5 research outputs found
Town Crier: An Authenticated Data Feed for Smart Contracts
Smart contracts are programs that execute autonomously on blockchains. Their key envisioned uses (e.g. financial instruments) require them to consume data from outside the blockchain (e.g. stock quotes). Trustworthy data feeds that support a broad range of data requests will thus be critical to smart contract ecosystems.
We present an authenticated data feed system called Town Crier (TC). TC acts as a bridge between smart contracts and existing web sites, which are already commonly trusted for non-blockchain applications. It combines a blockchain front end with a trusted hardware back end to scrape HTTPS- enabled websites and serve source-authenticated data to re- lying smart contracts. TC also supports confidentiality; it enables private data requests with encrypted parameters and secure use of user credentials to scrape access-controlled on- line data sources.
We describe TC’s design principles and architecture and report on an implementation that uses Intel’s recently introduced Software Guard Extensions (SGX) to furnish data to the Ethereum smart contract system. We formally model TC and define and prove its basic security properties in the Universal Composability (UC) framework. Our results include definitions and techniques of general interest relating to resource consumption (Ethereum’s “gas” fee system) and TCB minimization. We also report on experiments with three example applications.
We plan to launch TC soon as an online public service
The Honey Badger of BFT Protocols
The surprising success of cryptocurrencies has
led to a surge of interest in deploying large scale,
highly robust, Byzantine fault tolerant (BFT) proto-
cols for mission-critical applications, such as finan-
cial transactions. Although the conventional wisdom
is to build atop a (weakly) synchronous protocol such
as PBFT (or a variation thereof), such protocols rely
critically on network timing assumptions, and only
guarantee liveness when the network behaves as ex-
pected. We argue these protocols are ill-suited for this
deployment scenario.
We present an alternative, HoneyBadgerBFT,
the first practical asynchronous BFT protocol, which
guarantees liveness without making any timing as-
sumptions. We base our solution on a novel atomic
broadcast protocol that achieves optimal asymptotic
efficiency. We present an implementation and ex-
perimental results to show our system can achieve
throughput of tens of thousands of transactions per
second, and scales to over a hundred nodes on a
wide area network. We even conduct BFT experi-
ments over Tor, without needing to tune any parame-
ters. Unlike the alternatives, HoneyBadgerBFT sim-
ply does not care about the underlying network
Blockchain Trilemma Solver Algorand has Dilemma over Undecidable Messages
Recently, an ingenious protocol called Algorand has been proposed to overcome
these limitations. Algorand uses an innovative process - called cryptographic
sortition - to securely and unpredictably elect a set of voters from the
network periodically. These voters are responsible for reaching consensus
through a Byzantine Agreement (BA) protocol on one block per time, guaranteeing
an overwhelming probability of linearity of the blockchain.
In this paper, we present a security analysis of Algorand. To the best of our
knowledge, it is the first security analysis as well as the first formal study
on Algorand. We designed an attack scenario in which a group of malicious users
tries to break the protocol, or at least limiting it to a reduced partition of
network users, by exploiting a possible security flaw in the messages
validation process of the BA. Since the source code or an official simulator
for Algorand was not available at the time of our study, we created a simulator
(which is available on request) to implement the protocol and assess the
feasibility of our attack scenario. Our attack requires the attacker to have a
trivial capability of establishing multiple connections with targeted nodes and
costs practically nothing to the attacker. Our results show that it is possible
to slow down the message validation process on honest nodes, which eventually
forces them to choose default values on the consensus; leaving the targeted
nodes behind in the chain as compared to the non-attacked nodes. Even though
our results are subject to the real implementation assumption, the core concept
of our attack remains valid.Comment: 8 pages, 2 figures, and 2 table
PRCash: Fast, Private and Regulated Transactions for Digital Currencies
Decentralized cryptocurrencies based on blockchains provide attractive features, including user privacy and system transparency, but lack active control of money supply and capabilities for regulatory oversight, both existing features of modern monetary systems. These limitations are critical, especially if the cryptocurrency is to replace, or complement, existing fiat currencies. Centralized cryptocurrencies, on the other hand, provide controlled supply of money, but lack transparency and transferability. Finally, they provide only limited privacy guarantees, as they do not offer recipient anonymity or payment value secrecy.
We propose a novel digital currency, called PRCash, where the control of money supply is centralized, money is represented as value-hiding transactions for transferability and improved privacy, and transactions are verified in a distributed manner and published to a public ledger for verifiability and transparency. Strong privacy and regulation are seemingly conflicting features, but we overcome this technical problem with a new regulation mechanism based on zero-knowledge proofs. Our implementation and evaluation shows that payments are fast and large-scale deployments practical. PRCash is the first digital currency to provide control of money supply, transparency, regulation, and privacy at the same time, and thus make its adoption as a fiat currency feasible
Atomic Multi-Channel Updates with Constant Collateral in Bitcoin-Compatible Payment-Channel Networks
Current cryptocurrencies provide a heavily limited transaction throughput that is clearly insufficient to cater their growing adoption. Payment-channel networks (PCNs) have emerged as an interesting solution to the scalability issue and are currently deployed by popular cryptocurrencies such as Bitcoin and Ethereum. While PCNs do increase the transaction throughput by processing payments off-chain and using the blockchain only as a dispute arbitrator, they unfortunately require high collateral (i.e., they lock coins for a non-constant time along the payment path) and are restricted to payments in a path from sender to receiver. These issues have severe consequences in practice. The high collateral enables denial-of-service attacks that hamper the throughput and utility of the PCN. Moreover, the limited functionality hinders the applicability of current PCNs in many important application scenarios. Unfortunately, current proposals do not solve either of these issues, or they require Turing-complete language support, which severely limit their applicability.
In this work, we present AMCU, the first protocol for atomic multi-channel updates and reduced collateral that is compatible with Bitcoin (and other cryptocurrencies with reduced scripting capabilities). We provide a formal model in the Universal Composability framework and show that AMCU realizes it, thus demonstrating that AMCU achieves atomicity and value privacy. Moreover, the reduced collateral mitigates the consequences of griefing attacks in PCNs while the (multi-payment) atomicity achieved by AMCU opens the door to new applications such as credit rebalancing and crowdfunding that are not possible otherwise. Moreover, our evaluation results demonstrate that AMCU has a performance in line with that of the Lightning Network (the most widely deployed PCN) and thus is ready to be deployed in practice