137 research outputs found
A Semantic Framework for the Security Analysis of Ethereum smart contracts
Smart contracts are programs running on cryptocurrency (e.g., Ethereum)
blockchains, whose popularity stem from the possibility to perform financial
transactions, such as payments and auctions, in a distributed environment
without need for any trusted third party. Given their financial nature, bugs or
vulnerabilities in these programs may lead to catastrophic consequences, as
witnessed by recent attacks. Unfortunately, programming smart contracts is a
delicate task that requires strong expertise: Ethereum smart contracts are
written in Solidity, a dedicated language resembling JavaScript, and shipped
over the blockchain in the EVM bytecode format. In order to rigorously verify
the security of smart contracts, it is of paramount importance to formalize
their semantics as well as the security properties of interest, in particular
at the level of the bytecode being executed.
In this paper, we present the first complete small-step semantics of EVM
bytecode, which we formalize in the F* proof assistant, obtaining executable
code that we successfully validate against the official Ethereum test suite.
Furthermore, we formally define for the first time a number of central security
properties for smart contracts, such as call integrity, atomicity, and
independence from miner controlled parameters. This formalization relies on a
combination of hyper- and safety properties. Along this work, we identified
various mistakes and imprecisions in existing semantics and verification tools
for Ethereum smart contracts, thereby demonstrating once more the importance of
rigorous semantic foundations for the design of security verification
techniques.Comment: The EAPLS Best Paper Award at ETAP
Decentralization in Bitcoin and Ethereum Networks
Blockchain-based cryptocurrencies have demonstrated how to securely implement
traditionally centralized systems, such as currencies, in a decentralized
fashion. However, there have been few measurement studies on the level of
decentralization they achieve in practice. We present a measurement study on
various decentralization metrics of two of the leading cryptocurrencies with
the largest market capitalization and user base, Bitcoin and Ethereum. We
investigate the extent of decentralization by measuring the network resources
of nodes and the interconnection among them, the protocol requirements
affecting the operation of nodes, and the robustness of the two systems against
attacks. In particular, we adapted existing internet measurement techniques and
used the Falcon Relay Network as a novel measurement tool to obtain our data.
We discovered that neither Bitcoin nor Ethereum has strictly better properties
than the other. We also provide concrete suggestions for improving both
systems.Comment: Financial Cryptography and Data Security 201
Pisa: Arbitration outsourcing for state channels
State channels are a leading approach for improving the scalability of blockchains and cryptocurrencies. They allow a group of distrustful parties to optimistically execute an application-defined program amongst themselves, while the blockchain serves as a backstop in case of a dispute or abort. This effectively bypasses the congestion, fees and performance constraints of the underlying blockchain in the typical case. However, state channels introduce a new and undesirable assumption that a party must remain online and synchronised with the blockchain at all times to defend against execution fork attacks. An execution fork can revert a state channel's history, potentially causing financial damage to a party that is innocent except for having crashed. To provide security even to parties that may go offline for an extended period of time, we present Pisa, the first protocol to propose an accountable third party who can be hired by parties to cancel execution forks on their behalf. To evaluate Pisa, we provide a proof-of-concept implementation for a simplified Sprites and we demonstrate that it is cost-efficient to deploy on the Ethereum network
Smart contracts for bribing miners
We present three smart contracts that allow a briber to fairly
exchange bribes to miners who pursue a mining strategy benefiting the
briber. The first contract, CensorshipCon, highlights that Ethereum’s
uncle block reward policy can directly subsidise the cost of bribing miners.
The second contract, HistoryRevisionCon, rewards miners via an
in-band payment for reversing transactions or enforcing a new state of
another contract. The third contract, GoldfingerCon, rewards miners
in one cryptocurrency for reducing the utility of another cryptocurrency.
This work is motivated by the need to understand the extent
to which smart contracts can impact the incentive mechanisms involved
in Nakamoto-style consensus protocols
SoK: Consensus in the Age of Blockchains
The core technical component of blockchains is consensus: how to reach agreement among a distributed network of nodes. A plethora of blockchain consensus protocols have been proposed---ranging from new designs, to novel modifications and extensions of consensus protocols from the classical distributed systems literature. The inherent complexity of consensus protocols and their rapid and dramatic evolution makes it hard to contextualize the design landscape. We address this challenge by conducting a systematization of knowledge of blockchain consensus protocols. After first discussing key themes in classical consensus protocols, we describe: (i) protocols based on proof-of-work; (ii) proof-of-X protocols that replace proof-of-work with more energy-efficient alternatives; and (iii) hybrid protocols that are compositions or variations of classical consensus protocols. This survey is guided by a systematization framework we develop, to highlight the various building blocks of blockchain consensus design, along with a discussion on their security and performance properties. We identify research gaps and insights for the community to consider in future research endeavours
Early haemodynamic changes observed in patients with epilepsy, in a visual experiment and in simulations
Objective: The objective of this study was to investigate whether previously reported early blood oxygen level dependent (BOLD) changes in epilepsy could occur as a result of the modelling techniques rather than physiological changes. Methods: EEG-fMRI data were analysed from seven patients with focal epilepsy, six control subjects undergoing a visual experiment, in addition to simulations. In six separate analyses the event timing was shifted by either -9,-6,-3,+3,+6 or +9 s relative to the onset of the interictal epileptiform discharge (IED) or stimulus. Results: The visual dataset and simulations demonstrated an overlap between modelled haemodynamic response function (HRF) at event onset and at \ub13 s relative to onset, which diminished at \ub16 s. Pre-spike analysis at -6 s improved concordance with the assumed IED generating lobe relative to the standard HRF in 43% of patients. Conclusion: The visual and simulated dataset findings indicate a form of "temporal bleeding", an overlap between the modelled HRF at time 0 and at \ub13 s which attenuated at \ub16 s. Pre-spike analysis at -6 s may improve concordance. Significance: This form of analysis should be performed at 6 s prior to onset of IED to minimise temporal bleeding effect. The results support the presence of relevant BOLD responses occurring prior to IEDs
Scalable Open-Vote Network on Ethereum
McCorry et al. (Financial Cryptography 2017) presented the first implementation of a decentralized self-tallying voting protocol on Ethereum. However, their implementation did not scale beyond 40 voters since all the computations were performed on the smart contract. In this paper, we tackle this problem by delegating the bulk computations to an off-chain untrusted administrator in a verifiable manner. Specifically, the administrator tallies the votes off-chain and publishes a Merkle tree that encodes the tallying computation trace. Then, the administrator submits the Merkle tree root and the tally result to the smart contract. Subsequently, the smart contract transits to an intermediate phase where at least a single honest voter can contend the administrator\u27s claimed result if it was not computed correctly. Then, in the worst case, the smart contract verifies the dispute at the cost of an elliptic curve point addition and scalar multiplication, and two Merkle proofs of membership which are logarithmic in the number of voters. This allows our protocol to achieve higher scalability without sacrificing the public verifiability or voters\u27 privacy. To assess our protocol, we implemented an open-source prototype on Ethereum and carried out multiple experiments for different numbers of voters.
The results of our implementation confirm the scalability and efficiency of our proposed solution which does not exceed the current block gas limit for any practical number of voters
- …