Validated Byzantine Asynchronous Multidimensional Approximate Agreement

Consider an asynchronous system where each node begins with some point in $\mathbb{R}^m$. Given some fixed $\epsilon > 0$, we wish to have every nonfaulty node eventually output a point in $\mathbb{R}^m$, where all outputs are within distance $\epsilon$ of each other, and are within the convex hull of the original nonfaulty inputs. This problem, when some of the nodes are adversarial, is known as the ``Byzantine Asynchronous Multidimensional Approximate Agreement'' problem. Previous landmark work by Mendes et al. and Vaidya et al. presented two solutions to the problem. Both of these solutions require exponential computation by each node in each round. Furthermore, the work provides a lower bound showing that it is impossible to solve the task of approximate agreement if $n\leq (m+2)t$, and thus the protocols assume that $n>(m+2)t$. We present a Byzantine Asynchronous Multidimensional Approximate Agreement protocol in the validated setting of Cachin et al. Our protocol terminates after a logarithmic number of rounds, and requires only polynomial computation in each round. Furthermore, it is resilient to $t<\frac{n}{3}$ Byzantine nodes, which we prove to be optimal in the validated setting. In other words, working on the task in the validated setting allows us to significantly improve on previous works in several significant metrics. In addition, the techniques presented in this paper can easily yield a protocol in the original non-validated setting which requires exponential computation only in the first round, and polynomial computation in every subsequent round

The Vulnerable Nature of Decentralized Governance in DeFi

Decentralized Finance (DeFi) platforms are often governed by Decentralized Autonomous Organizations (DAOs) which are implemented via governance protocols. Governance tokens are distributed to users of the platform, granting them voting rights in the platform's governance protocol. Many DeFi platforms have already been subject to attacks resulting in the loss of millions of dollars in user funds. In this paper we show that governance tokens are often not used as intended and may be harmful to the security of DeFi platforms. We show that (1) users often do not use governance tokens to vote, (2) that voting rates are negatively correlated to gas prices, (3) voting is very centralized. We explore vulnerabilities in the design of DeFi platform's governance protocols and analyze different governance attacks, focusing on the transferable nature of voting rights via governance tokens. Following the movement and holdings of governance tokens, we show they are often used to perform a single action and then sold off. We present evidence of DeFi platforms using other platforms' governance protocols to promote their own agenda at the expense of the host platform

Haze: A Compliant Privacy Mixer

Blockchains enable mutually distrustful parties to perform financial operations in a trustless, decentralized, publicly-verifiable environment. Blockchains typically offer little privacy, and thus motivated the construction of privacy mixers, a solution to make funds untraceable. Privacy mixers concern regulators due to their increasing use by bad actors to illegally conceal the origin of funds. Consequently, Tornado Cash, the largest privacy mixer to date is sanctioned by large portions of the Ethereum network. In this work, we present Haze, a compliant privacy mixer. Haze guarantees users\u27 privacy together with compliance, i.e., funds can be withdrawn as long as they were deposited from a non-banned address, without revealing any information on the matching deposit. We empirically evaluate our solution in a proof-of-concept system, demonstrating gas consumption for each deposit and withdrawal that is comparable to Tornado Cash for compliant users, and there is an optional feature for non-compliant funds to be released from the mixer to some predetermined entity. To the best of our knowledge, our solution is the first to guarantee compliance and privacy on the blockchain (on-chain) that is implemented via a smart contract. Finally, we introduce an alternative compliant privacy mixer protocol that supports de-anonymization of non-compliant users, at the cost of increased trust in the banned-addresses maintainer, which is realized in the two-server model

Epigenetic analyses in blood cells of men suspected of prostate cancer predict the outcome of biopsy better than serum PSA levels

Lymphocytes from the peripheral blood of patients with prostate cancer—the most frequent (noncutaneous) tumor in men—display epigenetic aberrations (altered modes of allelic replication) characteristic of the malignant phenotype. The present study aims to determine whether replication aberrations add certainty to the suspicion of prostate cancer provided by the prostate-specific antigen (PSA) blood test. The allelic replication mode (whether synchronous or asynchronous) was exemplified for RB1 and AML1. These two genes normally exhibit a synchronous mode of allelic replication. Fluorescence in situ hybridization (FISH) replication assay was used for replication analyses. The FISH assays were applied to PHA-stimulated lymphocytes, established from peripheral blood samples of 35 men referred to biopsy due to suspected prostate cancer. Following biopsy 13 out of these 35 men were found positive for prostate malignancy. The FISH assay—showing asynchronous or synchronous RB1 and AML1 replication—was able to predict, respectively, the results of all biopsy-positive men and in 18 out of the 22 biopsy-negative ones. These measurements, distinguishing biopsy-positive from biopsy-negative men, were highly significant (P < 10−8; 100% sensitivity and 81.8% specificity). Yet, distinguishing between the two groups of men based on the PSA measurements was nonsignificant (P > 0.70). The FISH replication assay applied to peripheral blood lymphocytes of 35 men referred for biopsy significantly predicted the outcome of the pathological examination, more precisely than the serum PSA test. As such, the epigenetic alteration offers a potential noninvasive blood marker, complementary to the PSA, for a preliminary prostate cancer diagnosis

Twilight: A Differentially Private Payment Channel Network

Payment channel networks (PCNs) provide a faster and cheaper alternative to transactions recorded on the blockchain. Clients can trustlessly establish payment channels with relays by locking coins and then send signed payments that shift coin balances over the network\u27s channels. Although payments are never published, anyone can track a client\u27s payment by monitoring changes in coin balances over the network\u27s channels. We present Twilight, the first PCN that provides a rigorous differential privacy guarantee to its users. Relays in Twilight run a noisy payment processing mechanism that hides the payments they carry. This mechanism increases the relay\u27s cost, so Twilight combats selfish relays that wish to avoid it using a trusted execution environment (TEE) that ensures they follow its protocol. The TEE does not store the channel\u27s state, which minimizes the trusted computing base. Crucially, Twilight ensures that even if a relay breaks the TEE\u27s security, it cannot break the integrity of the PCN. We analyze Twilight in terms of privacy and cost and study the trade-off between them. We implement Twilight using Intel\u27s SGX framework and evaluate its performance using relays deployed on two continents. We show that a route consisting of 4 relays handles 820 payments/sec

Suboptimality in DeFi

The Decentralized Finance (DeFi) ecosystem has proven to be immensely popular in facilitating financial operations such as lending and exchanging assets, with Ethereum-based platforms holding a combined amount of more than 30 billion USD. The public availability of these platforms\u27 code together with real-time data on all user interactions and platform liquidity has given rise to sophisticated automatic tools that recognize profit opportunities on behalf of users and seize them. In this work, we formalize three core DeFi primitives which together are responsible for a daily volume of over 100 million USD in Ethereum-based platforms alone: (1) lending and borrowing funds, (2) liquidation of insolvent loans, and (3) using flash-swaps to close arbitrage opportunities between cryptocurrency exchanges. The profit which can be made from each primitive is then cast as an optimization problem that can be readily solved. We use our formalization to analyze several case studies for each primitive, showing that popular platforms and tools which promise to automatically optimize profits for users, actually fall short. In specific instances, the profits can be increased by more than 100%, with highest amount of ``missed\u27\u27 revenue by a single suboptimal action equal to 428.14 ETH, or roughly 517K USD. Finally, we show that many missed opportunities to make a profit do not go unnoticed by other users. Indeed, suboptimal transactions are sometimes immediately followed by ``trailing\u27\u27 back-running transactions which extract additional profits using similar actions. By analyzing a subset of such events, we uncover that some users who frequently create such trailing transactions are heavily tied to specific miners, meaning that all of their transactions appear only in blocks mined by one miner in particular. As some of the backrun non-optimal transactions are private, we hypothesize that the users who create them are, in fact, miners (or users collaborating with miners) who use inside information known only to them to make a profit, thus gaining an unfair advantage