77 research outputs found
Evolving Bitcoin Custody
The broad topic of this thesis is the design and analysis of Bitcoin custody
systems. Both the technology and threat landscape are evolving constantly.
Therefore, custody systems, defence strategies, and risk models should be
adaptive too.
We introduce Bitcoin custody by describing the different types, design
principles, phases and functions of custody systems. We review the technology
stack of these systems and focus on the fundamentals; key-management and
privacy. We present a perspective we call the systems view. It is an attempt to
capture the full complexity of a custody system, including technology, people,
and processes. We review existing custody systems and standards.
We explore Bitcoin covenants. This is a mechanism to enforce constraints on
transaction sequences. Although previous work has proposed how to construct and
apply Bitcoin covenants, these require modifying the consensus rules of
Bitcoin, a notoriously difficult task. We introduce the first detailed
exposition and security analysis of a deleted-key covenant protocol, which is
compatible with current consensus rules. We demonstrate a range of security
models for deleted-key covenants which seem practical, in particular, when
applied in autonomous (user-controlled) custody systems. We conclude with a
comparative analysis with previous proposals.
Covenants are often proclaimed to be an important primitive for custody
systems, but no complete design has been proposed to validate that claim. To
address this, we propose an autonomous custody system called Ajolote which uses
deleted-key covenants to enforce a vault sequence. We evaluate Ajolote with; a
model of its state dynamics, a privacy analysis, and a risk model. We propose a
threat model for custody systems which captures a realistic attacker for a
system with offline devices and user-verification. We perform ceremony analysis
to construct the risk model.Comment: PhD thesi
Instantaneous Decentralized Poker
We present efficient protocols for amortized secure multiparty computation
with penalties and secure cash distribution, of which poker is a prime example.
Our protocols have an initial phase where the parties interact with a
cryptocurrency network, that then enables them to interact only among
themselves over the course of playing many poker games in which money changes
hands.
The high efficiency of our protocols is achieved by harnessing the power of
stateful contracts. Compared to the limited expressive power of Bitcoin
scripts, stateful contracts enable richer forms of interaction between standard
secure computation and a cryptocurrency.
We formalize the stateful contract model and the security notions that our
protocols accomplish, and provide proofs using the simulation paradigm.
Moreover, we provide a reference implementation in Ethereum/Solidity for the
stateful contracts that our protocols are based on.
We also adopt our off-chain cash distribution protocols to the special case
of stateful duplex micropayment channels, which are of independent interest. In
comparison to Bitcoin based payment channels, our duplex channel implementation
is more efficient and has additional features
Verifying liquidity of recursive Bitcoin contracts
Smart contracts - computer protocols that regulate the exchange of
crypto-assets in trustless environments - have become popular with the spread
of blockchain technologies. A landmark security property of smart contracts is
liquidity: in a non-liquid contract, it may happen that some assets remain
frozen, i.e. not redeemable by anyone. The relevance of this issue is witnessed
by recent liquidity attacks to Ethereum, which have frozen hundreds of USD
millions. We address the problem of verifying liquidity on BitML, a DSL for
smart contracts with a secure compiler to Bitcoin, featuring primitives for
currency transfers, contract renegotiation and consensual recursion. Our main
result is a verification technique for liquidity. We first transform the
infinite-state semantics of BitML into a finite-state one, which focusses on
the behaviour of a chosen set of contracts, abstracting from the moves of the
context. With respect to the chosen contracts, this abstraction is sound, i.e.
if the abstracted contract is liquid, then also the concrete one is such. We
then verify liquidity by model-checking the finite-state abstraction. We
implement a toolchain that automatically verifies liquidity of BitML contracts
and compiles them to Bitcoin, and we assess it through a benchmark of
representative contracts.Comment: arXiv admin note: text overlap with arXiv:2003.0029
Marlowe: Implementing and Analysing Financial Contracts on Blockchain
Marlowe is a DSL for financial contracts. We describe the implementation of Marlowe on the Cardano blockchain, and the Marlowe Playground web-based development and simulation environment.
Contracts in Marlowe can be exhaustively analysed prior to running them, thus providing strong guarantees to participants in the contract. The Marlowe system itself has been formally verified using the Isabelle theorem prover, establishing such properties as the conservation of money
- âŠ