Towards Overcoming the Undercutting Problem

For Bitcoin and similar cryptocurrencies, their mining processes are currently incentivized with fixed block rewards and voluntary transaction fees. However, the block rewards are supposed to vanish gradually and the remaining incentive of transaction fees is optional and arbitrary. Under those circumstances, Carlsten et al.[CCS~2016] find that an interesting undercutting attack, where the attacker deliberately forks an existing chain by leaving wealthy transactions unclaimed to attract petty complaint miners to its fork, can become the equilibrium strategy for miners. Motivated by similar phenomenons in economics, we take a closer look at the undercutting analysis and find the result to be questionable: In [CCS~2016], fees are accumulated at a fixed rate and miners can collect all unclaimed fees regardless of block size limit, which is often not feasible in practice. Besides, ignoring a potentially large amount of fees unclaimable in a single block can inaccurately inflate the profitability of undercutting. In this work, we define a model that considers claimable fees based on available transactions that can be assembled into the block size limit and upgrades petty compliant miners to be rational where they decide whether to move to other chains subject to expected returns from different choices. In this new model, we first identify the conditions that are necessary to make undercutting profitable. Second, we propose a defense against undercutting by manipulating transactions selected into the new block to invalidate the above-identified conditions. Finally, we complement the above analytical results with an experimental analysis over Bitcoin and Monero. We demonstrate that our conditions for undercutting to be profitable are effective (an increase of 0.5-4.5% in Bitcoin and 8% in Monero) and the avoidance technique fulfills its purpose of allowing miners to earn around fair shares.Comment: 15 pages, 6 figure

Applying an Executive Sustainable Development Model to Executive Organizations based on Corporate Social Responsibility, and Green Management with Mediating Role of ISO 26000 and Comparing it

Objective: Nowadays, insufficient attention to environmental issues and CSR in governmental organizations have undermined their performances and credibility. This research aims to comparatively study a sustainable development executive model based on CSR and green management with mediating role of ISO 26000 among executive organizations. Methods: This is a developmental-applied research with a comparative-inductive logic for data collection. This study uses a descriptive survey method. The statistical population consists of two samples of 32 experts and 360 managers, and deputies of provincial executive organizations. Data collection tools included a questionnaire of CSR, green management, and ISO 26000. Confirmatory factor analysis and structural equation modeling were used to analyze the data using SPSS and AMOS software. Results: The results indicate that social responsibility can predict green management in executive organizations. There is a significant relationship between these two variables with mediating role of ISO 26000. CSR has a positive and significant effect on green management and ISO 26000. Among the dimensions of social responsibility (leadership and intra-organizational processes), the dimensions of green management (leadership) and the dimensions of ISO 26000 (organizational governance) have the highest priorities. There is a significant relationship between the three levels of development in provinces in which this model was applied to their executive organizations. Originality/Value: Defining a sustainable development model and applying it to executive organization in Iran for the first time which adds to the dissemination of developmental research

R3C3: Cryptographically secure Censorship Resistant Rendezvous using Cryptocurrencies

Cryptocurrencies and blockchains are set to play a major role in the financial and supply-chain systems. Their presence and acceptance across different geopolitical corridors, including in repressive regimes, have been one of their striking features. In this work, we leverage this popularity for bootstrapping censorship resistant (CR) communication. We formalize the notion of stego-bootstrapping scheme and formally describe the security notions of the scheme in terms of rareness and security against chosen-covertext attacks. We present R3C3, a Cryptographically secure Censorship-Resistant Rendezvous using Cryptocurrencies. R3C3 allows a censored user to interact with a decoder entity outside the censored region, through blockchain transactions as rendezvous, to obtain bootstrapping information such as a CR proxy and its public key. Unlike the usual bootstrapping approaches (e.g., emailing) with heuristic security if any, R3C3 employs public-key steganography over blockchain transactions to ensure cryptographic security, while the blockchain transaction costs may deter the entry-point harvesting attacks. We develop bootstrapping rendezvous over Bitcoin, Zcash, Monero and Ethereum as well as the typical mining process, and analyze their effectivity in terms of cryptocurrency network volume and introduced monetary cost. With its highly cryptographic structure, Zcash is an outright winner for normal users with 1168 byte bandwidth per transaction costing only 0.03 USD as the fee, while mining pool managers have a free, extremely high bandwidth rendezvous when they mine a block

AUTOPAYMENTS VIA ACCOUNT ABSTRACTION

The present disclosure focuses to simplify the user’s ability to make autopayments without making use of the private key associated with the user while using a non-custodial wallet. The present disclosure describes that without making use of user’s private key, a smart contract can make an autopayment on behalf of the user to the merchant to whom the user wishes to make the payment. In other words, the smart contract will make the automatic payment to merchants associated with the user if the merchant’s details are present in the allowed list of the user, else, the smart contract may reject the transaction

Impact of the pulse modulation format on distributed BOTDA sensors based on Simplex coding

We experimentally analyse the impact of pulse modulation format on BOTDA sensors exploiting Simplex coding. A careful optimisation of modulation format is required to avoid spurious oscillations causing severe penalties in the measurement accuracy

Uncovering Impact of Mental Models towards Adoption of Multi-device Crypto-Wallets

The ever-increasing cohort of cryptocurrency users saw a sharp increase in different types of crypto-wallets in the past decade. However, different wallets are non-uniformly adopted in the population today; Specifically, emerging multi-device wallets, even with improved security and availability guarantees over their counterparts, are yet to receive proportionate attention and adoption. This work presents a data-driven investigation into the perceptions of cryptocurrency users towards multi-device wallets today, using a survey of255crypto-wallet users. Our results revealed two significant groups within our participants—Newbies and Non-newbies. These two groups statistically significantly differ in their usage of crypto-wallets. However, both of these groups were concerned with the possibility of their keys getting compromised and yet are unfamiliar with the guarantees offered by multi-device wallets. After educating the participants about the more secure multi-device wallets, around 70% of the participants preferred them; However, almost one-third of participants were still not comfortable using them. Our qualitative analysis revealed a gap between the actual security guarantees and mental models for these participants—they were afraid that using multi-device wallets will result in losing control over keys (and in effect funds) due to the distribution of key shares. We also investigated the preferred default settings for crypto-wallets across our participants, since multi-device wallets allow a wide range of key-share distribution settings. In the distributed server settings of the multi-device wallets, the participants preferred a smaller number of reputed servers (as opposed to a large non-reputed pool). Moreover, considerations about the threat model further affected their preferences, signifying a need for contextualizing default settings. We conclude the discussion by identifying concrete, actionable design avenues for future multi-device wallet developers to improve adoption

How Interactions Influence Users' Security Perception of Virtual Reality Authentication?

Users readily embrace the rapid advancements in virtual reality (VR) technology within various everyday contexts, such as gaming, social interactions, shopping, and commerce. In order to facilitate transactions and payments, VR systems require access to sensitive user data and assets, which consequently necessitates user authentication. However, there exists a limited understanding regarding how users' unique experiences in VR contribute to their perception of security. In our study, we adopt a research approach known as ``technology probe'' to investigate this question. Specifically, we have designed probes that explore the authentication process in VR, aiming to elicit responses from participants from multiple perspectives. These probes were seamlessly integrated into the routine payment system of a VR game, thereby establishing an organic study environment. Through qualitative analysis, we uncover the interplay between participants' interaction experiences and their security perception. Remarkably, despite encountering unique challenges in usability during VR interactions, our participants found the intuitive virtualized authentication process beneficial and thoroughly enjoyed the immersive nature of VR. Furthermore, we observe how these interaction experiences influence participants' ability to transfer their pre-existing understanding of authentication into VR, resulting in a discrepancy in perceived security. Moreover, we identify users' conflicting expectations, encompassing their desire for an enjoyable VR experience alongside the assurance of secure VR authentication. Building upon our findings, we propose recommendations aimed at addressing these expectations and alleviating potential conflicts

SoK: Web3 Recovery Mechanisms

Account recovery enables users to regain access to their accounts when they lose their authentication credentials. While account recovery is well established and extensively studied in the Web2 (traditional web) context, Web3 account recovery presents unique challenges. In Web3, accounts rely on a (cryptographically secure) private-public key pair as their credential, which is not expected to be shared with a single entity like a server owing to security concerns. This makes account recovery in the Web3 world distinct from the Web2 landscape, often proving to be challenging or even impossible. As account recovery has proven crucial for Web2 authenticated systems, various solutions have emerged to address account recovery in the Web3 blockchain ecosystem in order to make it more friendly and accessible to everyday users, without punishing users if they make honest mistakes. This study systematically examines existing account recovery solutions within the blockchain realm, delving into their workflows, underlying cryptographic mechanisms, and distinct characteristics. After highlighting the trilemma between usability, security, and availability encountered in the Web3 recovery setting, we systematize the existing recovery mechanisms across several axes which showcase those tradeoffs. Based on our findings, we provide a number of insights and future research directions in this field