METHOD AND SYSTEM TO AUTOMATICALLY SYNTHESIZE SMART CONTRACTS USING TRANSACTION TRACES

The present disclosure relates to a method and system to automatically synthesize smart contracts using transaction traces. The present disclosure suggests collecting transaction trace raw data from a blockchain network and transmitting the transaction trace raw data obtained to a transaction decoder system for initial data preprocessing. Thereafter, call frames are extracted from the transaction trace raw data and a Depth-First Search (DFS) traversal is performed on the extracted call frames. Subsequently, at each step of the DFS traversal, the contract address associated (that is, “to” address) with the extracted call frame is verified to determine if it is known or unknown to Etherscan data. Further, the present disclosure suggests collecting top-level calls within the child call frames when the contract address is unknown in the call frame and adding them to the contract as function definitions

Broadcast and Verifiable Secret Sharing: New Security Models and Round Optimal Constructions

Broadcast and verifiable secret sharing (VSS) are central building blocks for secure multi-party computation. These protocols are required to be resilient against a Byzantine adversary who controls at most t out of the n parties running the protocol. In this dissertation, we consider the design of fault-tolerant protocols for broadcast and verifiable secret sharing with stronger security guarantees and improved round complexity. Broadcast allows a party to send the same message to all parties, and all parties are assured they have received identical messages. Given a public-key infrastructure (PKI) and digital signatures, it is possible to construct broadcast protocols tolerating any number of corrupted parties. We address two important issues related to broadcast: (1) Almost all existing protocols do not distinguish between corrupted parties (who do not follow the protocol) and honest parties whose secret (signing) keys have been compromised (but who continue to behave honestly); (2) all existing protocols for broadcast are insecure against an adaptive adversary who can choose which parties to corrupt as the protocol progresses. We propose new security models that capture these issues, and present tight feasibility and impossibility results. In the problem of verifiable secret sharing, there is a designated player who shares a secret during an initial sharing phase such that the secret is hidden from an adversary that corrupts at most t parties. In a subsequent reconstruction phase of the protocol, a unique secret, well-defined by the view of honest players in the sharing phase, is reconstructed. The round complexity of VSS protocols is a very important metric of their efficiency. We show two improvements regarding the round complexity of information-theoretic VSS. First, we construct an efficient perfectly secure VSS protocol tolerating t < n/3 corrupted parties that is simultaneously optimal in both the number of rounds and the number of invocations of broadcast. Second, we construct a statistically secure VSS protocol tolerating t < n/2 corrupted parties that has optimal round complexity, and an efficient statistical VSS protocol tolerating t < n/2 corrupted parties that requires one additional round

Improvements to Secure Computation with Penalties

Motivated by the impossibility of achieving fairness in secure computation [Cleve, STOC 1986], recent works study a model of fairness in which an adversarial party that aborts on receiving output is forced to pay a mutually predefined monetary penalty to every other party that did not receive the output. These works show how to design protocols for secure computation with penalties that tolerate an arbitrary number of corruptions. In this work, we improve the efficiency of protocols for secure computation with penalties in a hybrid model where parties have access to the “claim-or-refund” transaction functionality. Our first improvement is for the ladder protocol of Bentov and Kumaresan (Crypto 2014) where we improve the dependence of the script complexity of the protocol (which corresponds to miner verification load and also space on the blockchain) on the number of parties from quadratic to linear (and in particular, is completely independent of the underlying function). Our second improvement is for the see-saw protocol of Kumaresan et al. (CCS 2015) where we reduce the total number of claim-or-refund transactions and also the script complexity from quadratic to linear in the number of parties. We also present a ‘dual-mode’ protocol that offers different guarantees depending on the number of corrupt parties: (1) when s n/2 parties are corrupt, this protocol guarantees fairness with penalties (i.e., if the adversary gets the output, then either the honest parties get output as well or they get compensation via penalizing the adversary). The above protocol works as long as t+s < n, matching the bound obtained for secure computation protocols in the standard model (i.e., replacing “fairness with penalties” with “securitywith-abort” (full security except fairness)) by Ishai et al. (SICOMP 2011). Keywords: Bitcoin, secure computation, fairness.National Science Foundation (U.S.) (Grant CNS-1350619)National Science Foundation (U.S.) (Grant CNS1414119)Alfred P. Sloan Foundation (Research Fellowship)Microsoft (Faculty Fellowship

Improving the round complexity of VSS in point-topoint networks

We revisit the following question: what is the optimal round complexity of verifiable secret sharing (VSS)? We focus here on the case of perfect VSS where the number of corrupted parties t satisfies t &lt; n/3, with n the total number of parties. Work of Gennaro et al. (STOC 2001) and Fitzi et al. (TCC 2006) shows that, assuming a broadcast channel, 3 rounds are necessary and sufficient for efficient VSS. Existing protocols, however, treat the broadcast channel as being available “for free ” and do not attempt to minimize its usage. This approach leads to relatively poor round complexity when such protocols are compiled to run over a point-to-point network. We show here a VSS protocol that is simultaneously optimal in terms of both the number of rounds and the number of invocations of broadcast. Our protocol also satisfies a certain “2-level sharing ” property that makes it useful for constructing protocols for general secure computation.

How to use bitcoin to incentivize correct computations.

ABSTRACT We study a model of incentivizing correct computations in a variety of cryptographic tasks. For each of these tasks we propose a formal model and design protocols satisfying our model&apos;s constraints in a hybrid model where parties have access to special ideal functionalities that enable monetary transactions. We summarize our results: • Verifiable computation. We consider a setting where a delegator outsources computation to a worker who expects to get paid in return for delivering correct outputs. We design protocols that compile both public and private verification schemes to support incentivizations described above. • Secure computation with restricted leakage. Building on the recent work of Huang et al. (Security and Privacy 2012), we show an efficient secure computation protocol that monetarily penalizes an adversary that attempts to learn one bit of information but gets detected in the process. • Fair secure computation. Inspired by recent work, we consider a model of secure computation where a party that aborts after learning the output is monetarily penalized. We then propose an ideal transaction functionality F ML and show a constant-round realization on the Bitcoin network. Then, in the F ML -hybrid world we design a constant round protocol for secure computation in this model. • Noninteractive bounties. We provide formal definitions and candidate realizations of noninteractive bounty mechanisms on the Bitcoin network which (1) allow a bounty maker to place a bounty for the solution of a hard problem by sending a single message, and (2) allow a bounty collector (unknown at the time of bounty creation) with the solution to claim the bounty, while (3) ensuring that the bounty maker can learn the solution whenever its bounty is collected, and (4) preventing malicious eavesdropping parties from both claiming the bounty as well as learning the solution. All our protocol realizations (except those realizing fair secure computation) rely on a special ideal functionality that is not curPermission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]. rently supported in Bitcoin due to limitations imposed on Bitcoin scripts. Motivated by this, we propose validation complexity of a protocol, a formal complexity measure that captures the amount of computational effort required to validate Bitcoin transactions required to implement it in Bitcoin. Our protocols are also designed to take advantage of optimistic scenarios where participating parties behave honestly

Synchronizable Exchange

Fitzi, Garay, Maurer, and Ostrovsky (Journal of Cryptology 2005) showed that in the presence of a dishonest majority, no primitive of cardinality $n - 1$ is complete for realizing an arbitrary $n$-party functionality with guaranteed output delivery. In this work, we introduce a new $2$-party primitive $\mathcal{F}_{\mathsf{SyX}}$ (``synchronizable fair exchange\u27\u27) and show that it is complete for realizing any $n$-party functionality with fairness in a setting where all $n$ parties are pairwise connected by independent instances of $\mathcal{F}_{\mathsf{SyX}}$. In the $\mathcal{F}_{\mathsf{SyX}}$-hybrid model, the two parties load $\mathcal{F}_{\mathsf{SyX}}$ with some input, and following this, either party can trigger $\mathcal{F}_{\mathsf{SyX}}$ with a suitable ``witness\u27\u27 at a later time to receive the output from $\mathcal{F}_{\mathsf{SyX}}$. Crucially the other party also receives output from $\mathcal{F}_{\mathsf{SyX}}$ when $\mathcal{F}_{\mathsf{SyX}}$ is triggered. The trigger witnesses allow us to synchronize the trigger phases of multiple instances of $\mathcal{F}_{\mathsf{SyX}}$, thereby aiding in the design of fair multiparty protocols. Additionally, a pair of parties may reuse a single a priori loaded instance of $\mathcal{F}_{\mathsf{SyX}}$ in any number of multiparty protocols (possibly involving different sets of parties)

LucidiTEE: A TEE-Blockchain System for Policy-Compliant Multiparty Computation with Fairness

Motivated by recent advances in exploring the power of hybridized TEE-blockchain systems, we present LucidiTEE, a unified framework for confidential, policy-compliant computing that guarantees fair output delivery. For context: • Kaptchuk et al. (NDSS’19) showed that enclave-ledger interactions can enable applications such as one-time programs and rate limited logging. We generalize their ideas to enforcing arbitrary history-based policies within and across several multi-step computations. Towards this, we define a new ideal functionality for policy-compliant computing FPCC, and then show how LucidiTEE implements FPCC. • Chaudhuri et al.(CCS’17) showed that enclave-ledger interactions enable fair exchange, contract signing, and more generally, fair secure multiparty computation. In a setting with n processors each of which possesses a TEE, they show how to realize fair secure computation tolerating up to t corrupt parties for any t < n. We improve upon their result by showing a novel protocol which requires only t out of the n processors to possess a TEE. When n = 2 and t = 1, this provides practical fair computation in client-server settings, where clients may not possess a TEE. • Ekiden (EuroS&P’19) and FastKitten (Sec’19) use enclave-ledger interactions to enable practical, privacy-preserving smart contracts. However, Ekiden and FastKitten store the contract’s inputs on-chain (during malicious behavior in the latter’s case). In contrast, LucidiTEE implements privacy-preserving stateful computation while storing inputs, outputs, and state off-chain, using the ledger only to enforce history-based policies. Summarizing, LucidiTEE enables multiple parties to jointly compute on private data, while enforcing history-based policies even when input providers are offline, and fairness to all output recipients, in a malicious setting. LucidiTEE uses the ledger only to enforce policies; i.e., it does not store inputs, outputs, or state on the ledger, letting it scale to big data computation. We show novel applications including a personal finance app, collaborative machine learning, and policy-based surveys amongst an apriori-unknown set of participants

Network Oblivious Transfer

Motivated by the goal of improving the concrete efficiency of secure multiparty computation (MPC), we study the possibility of implementing an infrastructure for MPC. We propose an infrastructure based on oblivious transfer (OT), which would consist of OT channels between some pairs of parties in the network. We devise information-theoretically secure protocols that allow additional pairs of parties to establish secure OT correlations using the help of other parties in the network in the presence of a dishonest majority. Our main technical contribution is an upper bound that matches a lower bound of Harnik, Ishai, and Kushilevitz (Crypto 2007), who studied the number of OT channels necessary and sufficient for MPC. In particular, we characterize which n-party OT graphs G allow t-secure computation of OT correlations between all pairs of parties, showing that this is possible if and only if the complement of G does not contain the complete bipartite graph K_{n-t,n-t} as a subgraph

Efficient Batched Oblivious PRF with Applications to Private Set Intersection

We describe a lightweight protocol for oblivious evaluation of a pseudorandom function (OPRF) in the presence of semi-honest adversaries. In an OPRF protocol a receiver has an input $r$; the sender gets output $s$ and the receiver gets output $F(s,r)$, where $F$ is a pseudorandom function and $s$ is a random seed. Our protocol uses a novel adaptation of 1-out-of-2 OT-extension protocols, and is particularly efficient when used to generate a large batch of OPRF instances. The cost to realize $m$ OPRF instances is roughly the cost to realize $3.5 m$ instances of standard 1-out-of-2 OTs (using state-of-the-art OT extension). We explore in detail our protocol\u27s application to semi-honest secure private set intersection (PSI). The fastest state-of-the-art PSI protocol (Pinkas et al., Usenix 2015) is based on efficient OT extension. We observe that our OPRF can be used to remove their PSI protocol\u27s dependence on the bit-length of the parties\u27 items. We implemented both PSI protocol variants and found ours to be 3.1--3.6$\times$ faster than Pinkas et al.\ for PSI of 128-bit strings and sufficiently large sets. Concretely, ours requires only 3.8 seconds to securely compute the intersection of $2^{20}$-size sets, regardless of the bitlength of the items. For very large sets, our protocol is only $4.3\times$ slower than the {\em insecure} na\ ıve hashing approach for PSI

AUTOPAYMENTS VIA ACCOUNT ABSTRACTION

The present disclosure focuses to simplify the user’s ability to make autopayments without making use of the private key associated with the user while using a non-custodial wallet. The present disclosure describes that without making use of user’s private key, a smart contract can make an autopayment on behalf of the user to the merchant to whom the user wishes to make the payment. In other words, the smart contract will make the automatic payment to merchants associated with the user if the merchant’s details are present in the allowed list of the user, else, the smart contract may reject the transaction