Condorcet Attack Against Fair Transaction Ordering

We introduce the Condorcet attack, a new threat to fair transaction ordering. Specifically, the attack undermines batch-order-fairness, the strongest notion of transaction fair ordering proposed to date. The batch-order-fairness guarantees that a transaction tx is ordered before tx' if a majority of nodes in the system receive tx before tx'; the only exception (due to an impossibility result) is when tx and tx' fall into a so-called "Condorcet cycle". When this happens, tx and tx' along with other transactions within the cycle are placed in a batch, and any unfairness inside a batch is ignored. In the Condorcet attack, an adversary attempts to undermine the system's fairness by imposing Condorcet cycles to the system. In this work, we show that the adversary can indeed impose a Condorcet cycle by submitting as few as two otherwise legitimate transactions to the system. Remarkably, the adversary (e.g., a malicious client) can achieve this even when all the nodes in the system behave honestly. A notable feature of the attack is that it is capable of "trapping" transactions that do not naturally fall inside a cycle, i.e. those that are transmitted at significantly different times (with respect to the network latency). To mitigate the attack, we propose three methods based on three different complementary approaches. We show the effectiveness of the proposed mitigation methods through simulations, and explain their limitations

On the Semantic Security of Secret Image Sharing Methods

In this paper, a cryptanalysis is performed of the previous secret image sharing methods and an improvement is proposedIn this work, we analyze some of the existing secret image sharing methods and show that they do not possess indistinguishability, a property of many secure systems. We propose a new method based on the $(k, n)$ threshold secret sharing scheme for images in the compressed and uncompressed domains. Our method generates minimal share sizes with similar computational cost to previous methods, yet it is computationally secure and satisfies the indistinguishability property