Agent-Based Simulations of Blockchain protocols illustrated via Kadena's Chainweb

While many distributed consensus protocols provide robust liveness and consistency guarantees under the presence of malicious actors, quantitative estimates of how economic incentives affect security are few and far between. In this paper, we describe a system for simulating how adversarial agents, both economically rational and Byzantine, interact with a blockchain protocol. This system provides statistical estimates for the economic difficulty of an attack and how the presence of certain actors influences protocol-level statistics, such as the expected time to regain liveness. This simulation system is influenced by the design of algorithmic trading and reinforcement learning systems that use explicit modeling of an agent's reward mechanism to evaluate and optimize a fully autonomous agent. We implement and apply this simulation framework to Kadena's Chainweb, a parallelized Proof-of-Work system, that contains complexity in how miner incentive compliance affects security and censorship resistance. We provide the first formal description of Chainweb that is in the literature and use this formal description to motivate our simulation design. Our simulation results include a phase transition in block height growth rate as a function of shard connectivity and empirical evidence that censorship in Chainweb is too costly for rational miners to engage in. We conclude with an outlook on how simulation can guide and optimize protocol development in a variety of contexts, including Proof-of-Stake parameter optimization and peer-to-peer networking design.Comment: 10 pages, 7 figures, accepted to the IEEE S&B 2019 conferenc

Improved Security for Non-Volatile Main Memory

A technique that improves security for non-volatile main memory in computer systems is disclosed. Some prior approaches that secure data between OS processes in such systems reduce the number of NVM write cycles by using encryption instead of shredding (zeroing out) physical memory pages between processes. However, in some circumstances, this solution can be less secure. The disclosed technique uses a pseudorandom function to change how the major counter is updated for a page that is to be shredded in order to increase security

A Private Interactive Test of a Boolean Predicate and Minimum-Knowledge Public-Key Cryptosystems

We introduce a new two-party protocol with the following properties: 1. The protocol gives a proof of the value, 0 or 1, of a particular Boolean predicate which is (assumed to be) hard to compute. This extends the 'interactive proof systems' of (7), which are only used to prove that a certain predicate has value 1. 2. The protocol is provably minimum-knowledge ill the sense that it communicates no additional knowledge (besides the value of the predicate) that might be used, for example, to compromise the private key of a user of a public-key cryptosystem. 3. The protocol is result-indistinguishable: an eavesdropper, overhearing an execution of the protocol, does not know the value of the predicate that was proved. This bit is cryptographically secure. The protocol achieves this without the use of encryption functions, all messages being sent in the clear. These properties enable us to define a minimum-knowledge cryptosystem, in which each user receives exactly the knowledge he is supposed to receive and nothing more. In particular, the system is provably secure against both chosen-message and chosen-ciphertext attack. Moreover, extending the Diffie-Hellman model, it allows a user to encode messages to other users with his own public key. This enables a symmetric use of public-key encryption

Minimum-Knowledge Interactive Proofs for Decision Problems

Interactive communication of knowledge from the point of view of resource-bounded computational complexity is studied. Extending the work of Goldwasser, Micali, and Rackof [Proc. 17th Annual ACM Symposium on the Theory of Computing, 1985, pp. 291““304; .,18 (1989), pp. 186““208], the authors define a protocol transferring the result of any fixed computation to be minimum-knowledge if it communicates no additional knowledge to the recipient besides the intended computational result. It is proved that such protocols may be combined in a natural way so as to build more complex protocols. A protocol is introduced for two parties, a prover and a verifier, with the following properties:(1) Following the protocol, the prover gives to the verifier a proof of the value, 0 or 1, of a particular Boolean predicate, which is (assumed to be) hard for the verifier to compute. Such a deciding “interactive proof-system“ extends the interactive proof-systems of [op. cit.], which are used only to confirm that a certain predicate has value 1. (2) The protocol is minimum-knowledge. (3) The protocol is result-indistinguishable: an eavesdropper, overhearing an execution of the protocol, does not learn the value of the predicate that is proved. The value of the predicate is a cryptographically secure bit, shared by the two parties to the protocol. This security is achieved without the use of encryption functions, all messages being sent in the clear. These properties enable one to define a cryptosystem in which each user receives exactly the knowledge he is supposed to receive, and nothing more

Implications of the Partial Width Z->bb for Supersymmetry Searches and Model-Building

Assuming that the actual values of the top quark mass at FNAL and of the ratio of partial widths Z->bb/Z->hadrons at LEP are within their current one-sigma reported ranges, we present a No-Lose Theorem for superpartner searches at LEP II and an upgraded Tevatron. We impose only two theoretical assumptions: the Lagrangian is that of the Minimal Supersymmetric Standard Model with arbitrary soft-breaking terms, and all couplings remain perturbative up to scales of order 10^16 GeV; there are no assumptions about the soft SUSY breaking parameters, proton decay, cosmology, etc. In particular, if the LEP and FNAL values hold up and supersymmetry is responsible for the discrepancy with the SM prediction of the partial width of Z->bb, then we must have charginos and/or top squarks observable at the upgraded machines. Furthermore, little deviation from the SM is predicted within "super-unified" SUSY. Finally, it appears to be extremely difficult to find any unified MSSM model, regardless of the form of soft SUSY breaking, that can explain the partial width for large tan(beta); in particular, no model with top-bottom-tau Yukawa coupling unification appears to be consistent with the experiments.Comment: 15 pages, University of Michigan preprint UM-TH-94-23. LaTeX file with 4 uuencoded figures sent separately. Compressed PS file (114Kb) available by anonymous FTP from 141.211.96.66 in /pub/preprints/UM-TH-94-23.ps.

PROPYLA: Privacy Preserving Long-Term Secure Storage

An increasing amount of sensitive information today is stored electronically and a substantial part of this information (e.g., health records, tax data, legal documents) must be retained over long time periods (e.g., several decades or even centuries). When sensitive data is stored, then integrity and confidentiality must be protected to ensure reliability and privacy. Commonly used cryptographic schemes, however, are not designed for protecting data over such long time periods. Recently, the first storage architecture combining long-term integrity with long-term confidentiality protection was proposed (AsiaCCS'17). However, the architecture only deals with a simplified storage scenario where parts of the stored data cannot be accessed and verified individually. If this is allowed, however, not only the data content itself, but also the access pattern to the data (i.e., the information which data items are accessed at which times) may be sensitive information. Here we present the first long-term secure storage architecture that provides long-term access pattern hiding security in addition to long-term integrity and long-term confidentiality protection. To achieve this, we combine information-theoretic secret sharing, renewable timestamps, and renewable commitments with an information-theoretic oblivious random access machine. Our performance analysis of the proposed architecture shows that achieving long-term integrity, confidentiality, and access pattern hiding security is feasible.Comment: Few changes have been made compared to proceedings versio

Efficient Transparent Redactable Signatures with a Single Signature Invocation

A redactable signature scheme is one that allows the original signature to be used, usually along with some additional data, to verify certain carefully` specified changes to the original document that was signed, namely the removal or redaction of subdocuments. For redactable signatures, the term transparency has been used to describe a scheme that hides the number and locations of redacted subdocuments. We present here two efficient transparent redactable signature schemes, which are the first such schemes in the literature that are based solely on tools of symmetric cryptography, along with a single application of an ordinary digital signature. As with several previous schemes for redactable signatures, we sign a sequence of randomized commitments that depend on the contents of the subdocuments of the document to be signed. In order to hide their number and location, we randomize their order, and mix them with a sequence of dummy nodes that are indistinguishable from commitment values. Our first scheme uses a data structure of size quadratic in the number of subdocuments, encoding all the precedence relations between pairs of subdocuments. By embedding these precedence relations in a smaller family of graphs, our second scheme is more efficient, with expected cost linear in the number of subdocuments in the document to be signed. We introduce a quantified version of the transparency property, precisely describing the uncertainty about the number of redacted subdocuments that is guaranteed by the two schemes. We prove that our schemes are secure, i.e. unforgeable, private, and transparent, based on the security of collision-free hash functions, pseudorandom generators, and digital signature schemes. While providing such strong security, our scheme is also efficient, in terms of both computation and communication

SUSY QCD corrections to the polarization and spin correlations of top quarks produced in e+e- collisions

We compute the supersymmetric QCD corrections to the polarization and the spin correlations of top quarks produced above threshold in e+e- collisions, taking into account arbitrary longitudinal polarization of the initial beams.Comment: 15 pages, 10 ps figure

Taking Blockchain Seriously

In the present techno-political moment it is clear that ignoring or dismissing the hype surrounding blockchain is unwise, and certainly for regulatory authorities and governments who must keep a grip on the technology and those promoting it, in order to ensure democratic accountability and regulatory legitimacy within the blockchain ecosystem and beyond. Blockchain is telling (and showing) us something very important about the evolution of capital and neoliberal economic reason, and the likely impact in the near future on forms and patterns of work, social organization, and, crucially, on communities and individuals who lack influence over the technologies and data that increasingly shape and control their lives. In this short essay I introduce some of the problems in the regulation of blockchain and offer counter-narratives aimed at cutting through the hype fuelling the ascendency of this most contemporary of technologies