Do you need a Blockchain?

Blockchain is being praised as a technological innovation which allows to revolutionize how society trades and interacts. This reputation is in particular attributable to its properties of allowing mutually mistrusting entities to exchange financial value and interact without relying on a trusted third party. A blockchain moreover provides an integrity protected data storage and allows to provide process transparency. In this article we critically analyze whether a blockchain is indeed the appropriate technical solution for a particular application scenario. We differentiate between permissionless (e.g., Bitcoin/Ethereum) and permissioned (e.g. Hyperledger/Corda) blockchains and contrast their properties to those of a centrally managed database. We provide a structured methodology to determine the appropriate technical solution to solve a particular application problem. Given our methodology, we analyze in depth three use cases --- Supply Chain Management, Interbank and International Payments, and Decentralized Autonomous Organizations and conclude the article with an outlook for further opportunities

Snappy: Fast On-chain Payments with Practical Collaterals

Permissionless blockchains offer many advantages but also have significant limitations including high latency. This prevents their use in important scenarios such as retail payments, where merchants should approve payments fast. Prior works have attempted to mitigate this problem by moving transactions off the chain. However, such Layer-2 solutions have their own problems: payment channels require a separate deposit towards each merchant and thus significant locked-in funds from customers; payment hubs require very large operator deposits that depend on the number of customers; and side-chains require trusted validators. In this paper, we propose Snappy, a novel solution that enables recipients, like merchants, to safely accept fast payments. In Snappy, all payments are on the chain, while small customer collaterals and moderate merchant collaterals act as payment guarantees. Besides receiving payments, merchants also act as statekeepers who collectively track and approve incoming payments using majority voting. In case of a double-spending attack, the victim merchant can recover lost funds either from the collateral of the malicious customer or a colluding statekeeper (merchant). Snappy overcomes the main problems of previous solutions: a single customer collateral can be used to shop with many merchants; merchant collaterals are independent of the number of customers; and validators do not have to be trusted. Our Ethereum prototype shows that safe, fast (<2 seconds) and cheap payments are possible on existing blockchains.Comment: Network and Distributed Systems Security (NDSS) Symposium 2020, 23-26 February 2020, San Diego, CA, US

Hummingbird: A Flexible and Lightweight Inter-Domain Bandwidth-Reservation System

The current Internet lacks a bandwidth-reservation infrastructure that enables fine-grained inter-domain reservations for end hosts. This is hindering the provisioning of quality-of-service guarantees for real-time applications like video calls and gaming, cloud-based systems, financial transactions, telesurgery, and other remote applications that benefit from reliable communication. This paper introduces Hummingbird, a novel lightweight inter-domain bandwidth-reservation system that addresses several shortcomings of previous designs. Hummingbird supports flexible and composable reservations and enables end-to-end guarantees without requiring autonomous systems to manage reservations for their endhosts. Previous systems tied reservations to autonomous-system numbers or network addresses, which limits the flexibility of reservations. In contrast, our system decouples reservations from network identities and, as a result, the control plane from the data plane. This design choice facilitates multiple co-existing control-plane mechanisms and enables innovative approaches, such as a control plane based on blockchain smart contracts that offers tradeable bandwidth-reservation assets and end-to-end guarantees. The data-plane design ensures simplicity for efficient processing on border routers, which streamlines implementation, deployment, and traffic policing while maintaining robust security properties.Comment: 14 pages, 7 figure

Platypus: A Central Bank Digital Currency with Unlinkable Transactions and Privacy-Preserving Regulation

Due to the popularity of blockchain-based cryptocurrencies, the increasing digitalization of payments, and the constantly reducing role of cash in society, central banks have shown an increased interest in deploying central bank digital currencies (CBDCs) that could serve as a digital cash-equivalent. While most recent research on CBDCs focuses on blockchain technology, it is not clear that this choice of technology provides the optimal solution. In particular, the centralized trust model of a CBDC offers opportunities for different designs. In this paper, we depart from blockchain designs and instead build on ideas from traditional e-cash schemes. We propose a new style of building digital currencies that combines the transaction processing model of e-cash with an account-based fund management model. We argue that such a style of building digital currencies is especially well-suited to CBDCs. We also design the first such digital currency system, called Platypus, that provides strong privacy, high scalability, and expressive but simple regulation, which are all critical features for a CBDC. Platypus achieves these properties by adapting techniques similar to those used in anonymous blockchain cryptocurrencies like Zcash to fit our account model and applying them to the e-cash context

Force Open:Lightweight black box file repair

We present a novel approach for automatic repair of corrupted files that applies to any common file format and does not require knowledge of its structure. Our lightweight approach modifies the execution of a file viewer instead of the file data and makes use of instrumentation and execution hijacking, two techniques from software testing. It uses a file viewer as a black box and does not require access to its source code or any knowledge about its inner workings. We present our implementation of this approach and evaluate it on corrupted PNG, JPEG, and PDF files.ISSN:1742-2876ISSN:1873-202

ZLiTE: Lightweight Clients for Shielded Zcash Transactions using Trusted Execution

Cryptocurrencies record transactions between parties in a blockchain maintained by a peer-to-peer network. In most cryptocurrencies, transactions explicitly identify the previous transaction providing the funds they are spending, revealing the amount and sender/recipient pseudonyms. This is a considerable privacy issue. Zerocash resolves this by using zero-knowledge proofs to hide both the source, destination and amount of the transacted funds. To receive payments in Zerocash, however, the recipient must scan the blockchain, testing if each transaction is destined for them. This is not practical for mobile and other bandwidth constrained devices. In this paper, we build ZLiTE, a system that can support the so-called “light clients”, which can receive transactions aided by a server equipped with a Trusted Execution Environment. Even with the use of a TEE, this is not a trivial problem. First, we must ensure that server processing the blockchain does not leak sensitive information via side channels. Second, we need to design a bandwidth efficient mechanism for the client to keep an up-to-date version of the witness needed in order to spend the funds they previously received

BITE: Bitcoin Lightweight Client Privacy using Trusted Execution

Decentralized blockchains offer attractive advantages over traditional payments such as the ability to operate without a trusted authority and increased user privacy. However, the verification of blockchain payments requires the user to download and process the entire chain which can be infeasible for resource-constrained devices, such as mobile phones. To address such concerns, most major blockchain systems support lightweight clients that outsource most of the computational and storage burden to full blockchain nodes. However, such payment verification methods leak considerable information about the underlying clients, thus defeating user privacy that is considered one of the main goals of decentralized cryptocurrencies. In this paper, we propose a new approach to protect the privacy of lightweight clients in blockchain systems like Bitcoin. Our main idea is to leverage commonly available trusted execution capabilities, such as SGX enclaves. We design and implement a system called BITEwhere enclaves on full nodes serve privacy-preserving requests from lightweight clients. As we will show, naive serving of client requests from within SGX enclaves still leaks user information. BITE therefore integrates several privacy preservation measures that address external leakage as well as SGX side-channels. We show that the resulting solution provides strong privacy protection and at the same time improves the performance of current lightweight clients

Balancing Trust and Performance in Digital Currency and Smart Contract Systems

The development of blockchain technology, starting with Bitcoin in 2008, has received considerable attention and sparked an incredible amount of innovation. While the main contribution of Bitcoin was the creation of a peer-to-peer digital currency system without the need for a central trusted party, newer developments have focused on smart contracts and privacy enhancing technology. One of the defining aspects of blockchain systems is their decentralization. This decentralization can help to reduce the required trust assumptions, but it also comes with a price: Decentralized systems, like blockchains, tend to be less efficient and less scalable than more centralized solutions and they often put heavy requirements on clients. They can also make some properties, such as privacy, harder to achieve, since all information is disseminated to all participants. While blockchains, in particular permissionless blockchains, are often presented as trustless, this is not actually the case. They do not require trust in one single central party, but they still come with explicit and implicit trust assumptions, for example, the assumption that a majority of the mining power is in the hands of honest miners in proof-of-work blockchains. In this thesis, we explore how small changes in the explicit trust assumptions can be used in digital currency and smart contract systems to gain new properties or improve performance. In particular, we consider three topics -- privacy for lightweight clients, smart contract scalability, and central bank digital currencies (CBDCs) -- and show how each of them can be improved in terms of the achievable performance or properties, by either introducing trusted hardware, trusted committees, or a central party trusted for some aspects of the system. First, we develop two systems, called Bite and ZLiTE that use trusted execution environments to improve the privacy of lightweight clients in systems like Bitcoin and that enable privacy-preserving lightweight clients for anonymous cryptocurrencies like Zcash. We show how these systems can be protected against adversaries with full control over a node running these systems by eliminating leakage through network traffic, disk accesses and digital side-channels. Second, we design two systems, ACE and Bitcontracts, that improve the scalability of smart contracts. ACE enable the execution of computationally complex smart contracts and Bitcontracts enables the execution of expressive smart contracts on top of legacy cryptocurrencies, like Bitcoin, that do not natively support such contracts. Both systems execute contracts in committees that are chosen in a contract-specific trust model and thus provide hybrids between permissionless and permissioned systems. ACE is the first system that securely enables cross-contract calls given this trust model and allows for execution of contracts with a computational complexity several orders of magnitude higher than existing systems. Bitcontracts combines ACE' trust model with a new execution model and is the first to securely allow the execution of Ethereum-style contracts on top of legacy blockchains. Finally, we show for central bank digital currencies, how privacy, regulation, and performance can be achieved simultaneously in a permissioned blockchain setting, with PRCash, or in a setting that explicitly trusts the central bank for the integrity of the currency, with Platypus. PRCash adds a privacy preserving regulation mechanism on top of commitment-based transactions for blockchain systems that hide the identities of the transaction parties and the transaction value. We then show with Platypus how the centralized setting that exists for CBDCs in practice can be leveraged to achieve even stronger privacy properties and massive scalability