreements, the DAO operates automatically by executing the appropriate portion of code on the blockchain network (e.g., hire people, delivers payments, invests in financial products, etc). In the last few years, several platforms such as Aragon, DAOstack and DAOhaus, have emerged to facilitate the creation of DAOs. As a result, hundreds of these new organizations have appeared, with their communities interacting mediated by blockchain. However, the literature has yet to appropriately explore empirically this phenomena. In this paper, we aim to shed light on the current state of the DAO ecosystem. We review the three main platforms nowadays (Aragon, DAOstack, DAOhaus) which facilitate the creation and management of DAOs. Thus, we introduce their main differences, and compare them using quantitative metrics. For such comparison, we retrieve data from both the main Ethereum network (mainnet) and a parallel Ethereum network (xDai). We analyze data from 72,320 users and 2,353 DAO communities in order to study the three ecosystems across four dimensions: growth, activity, voting system and funds. Our results show that there are notable differences among the DAO platforms in terms of growth and activity, and also in terms of voting results. Still, we consider that our work is only a first step and that further research is needed to better understand these communities, and evaluate their level of accomplishment in reaching decentralized governance.


  1. Incentive Mechanism Design for Distributed Autonomous Organizations Based on the Mutual Insurance Scenario
    Authors: Yiguang Pan and Xiaomei Deng

The rise of blockchain has led to discussions on new governance models and the cooperation of multiple participants. Due to the cognitive defects of the blockchain protocol in terms of intelligent contracts and decentralized autonomous organizations (DAOs), it is often unclear as to how to make decisions about the evolution of blockchain applications. Many autonomous organizations, with the support of network technologies such as blockchain, blindly absorb members and expand the scale of the capital pool, while ignoring the cost advantage of traditional autonomous organizations based on social relations and mutual supervision to fight information asymmetry. In this context, this study analyzes the evolutionary trend of autonomous organizations and their members’ strategies under different policy environments. To this end, under the digital economy background, based on game theory, the evolutionary dynamics method, and the form of the mutual insurance organization, this study constructs an evolutionary dynamics model of distributed autonomous organizations. The results show that blind expansion without review aggravates the overall risk pool’s moral hazard, in the context of mutual insurance. Organizational strategies, such as risk pool splits, can effectively improve the risk pool’s operating performance and establish a benign competition elimination mechanism. Driven by cooperation efficiency and split supervision based on homogeneous clustering, the comprehensive application of the market elimination mechanism can effectively combat moral hazards, restrain the adverse effects of member flow, expand the living space of small- and medium-sized insurance organizations, curb the emergence of a large-scale monopoly risk pool, and improve market vitality. These conclusions and suggestions also apply to autonomous organizations based on social relations and mutual supervision. The results offer specific decision-making guidance and suggestions for the government, insurance companies, and risk management.

Link: Incentive Mechanism Design for Distributed Autonomous Organizations Based on the Mutual Insurance Scenario

  1. Burnable Pseudo-Identity: A Non-Binding Anonymous Identity Method for Ethereum
    Authors: Iván Gutiérrez-Agüero, Xabier Larrucea, Sergio Anguita, Aitor Gomez-Goiri, and Borja Urquizu

The concept of identity has become one common research topic in security and privacy where the real identity of users must be preserved, usually covered by pseudonym identifiers. With the rise of Blockchain-based systems, identities are becoming even more critical than before, mainly due to the immutability property. In fact, many publicly accessible Blockchain networks like Ethereum rely on pseudonymization as a method for identifying subject actions. Pseudonyms are often employed to maintain anonymity, but true anonymity requires unlinkability. Without this property, any attacker can examine the messages sent by a specific pseudonym and learn new information about the holder of this pseudonym. This use of Blockchain collides with regulations because of the right to be forgotten, and Blockchain-based solutions are ensuring that every data stored within the chain will not be modified. In this paper we define a method and a tool for dealing with digital identities within Blockchain environments that are compliant with regulations. The proposed method provides a way to grant digital pseudo identities unlinked to the real identity. This new method uses the benefits of key derivation systems to ensure a non-binding interaction between users and the information model associated with their identity. The proposed method is demonstated in the Ethereum context and illustrated with a case study.

Link: Burnable Pseudo-Identity: A Non-Binding Anonymous Identity Method for Ethereum | IEEE Journals & Magazine | IEEE Xplore

  1. The Impact Analysis of Multiple Miners and Propagation Delay on Selfish Mining
    Authors: Qing Xia, Wensheng Dou, Tong Xi, Jing Zeng, Fengjun Zhang, Jun Wei, and Geng Liang

Bitcoin has emerged as a popular decentralized cryptocurrency and attracted much attention from the public. Bitcoin embodies the Nakamoto consensus to reach an agreement about its blockchain ledger. However, the Nakamoto consensus can suffer from selfish mining attacks. Existing studies on selfish mining usually assume that the total mining power is divided into two parts (i.e., honest and selfish), and ignore propagation delay among miners. The assumptions cannot reflect real-world scenarios, in which multiple miners generate blocks at a fixed interval and propagate them with certain delay. Therefore, it is unknown how the practical factors, i.e., multiple miners and propagation delay, can affect selfish mining.
In this paper, we explore the impact of multiple miners and propagation delay on selfish mining. First, we propose a new selfish mining strategy that can handle these factors. Second, we design a simulation approach to analyze the performance of the new selfish mining strategy. From our empirical study we observe many interesting findings that can be utilized in combating selfish mining. For example, the blockchain system with a higher orphan rate is more vulnerable to the selfish mining attack.


  1. The Performance of Selfish Mining in GHOST
    Authors: Qing Xia, Wensheng Dou, Fengjun Zhang, and Geng Liang

The blockchain technology is regarded as a significant trust-building technology and has attracted much attention from the public. The longest chain rule has been widely applied in blockchain systems to reach consensus on the distributed ledger. However, the longest chain rule cannot support a higher transaction throughput due to its lower security. As an alternative solution to the longest chain rule, GHOST is proposed as a safer consensus rule. Existing studies show that the longest chain rule can suffer from selfish mining attacks. However, it is unclear how selfish mining attacks perform on GHOST.
In this paper, we explore the performance of selfish mining on GHOST. We first propose the original selfish mining (GHOSTSM) and stubborn mining (GHOST-StuM) for GHOST. We then evaluate these two selfish mining strategies on our blockchain simulation system. The experimental result shows that GHOST achieves better security than the longest chain rule. However, when the block generation rate increases, the security of GHOST is close to the longest chain rule. For example, the threshold for selfish mining attacks of GHOST is increased by 47.55% and 0.60% compared to the longest chain rule corresponding to the block generation interval of 1 second and 15 seconds.


  1. Threshold Schnorr with Stateless Deterministic Signing from Standard Assumptions
    Authors: François Garillot, Yashvanth Kondi, Payman Mohassel, and Valeria Nikolaenko

Schnorr’s signature scheme permits an elegant threshold signing protocol due to its linear signing equation. However each new signature consumes fresh randomness, which can be a major attack vector in practice. Sources of randomness in deployments are frequently either unreliable, or require state continuity, i.e. reliable fresh state resilient to rollbacks. State continuity is a notoriously difficult guarantee to achieve in practice, due to system crashes caused by software errors, malicious actors, or power supply interruptions (Parno et al., S&P ’11). This is a non-issue for Schnorr variants such as EdDSA, which is specified to derive nonces deterministically as a function of the message and the secret key. However, it is challenging to translate these benefits to the threshold setting, specifically to construct a threshold Schnorr scheme where signing neither requires parties to consume fresh randomness nor update long-term secret state.
In this work, we construct a dishonest majority threshold Schnorr protocol that enables such stateless deterministic nonce derivation using standardized block ciphers. Our core technical ingredients are new tools for the zero-knowledge from garbled circuits (ZKGC) paradigm to aid in verifying correct nonce derivation:
– A mechanism based on UC Commitments that allows a prover to commit once to a witness, and prove an unbounded number of statements online with only cheap symmetric key operations.
– A garbling gadget to translate intermediate garbled circuit wire labels to arithmetic encodings.
A proof per our scheme requires only a small constant number of exponentiations.



Research Pulse Issue #25 is out!

There was a noticeable uptick this week in publications focusing on Decentralized Autonomous Organizations (DAOs). In A Decision Model for Decentralized Autonomous Organization Platform Selection: Three Industry Case Studies, the authors provide an evaluation framework for projects evaluating the adoption of a DAO. They focus on three case studies that informed this framework’s selection criteria.

Still in the topic of DAOs, in A Comparative Analysis of the Platforms for Decentralized Autonomous Organizations in the Ethereum Blockchain, the authors provide a broader, data-driven evaluation framework for DAO selection as opposed to case studies. They analyze data from 72,320 users and 2,353 DAO communities using Aragon, DAOstack, or DAOhaus implementations. They measure these three ecosystems across four dimensions: growth, activity, voting, and fund management.

The threat of Quantum Computers to cryptoassets has been a recurring topic of interest of industry participants. In Assessment of Quantum Threat To Bitcoin and Derived Cryptocurrencies, the authors provide a framework to evaluate this threat by not only focusing on the widely used ECDSA digital signature algorithm but also taking into account block interval time and economic finality. It’s an interesting read for those following the Quantum Computing field and theoretical Shor benchmarking.

Also of note are two papers, The Impact Analysis of Multiple Miners and Propagation Delay on Selfish Mining, and The Performance of Selfish Mining in GHOST. Both papers use a similar framework to evaluate the impact of Selfish Mining on Nakamoto consensus (used in Bitcoin and many other currencies), as well as the GHOST protocol (used in Ethereum).