Reducing Latency of DAG-based Consensus in the Asynchronous Setting via the UTXO Model

DAG-based consensus has attracted significant interest due to its high throughput in asynchronous network settings. However, existing protocols such as DAG-rider (Keidar et al., PODC 2021) and ``Narwhal and Tusk'' (Danezis et al., Eurosys 2022) face two undesired practical issues: (1) high transaction latency and (2) high cost to verify transaction outcomes. To address (1), this work introduces a novel commit rule based on the Unspent Transaction Output (UTXO) Data Model, which allows a node to predict the transaction results before triggering the commitment. We propose a new consensus algorithm named ``Board and Clerk'', which reduces the transaction latency by half for roughly 50% of transactions. As the tolerance for faults escalates, more transactions can partake in this latency reduction. In addition, we also propose the Hyper-Block Model with two flexible proposing strategies to tackle (2): blocking and non-blocking. Using our proposed strategies, each node first predicts the transaction results if its proposal is committed and packs this result as a commitment in its proposal. The hyper-block packs the signature of the proposal and the outputs of the consensus layer together in order to prove the transaction results

Reputation at Stake! A Trust Layer over Decentralized Ledger for Multiparty Computation and Reputation-Fair Lottery

This work leverages on the framework of Karakostas et al. (SCN\u2720) by extending it to the realm of reputation and trust. At the best of our knowledge, it is the first to introduce reputation and trust to proof of stake systems. Namely, we show that their delegation framework can be repurposed to construct a trust layer over a proof of stake consensus protocol in addition to its original stake delegation application. Furthermore, we show that such extension yields a concrete reputation system satisfying the positive results of (1) Asharov et al. (Asiacrypt\u2713), therefore allowing the secure execution of multiparty protocols such as GMW (STOC\u27 87) and Damgard and Ishai (Crypto\u2705), and (2) Kleinrock et al. (Indocrypt\u2720), therefore allowing the construction of Reputation-fair Lottery and therefore Proof of Reputation. More concretely, our devised layer is used to construct a concrete reputation system based on arbitrary stake distribution. In this layer groups of users can freely ``assign their respective trust\u27\u27 to members of a set of trustees, i.e., participants that offered themselves as receivers of such assignment. Furthermore, our work offers the advantage of providing a clear stake based criteria, verifiable in the ledger, and, therefore, naturally resistant to sybil attack, that the set of trustees indeed yields an honest majority. This setting provides a better situation than a simple assumption of honest majority, since it involves stake in a decentralized ledger, and the public verifiability of the reputation score via verification of the stake distribution

Maravedí: A Secure and Practical Protocol to Trade Risk for Instantaneous Finality

The efficiency of blockchain systems is often compared to popular credit card networks with respect to the transactions per second rate. This seems to be an unfair comparison since these networks do not complete a transaction from beginning to end. Rather they buy the risk and settle it much later. Typically transactions have only two players, the payer and the payee, and the settlement of this transaction requires time since it depends on basic properties of the consensus protocol. In practice, the payee, very often, needs to wait for confirmation in order to ship the traded goods. Alternatively, the payee, or merchant, can ship it in faith that the transaction will be confirmed. Our contribution, the Maravedí Protocol, introduces a third player to minimize the risk of the payee to be left without the payment even without the consensus layer confirmation. The main idea is that the third player can work similarly to a credit card company. That is, it buys the risk from the merchant, by a small discount, and allows the third player to pay it instantaneously via a payment-channel like protocol. In parallel, the third player receives the regular payment transaction from the payer that can be settled on the chain, thus, after waiting the consensus/blockchain required time. Moreover, the on-chain transaction pays the full amount, allowing the third player to cash in the discount. Hence, on the side of the merchant, our protocol puts forth instantaneous finality in a novel way to the best of our knowledge

WOTSwana: A Generalized Sleeve Construction for Multiple Proofs of Ownership

The $\mathcal{S}_{leeve}$ construction proposed by Chaum et al. (ACNS\u2721) introduces an extra security layer for digital wallets by allowing users to generate a back up key securely nested inside the secret key of a signature scheme, i.e., ECDSA. The back up key , which is secret, can be used to issue a proof of ownership , i.e., only the real owner of this secret key can generate a single proof, which is based on the WOTS+ signature scheme. The authors of $\mathcal{S}_{leeve}$ proposed the formal technique for a single proof of ownership, and only informally outlined a construction to generalize it to multiple proofs. This work identifies that their proposed construction presents drawbacks, i.e., varying of signature size and signing/verifying computation complexity, limitation of linear construction, etc. Therefore we introduce WOTSwana, a generalization of $\mathcal{S}_{leeve}$, which is, more concretely, a more general scheme, i.e., an extra security layer that generates multiple proofs of ownership, and put forth a thorough formalization of two constructions: (1) one given by a linear concatenation of numerous WOTS+ private/public keys, and (2) a construction based on tree like structure, i.e., an underneath Merkle tree whose leaves are WOTS+ private/public key pairs. Furthermore, we present the security analysis for multiple proofs of ownership, showcasing that this work addresses the early mentioned drawbacks of the original construction. In particular, we extend the original security definition for $\mathcal{S}_{leeve}$. Finally, we illustrate an alternative application of our construction, by discussing the creation of an encrypted group chat messaging application

Tweakable Sleeve: A Novel Sleeve Construction based on Tweakable Hash Functions

Recently, Chaum et al. (ACNS\u2721) introduced $\mathcal{S}_{leeve}$, which describes an extra security layer for signature schemes, i.e., ECDSA. This distinctive feature is a new key generation mechanism, allowing users to generate a \u27\u27back up key\u27\u27 securely nested inside the secret key of a signature scheme. Using this novel construction, the \u27\u27back up key\u27\u27, which is secret, can be used to generate a \u27\u27proof of ownership\u27\u27, i.e., only the rightful owner of this secret key can generate such a proof. This design offers a quantum secure fallback, i.e., a brand new quantum resistant signature, ready to be used, nested in the ECDSA secret key. In this work, we rely on the original $\mathcal{S}_{leeve}$ definition to generalize the construction to a modular design based on Tweakable Hash Functions, thus yielding a cleaner design of the primitive. Furthermore, we provide a thorough security analysis taking into account the security of the ECDSA signature scheme, which is lacking in the original work. Finally, we provide an analysis based on formal methods using Verifpal assuring the security guarantees our construction provides

State Machines across Isomorphic Layer 2 Ledgers

With the ever greater adaptation of blockchain systems, smart contract based ecosystems have formed to provide financial services and other utility. This results in an ever increasing demand for transactions on blockchains, however, the amount of transactions per second on a given ledger is limited. Layer-2 systems attempt to improve scalability by taking transactions off-chain, with building blocks that are two party channels which are concatenated to form networks. Interaction between two parties requires (1) routing such a network, (2) interaction with and collateral from all intermediaries on the routed path and (3) interactions are often more limited compared to what can be done on the ledger. In contrast to that design, recent constructions such as Hydra Heads (FC’21) are both multi-party and isomorphic, allowing interactions to have the same expressiveness as on the ledger making it akin to a ledger located on Layer-2. The follow up Interhead Construction (MARBLE’22) further extends the protocol to connect Hydra Heads into networks by means of a “virtual” Hydra Head construction. This work puts forth an even greater generalization of the Interhead Protocol, allowing for inter- action across different Layer-2 ledgers with a multitude of improvements. As concrete example, our design is modular and lightweight, which makes it viable for both full virtual ledger constructions as well as straightfor- ward one-time interactions and payments systems

Turn Based Communication Channel

We introduce the concept of turn-based communication channel between two mutually distrustful parties with communication consistency, i.e. both parties have the same message history, and happens in sets of exchanged messages across a limited number of turns. Our construction leverages on timed primitives. Namely, we introduce a novel ∆-delay hash function definition in order to establish turns in the channel. Concretely, we introduce the one-way turn-based communication scheme and the two-way turn-based communication protocol and provide a concrete instantiation that achieves communication consistency

Interhead Hydra Two Heads are Better than One

Distributed ledger are maintained through consensus protocols executed by mutually distrustful parties. However, these consensus protocols have inherent limitations thus resulting in scalability issues of the ledger. Layer-2 protocols operate on channels and allow parties to interact with another without going through the consensus protocol albeit relying on its security as fall-back. Prominent Layer-2 protocols are payment channels for Bitcoin that allow two parties to exchange coins, State Channels for Ethereum that allow two parties to execute a state machine, and Hydra heads [FC\u2721] for Cardano which allows multiple parties execution of Constraint Emitting Machines (CEM). Channels can be concatenated into networks using techniques such as Hashed Timelocked Contracts to execute payments or virtual state channels as introduced by Dziembowski et al. [CCS\u2718] to execute state machines. These constructions allow interaction between two parties across a channel network, i.e. the two endpoints of a path of channels. This is realized by utilizing intermediaries, which are the parties on the channel path which are in-between both endpoints, who have to pay collateral to ensure security of the constructions. While these approaches can be used with Hydra, they cannot be trivially extended to allow execution of CEMs between an arbitrary amount of parties across different Hydra heads. This work addresses this gap by introducing the Interhead construction that allows for the iterative creation of virtual Hydra heads. Of independent interest, our construction is the first that (1) supports channels with an arbitrary amount of parties and (2) allows for collateral to be paid by multiple intermediaries which allows to share this burden and thus improves practicality