An Alternative Paradigm for Developing and Pricing Storage on Smart Contract Platforms

Smart contract platforms facilitate the development of important and diverse distributed applications in a simple manner. This simplicity stems from the inherent utility of employing the state of smart contracts to store, query and verify the validity of application data. In Ethereum, data storage incurs an underpriced, non-recurring, predefined fee. Furthermore, as there is no incentive for freeing or minimizing the state of smart contracts, Ethereum is faced with a tragedy of the commons problem with regards to its monotonically increasing state. This issue, if left unchecked, may lead to centralization and directly impact Ethereum's security and longevity. In this work, we introduce an alternative paradigm for developing smart contracts in which their state is of constant size and facilitates the verification of application data that are stored to and queried from an external, potentially unreliable, storage network. This approach is relevant for a wide range of applications, such as any key-value store. We evaluate our approach by adapting the most widely deployed standard for fungible tokens, i.e., the ERC20 token standard. We show that Ethereum's current cost model penalizes our approach, even though it minimizes the overhead to Ethereum's state and aligns well with Ethereum's future. We address Ethereum's monotonically increasing state in a two-fold manner. First, we introduce recurring fees that are proportional to the state of smart contracts and adjustable by the miners that maintain the network. Second, we propose a scheme where the cost of storage-related operations reflects the effort that miners have to expend to execute them. Lastly, we show that under such a pricing scheme that encourages economy in the state consumed by smart contracts, our ERC20 token adaptation reduces the incurred transaction fees by up to an order of magnitude.Comment: 6 pages, 2 figures, DAPPCON 201

Interactive Consistency in practical, mostly-asynchronous systems

Interactive consistency is the problem in which n nodes, where up to t may be byzantine, each with its own private value, run an algorithm that allows all non-faulty nodes to infer the values of each other node. This problem is relevant to critical applications that rely on the combination of the opinions of multiple peers to provide a service. Examples include monitoring a content source to prevent equivocation or to track variability in the content provided, and resolving divergent state amongst the nodes of a distributed system. Previous works assume a fully synchronous system, where one can make strong assumptions such as negligible message delivery delays and/or detection of absent messages. However, practical, real-world systems are mostly asynchronous, i.e., they exhibit only some periods of synchrony during which message delivery is timely, thus requiring a different approach. In this paper, we present a thorough study on practical interactive consistency. We leverage the vast prior work on broadcast and byzantine consensus algorithms to design, implement and evaluate a set of algorithms, with varying timing assumptions and message complexity, that can be used to achieve interactive consistency in real-world distributed systems. We provide a complete, open-source implementation of each proposed interactive consistency algorithm by building a multi-layered stack of protocols that include several broadcast protocols, as well as a binary and a multi-valued consensus protocol. Most of these protocols have never been implemented and evaluated in a real system before. We analyze the performance of our suite of algorithms experimentally by engaging in both single instance and multiple parallel instances of each alternative.Comment: 13 pages, 10 figure

An Alternative Paradigm for Developing and Pricing Storage on Smart Contract Platforms

Smart contract platforms, the most notable of which is probably Ethereum, facilitate the development of important and diverse distributed applications (e.g., naming services and fungible tokens) in a simple manner. This simplicity stems from the inherent utility of employing the state of smart contracts to store, query and verify the validity of application data. In Ethereum, data storage incurs an underpriced, non-recurring, predefined fee. Furthermore, as there is no incentive for freeing or minimizing the state of smart contracts, Ethereum is faced with a tragedy of the commons problem with regards to its monotonically increasing state. This issue, if left unchecked, may lead to centralization and directly impact Ethereum's security and longevity. In this work, we introduce an alternative paradigm for developing smart contracts in which their state is of constant size and facilitates the verification of application data that are stored to and queried from an external, potentially unreliable, storage network. This approach is relevant for a wide range of applications, such as any key-value store. We evaluate our approach by adapting the most widely deployed standard for fungible tokens, i.e., the ERC20 token standard. We show that Ethereum's current cost model penalizes our approach, even though it minimizes the overhead to Ethereum's state and aligns well with Ethereum's future. We address Ethereum's monotonically increasing state in a two-fold manner. First, we introduce recurring fees that are proportional to the state of smart contracts and adjustable by the miners that maintain the network. Second, we propose a scheme where the cost of storage-related operations reflects the effort that miners have to expend to execute them. Lastly, we show that under such a pricing scheme that encourages economy in the state consumed by smart contracts, our ERC20 token adaptation reduces the incurred transaction fees by up to an order of magnitude

Revisiting Asynchronous Rumor Spreading in the Blockchain Era

Asynchronous rumor spreading, or epidemic algorithms, are a class of data dissemination protocols that have been used throughout the years for a large variety of distributed applications. The emergence of large-scale, public blockchains, such as Bitcoin and Ethereum, has reinvigorated research interest in these protocols as they are employed to disseminate pending transactions and confirmed blocks in their peer-to-peer (P2P) networks. Efficient, timely and fault-tolerant information dissemination is vital for blockchain networks as it affects issues ranging from security to block finality. Recent works have analyzed the structural properties of blockchain network overlay graphs. Their findings show that they have inherent similarities to those of social networks, such as power-law degree distributions, small diameters and star-like communities. In this work, we present an experimental analysis of the vanilla asynchronous push & pull rumor spreading protocol that is employed by public blockchains. This protocol, although robust and scalable, can be substantially improved. We demonstrate this by analyzing the effect that multiple parameters have on the protocol’s performance, such as using memory to avoid contacting the same neighbor twice in a row, varying the stopping criteria of nodes to decide when to stop spreading the rumor, employing more sophisticated neighbor selection policies instead of the standard uniform random choice and others. Prior works have focused on either providing theoretical upper bounds on the number of rounds needed to spread the rumor to all nodes, or, propose improvements by adjusting isolated parameters. To our knowledge, our work is the first to study how multiple parameters affect the protocol’s behavior both in isolation and combination and under a wide range of values. Moreover, prior theoretical works have studied rumor spreading only on bidirectional social topologies. Our study examines the behavior of the protocol in multiple topology classes. These include bidirectional, directed, and also a special type of social topologies, called signed topologies, which resemble more closely the topologies of blockchain P2P networks. Our work is the first to indicate and deal with how chains of communities that are sparsely connected to the core of the network can hamper the rumor’s spreading. Thus, we complement prior theoretical work to shed light on how the protocol behaves in practical, real-world, large scale distributed systems. Finally, through our detailed analysis, we demonstrate how a few simple additions to the protocol deliver a percentage decrease of the time required to inform all nodes by a maximum of 99.69% and an average of 86.04%

Αποδεδειγμένα ασφαλείς υπηρεσίες ονοματοδοσίας βασισμένες σε έξυπνα συμβόλαια: σχεδίαση, υλοποιήση και αξιολόγηση

Naming services provide the necessary foundations of developing diverse and important applications, such as e-commerce and e-banking. Currently, these naming services are operated by centralized authorities, which have to be trusted for their correct operation. Unfortunately, centralization (of trust) incurs several downsides in terms of security, availability and faulttolerance, as illustrated by numerous security incidents throughout the years where such authorities have been compromised. Decentralization has been proposed as analternative to deal with these issues. Nevertheless, decentralization raises other concerns, such as dealing with free-riding and Sybil attacks. In this thesis, we leverage the scalability, security, as well as, the built-in incentive mechanism of blockchain systems and propose the design of a decentralized, smart contract-based naming service. More specifically, we are the first to fully formalize the naming service design problem in the Universal Composability (UC) framework and formally prove the security of our construction under the strong RSA assumptionin the Random Oracle model and the existence of an ideal smart contract functionality. The main barrier inrealizing a smart contract-based naming service is the size of the contract’s state which, being its most expensive resource to access and modify, should be minimized for a construction to beviable. We resolve this issue by defining and using in our naming service a public-state cryptographic accumulator with constant size, a cryptographic tool which may be of independent interest in the context of blockchain protocols. This accumulator incurs constant-sized storage at the expense of computational complexity. To explore this trade off, we proposeand implement a second construction, which preserves the security properties of the first and, as illustrated through our evaluation, is the only version withconstant-sized state that can be deployed on the live chain of Ethereum, the most notable public smart contract platform at the time of this writing. We compare these two constructions with the simple approach of most prior works, e.g., the Ethereum Name Service, where all identity records are stored on the smart contract’s state, to illustrate several short comings of Ethereumand its cost model. To address these issues, and others, we introduce an alternative paradigm for developing smart contract-based applications in which their state is of constant size and facilitates the verification of application data that are stored to and queried from an external, potentially unreliable, storage network. This approach is relevant for a wide range of applications, such as any key-value store. We illustrate the efficacy of our approach by presenting a case study where we adapt the most widely deployed standard for fungible tokens, i.e., the ERC20 token standard, to our paradigm. We address Ethereum’s monotonically increasing state which, if left unchecked, will have a direct impact on Ethereum's security and, ultimately, its longevity. Weintroduce recurring fees that are proportional to the state of smart contracts and adjustable by the nodes (miners) that maintain the network. We propose a scheme where the cost of storage-related operations reflects the effort that miners have to expend to execute them. We show that under such apricing scheme that encourages economy in the state consumed by smart contracts, the constructions presented in this work reduce the incurred transaction fees by up to an order of magnitude. Weargue that these improvements are sensible for any smart contract platform that wishes to support user developed distributed applications.Οι υπηρεσίες ονοματοδοσίας παρέχουν τα απαραίτητα θεμέλια για την ανάπτυξη ποικίλων και σημαντικών εφαρμογών, όπως το ηλεκτρονικό εμπόριο και η ηλεκτρονική τραπεζική. Επί του παρόντος, αυτές οι υπηρεσίες ονοματοδοσίας βρίσκονται υπό τον έλεγχο κεντρικοποιημένων οντοτήτων, τις οποίες πρέπει να εμπιστευόμαστε ότι λειτουργούν σωστά. Δυστυχώς, η κεντρικοποίηση (εμπιστοσύνης) επιφέρει πολλά μειονεκτήματα όσον αφορά την ασφάλεια, τη διαθεσιμότητα και την ανοχή σφαλμάτων,όπως φαίνεται από μία πληθώρα περιστατικών ασφάλειας κατά τη διάρκεια των ετών όπου τέτοιες οντότητες έχουν παραβιαστεί. Η αποκέντρωση έχει προταθεί ως εναλλακτική λύση για την αντιμετώπιση αυτών των ζητημάτων. Παρ 'όλα αυτά,η αποκέντρωση εγείρει άλλα προβλήματα όπως, π.χ., η αντιμετώπιση της μη ανταποδοτικότητας και οι Σιβυλλικές επιθέσεις. Σε αυτή τη διατριβή, αξιοποιούμε την επεκτασιμότητα, την ασφάλεια, καθώς και τον ενσωματωμένο μηχανισμό παροχής κινήτρων των συστημάτων blockchain και προτείνουμε τον σχεδιασμό μιας αποκεντρωμένης υπηρεσίας ονοματοδοσίας βασισμένη σε έξυπνα συμβόλαια. Πιο συγκεκριμένα, είμαστε οι πρώτοι που παρουσιάζουμε τον πλήρη φορμαλισμό του προβλήματος σχεδιασμού υπηρεσιών ονοματοδοσίας στο πλαίσιο τoυ μοντέλου Γενικής Σύνθεσης και αποδεικνύουμε την ασφάλεια της κατασκευής μας υπό την ισχυρή υπόθεση RSA στο μοντέλο του Τυχαίου Μαντείου και την ύπαρξη μιας ιδεατής λειτουργικότητας έξυπνου συμβολαίου.Το κύριο εμπόδιο στην πραγματοποίηση μιας υπηρεσίας ονοματοδοσίας βασισμένη σε έξυπνα συμβόλαια είναι το μέγεθος της αποθηκευμένης πληροφορίας σε αυτά η οποία,όντας η πιο δαπανηρή πηγή πρόσβασης και τροποποίησης, θα πρέπει να ελαχιστοποιηθεί για να θεωρηθεί μια κατασκευή βιώσιμη. Επιλύουμε αυτό το ζήτημα ορίζοντας και χρησιμοποιώντας στην υπηρεσία ονοματοδοσίας μας έναν προσθετικό, παγκόσμιο κρυπτογραφικό συσσωρευτή δημόσιας κατάστασης σταθερού μεγέθους, ένα κρυπτογραφικό εργαλείο το οποίο μπορεί να είναι ανεξάρτητου ενδιαφέροντος στο πλαίσιο των πρωτοκόλλων blockchain. Αυτός ο συσσωρευτής προκαλεί αποθήκευση σταθερού μεγέθους πληροφορίας εις βάρος υπολογιστικής πολυπλοκότητας. Για να διερευνήσουμε το αντίκτυπο ανάμεσα σε αυτά τα δύο,προτείνουμε και υλοποιούμε μια δεύτερη κατασκευή, η οποία διατηρεί τις ιδιότητες ασφαλείας της πρώτης και, όπως απεικονίζεται μέσα από την αξιολόγησή μας, είναι η μόνη έκδοση με σταθερού μεγέθους αποθηκευμένη πληροφορία που μπορεί να αναπτυχθεί στη βασική αλυσίδα τουEthereum, της πιο αξιοσημείωτης δημόσιας πλατφόρμας έξυπνων συμβολαίων κατά τη στιγμή αυτής της γραφής. Συγκρίνουμε αυτές τις δύο κατασκευές με την απλή προσέγγιση των περισσότερων προηγούμενων υλοποιήσεων, π.χ., του EthereumName Service, όπου όλα τα αρχεία ταυτότητας αποθηκεύονται πάνω στο έξυπνο συμβόλαιο, για να καταδείξουμε αρκετές ελλείψεις του Ethereumκαι του μοντέλου κοστολόγησής του. Για την αντιμετώπιση αυτών των ζητημάτων, καθώς και άλλων,εισαγάγουμε ένα εναλλακτικό παράδειγμα για την ανάπτυξη εφαρμογών βασισμένες σε έξυπνα συμβόλαια στις οποίες το μέθεγος της αποθηκευμένης πληροφορίας σε αυτά είναι σταθερή και διευκολύνει την επαλήθευση των δεδομένων των εφαρμογών, τα οποία αποθηκεύονται σε και αναζητούνται από ένα εξωτερικό, δυνητικά αναξιόπιστο, δίκτυο αποθήκευσης. Αυτή η προσέγγιση είναι σχετική για ένα ευρύ φάσμα εφαρμογών, όπως κάθε σύστημα αποθήκευσης κλειδιών και τιμών.Δείχνουμε την αποτελεσματικότητα της προσέγγιση μας με την παρουσίαση μιας μελέτης όπου προσαρμόζουμε το πιο ευρέως αναπτυγμένο πρότυπο για ανταλλάξιμα νομίσματα, δηλ., το πρότυπο νομισμάτων ERC20.Αντιμετωπίζουμε τη μονοτονικά αυξανόμενη αποθηκευμένη πληροφορία του Ethereum η οποία, αν δεν ελεγχθεί, θα έχει άμεσο αντίκτυπο στην ασφάλεια του Ethereum και, τελικά, στη μακροζωία του. Εισαγάγουμε επαναλαμβανόμενα τέλη που είναι ανάλογα με την αποθηκευμένη πληροφορία στα έξυπνα συμβόλαια και ρυθμιζόμενα από τους κόμβους που διατηρούν το δίκτυο. Προτείνουμε ένα μοντέλο όπου το κόστος των λειτουργιών αποθήκευσης αντικατοπτρίζει την προσπάθεια που πρέπει να καταβάλουν οι κόμβοι για να τις εκτελέσουν. Δείχνουμε ότι κάτω από ένα τέτοιο σύστημα τιμολόγησης που ενθαρρύνει οικονομία στην αποθηκευμένη πληροφορία στα έξυπνα συμβόλαια, οι κατασκευές που παρουσιάζονται σε αυτή τη διατριβή μειώνουν τα τέλη συναλλαγών κατά μία τάξη μεγέθους. Υποστηρίζουμε ότι αυτές οι βελτιώσεις είναι λογικές για κάθε πλατφόρμα έξυπνων συμβολαίων που επιθυμεί να υποστηρίζει την ανάπτυξη αυθαίρετων κατανεμημένων εφαρμογών από τους χρήστες της

On the Practicality of a Smart Contract PKI

Public key infrastructures (PKIs) are one of the main building blocks for securing communications over the Internet. Currently, PKIs are under the control of centralized authorities, which is problematic as evidenced by numerous incidents where they have been compromised. The distributed, fault tolerant log of transactions provided by blockchains and more recently, smart contract platforms, constitutes a powerful tool for the decentralization of PKIs. To verify the validity of identity records, blockchain-based identity systems store on chain either all identity records, or, a small (or even constant) sized amount of data to verify identity records stored off chain. However, as most of these systems have never been implemented, there is little information regarding the practical implications of each design’s tradeoffs. In this work, we first implement and evaluate the only provably secure, smart contract based PKI of [1] on top of Ethereum. This construction incurs constant-sized storage at the expense of computational complexity. To explore this tradeoff, we propose and implement a second construction which, eliminates the need for trusted setup, preserves the security properties of [1] and, as illustrated through our evaluation, is the only version with constant-sized state that can be deployed on the live chain of Ethereum. Furthermore, we compare these two systems with the simple approach of most prior works, e.g., the Ethereum Name Service, where all identity records are stored on the smart contract’s state, to illustrate several shortcomings of Ethereum and its cost model. We propose several modifications for fine tuning the model, which would be useful to be considered for any smart contract platform like Ethereum so that it reaches its full potential to support arbitrary distributed applications

Interactive Consistency in practical, mostly-asynchronous systems

Interactive consistency is the problem in which n nodes, where up to t may be byzantine, each with its own private value, run an algorithm that allows all non-faulty nodes to infer the values of each other node. This problem is relevant to critical applications that rely on the combination of the opinions of multiple peers to provide a service. Examples include monitoring a content source to prevent equivocation or to track variability in the content provided, and resolving divergent state amongst the nodes of a distributed system. Previous works assume a fully synchronous system, where one can make strong assumptions such as negligible message delivery delays and/or detection of absent messages. However, practical, real-world systems are mostly asynchronous, i.e., they exhibit only some periods of synchrony during which message delivery is timely, thus requiring a different approach. In this paper, we present a thorough study on practical interactive consistency. We leverage the vast prior work on broadcast and byzantine consensus algorithms to design, implement and evaluate a set of algorithms, with varying timing assumptions and message complexity, that can be used to achieve interactive consistency in real-world distributed systems. We provide a complete, open-source implementation of each proposed interactive consistency algorithm by building a multilayered stack of protocols that include several broadcast protocols, as well as a binary and a multi-valued consensus protocol. Most of these protocols have never been implemented and evaluated in a real system before. We analyze the performance of our suite of algorithms experimentally by engaging in both single instance and multiple parallel instances of each alternative

D-DEMOS: A Distributed, End-to-end Verifiable, Internet Voting system

E-voting systems have emerged as a powerful technology for improving democracy by reducing election cost, increasing voter participation, and even allowing voters to directly verify the entire election procedure. Prior internet voting systems have single points of failure, which may result in the compromise of availability, voter secrecy, or integrity of the election results. In this paper, we present the design, implementation, security analysis, and evaluation of D-DEMOS, a complete e-voting system that is distributed, privacy-preserving and end-to-end verifiable. Our system includes a fully asynchronous vote collection subsystem that provides immediate assurance to the voter her vote was recorded as cast, without requiring cryptographic operations on behalf of the voter. We also include a distributed, replicated and fault-tolerant Bulletin Board component, that stores all necessary election-related information, and allows any party to read and verify the complete election process. Finally, we also incorporate trustees, i.e., individuals who control election result production while guaranteeing privacy and end-to-end-verifiability as long as their strong majority is honest. Our system is the first e-voting system whose voting operation is human verifiable, i.e., a voter can vote over the web, even when her web client stack is potentially unsafe, without sacrificing her privacy, and still be assured her vote was recorded as cast. Additionally, a voter can outsource election auditing to third parties, still without sacrificing privacy. Finally, as the number of auditors increases, the probability of election fraud going undetected is diminished exponentially. We provide a model and security analysis of the system. We implement a prototype of the complete system, we measure its performance experimentally, and we demonstrate its ability to handle large-scale elections