Formal Methods for Secure Bitcoin Smart Contracts

The notion of smart contracts was introduced in 1997 by Nick Szabo, to describe agreements among mutually distrusting parties that can be automatically enforced without resorting to a trusted intermediary. Then, the idea was mostly forgotten due to the technical impossibility to implement it. The advent of distributed ledger technologies, pioneered by Bitcoin, provided a technical foundation to reshape and develop smart contracts. Since smart contracts handle the ownership of valuable assets, attackers may be tempted to exploit vulnerabilities in their implementation to steal or tamper with these assets. For instance, a series of vulnerabilities in Ethereum contracts have been exploited, causing money losses in the order of hundreds of millions of dollars. Over the last years, a variety of smart contracts for Bitcoin have been proposed, both by the academic community and by that of developers. However, the heterogeneity in their treatment, the informal (often incomplete or imprecise) descriptions, and the use of poorly documented Bitcoin features, poses obstacles to the development of secure smart contracts. Using formal models and domain-specific languages to describe the behaviour of the underlying platform, and to model contracts, could help to overcome these security issues, by reducing the distance between the intended behaviour of a contract and the implementation. In this thesis, we propose a formal model of Bitcoin transactions, which is the foundation for a new process algebra for defining Bitcoin smart contracts. Furthermore, we present a toolchain for developing smart contracts in BitML, a domain-specific language based on the contributions of this thesis. Moreover, we propose a new extension to Bitcoin, called neighbourhood covenants, which extends its expressiveness as a smart contract platform. We then exploit neighbourhood covenants to implement fungible tokens on Bitcoin

Blockchain technologies as data storage for test results and certificates - the human factor

In the educational sector even the most sophisticated digital environments will not make human interaction obsolete, as learning and education are inherently social processes. This also means that any application that involves learning and assessment must deal with problems resulting from human error. Some of these problems can effectively be countered or excluded by Blockchain-based technologies. Especially in the case of retroactive manipulation of data, non-Blockchain systems are prone to manipulation, as even the most advanced safeguards cannot prohibit users with high enough access rights to manipulate existing data entries (this may be a mere annoyance when a well-meaning teacher edits a student’s attendance, but it can quickly become a large-scale problem when the recognition of diplomas is tampered with on an institutional level). As data stored on the Blockchain cannot be altered retroactively, the problem of tampering with existing data is to be ruled out. This conference paper looks at the role of humans in the use of state-of-the-art systems that store grades from exams and certificates on Blockchain, and aims at initiating a broad discussion whilst providing guidance for future developments.peer-reviewe

The role of blockchain technologies in digital assessment

Once information is stored on the Blockchain, it cannot be altered retroactively. This immutability makes Blockchain technology an ideal candidate to secure learning achievements and educational credentials. Keeping data trustworthy, secure and manipulation-proof has become an increasing issue in education due to the rise of digital learning environments, which often combine learning experiences, testing procedures and educational credential management. Currently, most digital learning environments safeguard their data using traditional safety systems (e.g. password protection), which in turn are not Blockchain-based, but controlled by a centralized authority. While these centralized systems provide a certain level of security against unauthorized access from outside the system, manipulation from within the system cannot be excluded. Users with high enough access rights (teachers, administrators, system managers) can still add, change or delete entries. This becomes an even greater problem when learning achievements are to be reflected in fair and transparent credit systems, and especially when these educational credits are to be valid across different institutions or even countries. Due to their ability to store data in a decentralized, transparent and manipulation-proof way, Blockchain-based technologies can provide solutions to this problem. The aim of this paper is to describe the status quo of Blockchain technologies in the educational sector, including the expected merits and drawbacks.peer-reviewe

Blockchain technologies in the educational sector. Results of the initial data collection

The education system is subject to an ongoing digital transformation. The administrative departments should be able to handle grading, admissions, enrolments and recognition of certificates securely and quickly. Course managers should not only have faith in e-learning but also in e-assessment. And finally, learners should be able to access course material from anywhere and take exams outside the institutes where they are enrolled. Immutability to changes made retroactively seem to make Blockchain systems the perfect technology to secure data and in combination with digital signatures for identity verification, Blockchain could become the key to digital transformation in education. The paper ‘Blockchain technologies in the educational sector Results of the initial data collection‘ gives a first insight into the level of knowledge of people involved and shows which possibilities Blockchain Technologies could bring to the education sector. Or, more precisely, it shows in which existing applications within the educational system Blockchain Technology should be integrated.peer-reviewe

Chimeric Ledgers: Translating and Unifying UTXO-based and Account-based Cryptocurrencies

Cryptocurrencies are historically divided in two broad groups with respect to the style of transactions that they accept. In the account-based style, each address is seen as an account with a balance, and transactions are transfers of value from one account to another. In the UTXO-based style, transactions inductively spend outputs generated by previous trans- actions and create new unspent outputs, and there is no intrinsic notion of account associated with an address. Each style has advantages and disadvantages. This paper formally defines: the two styles; translations that allow to simulate one style by the other; new transaction types that allow both styles of transactions to co-exist on the same ledger; and a new transaction type that combines features from both styles

A theory of transaction parallelism in blockchains

Decentralized blockchain platforms have enabled the secure exchange of crypto-assets without the intermediation of trusted authorities. To this purpose, these platforms rely on a peer-to-peer network of byzantine nodes, which collaboratively maintain an append-only ledger of transactions, called blockchain. Transactions represent the actions required by users, e.g. the transfer of some units of crypto-currency to another user, or the execution of a smart contract which distributes crypto-assets according to its internal logic. Part of the nodes of the peer-to-peer network compete to append transactions to the blockchain. To do so, they group the transactions sent by users into blocks, and update their view of the blockchain state by executing these transactions in the chosen order. Once a block of transactions is appended to the blockchain, the other nodes validate it, re-executing the transactions in the same order. The serial execution of transactions does not take advantage of the multi-core architecture of modern processors, so contributing to limit the throughput. In this paper we develop a theory of transaction parallelism for blockchains, which is based on static analysis of transactions and smart contracts. We illustrate how blockchain nodes can use our theory to parallelize the execution of transactions. Initial experiments on Ethereum show that our technique can improve the performance of nodes.Comment: arXiv admin note: text overlap with arXiv:1905.0436

A Formal Treatment of Hardware Wallets

Bitcoin, being the most successful cryptocurrency, has been repeatedly attacked with many users losing their funds. The industry\u27s response to securing the user\u27s assets is to offer tamper-resistant hardware wallets. Although such wallets are considered to be the most secure means for managing an account, no formal attempt has been previously done to identify, model and formally verify their properties. This paper provides the first formal model of the Bitcoin hardware wallet operations. We identify the properties and security parameters of a Bitcoin wallet and formally define them in the Universal Composition (UC) Framework. We present a modular treatment of a hardware wallet ecosystem, by realizing the wallet functionality in a hybrid setting defined by a set of protocols. This approach allows us to capture in detail the wallet\u27s components, their interaction and the potential threats. We deduce the wallet\u27s security by proving that it is secure under common cryptographic assumptions, provided that there is no deviation in the protocol execution. Finally, we define the attacks that are successful under a protocol deviation, and analyze the security of commercially available wallets

A Transaction-Level Model for Blockchain Privacy

Considerable work explores blockchain privacy notions. Yet, it usually employs entirely different models and notations, complicating potential comparisons. In this work, we use the Transaction Directed Acyclic Graph (TDAG) and extend it to capture blockchain privacy notions (PDAG). We give consistent definitions for untraceability and unlinkability. Moreover, we specify conditions on a blockchain system to achieve each aforementioned privacy notion. Thus, we can compare the two most prominent privacy-preserving blockchains -- Monero and Zcash, in terms of privacy guarantees. Finally, we unify linking heuristics from the literature with our graph notation and review a good portion of research on blockchain privacy