Research Pulse Issue #43 12/13/21

  1. Unity is Strength: A Formalization of Cross-Domain Maximal Extractable Value
    Authors: Alexandre Obadia, Alejo Salles, Lakshman Sankar, Tarun Chitra, Vaibhav Chellani, and Philip Daian

The multi-chain future is upon us. Modular architectures are coming to maturity across the ecosystem to scale bandwidth and throughput of cryptocurrency. One example of such is the Ethereum modular architecture, with its beacon chain, its execution chain, its Layer 2s, and soon its shards. These can all be thought as separate blockchains, heavily inter-connected with one another, and together forming an ecosystem.
In this work, we call each of these interconnected blockchains ‘domains’, and study the manifestation of Maximal Extractable Value (MEV, a generalization of “Miner Extractable Value”) across them. In other words, we investigate whether there exists extractable value that depends on the ordering of transactions in two or more domains jointly.
We first recall the definitions of Extractable and Maximal Extractable Value, before introducing a definition of Cross-Domain Maximal Extractable Value. We find that Cross-Domain MEV can be used to measure the incentive for transaction sequencers in different domains to collude with one another, and study the scenarios in which there exists such an incentive. We end the work with a list of negative externalities that might arise from cross-domain MEV extraction and lay out several open questions.
We note that the formalism in this work is a work-in-progress, and we hope that it can serve as the basis for formal analysis tools in the style of those presented in Clockwork Finance [1], as well as for discussion on how to mitigate the upcoming negative externalities of substantial cross-domain MEV.


  1. Privacy-Preserving Decentralized Exchange Marketplaces
    Authors: Kavya Govindarajan, Dhinakaran Vinayagamurthy, Praveen Jayachandran, and Chester Rebeiro

Decentralized exchange markets leveraging blockchain have been proposed recently to provide open and equal access to traders, improve transparency and reduce systemic risk of centralized exchanges. However, they compromise on the privacy of traders with respect to their asset ownership, account balance, order details and their identity. In this paper, we present Rialto, a fully decentralized privacy-preserving exchange marketplace with support for matching trade orders, on-chain settlement and market price discovery. Rialto provides confidentiality of order rates and account balances and unlinkability between traders and their trade orders, while retaining the desirable properties of a traditional marketplace like front-running resilience and market fairness. We define formal security notions and present a security analysis of the marketplace. We perform a detailed evaluation of our solution, demonstrate that it scales well and is suitable for a large class of goods and financial instruments traded in modern exchange markets.


  1. Transaction Confirmation Time Estimation in the Bitcoin Blockchain
    Author: Limeng Zhang, Rui Zhou, Qing Liu, Jiajie Xu, and Chengfei Liu

As Bitcoin is universally recognized as the most popular cryptocurrency, more and more Bitcoin transactions are expected to be populated to the Bitcoin blockchain system. However, transactions cannot be confirmed altogether into the next block due to the limited block capacity. One of the most demanding requirements for users to use Bitcoin is to estimate the confirmation time of a newly submitted transaction. In this paper, we propose two approaches for estimating the confirmation time for a single transaction. The first approach DcyMean makes the estimation based on the historical confirmation time of transactions included in the blockchain. The second approach CTEN is built on neural networks to estimate based on a variety of factors including the transaction itself, block states and mempool states. Finally, we conduct experiments on real Bitcoin blockchain datasets to demonstrate the effectiveness and efficiency of our proposed approaches. Each of our approaches can finish training and estimation within one block interval, demonstrating that our approaches can process real-time cases.

Link: Transaction Confirmation Time Estimation in the Bitcoin Blockchain | SpringerLink

  1. "Side-channel attacks against a Bitcoin wallet"
    Authors: Alexandre Ghos and Tristan Bodart

Nowadays, the cryptocoins and especially the Bitcoin have become very popular among the general public. This trend led to the commercialization of hardware wallets to store them. This master thesis aims to attack the open source hardware wallet developed and commercialized by Satochip thanks to side-channel attacks. The dierent potential attack points of the wallet will first be described. Then, a key derivation algorithm based on HMAC SHA-512 and used by the wallet will be chosen to be the subject of the attack developed in this work. A measurement setup relying on current consumption will be mounted and then, some metrics will be computed to evaluate the level of information available in the traces. Some limitations due to the card and to the communication protocol have prevented to perform a great alignment of the traces, and the result is a weak SNR and PI value. After that, a simulated SASCA will be performed against the HMAC SHA-512 for dierent noise levels. Finally, the results will show that the attack would be feasible with a sucient level of information in the traces. Unfortunately, the success rate is low for the noise level observed in the real traces, so the attack will be unlikely to be successful in a real case with this card. However, since the metrics values are usually higher on this type of smart card, the security of another device against this attack could clearly be questioned.

Link: Redirect Notice

  1. A systematic literature review of blockchain cyber security
    Authors: Paul J.Taylor, Tooska Dargahi, Ali Dehghantanha, Reza M.Parizi, and Kim-Kwang Raymond Choo

Since the publication of Satoshi Nakamoto’s white paper on Bitcoin in 2008, blockchain has (slowly) become one of the most frequently discussed methods for securing data storage and transfer through decentralized, trustless, peer-to-peer systems. This research identifies peer-reviewed literature that seeks to utilize blockchain for cyber security purposes and presents a systematic analysis of the most frequently adopted blockchain security applications. Our findings show that the Internet of Things (IoT) lends itself well to novel blockchain applications, as do networks and machine visualization, public-key cryptography, web applications, certification schemes and the secure storage of Personally Identifiable Information (PII). This timely systematic review also sheds light on future directions of research, education and practices in the blockchain and cyber security space, such as security of blockchain in IoT, security of blockchain for AI data, and sidechain security.

Link: A systematic literature review of blockchain cyber security - ScienceDirect

  1. Article Navigation Improving Bitcoin Transaction Propagation Efficiency through Local Clique Network
    Authors: Kailun Yan, Jilian Zhang, and Yongdong Wu

Bitcoin is a popular decentralized cryptocurrency, and the Bitcoin network is essentially an unstructured peer-to-peer (P2P) network that can synchronize distributed database of replicated ledgers through message broadcasting. In the Bitcoin network, the average clustering coefficient of nodes is very high, resulting in low message propagation efficiency. In addition, average node degree in the Bitcoin network is also considerably large, causing high message redundancy when nodes use the gossip protocol to broadcast messages. These may affect message propagation speed, hindering Bitcoin from being applied to scenarios of high transactional throughputs. To illustrate, we have collected single-hop propagation data of transactions of 366 blocks from Bitcoin Core. The analysis results show that transaction verification and network delay are two major causes of low transaction propagation efficiency. In this paper, we propose a novel P2P network structure, called local clique network (LCN), for message broadcasting in the Bitcoin network. Specifically, to reduce transaction validation latency and message redundancy, in LCN local nodes (logically) form cliques, and only a few nodes in a clique broadcast messages to the other cliques, instead of each node sending messages to its neighboring nodes. We have conducted extensive experiments, and the results show that message redundancy is low in LCN, and message propagation speed increases significantly. Meanwhile, LCN exhibits excellent robustness when average node degree remains high in the Bitcoin network.


  1. Detecting DeFi Securities Violations from Token Smart Contract Code with Random Forest Classification
    Authors: Arianna Trozze, Bennett Kleinberg, and Toby Davies

Decentralized Finance (DeFi) is a system of financial products and services built and delivered through smart contracts on various blockchains. In the past year, DeFi has gained popularity and market capitalization. However, it has also become an epicenter of cryptocurrency-related crime, in particular, various types of securities violations. The lack of Know Your Customer requirements in DeFi has left governments unsure of how to handle the magnitude of offending in this space. This study aims to address this problem with a machine learning approach to identify DeFi projects potentially engaging in securities violations based on their tokens’ smart contract code. We adapt prior work on detecting specific types of securities violations across Ethereum more broadly, building a random forest classifier based on features extracted from DeFi projects’ tokens’ smart contract code. The final classifier achieves a 99.1% F1-score. Such high performance is surprising for any classification problem, however, from further feature-level, we find a single feature makes this a highly detectable problem. Another contribution of our study is a new dataset, comprised of (a) a verified ground truth dataset for tokens involved in securities violations and (b) a set of valid tokens from a DeFi aggregator which conducts due diligence on the projects it lists. This paper further discusses the use of our model by prosecutors in enforcement efforts and connects its potential use to the wider legal context.


  1. A Survey of Verification, Validation and Testing Solutions for Smart Contracts
    Authors: Chaımaa Benabbou and Onder Gurcan

Smart contracts are programs stored on a blockchain that run when predetermined conditions are met. However, designing and implementing a smart contract is not trivial since upon deployment on a blockchain, it is no longer possible to modify it (neither for improving nor for bug fixing). It is only possible by deploying a new version of the smart contract which is costly (deployment cost for the new contract and destruction cost for the old contract). To this end, there are many solutions for testing the smart contracts before their deployment. Since realizing bug-free smart contracts increase the reliability, as well as reduce the cost, testing is an essential activity. In this paper, we group the existing solutions that attempt to tackle smart contract testing into following categories: public test networks, security analysis tools, blockchain emulators and blockchain simulators.Then, we analyze these solutions, categorize them and show what their pros and cons are.


Research Pulse Issue #43 is out!

In Unity is Strength: A Formalization of Cross-Domain Maximal Extractable Value, the authors provide an interesting framework to evaluate Miner Extractable Value (MEV) in a multi-chain environment. They explore the notion of Cross-Domain Maximal Extractable Value which deals with value extraction beyond the techniques employed today. A fascinating read for those that enjoy hypothesizing on the evolution of MEV.

In “Side-channel attacks against a Bitcoin wallet”, the authors provide one of the most thorough analyses of the impact of side-channel attacks on Hardware Secure Modules (HSMs). Simply put, these are specialized attacks whereby specialized hardware is used to extract private keys from a HSM. Comprehensive studies like these are interesting as they shed light on the best approaches when developing custody schemes.

Finally, in A Survey of Verification, Validation and Testing Solutions for Smart Contracts, the authors do an excellent job aggregating useful technical resources for those interested in Smart Contract security. Beyond tooling such as compilers and IDEs, the authors also provide information and context about the testnets available across major networks today.