Flyclient: Super-Light Clients for Cryptocurrencies

To validate transactions, cryptocurrencies such as Bitcoin and Ethereum require nodes to verify that a blockchain is valid. This entails downloading and verifying all blocks, taking hours and requiring gigabytes of bandwidth and storage. Hence, clients with limited resources cannot verify transactions independently without trusting full nodes. Bitcoin and Ethereum offer light clients known as simplified payment verification (SPV) clients, that can verify the chain by downloading only the block headers. Unfortunately, the storage and bandwidth requirements of SPV clients still increase linearly with the chain length. For example, as of July 2019, an SPV client in Ethereum needs to download and store about 4 GB of data. Recently, Kiayias et al. proposed a solution known as non-interactive proofs of proof-of-work (NIPoPoW) that allows a light client to download and store only a polylogarithmic number of block headers in expectation. Unfortunately, NIPoPoWs are succinct only as long as no adversary influences the honest chain, and can only be used in chains with fixed block difficulty, contrary to most cryptocurrencies which adjust block difficulty frequently according to the network hashrate. We introduce Flyclient, a novel transaction verification light client for chains of variable difficulty. Flyclient is efficient both asymptotically and practically and requires downloading only a logarithmic number of block headers while storing only a single block header between executions. Using an optimal probabilistic block sampling protocol and Merkle Mountain Range (MMR) commitments, Flyclient overcomes the limitations of NIPoPoWs and generates shorter proofs over all measured parameters. In Ethereum, Flyclient achieves a synchronization proof size of less than 500 KB which is roughly 6,600x smaller than SPV proofs. We finally discuss how Flyclient can be deployed with minimal changes to the existing cryptocurrencies via an uncontentious velvet fork

SmartPool: Practical Decentralized Pooled Mining

Cryptocurrencies such as Bitcoin and Ethereum are operated by a handful of mining pools. Nearly $95\%$ of Bitcoin\u27s and $80\%$ of Ethereum\u27s mining power resides with less than ten and six mining pools respectively. Although miners benefit from low payout variance in pooled mining, centralized mining pools require members to trust that pool operators will remunerate them fairly. Furthermore, centralized pools pose the risk of transaction censorship from pool operators, and open up possibilities for collusion between pools for perpetrating severe attacks. In this work, we propose SmartPool, a novel protocol design for a decentralized mining pool. Our protocol shows how one can leverage {\em smart contracts}, autonomous blockchain programs, to decentralize cryptocurrency mining. SmartPool gives transaction selection control back to miners while yielding low-variance payouts. SmartPool incurs mining fees lower than centralized mining pools and is designed to scale to a large number of miners. We implemented and deployed a robust SmartPool implementation on the Ethereum and Ethereum Classic networks. To date, our deployed pools have handled a peak hashrate of 30 GHs from Ethereum miners, resulting in $105$ blocks, costing miners a mere $0.6\%$ of block rewards in transaction fees

Making Smart Contracts Smarter

Cryptocurrencies record transactions in a decentralized data structure called a blockchain. Two of the most popular cryptocurrencies, Bitcoin and Ethereum, support the feature to encode rules or scripts for processing transactions. This feature has evolved to give practical shape to the ideas of smart contracts, or full-fledged programs that are run on blockchains. Recently, Ethereum\u27s smart contract system has seen steady adoption, supporting tens of thousands of contracts, holding millions dollars worth of virtual coins. In this paper, we investigate the security of running smart contracts based on Ethereum in an open distributed network like those of cryptocurrencies. We introduce several new security problems in which an adversary can manipulate smart contract execution to gain profit. These bugs suggest subtle gaps in the understanding of the distributed semantics of the underlying platform. As a refinement, we propose ways to enhance the operational semantics of Ethereum to make contracts less vulnerable. For developers writing contracts for the existing Ethereum system, we build a symbolic execution tool called Oyente to find potential security bugs. Among 19, 336 existing Ethereum contracts, Oyente flags 8, 833 of them as vulnerable, including the TheDAO bug which led to a 60 million US dollar loss in June 2016. We also discuss the severity of other attacks for several case studies which have source code available and confirm the attacks (which target only our accounts) in the main Ethereum network

Bit-Vector Model Counting using Statistical Estimation

Approximate model counting for bit-vector SMT formulas (generalizing \#SAT) has many applications such as probabilistic inference and quantitative information-flow security, but it is computationally difficult. Adding random parity constraints (XOR streamlining) and then checking satisfiability is an effective approximation technique, but it requires a prior hypothesis about the model count to produce useful results. We propose an approach inspired by statistical estimation to continually refine a probabilistic estimate of the model count for a formula, so that each XOR-streamlined query yields as much information as possible. We implement this approach, with an approximate probability model, as a wrapper around an off-the-shelf SMT solver or SAT solver. Experimental results show that the implementation is faster than the most similar previous approaches which used simpler refinement strategies. The technique also lets us model count formulas over floating-point constraints, which we demonstrate with an application to a vulnerability in differential privacy mechanisms

Harvey: A Greybox Fuzzer for Smart Contracts

We present Harvey, an industrial greybox fuzzer for smart contracts, which are programs managing accounts on a blockchain. Greybox fuzzing is a lightweight test-generation approach that effectively detects bugs and security vulnerabilities. However, greybox fuzzers randomly mutate program inputs to exercise new paths; this makes it challenging to cover code that is guarded by narrow checks, which are satisfied by no more than a few input values. Moreover, most real-world smart contracts transition through many different states during their lifetime, e.g., for every bid in an auction. To explore these states and thereby detect deep vulnerabilities, a greybox fuzzer would need to generate sequences of contract transactions, e.g., by creating bids from multiple users, while at the same time keeping the search space and test suite tractable. In this experience paper, we explain how Harvey alleviates both challenges with two key fuzzing techniques and distill the main lessons learned. First, Harvey extends standard greybox fuzzing with a method for predicting new inputs that are more likely to cover new paths or reveal vulnerabilities in smart contracts. Second, it fuzzes transaction sequences in a targeted and demand-driven way. We have evaluated our approach on 27 real-world contracts. Our experiments show that the underlying techniques significantly increase Harvey's effectiveness in achieving high coverage and detecting vulnerabilities, in most cases orders-of-magnitude faster; they also reveal new insights about contract code.Comment: arXiv admin note: substantial text overlap with arXiv:1807.0787

Widespread Aberrant Alternative Splicing despite Molecular Remission in Chronic Myeloid Leukaemia Patients

Vast transcriptomics and epigenomics changes are characteristic of human cancers, including leukaemia. At remission, we assume that these changes normalise so that omics-profiles resemble those of healthy individuals. However, an in-depth transcriptomic and epigenomic analysis of cancer remission has not been undertaken. A striking exemplar of targeted remission induction occurs in chronic myeloid leukaemia (CML) following tyrosine kinase inhibitor (TKI) therapy. Using RNA sequencing and whole-genome bisulfite sequencing, we profiled samples from chronic-phase CML patients at diagnosis and remission and compared these to healthy donors. Remarkably, our analyses revealed that abnormal splicing distinguishes remission samples from normal controls. This phenomenon is independent of the TKI drug used and in striking contrast to the normalisation of gene expression and DNA methylation patterns. Most remarkable are the high intron retention (IR) levels that even exceed those observed in the diagnosis samples. Increased IR affects cell cycle regulators at diagnosis and splicing regulators at remission. We show that aberrant splicing in CML is associated with reduced expression of specific splicing factors, histone modifications and reduced DNA methylation. Our results provide novel insights into the changing transcriptomic and epigenomic landscapes of CML patients during remission. The conceptually unanticipated observation of widespread aberrant alternative splicing after remission induction warrants further exploration. These results have broad implications for studying CML relapse and treating minimal residual disease

Biphasic calcium phosphate with submicron surface topography in an Ovine model of instrumented posterolateral spinal fusion.

As spinal fusions require large volumes of bone graft, different bone graft substitutes are being investigated as alternatives. A subclass of calcium phosphate materials with submicron surface topography has been shown to be a highly effective bone graft substitute. In this work, a commercially available biphasic calcium phosphate (BCP) with submicron surface topography (MagnetOs; Kuros Biosciences BV) was evaluated in an Ovine model of instrumented posterolateral fusion. The material was implanted stand-alone, either as granules (BCPgranules) or as granules embedded within a fast-resorbing polymeric carrier (BCPputty) and compared to autograft bone (AG). Twenty-five adult, female Merino sheep underwent posterolateral fusion at L2-3 and L4-5 levels with instrumentation. After 6, 12, and 26 weeks, outcomes were evaluated by manual palpation, range of motion (ROM) testing, micro-computed tomography, histology and histomorphometry. Fusion assessment by manual palpation 12 weeks after implantation revealed 100% fusion rates in all treatment groups. The three treatment groups showed a significant decrease in lateral bending at the fusion levels at 12 weeks (P < 0.05) and 26 weeks (P < 0.001) compared to the 6 week time-point. Flexion-extension and axial rotation were also reduced over time, but statistical significance was only reached in flexion-extension for AG and BCPputty between the 6 and 26 week time-points (P < 0.05). No significant differences in ROM were observed between the treatment groups at any of the time-points investigated. Histological assessment at 12 weeks showed fusion rates of 75%, 92%, and 83% for AG, BCPgranules and BCPputty, respectively. The fusion rates were further increased 26 weeks postimplantation. Similar trends of bone growth were observed by histomorphometry. The fusion mass consisted of at least 55% bone for all treatment groups 26 weeks after implantation. These results suggest that this BCP with submicron surface topography, in granules or putty form, is a promising alternative to autograft for spinal fusion

TOWARDS SECURE PUBLIC BLOCKCHAIN PROTOCOLS AT SCALE

Ph.DDOCTOR OF PHILOSOPH