A Secure and Efficient Bitcoin Payment Channel Using Intel SGX
Authors: Yankai Xie, Chi Zhang, Lingbo Wei, Qingtao Wang, and Zhe Yang
Hardware trusted execution environment (TEE) provided by Intel SGX enclave has been introduced in existing payment channel schemes as a root-of-trust to enforce faithful protocol execution so that participants do not need to monitor Bitcoin blockchain anymore. However, the security of these schemes relies totally on enclaves. Since private keys of all channel funds are kept by both payment channel participants’ enclaves, a malicious participant can steal funds from the counterparty by defeating her own enclave. To solve the above problem, we present a novel TEE-based payment channel scheme that transfers the responsibility of running enclaves from participants to a third party committee, while relieving both participants from monitoring the blockchain at the same time. Furthermore, since committee members can try to steal funds by defeating their own enclaves, we exploit the additive homomorphic property of signature keys in Elliptic Curve Cryptography to design a novel secret sharing scheme to tolerate a subset of committee members to be malicious. By using the above secret sharing scheme, private keys of the channel funds are never constructed in any committee member’s enclave, so that a malicious committee member cannot steal funds by defeating his own enclave. Finally, experiment shows our scheme can ensure payment channel funds security without efficient compromises compared with existing TEE-based payment channel schemes.
On the Economic Design of Stablecoins
Authors: Christian Catalini and Alonso de Gortari
Stablecoins are cryptocurrencies designed to trade at par with a reference asset, typically the U.S. Dollar. While they all share the same fundamental objective of maintaining stability against their reference assets, stablecoins differ substantially in terms of their economic design, quality of backing, stability assumptions and legal protections for coin holders. We surface two critical dimensions that underpin the economic design of every stablecoin: (1) the volatility of the reserve assets against the reference asset, which defines the risk profile of the stablecoin for coin holders; and (2) the degree to which the stablecoin is exposed to the risk of a death spiral. To address these risks, fiat-backed stablecoins must rely on reserves of high-quality, liquid assets and be subject to a framework that protects coin holders from credit risk, market risk, operational risk, as well as the insolvency or bankruptcy of the issuer. Although decentralized stablecoin designs eliminate the need to trust an intermediary, they are either exposed to death spirals, or highly capital inefficient, as they must be highly over-collateralized to account for the lack of an intermediary. While these trade-offs might be acceptable for narrow use cases within the cryptocurrency space, without a breakthrough in decentralized stablecoin design, they are likely to limit the usefulness of these coins for mainstream adoption.
SolGuard: Preventing external call issues in smart contract-based multi-agent robotic systems
Authors: Purathani Praitheeshan, Lei Pan, Xi
Zheng, Alireza Jolfaei, and Robin Doss
In the new era of blockchain-based multi-agent robotic systems, smart contract programs perform an influential role in implementing decentralized applications with required task allocations. Smart contract programs are developed using script-type of programming languages, and they have already deployed several vulnerable patterns without proper testing and audit. We studied Solidity smart contracts running on the Ethereum platform and identified that they had been exploited because of several programming issues, especially using low-level external calls to malicious sources. Since smart contracts are immutable after their deployment to autonomous multi-robot systems, they should be tested to fix possible development phase issues. We implemented a prototype plugin called SolGuard by extending the solhint linter to prevent three critical issues related to Solidity smart contract programs’ usage of external calls. The SolGuard plugin checks state variable order in the smart contracts, participation of delegatecall invocations, address type parameters in the smart contract’s constructor, and denial of service patterns. We empirically evaluate the SolGuard plugin with existing popular static analysis tools. Our results indicate that SolGuard outperformed the baseline tools in terms of efficiency and accuracy.
Attacking transaction relay in MimbleWimble blockchains
Author: Seyed Ali Tabatabaee
Blockchain-based networks are often concerned with privacy. Two common types of privacy in blockchain networks are (1) transaction source privacy, and (2) transaction content privacy. Research has shown that Bitcoin, the most prominent cryptocurrency, cannot easily provide these privacy types. Hence, new protocols have been proposed. For example, Dandelion++ is a solution to the source privacy vulnerability in Bitcoin. Practical systems, however, need to provide multiple privacy guarantees at the same time. To the best of our knowledge, source privacy and content privacy have not been considered simultaneously in the literature. We conjecture that cryptocurrencies that use Dandelion++ for transaction relay could be susceptible to attacks against both types of privacy and also to performance attacks. Our focus in this project is on the implementations of the MimbleWimble cryptocurrency protocol such as Beam. We have designed and implemented three different attacks against these existing privacy-focused protocols. In the first attack, the adversary uses information obtained from an incoming transaction for improved detection of the transaction source. In the second attack, to increase the latency of an incoming transaction, the adversary adds an excessive delay before forwarding the transaction. In the third attack, the adversary exploits the aggregation protocol in MimbleWimble to launch a denial of service attack on an incoming transaction. We have validated our proposed attacks in a private test network of Beam nodes and a network simulator.
Designing a Practical Code-based Signature Scheme from Zero-Knowledge Proofs with Trusted Setup
Authors: Shay Gueron, Edoardo Persichetti, and Paolo Santini
This paper defines a new practical construction for a codebased signature scheme. We introduce a new protocol that is designed to follow the recent “Sigma protocol with helper” paradigm, and prove that the protocol’s security reduces directly to the Syndrome Decoding Problem. The protocol is then converted to a full-fledged signature scheme via a sequence of generic steps that include: removing the role of the helper; incorporating a variety of protocol optimizations (using e.g., Merkle trees); applying the Fiat-Shamir transformation. The resulting signature scheme is EUF-CMA secure in the QROM, with the following advantages: a) Security relies on only minimal assumptions and is backed by a long-studied NP-complete problem; b) the trusted setup structure allows for obtaining an arbitrarily small soundness error. This minimizes the required number of repetitions, thus alleviating a major bottleneck associated with Fiat-Shamir schemes. We outline an initial performance estimation to confirm that our scheme greatly outpaces existing similar type solutions.
Sharding-Based Proof-of-Stake Blockchain Protocols: Security Analysis
Authors: Abdelatif Hafid, Abdelhakim Senhaji Hafid, and Adil Senhaji
Blockchain technology has been gaining great interest from a variety of sectors, including healthcare, supply chain and cryptocurrencies. However, Blockchain suffers from its limited ability to scale (i.e. low throughput and high latency). Several solutions have been appeared to tackle this issue. In particular, sharding proved that it is one of the most promising solutions to Blockchain scalability. Sharding can be divided into two major categories: (1) Sharding-based Proof-of-Work (PoW) Blockchain protocols, and (2) Sharding-based Proof-of-Stake (PoS) Blockchain protocols. The two categories achieve a good performances (i.e. good throughput with a reasonable latency), but raise security issues. This article attends that analyze the security of the second category. More specifically, we compute the probability of committing a faulty block and measure the security by computing the number of years to fail. Finally, to show the effectiveness of the proposed model, we conduct a numerical analysis and evaluate the results obtained.