Research Pulse Issue #28 08/30/21

  1. SmartConDetect: Highly Accurate Smart Contract Code Vulnerability Detection Mechanism using BERT
    Authors: Sowon Jeon, Gilhee Lee, Hyoungshick Kim, and Simon S. Woo

Many popular blockchain platforms support smart contracts, which are the programs executed, and stored as transactions on their blockchain protocols and execution environments. However, it is not easy to develop secure smart contracts since smart contracts are programs that can often have security vulnerabilities, which may lead to severe financial loss to service providers or users. Therefore, it is critical to detect security vulnerabilities in smart contracts. In this paper, we propose SmartConDetect to detect security vulnerabilities in smart contracts written in Solidity. SmartConDetect is designed as a static analysis tool to extract code fragments from smart contracts in Solidity and further detect vulnerable code patterns using a pre-trained BERT model. To show the feasibility of SmartConDetect, we evaluate the performance of our approach with 10,000 real-world smart contracts collected from the Ethereum blockchain platform. Our experimental results demonstrate that SmartConDetect outperforms all state-of-the-art methods.


  1. Aggregating hash-based signatures using STARKs
    Authors: Irakliy Khaburzaniya, Konstantinos Chalkias, Kevin Lewi, and Harjasleen Malvai

This work presents an approach for compressing regular hashbased signatures using STARKs (Ben-Sasson et. al.’18). We focus on constructing a hash-based t-of-n threshold signature scheme, as well as an aggregate signature scheme. In both constructions, an aggregator collects individual one-time hash-based signatures and outputs a STARK proof attesting that the signatures are valid and meet the required thresholds. This proof then serves the role of the aggregate or threshold signature. We demonstrate the concrete performance of such constructions, having implemented the algebraic intermediate representations (AIR) for them, along with an experimental evaluation over our implementation of the STARK protocol.
We find that, even when we aggregate thousands of signatures, the final aggregated size ranges between 100KB and 200KB, making our schemes attractive when there exist at least 50 one-or-few-times hash-based signatures. We also observe that for STARK-based signature aggregation, the size of individual signatures is less important than the number of hash invocations and the complexity of the signature verification algorithm. This implies that simple hash-based signature variants (e.g. Lamport, HORST, BPQS) are well-suited for aggregation, as their large individual signatures serve only as witnesses to the ZKP circuit and are not needed for aggregate signature verification.
Our constructions are directly applicable as scalable solutions for postquantum secure blockchains which typically employ blocks of hundreds or thousands of signed transactions. Moreover, stateful hash-based oneor-few-times signatures are already used in some PQ-ready blockchains, as address reuse is typically discouraged for privacy reasons.


  1. A Blockchain-enabled Privacy-Preserving Verifiable Query Framework for Securing Cloud-Assisted Industrial Internet of Things Systems
    Authors: Mohammad Saidur Rahman, Ibrahim Khalil, Nour Moustafa, Aditya Pribadi Kalapaaking, and Abdelaziz Bouras

Advanced IIoT systems, can be used to facilitate smart management. Nevertheless, IIoT systems generates huge amounts of data that need to be outsourced to the cloud for storing and providing real-time search facilities to end-users. Outsourcing IIoT data to a third-party cloud service provider (CSP) introduce several data privacy and integrity issues. we propose a blockchain-based framework for provisioning a privacy-preserving and verifiable query facility to end-users in IIoT systems. The framework uses blockchain to store IoT data as on-chain data and the cloud to store extensive data as off-chain data and provisioning search services to users by executing a query in on-chain and off-chain data and generating an aggregated result. The query verification model allows each blockchain node to endorse the query result individually and a user to verify the endorsement of the query result before use. The experiments revealed the high efficiency and scalability of the proposed framework.

Link: A Blockchain-enabled Privacy-Preserving Verifiable Query Framework for Securing Cloud-Assisted Industrial Internet of Things Systems | IEEE Journals & Magazine | IEEE Xplore

  1. Limits of Polynomial Packings for Zpk and Fpk
    Author: Jung Hee Cheon and Keewoo Lee

We formally define polynomial packing methods and initiate a unified study of related concepts in various contexts of cryptography. This includes homomorphic encryption (HE) packing and reverse multiplication-friendly embedding (RMFE) in information-theoretically secure multi-party computation (MPC). We prove several upper bounds or impossibility results on packing methods for Zpk or Fpk -messages into Zpt /f(x) regarding (i) packing density, (ii) level-consistency, and (iii) surjectivity. These results have implications on recent development of HE-based MPC over Z2k secure against actively corrupted majority and provide new proofs for upper bounds on RMFE.


  1. Periscope: Censorship-Resistant Off-Chain Traffic Tunnelling
    Author: Emiel de Smidt

There is an everlasting arms race between censoring bodies and those in its grip. When the censor is employing increasingly sophisticated techniques to digitally monitor and restrict those in its scope, equally sophisticated means to circumvent the digital repression come forward. Those suffering under digital censorship are using nifty ways to escape the censor’s grip. Digitally restrictive regimes occasionally still allow access to blockchain applications such as cryptocurrencies, albeit in limited form. Blockchains often enjoy a global nature, but traditional and well established cryptocurrencies such as Bitcoin often do not have high performance. Second layer solutions, also known as off-chain solutions, offer a network of payment channels where transactions can be completed in peer-to-peer fashion with little interaction with the slow blockchain. In this thesis we investigate how Bitcoin’s off-chain solution, the Lightning Network, can be employed to circumvent digital censorship. We introduce Periscope, a protocol that allows for tunneling of internet traffic between two hosts over a stream of micro-transactions embedded with data. Next, we thoroughly analyse its security and the network’s suitability from a theoretical perspective. Following this, an empirical evaluation study is done to get an understanding of the performance of the protocol under various circumstances. We hope that Periscope serves as an additional mean to access the free internet to those in need.

Link: Periscope | TU Delft Repositories

  1. Zephyrus: An information hiding mechanism leveraging Ethereum data fields
    Authors: Mar Gimenez-Aguilar, Jose M. De Fuentes, Lorena González-Manzano, and Carmen Camara

Permanent availability makes blockchain technologies a suitable alternative for building a covert channel. Previous works have analysed its feasibility in a particular blockchain technology called Bitcoin. However, Ethereum cryptocurrency is gaining momentum as a means to build distributed apps. The novelty of this paper relies on the use of Ethereum to establish a covert channel considering all transaction fields and smart contracts. No previous work has explored this issue. Thus, a mechanism called Zephyrus, an information hiding mechanism based on steganography, is developed. Moreover, its capacity, cost and stealthiness are assessed both theoretically, and empirically through a prototype implementation that is publicly released. Disregarding the time taken to send the transaction to the blockchain, its retrieval and the mining time, experimental results show that, in the best case, 40 Kbits can be embedded in 0.57 s. for US$ 1.64, and retrieved in 2.8 s.

Link: Zephyrus: An information hiding mechanism leveraging Ethereum data fields | IEEE Journals & Magazine | IEEE Xplore

  1. Reinforced Concrete: Fast Hash Function for Zero Knowledge Proofs and Verifiable Computation
    Authors: Mario Barbara, Lorenzo Grassi, Dmitry Khovratovich, Reinhard Luftenegger, Christian Rechberger, Markus Schofneggerk, and Roman Walch

We propose a new hash function Reinforced Concrete for the proof systems that support lookup tables, concretely Plookup based on KZG commitments or FRI. It has two solid advantages over predecessors: (a) Table lookups instead of (big) modular reductions are much faster both in ZK and plain computations thus making verifiable computation protocols based on recursive proofs (current trend) much more efficient; (b) the security is no longer solely based on (high) algebraic degree but rather on more traditional AES-like components inheriting decades of public scrutiny. Our design also employs a novel and fast field-to-tables conversion, which is of independent interest and can be used in other Plookup-friendly constructions.
The new hash function is suitable for a wide range of applications like privacy-preserving cryptocurrencies, verifiable encryption, protocols with state membership proofs, or verifiable computation. It may serve as a drop-in replacement for various prime-field hashes such as variants of MiMC, Poseidon, Pedersen hash, and others.


1 Like

Research Pulse Issue #28 is out!

The toolset for privacy and scalability continues to improve as more researchers devote time to Zero Knowledge (ZK) systems. One of the biggest requirements for the scalability of ZK systems are specialized hash functions. Purpose-built ZK functions can drastically improve proving and verifying times, which improves the usability of these mechanisms. In Reinforced Concrete: Fast Hash Function for Zero Knowledge Proofs and Verifiable Computation, authors provide a novel hash function that attempts to address that. It is a particularly interesting construct in the context of recursive systems, which has been a recurring topic at SCRF.

In A Blockchain-enabled Privacy-Preserving Verifiable Query Framework for Securing Cloud-Assisted Industrial Internet of Things Systems, authors structure a system whereby IoT data queries can be anonymized using established techniques in the field of cryptoassets. While still hypothetical in nature, it is refreshing to see more IoT systems taking user privacy into account.

Finally, in Periscope: Censorship-Resistant Off-Chain Traffic Tunnelling, the author expands the use cases for the Lightning Network to data censorship. The protocol proposed tunnels internet traffic between two hosts over a stream of micro-transactions embedded with data, thereby increasing the difficulty of third parties analyzing traffic to censor data packets.