No full-text available
To read the full-text of this research,
you can request a copy directly from the authors.
POSE: Practical Off-chain Smart Contract Execution
... Recently, TEEs have been widely used in blockchain designs to enhance security, privacy, and performance [34][35][36][37][38][39][40]. Teechain [35] establishes a payment system under TEE protection, while Bool Network [41] employs TEE to ensure the privacy of secret key components within cross-chain platforms. ...
... Teechain [35] establishes a payment system under TEE protection, while Bool Network [41] employs TEE to ensure the privacy of secret key components within cross-chain platforms. Tommaso et al. [36] and Xu et al. [37] leverage the TEE for the correctness and privacy of off-chain execution, respectively. These works assume that TEEs provide integrity and confidentiality guarantees but do not ensure the availability of the running service. ...
... However, many studies indicate that TEEs are vulnerable to various attacks such as side-channel attacks [42], unprotected I/O [43], and ASID abuses [44]. Thus, in our work, we assume TEEs can be compromised, i.e., no integrity and confidentiality properties, which differs from prior work with the perfect assumption of TEEs [35][36][37][38][39][40]. Particularly, the adversary can steal the private keys for signing messages from the compromised TEE. ...
Rollups have emerged as a promising approach to improving blockchains' scalability by offloading transactions execution off-chain. Existing rollup solutions either leverage complex zero-knowledge proofs or optimistically assume execution correctness unless challenged. However, these solutions have practical issues such as high gas costs and significant withdrawal delays, hindering their adoption in decentralized applications. This paper introduces TeeRollup, an efficient rollup design with low gas costs and short withdrawal delays. TeeRollup employs Trusted Execution Environments (TEEs)-supported sequencers to execute transactions, requiring the blockchain to verify only the TEEs' signatures. TeeRollup is designed under a realistic threat model in which the integrity and availability of sequencers' TEEs may be compromised. To address these issues, we first introduce a distributed system of sequencers with heterogeneous TEEs, ensuring system security even if a minority of TEEs are compromised. Second, we propose a challenge mechanism to solve the redeemability issue caused by TEE unavailability. Furthermore, TeeRollup incorporates Data Availability Providers (DAPs) to reduce on-chain storage overhead and uses a laziness penalty game to regulate DAP behavior. We implement a prototype of TeeRollup in Golang, using the Ethereum test network, Sepolia. Our experimental results indicate that TeeRollup outperforms zero-knowledge rollups (zk-rollups), reducing on-chain verification costs by approximately 86% and withdrawal delays to a few minutes.
... Despite the price feed provided by Chainlink is efficient and reliable, it works in a fully off-chain manner, which is inconvenient to be called by smart contracts and may pose potential trust issues. There are also some researches focus on outsourcing complex on-chain contract computation to trusted off-chain compute nodes, such as: SMART [18], POSE [15], and Arbitrum [20]. However, these methods would require introducing additional security assumptions to the system (e.g. ...
Blockchain oracle is a critical third-party web service for Decentralized Finance (DeFi) protocols. Oracles retrieve external information such as token prices from exchanges and feed them as trusted data sources into smart contracts, enabling core DeFi applications such as loaning protocols. Currently, arithmetic mean based time-weighted average price (TWAP) oracles are widely used in DeFi by averaging external price data with fixed time frame, which is considered reliable and gas-efficient for protocol execution. However, recent research shows that TWAP price feeds are vulnerable to price manipulation attack even with long time frame setting, which would further introduce long time delays and price errors hindering the service quality of DeFi applications. To address this issue, we propose a novel on-chain gas-efficient pricing algorithm (Ormer) that heuristically estimates the median of the current streaming asset price feed based on a piecewise-parabolic formula, while the time delay is suppressed by fusing estimations with different observation window size. Our evaluation based on Ethereum WETH/USDT swapping pair price feed shows that Ormer reduces the mean absolute price error by 15.3% and the time delay by 49.3% compared to TWAP. For gas efficiency, an optimized smart contract design and constant storage requirement regardless of the number of price observations is developed for Ormer.
... Examples of Off-Chain include payment channels [47]- [51], sidechains, and Layer2 [52], [53]. ...
Metaverse brings unlimited space and tremendous potential since it is an integrated application of multiple fundamental technologies such as artificial intelligence, blockchain, networking, Internet of Things, and interactivity. During those building blocks of metaverse, blockchain is a type of technology operated by a group of individual participants and known for its immutability feature. The massive adoption of blockchain has been severely prevented by various security and scalability issues in blockchain-based applications due to the inherent characteristics of this technology. To accelerate the massive adoption of blockchain, many previous studies have been carried out to address the security and scalability issues. This article reviews blockchain-related publications collected from four major security conferences (i.e., NDSS, CCS, S&P, and USENIX Security) published in the past three years. Through this overview, we disclose the security and scalability issues of mainstream blockchains such as Bitcoin and Ethereum. Our study aims to help researchers better understand the bottleneck of blockchain-empowered metaverse, and how to address user requirements for security and scalability from the perspective of blockchains.
... Sample ETH transfer is an example of sending ETH in Ethereum, commonly employed for comparing gas fees[68]. ...
The proliferation of blockchain-backed cryptocurrencies has sparked the need for cross-chain exchanges of diverse digital assets. Unfortunately, current exchanges suffer from high on-chain verification costs, weak threat models of central trusted parties, or synchronous requirements, making them impractical for currency trading applications. In this paper, we present MERCURY, a practical cryptocurrency exchange that is trust-minimized and efficient without online-client requirements. MERCURY leverages Trusted Execution Environments (TEEs) to shield participants from malicious behaviors, eliminating the reliance on trusted participants and making on-chain verification efficient. Despite the simple idea, building a practical TEE-assisted cross-chain exchange is challenging due to the security and unavailability issues of TEEs. MERCURY tackles the unavailability problem of TEEs by implementing an efficient challenge-response mechanism executed on smart contracts. Furthermore, MERCURY utilizes a lightweight transaction verification mechanism and adopts multiple optimizations to reduce on-chain costs. Comparative evaluations with XClaim, ZK-bridge, and Tesseract demonstrate that MERCURY significantly reduces on-chain costs by approximately 67.87%, 45.01%, and 47.70%, respectively.
... The advantage of collaborative machine learning (CML) over most conventional ML lies in decentralized nodes or agents that result in better model performance and generalization [7]. [8] present POSEa practical off-chain protocol for smart contracts that address existing solutions' shortcomings. [9] Propose a scalable architecture called DeBlock for data sharing in a trusted way among unreliable actors. ...
Disputes in the construction industry occur from time to time. The development of the building information model enables the information in the process of project execution in the construction industry to be stored in the same model, which can find appropriate communication channels for disputes between different parties involved in engineering projects. As an emerging technology, Blockchain has received wide attention and is widely used in various fields because of its distributed storage, decentralization, and de-trust characteristics. Furthermore, smart contracts technology provides a new solution to the existing difficulties of disputes in the construction engineering industry from the perspective of replacing traditional contracts. Based on the research of Blockchain and smart contracts technology, this paper analyzes the feasibility of applying Blockchain and smart contracts to contracts management of the construction information model and discusses the implementation plan of combining Blockchain and contracts management of the construction information model with the actual scenario of material supply in the construction industry, choosing Ethereum blockchain platform as the underlying architecture and adopting " The development of smart contracts for construction material supply is carried out by adopting the "on-chain off-chain" data storage and business interaction method, and the specific design and implementation are carried out from the perspectives of system architecture, system deployment, contracts invocation mechanism, and contracts function.
The demand for mobile terminals to participate in data services is increasingly vital. The General Data Protection Regulation (GDPR) has established several principled requirements for data services. Existing studies focusing on data service put emphasis on data privacy and accessibility. However, they face challenges in achieving data forgetability and portability on mobile devices under GDPR and lack consideration of usage control. In this paper, we propose ADSS, an app-level data service scheme for mobile devices that can be
available-but-invisible
and guarantee fine-grained usage control. ADSS addresses the challenges by executing the logic of data usage in the Trusted Execution Environment (TEE) and managing the TEE states (i.e., data usage states) in the blockchain smart contracts. It not only satisfies the requirements of GDPR, ensuring strong security and confidentiality guarantees, but also enables the functionality of “pay-per-use”. We implement a prototype of the ADSS framework based on ARM Trustzone and conduct experimental evaluations. The results demonstrate that our scheme brings high efficiency compared with other data service schemes and exhibits feasibility on mobile-grade devices.
The substantial value held by smart contracts (SCs) makes them an enticing target for malicious attacks. The process of fixing vulnerabilities in SCs is intricate, primarily due to the immutability of blockchain technology. This research paper introduces a systematic literature review (SLR) that evaluates rectification systems designed to patch vulnerabilities in SCs. Following the guidelines set forth by the PRISMA statement, this SLR meticulously reviews a total of 31 papers. In this context, we classify recently published SC automated repair frameworks based on their methodologies for automatic program repair (APR), rewriting strategies, and tools for vulnerability detection. We argue that automated patching enhances the reliability and adoption of SCs, thereby allowing developers to promptly address identified vulnerabilities. Furthermore, existing automated repair tools are capable of addressing only a restricted range of vulnerabilities, and in some cases, patches may not be effective in preventing the targeted vulnerabilities. Another key point that should be taken into account is the simplicity of the patch and the gas consumption of the modified program. Alternatively, large language models (LLMs) have opened new avenues for automatic patch generation, and their performance can be improved by innovative methodologies.
Blockchain has been widely used in various industries for providing trustworthy data. On-chain data can be regarded as trusted after it is finalized by blockchain consensus, namely after the data is believed to be immutable. Unfortunately, nodes with poor/isolated network conditions are still susceptible to data spoofing attacks of blockchain view, spawning kinds of severe attacks. For example, a light node newly joining a blockchain network may request the blockchain view from a malicious full node and accept a spoof view, leading to a double spending attack. Besides, a Trusted Execution Environment (TEE), the network stack of which is fully controlled by its host, may be fed spoofed blockchain data as input, undermining the trustworthiness of TEE-based computation by cheating inputs. To resist data spoofing, existing methods rely on a trusted authority to identify trusted data, or timely provide sufficient confirmation blocks for a block
b
to prove the finalization of
b
(since the adversary holding less hash power than the honest blockchain node cannot generate the confirmation blocks timely). These methods either suffer the risks caused by centralized trust base or are only PoW-oriented and high-latency. As promising blockchains including Ethereum migrate to energy-saving consensus,
e.g
., PoS, designing consensus-agnostic approaches against data spoofing becomes an urgent need of the industries. In this paper, we introduce a Proof of Finalization (PoF) problem for proving the finalization of blockchain to prevent data spoofing attacks of blockchain. We also contrive a novel PoF scheme, which leverages the chain quality property of blockchain to establish a trustworthy committee for proof generation. The scheme is chain-agnostic, non-interactive, non-authority-involved, and with negligible latency. Once blockchain data is finalized, the latency of proof generation in our scheme is only 106 milliseconds. Therefore, our scheme paves the way for any system,
e.g
., light nodes, cross-chain bridges, and layer-2 systems, to read blockchains with various consensus securely.
The lack of privacy-preserving capabilities hinders the further development of blockchains and smart contracts. While numerous privacy solutions have been proposed, limitations persist. Firstly, most existing solutions focus on specific privacy protections such as anonymous payments, private data, or multi-party computation tasks. However, these solutions lack a general privacy ability, allowing users to deploy applications with diverse privacy requirements. Secondly, existing solutions have limited customizability, which means users cannot easily customize and adapt the privacy policies according to their specific demands or preferences. In this paper, we present EtherCloak, which adopts trusted execution environments (TEEs) to achieve a general and customizable privacy policy on account model blockchains, enabling users to conceal any on-chain information. To address the security issues caused by the unreliability of the host the TEE runs on, we design the enclave state check and crash recovery mechanisms and employ them in the block generation process. In addition, we propose an access control mechanism for privacy policy management and data query. We prove that EtherCloak offers general and customizable privacy protection with a minimal increase in transaction size (less than triple) and communication overhead (approximately 10%) compared to Ethereum.
Sharding is a promising solution to enhance the scalability of blockchain. However, previous sharding systems adopt the lock-based cross-shard protocol to exclusively handle one-shot cross-shard transactions, leading to low-efficiency executions and unavailable calls when handling complex cross-shard contracts that introduce multi-shot cross-shard transactions to invoke multiple contracts managed by different shards.
In this paper, we aim to enable efficient execution of arbitrarily complex cross-shard contracts in blockchain sharding systems. First, we perform a calling-flow analysis on Ethereum contracts with more than 180 million real-world transactions and find that about 30% transactions invoke complex contracts. Then, motivated by the properties of these complex contracts, we propose an off-chain execution model, called ShardCon, to achieve efficient executions for complex cross-shard contracts by decoupling the contract execution from the cross-shard consensus. Next, we introduce a cross-shard contract execution engine and a contract-driven deployment rule to the overheads introduced by off-chain executions. Moreover, to adapt to the multi-chain property of a sharding system, we introduce an off-chain state atomic commit protocol. Finally, we implement a prototype and evaluate it with concrete cross-shard contracts, showing that ShardCon can achieve more than 10x increase in throughput and 2x decrease in confirmation latency than the state-of-the-art sharding systems.</p
Blockchain heralds the dawn of decentralized applications that coordinate proper computations without the need for prior trust. Existing blockchain solutions, however, are incapable of dealing with intensive validation. Duplicated execution leads to limited throughput and unacceptable expenses. Furthermore, the absence of secure incentive mechanisms derives undesired dilemmas among rational verifiers. This work presents Lever, the first off-chain solution that makes intensive validation cost-efficient and scalable among rational verifiers. To achieve the best scalability, Lever curtails the scale of each validation to a single node and introduces novel challenge-response games between potential adversaries and rational stakeholders, optimizing validation redundancy according to the practical adversarial capability confronted. Meanwhile, compelling incentive design efficiently transfers adversary collateral to specialized rewards for honest participants, therefore allowing the user to lever sufficient endorsement with minimum cost. A backstop protocol is designed to resolve intractable disputes and circumvent the well-known Verifier’s Dilemma. Experiments show that Lever significantly improves the throughput and reduces expenses of intensive validation with a slight tradeoff in latency. It is also robust to conceivable attacks on validation and performs distinguishable ability to purify Byzantine participants.
Despite the existence of data privacy regulations such as the General Data Protection Regulation (GDPR), data leaks in the Internet of Things (IoT) still occur and cause significant harm due to the non-compliance of data users. To address this issue, a notable solution involves recording the process in an open, immutable blockchain and utilizing the trusted execution environment (TEE) for reliable compliance verification. Although substantial progress has been made in designing compliance schemes in recent years, current approaches suffer from various limitations, including compliance incompleteness, regulation faultiness, and privacy leak. This paper introduces, an IoT data privacy regulation compliance scheme that leverages TEE and blockchain technology. In the protocol, efficiently handles both dynamic and static consent of data owners and utilizes TEE for compliance analysis of requests and processes. By storing encrypted critical data, the blockchain facilitates privacy-preserving audits of the entire compliance process. Additionally, we have designed a challenge-response protocol to address the silent behavior of the TEE. We demonstrate that effectively enforces regulation compliance while safeguarding privacy. We thoroughly evaluate our implementation’s efficiency and effectiveness using Ethereum and Intel SGX platforms.
The crucial blockchain privacy and scalability demand has boosted off-chain contract execution frameworks for years. Some have recently extended their capabilities to transition blockchain states by off-chain multi-party computation while ensuring public verifiability. This new capability is defined as Multi-Party Transaction (MPT). However, existing MPT solutions lack at least one of the following properties crucially valued by communities: data availability, financial fairness, delivery fairness, and delivery atomicity. This paper proposes a novel MPT-enabled off-chain contract execution framework, DECLOAK. Using TEEs, DECLOAK solves identified properties with lower gas costs and a weaker assumption. Notably, DECLOAK is the first to achieve data availability and also achieve all of the above properties. This achievement is coupled with its ability to tolerate all-but-one Byzantine parties and TEE executors. Evaluating 10 MPTs in different businesses, DECLOAK reduces the gas cost of the SOTA, Cloak, by 65.6%. This efficiency advantage further amplifies with an increasing number of MPT’s parties. Consequently, we establish an elevated level of secure and cheap MPT, being the first to demonstrate the feasibility of achieving gas costs comparable to Ethereum transactions while evaluating MPTs.
Ethereum is a blockchain platform that supports smart contracts. Smart contracts are pieces of code that perform general-purpose computations. For instance, smart contracts have been used to implement crowdfunding initiatives that raised a total of US$6.2 billion from January to June of 2018. In this paper, we conduct an exploratory study of smart contracts. Differently from prior studies that focused on particular aspects of a subset of smart contracts, our goal is to have a broader understanding of all contracts that are currently deployed in Ethereum. In particular, we elucidate how frequently used the contracts are (activity level), what they do (category), and how complex they are (source code complexity). To conduct this study, we mined and cross-linked data from four sources: Ethereum dataset on the Google BigData platform, Etherscan, State of the DApps, and CoinMarketCap. Our study period runs from July 2015 (inception of Ethereum) until September 2018. With regards to activity level, we notice that it is concentrated on a very small subset of the contracts. More specifically, only 0.05% of the smart contracts are the target of 80% of the transactions that are sent to contracts. New solutions to cope with Ethereum's limited scalability should take such an activity imbalance into consideration. With regards to categories, we highlight that the new and widely advertised rich programming model of smart contracts is currently being used to develop very simple applications that tend to be token-centric (e.g., ICOs, Crowdsales, etc). Finally, with regards to code complexity, we observe that the source code of high-activity verified contracts is small, with at most 211 instructions in 80% of the cases. These contracts also commonly include at least two subcontracts and libraries in their source code. The comment ratio of these contracts is also significantly higher than that of GitHub top-starred projects written in Java, C++, and C#. Hence, the source code of high-activity verified smart contracts exhibit particular complexity characteristics compared to other popular programming languages. Further studies are necessary to uncover the actual reasons behind such differences. Finally, based on our findings, we propose an open research agenda to drive and foster future studies in the area.
We propose Tesseract, a secure real-time cryptocurrency exchange service. Existing centralized exchange designs are vulnerable to theft of funds, while decentralized exchanges cannot offer real-time cross-chain trades. All currently deployed exchanges are also vulnerable to frontrunning attacks. Tesseract overcomes these flaws and achieves a best-of-both-worlds design by using a trusted execution environment. The task of committing the recent trade data to independent cryptocurrency systems presents an all-or-nothing fairness problem, to which we present ideal theoretical solutions, as well as practical solutions. Tesseract supports not only real-time cross-chain cryptocurrency trades, but also secure tokenization of assets pegged to cryptocurrencies. For instance, Tesseract-tokenized bitcoins can circulate on the Ethereum blockchain for use in smart contracts. We provide a demo implementation of Tesseract that supports Bitcoin, Ethereum, and similar cryptocurrencies.
Smart contracts are programs that execute autonomously on blockchains. Their key envisioned uses (e.g. financial instruments) require them to consume data from outside the blockchain (e.g. stock quotes). Trustworthy data feeds that support a broad range of data requests will thus be critical to smart contract ecosystems.
We present an authenticated data feed system called Town Crier (TC). TC acts as a bridge between smart contracts and existing web sites, which are already commonly trusted for non-blockchain applications. It combines a blockchain front end with a trusted hardware back end to scrape HTTPS-enabled websites and serve source-authenticated data to relying smart contracts.
TC also supports confidentiality. It enables private data requests with encrypted parameters. Additionally, in a generalization that executes smart-contract logic within TC, the system permits secure use of user credentials to scrape access-controlled online data sources.
We describe TC's design principles and architecture and report on an implementation that uses Intel's recently introduced Software Guard Extensions (SGX) to furnish data to the Ethereum smart contract system. We formally model TC and define and prove its basic security properties in the Universal Composibility (UC) framework. Our results include definitions and techniques of general interest relating to resource consumption (Ethereum's "gas" fee system) and TCB minimization. We also report on experiments with three example applications.
We plan to launch TC soon as an online public service.
One of the fundamental challenges that hinder further adaption of decentralized cryptocurrencies is scalability. Because current cryptocurrencies require that all transactions are processed and stored on a distributed ledger -- the so-called blockchain -- transaction throughput is inherently limited. An important proposal to significantly improve scalability are off-chain protocols, where the massive amount of transactions is executed without requiring the costly interaction with the blockchain. Examples of off-chain protocols include payment channels and networks, which are currently deployed by popular cryptocurrencies such as Bitcoin and Ethereum. A further extension of payment networks envisioned for cryptocurrencies are so-called state channel networks. In contrast to payment networks that only support off-chain payments between users, state channel networks allow execution of arbitrary complex smart contracts. The main contribution of this work is to give the first full specification for general state channel networks. Moreover, we provide formal security definitions and prove the security of our construction against powerful adversaries. An additional benefit of our construction is the use of channel virtualization, which further reduces latency and costs in complex channel networks.
Realistic secure processors, including those built for academic and commercial purposes, commonly realize an “attested execution” abstraction. Despite being the de facto standard for modern secure processors, the “attested execution” abstraction has not received adequate formal treatment. We provide formal abstractions for “attested execution” secure processors and rigorously explore its expressive power. Our explorations show both the expected and the surprising. On one hand, we show that just like the common belief, attested execution is extremely powerful, and allows one to realize powerful cryptographic abstractions such as stateful obfuscation whose existence is otherwise impossible even when assuming virtual blackbox obfuscation and stateless hardware tokens. On the other hand, we show that surprisingly, realizing composable two-party computation with attested execution processors is not as straightforward as one might anticipate. Specifically, only when both parties are equipped with a secure processor can we realize composable two-party computation. If one of the parties does not have a secure processor, we show that composable two-party computation is impossible. In practice, however, it would be desirable to allow multiple legacy clients (without secure processors) to leverage a server’s secure processor to perform a multi-party computation task. We show how to introduce minimal additional setup assumptions to enable this. Finally, we show that fair multi-party computation for general functionalities is impossible if secure processors do not have trusted clocks. When secure processors have trusted clocks, we can realize fair two-party computation if both parties are equipped with a secure processor; but if only one party has a secure processor (with a trusted clock), then fairness is still impossible for general functionalities.
It is well known that Bitcoin, Ethereum, and other blockchain-based cryptocurrencies are facing hurdles in scaling to meet user demand. One of the most promising approaches is to form a network of "off-chain payment channels," which are backed by on-chain currency but support rapid, optimistic transactions and use the blockchain only in case of disputes. We develop a novel construction for payment channels that reduces the worst-case "collateral cost" for off- chain payments. In existing proposals, particularly the Lightning Network, a payment across a path of channels requires locking up collateral for time, where is the time to commit a on-chain transaction. Our construction reduces this cost to . We formalize our construction in the simulation-based security model, and provide an implementation as an Ethereum smart contract. Our construction relies on a general purpose primitive called a "state channel," which is of independent interest.
Motivated by the impossibility of achieving fairness in secure computation [Cleve, STOC 1986], recent works study a model of fairness in which an adversarial party that aborts on receiving output is forced to pay a mutually predefined monetary penalty to every other party that did not receive the output. These works show how to design protocols for secure computation with penalties that guarantees that either fairness is guaranteed or that each honest party obtains a monetary penalty from the adversary. Protocols for this task are typically designed in an hybrid model where parties have access to a "claim-or-refund" transaction functionality denote FCR*.
In this work, we obtain improvements on the efficiency of these constructions by amortizing the cost over multiple executions of secure computation with penalties. More precisely, for computational security parameter λ, we design a protocol that implements l = poly}(λ) instances of secure computation with penalties where the total number of calls to FCR* is independent of l.
Motivated by the impossibility of achieving fairness in secure computation [Cleve, STOC 1986], recent works study a model of fairness in which an adversarial party that aborts on receiving output is forced to pay a mutually predefined monetary penalty to every other party that did not receive the output. These works show how to design protocols for secure computation with penalties that tolerate an arbitrary number of corruptions.
In this work, we improve the efficiency of protocols for secure computation with penalties in a hybrid model where parties have access to the "claim-or-refund" transaction functionality. Our first improvement is for the ladder protocol of Bentov and Kumaresan (Crypto 2014) where we improve the dependence of the script complexity of the protocol (which corresponds to miner verification load and also space on the blockchain) on the number of parties from quadratic to linear (and in particular, is completely independent of the underlying function). Our second improvement is for the see-saw protocol of Kumaresan et al. (CCS 2015) where we reduce the total number of claim-or-refund transactions and also the script complexity from quadratic to linear in the number of parties.
We also present a 'dual-mode' protocol that offers different guarantees depending on the number of corrupt parties: (1) when s
Back and Bentov (arXiv 2014) and Andrychowicz et al. (Security and Privacy 2014) introduced techniques to perform secure multiparty computations on Bitcoin. Among other things, these works constructed lottery protocols that ensure that any party that aborts after learning the outcome pays a monetary penalty to all other parties. Following this, Andrychowicz et al. (Bitcoin Workshop 2014) and concurrently Bentov and Kumaresan (Crypto 2014) extended the solution to arbitrary secure function evaluation while guaranteeing fairness in the following sense: any party that aborts after learning the output pays a monetary penalty to all parties that did not learn the output. Andrychowicz et al. (Bitcoin Workshop 2014) also suggested extending to scenarios where parties receive a payoff according to the output of a secure function evaluation, and outlined a 2-party protocol for the same that in addition satisfies the notion of fairness described above. In this work, we formalize, generalize, and construct multiparty protocols for the primitive suggested by Andrychowicz et al. We call this primitive secure cash distribution with penalties. Our formulation of secure cash distribution with penalties poses it as a multistage reactive functionality (i.e., more general than secure function evaluation) that provides a way to securely implement smart contracts in a decentralized setting, and consequently suffices to capture a wide variety of stateful computations involving data and/or money, such as decentralized auctions, market, and games such as poker, etc. Our protocol realizing secure cash distribution with penalties works in a hybrid model where parties have access to a claim-or-refund transaction functionality FCR}* which can be efficiently realized in (a variant of) Bitcoin, and is otherwise independent of the Bitcoin ecosystem. We emphasize that our protocol is dropout-tolerant in the sense that any party that drops out during the protocol is forced to pay a monetary penalty to all other parties. Our formalization and construction generalize both secure computation with penalties of Bentov and Kumaresan (Crypto 2014), and secure lottery with penalties of Andrychowicz et al. (Security and Privacy 2014).
A purely peer-to-peer version of electronic cash would allow online payments to be sent directly from one party to another without going through a financial institution. Digital signatures provide part of the solution, but the main benefits are lost if a trusted third party is still required to prevent double-spending. We propose a solution to the double-spending problem using a peer-to-peer network. The network timestamps transactions by hashing them into an ongoing chain of hash-based proof-of-work, forming a record that cannot be changed without redoing the proof-of-work. The longest chain not only serves as proof of the sequence of events witnessed, but proof that it came from the largest pool of CPU power. As long as a majority of CPU power is controlled by nodes that are not cooperating to attack the network, they'll generate the longest chain and outpace attackers. The network itself requires minimal structure. Messages are broadcast on a best effort basis, and nodes can leave and rejoin the network at will, accepting the longest proof-of-work chain as proof of what happened while they were gone.
CFI: Principles, implementations, and applications
- Martın Abadi
- Mihai Budiu
- Ulfar Erlingsson
- Jay Ligatti
Martın Abadi, Mihai Budiu, Ulfar Erlingsson, and Jay Ligatti. CFI:
Principles, implementations, and applications. In Proc. ACM Conference and Computer and Communications Security (CCS), 2005.
Embedded Ethereum wallet library GitHub
- Anyledger
AnyLedger. Embedded Ethereum wallet library GitHub. https://github.
com/Anylsite/embedded-ethereum-wallet, 2020.
CURE: A security architecture with CUstomizable and Resilient Enclaves
- Raad Bahmani
- Ferdinand Brasser
- Ghada Dessouky
- Patrick Jauernig
- Matthias Klimmek
- Ahmad-Reza Sadeghi
- Emmanuel Stapf
Raad Bahmani, Ferdinand Brasser, Ghada Dessouky, Patrick Jauernig,
Matthias Klimmek, Ahmad-Reza Sadeghi, and Emmanuel Stapf.
CURE: A security architecture with CUstomizable and Resilient Enclaves. In 30th USENIX Security Symposium (USENIX Security 21),
2021.
Private data objects: an overview. CoRR
- Mic Bowman
- Andrea Miele
- Michael Steiner
- Bruno Vavala
Mic Bowman, Andrea Miele, Michael Steiner, and Bruno Vavala.
Private data objects: an overview. CoRR, abs/1807.05686, 2018.
Counterfactual: Generalized state channels
- Jeff Coleman
- Liam Horne
- Li Xuanji
Jeff Coleman, Liam Horne, and Li Xuanji. Counterfactual: Generalized
state channels, Jun 2018. https://l4.ventures/papers/statechannels.pdf.
Ampere Altra Max 64-Bit Multi-Core Processor Features
- Ampere Computing
Ampere Computing. Ampere Altra Max 64-Bit Multi-Core Processor
Features. https://amperecomputing.com/processors/ampere-altra/, 2022.
Sanctum: Minimal hardware extensions for strong software isolation
- Ilia Victor Costan
- Srinivas Lebedev
- Devadas
Victor Costan, Ilia Lebedev, and Srinivas Devadas. Sanctum: Minimal
hardware extensions for strong software isolation. In 25th USENIX
Security Symposium (USENIX Security 16), 2016.
Fastkitten: practical smart contracts on bitcoin
- Poulami Das
- Lisa Eckey
- Tommaso Frassetto
- David Gens
- Kristina Hostáková
- Patrick Jauernig
- Sebastian Faust
- Ahmad-Reza Sadeghi
Poulami Das, Lisa Eckey, Tommaso Frassetto, David Gens, Kristina
Hostáková, Patrick Jauernig, Sebastian Faust, and Ahmad-Reza
Sadeghi. Fastkitten: practical smart contracts on bitcoin. In 28th
USENIX Security Symposium (USENIX Security 19), 2019.
Ethereum Average Gas Price Chart
- Etherscan
Etherscan. Ethereum Average Gas Price Chart. https://etherscan.io/
chart/gasprice, 2020.
DFINITY technology overview series, consensus system. CoRR
- Timo Hanke
- Mahnush Movahedi
- Dominic Williams
Timo Hanke, Mahnush Movahedi, and Dominic Williams. DFINITY
technology overview series, consensus system. CoRR, abs/1805.04548,
2018.
Intel software guard extensions: Epid provisioning and attestation services
- Simon Johnson
- Vinnie Scarlata
- Carlos Rozas
- Ernie Brickell
- Frank Mckeen
Simon Johnson, Vinnie Scarlata, Carlos Rozas, Ernie Brickell, and
Frank Mckeen. Intel software guard extensions: Epid provisioning and
attestation services. White Paper, 1(1-10):119, 2016.
Arbitrum: Scalable, private smart contracts
- A Harry
- Steven Kalodner
- Xiaoqi Goldfeder
- S Matthew Chen
- Edward W Weinberg
- Felten
Harry A. Kalodner, Steven Goldfeder, Xiaoqi Chen, S. Matthew
Weinberg, and Edward W. Felten. Arbitrum: Scalable, private smart
contracts. In 27th USENIX Security Symposium (USENIX Security
2018). USENIX Association, 2018.
Commit-chains: Secure, scalable off-chain payments. Cryptology ePrint Archive
- Rami Khalil
- Alexei Zamyatin
- Guillaume Felley
- Pedro Moreno-Sanchez
- Arthur Gervais
Rami Khalil, Alexei Zamyatin, Guillaume Felley, Pedro Moreno-Sanchez, and Arthur Gervais. Commit-chains: Secure, scalable off-chain
payments. Cryptology ePrint Archive, Report 2018/642, 2018.
Hawk: The blockchain model of cryptography and privacy-preserving smart contracts
- Ahmed Kosba
- Andrew Miller
- Elaine Shi
- Zikai Wen
- Charalampos Papamanthou
Ahmed Kosba, Andrew Miller, Elaine Shi, Zikai Wen, and Charalampos
Papamanthou. Hawk: The blockchain model of cryptography and
privacy-preserving smart contracts. In Security and Privacy (SP), 2016
IEEE Symposium on. IEEE, 2016.
ARMageddon: Cache attacks on mobile devices
- Moritz Lipp
- Daniel Gruss
- Raphael Spreitzer
- Clémentine Maurice
- Stefan Mangard
Moritz Lipp, Daniel Gruss, Raphael Spreitzer, Clémentine Maurice, and
Stefan Mangard. ARMageddon: Cache attacks on mobile devices. In
25th USENIX Security Symposium (USENIX Security 16), 2016.
ROTE: Rollback protection for trusted execution
- Sinisa Matetic
- Mansoor Ahmed
- Kari Kostiainen
- Aritra Dhar
- David Sommer
- Arthur Gervais
- Ari Juels
- Srdjan Capkun
Sinisa Matetic, Mansoor Ahmed, Kari Kostiainen, Aritra Dhar, David
Sommer, Arthur Gervais, Ari Juels, and Srdjan Capkun. ROTE:
Rollback protection for trusted execution. In 26th USENIX Security
Symposium (USENIX Security 17), 2017.
Arbitrum rollup: Off-chain contracts with on-chain security
- Offchain Labs
- Inc
Offchain Labs, Inc. Arbitrum rollup: Off-chain contracts with on-chain
security. 2020.
What's the big idea behind Ethereum's world com
- Travis Patron
Travis Patron. What's the big idea behind Ethereum's world computer.
https://www.coindesk.com/whats-big-idea-behind-ethereumsworld-computer/, 2016.
Plasma: Scalable autonomous smart contracts
- Joseph Poon
- Vitalik Buterin
Joseph Poon and Vitalik Buterin. Plasma: Scalable autonomous smart
contracts. 2017.
The programming language Lua
- Puc-Rio
PUC-Rio. The programming language Lua. https://www.lua.org/, 2020.
Scalable, resilient, and configurable permissioned blockchain fabric
- Sajjad Rahnama
- Suyash Gupta
- M Thamir
- Jelle Qadah
- Mohammad Hellings
- Sadoghi
Sajjad Rahnama, Suyash Gupta, Thamir M Qadah, Jelle Hellings, and
Mohammad Sadoghi. Scalable, resilient, and configurable permissioned
blockchain fabric. Proceedings of the VLDB Endowment, 13(12), 2020.
How to check your ethereum transaction
- Andrey Sergeenkov
Andrey Sergeenkov.
How to check your ethereum transaction.
https://www.coindesk.com/learn/how-to-check-your-ethereumtransaction/. Accessed 24-08-2022.
Strengthening vm isolation with integrity protection and more
- Amd Sev-Snp
AMD SEV-SNP. Strengthening vm isolation with integrity protection
and more. White Paper, January, 2020.
Ethereum: A secure decentralised generalised transaction ledger. Ethereum project yellow paper
- Gavin Wood
Gavin Wood et al. Ethereum: A secure decentralised generalised
transaction ledger. Ethereum project yellow paper, 2014.
Bitcontracts: Adding expressive smart contracts to legacy cryptocurrencies
- Karl Wüst
- Loris Diana
- Kari Kostiainen
- Ghassan Karame
- Sinisa Matetic
- Srdjan Capkun
Karl Wüst, Loris Diana, Kari Kostiainen, Ghassan Karame, Sinisa
Matetic, and Srdjan Capkun. Bitcontracts: Adding expressive smart
contracts to legacy cryptocurrencies. 2019.
Slimchain: scaling blockchain transactions through off-chain storage and parallel processing
- Cheng Xu
- Ce Zhang
- Jianliang Xu
- Jian Pei
Cheng Xu, Ce Zhang, Jianliang Xu, and Jian Pei. Slimchain: scaling
blockchain transactions through off-chain storage and parallel processing. Proceedings of the VLDB Endowment, 14(11):2314-2326, 2021.
- Yann Lecun
- Corinna Cortes
- J C Christopher
- Burges
Yann LeCun and Corinna Cortes and Christopher J.C. Burges. THE
MNIST DATABASE. http://yann.lecun.com/exdb/mnist/, 2020.
Paralysis proofs: Safe access-structure updates for cryptocurrencies and more
- Fan Zhang
- Philip Daian
- Iddo Bentov
- Ari Juels
Fan Zhang, Philip Daian, Iddo Bentov, and Ari Juels. Paralysis proofs:
Safe access-structure updates for cryptocurrencies and more. IACR
Cryptol. ePrint Arch., 2018:96, 2018.