2023 |
Rodler, Michael; Paaßen, David; Li, Wenting; Bernhard, Lukas; Holz, Thorsten; Karame, Ghassan; Davi, Lucas EF/CF: High Performance Smart Contract Fuzzing for Exploit Generation Inproceedings IEEE EuroS&P’23, 2023. @inproceedings{Rodler2023, title = {EF/CF: High Performance Smart Contract Fuzzing for Exploit Generation}, author = {Michael Rodler and David Paaßen and Wenting Li and Lukas Bernhard and Thorsten Holz and Ghassan Karame and Lucas Davi}, url = {https://eurosp2023.ieee-security.org/program.html}, year = {2023}, date = {2023-07-03}, booktitle = {IEEE EuroS&P’23}, keywords = {}, pubstate = {published}, tppubtype = {inproceedings} } |
Faust, Sebastian; Hazay, Carmit; Kretzler, David; Schlosser, Benjamin Putting the Online Phase on a Diet: Covert Security from Short MACs Inproceedings CT-RSA 2023, 2023. @inproceedings{Faust2023, title = {Putting the Online Phase on a Diet: Covert Security from Short MACs}, author = {Sebastian Faust and Carmit Hazay and David Kretzler and Benjamin Schlosser}, year = {2023}, date = {2023-04-24}, booktitle = {CT-RSA 2023}, keywords = {}, pubstate = {published}, tppubtype = {inproceedings} } |
Esser, Andre; Zweydinger, Floyd New Time-Memory Trade-Offs for Subset Sum - Improving ISD in Theory and Practice Inproceedings Eurocrypt 2023, 2023. @inproceedings{Esser2022b, title = {New Time-Memory Trade-Offs for Subset Sum - Improving ISD in Theory and Practice}, author = {Andre Esser and Floyd Zweydinger}, url = {https://eprint.iacr.org/2022/1329}, year = {2023}, date = {2023-04-23}, booktitle = {Eurocrypt 2023}, abstract = {We propose new time-memory trade-offs for the random subset sum problem defined on over . Our trade-offs yield significant running time improvements for every fixed memory limit . Furthermore, we interpolate to the running times of the fastest known algorithms when memory is not limited. Technically, our design introduces a pruning strategy to the construction by Becker-Coron-Joux (BCJ) that allows for an exponentially small success probability. We compensate for this reduced probability by multiple randomized executions. Our main improvement stems from the clever reuse of parts of the computation in subsequent executions to reduce the time complexity per iteration. As an application of our construction, we derive the first non-trivial time-memory trade-offs for Information Set Decoding (ISD) algorithms. Our new algorithms improve on previous (implicit) trade-offs asymptotically as well as practically. Moreover, our optimized implementation also improves on running time, due to reduced memory access costs. We demonstrate this by obtaining a new record computation in decoding quasi-cyclic codes (QC-3138). Using our newly obtained data points we then extrapolate the hardness of suggested parameter sets for the NIST PQC fourth round candidates McEliece, BIKE and HQC, lowering previous estimates by up to 6 bits and further increasing their reliability.}, howpublished = {Cryptology ePrint Archive, Paper 2022/1329}, keywords = {}, pubstate = {published}, tppubtype = {inproceedings} } We propose new time-memory trade-offs for the random subset sum problem defined on over . Our trade-offs yield significant running time improvements for every fixed memory limit . Furthermore, we interpolate to the running times of the fastest known algorithms when memory is not limited. Technically, our design introduces a pruning strategy to the construction by Becker-Coron-Joux (BCJ) that allows for an exponentially small success probability. We compensate for this reduced probability by multiple randomized executions. Our main improvement stems from the clever reuse of parts of the computation in subsequent executions to reduce the time complexity per iteration. As an application of our construction, we derive the first non-trivial time-memory trade-offs for Information Set Decoding (ISD) algorithms. Our new algorithms improve on previous (implicit) trade-offs asymptotically as well as practically. Moreover, our optimized implementation also improves on running time, due to reduced memory access costs. We demonstrate this by obtaining a new record computation in decoding quasi-cyclic codes (QC-3138). Using our newly obtained data points we then extrapolate the hardness of suggested parameter sets for the NIST PQC fourth round candidates McEliece, BIKE and HQC, lowering previous estimates by up to 6 bits and further increasing their reliability. |
Frassetto, Tommaso; Jauernig, Patrick; Koisser, David; Kretzler, David; Schlosser, Benjamin; Faust, Sebastian; Sadeghi, Ahmad-Reza POSE: Practical Off-chain Smart Contract Execution Inproceedings NDSS 2023, 2023. @inproceedings{POSE:NDSS:2023, title = {POSE: Practical Off-chain Smart Contract Execution}, author = {Tommaso Frassetto and Patrick Jauernig and David Koisser and David Kretzler and Benjamin Schlosser and Sebastian Faust and Ahmad-Reza Sadeghi}, year = {2023}, date = {2023-02-01}, booktitle = {NDSS 2023}, keywords = {}, pubstate = {published}, tppubtype = {inproceedings} } |
Kölbel, Tobias; Härdtner, Mahia-Cara; Weinhardt, Christof Enterprise Business Models Leveraging Self-Sovereign Identity: Towards a User-Empowering Me2X Economy Inproceedings Hawaii International Conference on System Sciences (HICSS), 2023. @inproceedings{Kölbel2023b, title = {Enterprise Business Models Leveraging Self-Sovereign Identity: Towards a User-Empowering Me2X Economy}, author = {Tobias Kölbel and Mahia-Cara Härdtner and Christof Weinhardt}, year = {2023}, date = {2023-01-03}, booktitle = { Hawaii International Conference on System Sciences (HICSS)}, abstract = {The Self-Sovereign Identity (SSI) paradigm aims to transition online identity silos exhibiting privacy issues to user-controlled sharing mechanisms. While various governments back and promote its development, business models often play a subordinate role in these efforts. Building on academic literature and practical projects, our study addresses this and contributes a taxonomy of business enabled by SSI with 12 dimensions, 9 sub-dimensions, and 51 characteristics.}, keywords = {}, pubstate = {published}, tppubtype = {inproceedings} } The Self-Sovereign Identity (SSI) paradigm aims to transition online identity silos exhibiting privacy issues to user-controlled sharing mechanisms. While various governments back and promote its development, business models often play a subordinate role in these efforts. Building on academic literature and practical projects, our study addresses this and contributes a taxonomy of business enabled by SSI with 12 dimensions, 9 sub-dimensions, and 51 characteristics. |
Kölbel, Tobias ; Linkenheil, Marcel ; Weinhardt, Christof Requirements and Design Principles for Blockchain-enabled Matchmaking-Marketplaces in Additive Manufacturing Inproceedings Hawaii International Conference on System Sciences (HICSS), 2023. @inproceedings{Kölbel2023, title = {Requirements and Design Principles for Blockchain-enabled Matchmaking-Marketplaces in Additive Manufacturing}, author = {Kölbel, Tobias and Linkenheil, Marcel and Weinhardt, Christof}, url = {https://www.researchgate.net/publication/364225723_Requirements_and_Design_Principles_for_Blockchain-enabled_Matchmaking-Marketplaces_in_Additive_Manufacturing}, year = {2023}, date = {2023-01-03}, booktitle = { Hawaii International Conference on System Sciences (HICSS)}, abstract = {Blockchain-enabled marketplaces offer considerable potential for cross-company networks. The area of additive manufacturing appears particularly promising. However, the practical impact of business-to-business marketplaces in today's organizations are still scarce, and academic literature contains limited design guidelines. Synthesizing knowledge from literature, practice, and qualitative expert interviews, our study explores 27 mandatory requirements, six optional requirements, and 12 design principles.}, keywords = {}, pubstate = {published}, tppubtype = {inproceedings} } Blockchain-enabled marketplaces offer considerable potential for cross-company networks. The area of additive manufacturing appears particularly promising. However, the practical impact of business-to-business marketplaces in today's organizations are still scarce, and academic literature contains limited design guidelines. Synthesizing knowledge from literature, practice, and qualitative expert interviews, our study explores 27 mandatory requirements, six optional requirements, and 12 design principles. |
2022 |
Bellini, Emanuele; Chávez-Saab, Jorge; Chi-Domínguez, Jesús-Javier; Esser, Andre; Ionica, Sorina; Rivera-Zamarripa, Luis; Rodríguez-Henríquez, Francisco; Trimoska, Monika; Zweydinger, Floyd Parallel Isogeny Path Finding with Limited Memory Inproceedings Isobe, Takanori; Sarkar, Santanu (Ed.): Progress in Cryptology - {INDOCRYPT} 2022 - 23rd International Conference on Cryptology in India, Kolkata, India, December 11-14, 2022, Proceedings, pp. 294–316, Springer, 2022. @inproceedings{Bellini2022, title = {Parallel Isogeny Path Finding with Limited Memory}, author = {Emanuele Bellini and Jorge Chávez-Saab and Jesús-Javier Chi-Domínguez and Andre Esser and Sorina Ionica and Luis Rivera-Zamarripa and Francisco Rodríguez-Henríquez and Monika Trimoska and Floyd Zweydinger}, editor = {Takanori Isobe and Santanu Sarkar}, url = {https://doi.org/10.1007/978-3-031-22912-1_13}, doi = {10.1007/978-3-031-22912-1_13}, year = {2022}, date = {2022-12-11}, booktitle = {Progress in Cryptology - {INDOCRYPT} 2022 - 23rd International Conference on Cryptology in India, Kolkata, India, December 11-14, 2022, Proceedings}, journal = {Progress in Cryptology - {INDOCRYPT} 2022 - 23rd International Conference on Cryptology in India, Kolkata, India, December 11-14, 2022, Proceedings}, volume = {13774}, pages = {294--316}, publisher = {Springer}, keywords = {}, pubstate = {published}, tppubtype = {inproceedings} } |
Sterk, Felix; Heinz, Daniel; Peukert, Christian; Fleuchaus, Felix; Kölbel, Tobias; Weinhardt, Christof Fostering Value Co-Creation in Incumbent Firms: The Case of Bosch’s IoT Ecosystem Landscape Inproceedings International Conference on Information Systems (ICIS) 2022, 2022. @inproceedings{Sterk2022, title = {Fostering Value Co-Creation in Incumbent Firms: The Case of Bosch’s IoT Ecosystem Landscape}, author = {Felix Sterk and Daniel Heinz and Christian Peukert and Felix Fleuchaus and Tobias Kölbel and Christof Weinhardt}, year = {2022}, date = {2022-12-01}, booktitle = {International Conference on Information Systems (ICIS) 2022}, abstract = {The advent of the Internet of Things (IoT) forces incumbent firms to reshape their organizational structures toward platform ecosystems. However, prior research lacks concrete insights about how incumbent firms can foster value co-creation to become ecosystem orchestrators. In particular, it only sheds little light on the complex challenges incumbents face in designing and governing IoT platform ecosystems. In response, we present a single case study describing how the departments of Robert Bosch GmbH, a leading IoT company, overcame these challenges in three dimensions—IoT ecosystem, IoT platform, and value co-creation. We tie in our research with the existing body of literature, identify four prevailing tensions in ecosystem establishment, and provide actionable design and governance recommendations to resolve them.}, keywords = {}, pubstate = {published}, tppubtype = {inproceedings} } The advent of the Internet of Things (IoT) forces incumbent firms to reshape their organizational structures toward platform ecosystems. However, prior research lacks concrete insights about how incumbent firms can foster value co-creation to become ecosystem orchestrators. In particular, it only sheds little light on the complex challenges incumbents face in designing and governing IoT platform ecosystems. In response, we present a single case study describing how the departments of Robert Bosch GmbH, a leading IoT company, overcame these challenges in three dimensions—IoT ecosystem, IoT platform, and value co-creation. We tie in our research with the existing body of literature, identify four prevailing tensions in ecosystem establishment, and provide actionable design and governance recommendations to resolve them. |
Erwig, Andreas ; Riahi, Siavash Deterministic Wallets for Adaptor Signatures Inproceedings Atluri, Vijayalakshmi ; Di Pietro, Roberto ; Jensen, Christian D; Meng, Weizhi (Ed.): Computer Security - ESORICS 2022, pp. 487–506, Springer, 2022, ISBN: 978-3-031-17146-8. @inproceedings{Erwig2022, title = {Deterministic Wallets for Adaptor Signatures}, author = {Erwig, Andreas and Riahi, Siavash}, editor = {Atluri, Vijayalakshmi and Di Pietro, Roberto and Jensen, Christian D. and Meng, Weizhi}, isbn = {978-3-031-17146-8}, year = {2022}, date = {2022-09-26}, booktitle = {Computer Security - ESORICS 2022}, pages = {487--506}, publisher = {Springer}, abstract = {Adaptor signatures are a new cryptographic primitive that binds the authentication of a message to the revelation of a secret value. In recent years, this primitive has gained increasing popularity both in academia and practice due to its versatile use-cases in different Blockchain applications such as atomic swaps and payment channels. The security of these applications, however, crucially relies on users storing and maintaining the secret values used by adaptor signatures in a secure way. For standard digital signature schemes, cryptographic wallets have been introduced to guarantee secure storage of keys and execution of the signing procedure. However, no prior work has considered cryptographic wallets for adaptor signatures. }, keywords = {}, pubstate = {published}, tppubtype = {inproceedings} } Adaptor signatures are a new cryptographic primitive that binds the authentication of a message to the revelation of a secret value. In recent years, this primitive has gained increasing popularity both in academia and practice due to its versatile use-cases in different Blockchain applications such as atomic swaps and payment channels. The security of these applications, however, crucially relies on users storing and maintaining the secret values used by adaptor signatures in a secure way. For standard digital signature schemes, cryptographic wallets have been introduced to guarantee secure storage of keys and execution of the signing procedure. However, no prior work has considered cryptographic wallets for adaptor signatures. |
Lichti, Constantin; Sandner, Philipp; Schaub, Benjamin The Green Bitcoin - CO2 Compensation for the World’s Largest Cryptocurrency Miscellaneous Medium.com, 2022. @misc{Lichti2022, title = {The Green Bitcoin - CO2 Compensation for the World’s Largest Cryptocurrency}, author = {Constantin Lichti and Philipp Sandner and Benjamin Schaub}, url = {https://philippsandner.medium.com/the-green-bitcoin-co2-compensation-for-the-worlds-largest-cryptocurrency-2675c8a11cc7}, year = {2022}, date = {2022-09-11}, abstract = {Although it has only existed for less than 13 years, Bitcoin has had an eventful history. The environmental impact of Bitcoin — particularly mining — is becoming an increasingly pressing issue in this regard. The important thing here is that electricity consumption should not be moralized. Otherwise, Christmas lighting would also be questioned in large parts of the globe. The real question is which energy sources are being used — renewables or fossil fuels. In fact, the consumption profile of the Bitcoin network is similar to an average German kilowatt-hour. Specifically, the kilowatt-hour from a German socket is no less “brown” or “green” than the consumption profile of the Bitcoin network. Likewise, Bitcoin helps people in countries that do not have such stable institutions as in Europe or the United States. Bitcoin helps people as a “technology institution”, in countries with very high inflation or unstable or corrupt regimes. This benefit to many people worldwide should therefore be contrasted with the power consumption — more correctly, the power consumption profile of the Bitcoin network. However, one of the biggest criticisms of Bitcoin in recent years has been its electricity consumption and the associated CO2eq emissions, i.e., the greenhouse gases emitted, measured as CO2 equivalents that result from maintaining the Bitcoin network.}, howpublished = {Medium.com}, keywords = {}, pubstate = {published}, tppubtype = {misc} } Although it has only existed for less than 13 years, Bitcoin has had an eventful history. The environmental impact of Bitcoin — particularly mining — is becoming an increasingly pressing issue in this regard. The important thing here is that electricity consumption should not be moralized. Otherwise, Christmas lighting would also be questioned in large parts of the globe. The real question is which energy sources are being used — renewables or fossil fuels. In fact, the consumption profile of the Bitcoin network is similar to an average German kilowatt-hour. Specifically, the kilowatt-hour from a German socket is no less “brown” or “green” than the consumption profile of the Bitcoin network. Likewise, Bitcoin helps people in countries that do not have such stable institutions as in Europe or the United States. Bitcoin helps people as a “technology institution”, in countries with very high inflation or unstable or corrupt regimes. This benefit to many people worldwide should therefore be contrasted with the power consumption — more correctly, the power consumption profile of the Bitcoin network. However, one of the biggest criticisms of Bitcoin in recent years has been its electricity consumption and the associated CO2eq emissions, i.e., the greenhouse gases emitted, measured as CO2 equivalents that result from maintaining the Bitcoin network. |
May, Alexander; Zweydinger, Floyd Legendre PRF (Multiple) Key Attacks and the Power of Preprocessing Inproceedings 35th IEEE Computer Security Foundations Symposium, pp. 11, IEEE, 2022. @inproceedings{May2022, title = {Legendre PRF (Multiple) Key Attacks and the Power of Preprocessing}, author = {Alexander May and Floyd Zweydinger}, url = {https://iblockchain-projekt.de/wp-content/uploads/2021/08/2021-645.pdf https://eprint.iacr.org/2021/645 https://www.ieee-security.org/TC/CSF2022/index.html}, year = {2022}, date = {2022-08-01}, booktitle = {35th IEEE Computer Security Foundations Symposium}, pages = {11}, publisher = {IEEE}, keywords = {}, pubstate = {published}, tppubtype = {inproceedings} } |
Kölbel, Tobias; Lamberty, Ricky; Sterk, Felix; Weinhardt, Christof Spotlight on DeFi Centerpieces Towards an Economic Perspective on Asset Tokenization Services Inproceedings Pacific Asia Conference on Information Systems: PACIS 2022 Proceedings, 2022. @inproceedings{Kölbel2022b, title = {Spotlight on DeFi Centerpieces Towards an Economic Perspective on Asset Tokenization Services}, author = {Tobias Kölbel and Ricky Lamberty and Felix Sterk and Christof Weinhardt}, url = {https://www.researchgate.net/profile/Tobias-Koelbel/publication/361640176_Spotlight_on_DeFi_Centerpieces_Towards_an_Economic_Perspective_on_Asset_Tokenization_Services/links/62bd95ff77df1c0ce2ca5c11/Spotlight-on-DeFi-Centerpieces-Towards-an-Economic-Perspective-on-Asset-Tokenization-Services.pdf}, year = {2022}, date = {2022-07-05}, booktitle = {Pacific Asia Conference on Information Systems: PACIS 2022 Proceedings}, abstract = {Experts consider tokenization a potentially disruptive blockchain-based innovation. Cryptographic tokens can represent ownership of tangible and intangible assets in the digital space, serve as a store of value and proof of ownership, and enable investments in historically illiquid assets. While there are promising use cases for these new technological capabilities, research on economic perspectives is still in its infancy. Therefore, we focus on asset tokenization services, develop a taxonomy following Nickerson et al.(2013), and align our analysis with established business model dimensions. Our dataset is based on a three-stage approach incorporating academic literature, consulting reports, and real-world projects. As a result, we identify 16 dimensions, 14 sub-dimensions, and 101 characteristics that improve our understanding of asset tokenization services and provide a starting point for further research.}, keywords = {}, pubstate = {published}, tppubtype = {inproceedings} } Experts consider tokenization a potentially disruptive blockchain-based innovation. Cryptographic tokens can represent ownership of tangible and intangible assets in the digital space, serve as a store of value and proof of ownership, and enable investments in historically illiquid assets. While there are promising use cases for these new technological capabilities, research on economic perspectives is still in its infancy. Therefore, we focus on asset tokenization services, develop a taxonomy following Nickerson et al.(2013), and align our analysis with established business model dimensions. Our dataset is based on a three-stage approach incorporating academic literature, consulting reports, and real-world projects. As a result, we identify 16 dimensions, 14 sub-dimensions, and 101 characteristics that improve our understanding of asset tokenization services and provide a starting point for further research. |
Richter, David ; Kretzler, David ; Weisenburger, Pascal ; Salvaneschi, Guido ; Faust, Sebastian ; Mezini, Mira Prisma: A Tierless Language for Enforcing Contract-Client Protocols in Decentralized Applications (Extended Abstract) Inproceedings 36th European Conference on Object-Oriented Programming (ECOOP 2022), pp. 35:1–35:4, Schloss Dagstuhl -- Leibniz-Zentrum für Informatik, 2022, ISBN: 978-3-95977-225-9. @inproceedings{richter_et_al:LIPIcs.ECOOP.2022.35, title = {Prisma: A Tierless Language for Enforcing Contract-Client Protocols in Decentralized Applications (Extended Abstract)}, author = {Richter, David and Kretzler, David and Weisenburger, Pascal and Salvaneschi, Guido and Faust, Sebastian and Mezini, Mira}, url = {https://drops.dagstuhl.de/opus/volltexte/2022/16263/pdf/LIPIcs-ECOOP-2022-35.pdf}, doi = {10.4230/LIPIcs.ECOOP.2022.35}, isbn = {978-3-95977-225-9}, year = {2022}, date = {2022-06-23}, booktitle = {36th European Conference on Object-Oriented Programming (ECOOP 2022)}, pages = {35:1--35:4}, publisher = {Schloss Dagstuhl -- Leibniz-Zentrum für Informatik}, series = {Leibniz International Proceedings in Informatics (LIPIcs)}, abstract = {Decentralized applications (dApps) consist of smart contracts that run on blockchains and clients that model collaborating parties. dApps are used to model financial and legal business functionality. Today, contracts and clients are written as separate programs - in different programming languages - communicating via send and receive operations. This makes distributed program flow awkward to express and reason about, increasing the potential for mismatches in the client-contract interface, which can be exploited by malicious clients, potentially leading to huge financial losses. In this paper, we present Prisma, a language for tierless decentralized applications, where the contract and its clients are defined in one unit. Pairs of send and receive actions that "belong together" are encapsulated into a single direct-style operation, which is executed differently by sending and receiving parties. This enables expressing distributed program flow via standard control flow and renders mismatching communication impossible. We prove formally that our compiler preserves program behavior in presence of an attacker controlling the client code. We systematically compare Prisma with mainstream and advanced programming models for dApps and provide empirical evidence for its expressiveness and performance. The design space of dApp programming and other multi-party languages depends on one major choice: a local model versus a global model. In a local model, parties are defined in separate programs and their interactions are encoded via send and receive effects. In a global language, parties are defined within one shared program and interactions are encoded via combined send-and-receive operations with no effects visible to the outside world. The global model is followed by tierless [Christian Queinnec, 2000; Cooper et al., 2007; Choi and Chang, 2019; Fowler et al., 2019; Serrano et al., 2006; Serrano and Prunet, 2016; Radanne et al., 2016; Weisenburger et al., 2018] and choreographic [Kohei Honda et al., 2011; Fabrizio Montesi et al., 2014; Saverio Giallorenzo et al., 2020] languages. However, known approaches to dApp programming follow the local model, thus rely on explicitly specifying the client-contract interaction protocol. Moreover, the contract and clients are implemented in different languages, hence, developers have to master two technology stacks. The dominating approach in industry is Solidity [Mix, 2019] for the contract and JavaScript for clients. Solidity relies on expressing the protocol using assertions in the contract code, which are checked at run time [Solidity documentation - common patterns, 2020]. Failing to insert the correct assertions may give parties illegal access to monetary values to the detriment of others [Nikolić et al., 2018; Luu et al., 2016]. In research, contract languages [Ankush Das et al., 2019; Michael J. Coblenz, 2017; Franklin Schrans et al., 2018; Franklin Schrans et al., 2019; Michael J. Coblenz et al., 2019; Michael J. Coblenz et al., 2019; Reed Oei et al., 2020; Sam Blackshear et al., 2019] have been proposed that rely on advanced type systems such as session types, type states, and linear types. The global model has not been explored for dApp programming. This is unfortunate given the potential to get by with a standard typing discipline and to avoid intricacies and potential mismatches of a two-language stack. Our work fills this gap by proposing Prisma - the first language that features a global programming model for Ethereum dApps. While we focus on the Ethereum blockchain, we believe our techniques to be applicable to other smart contract platforms. Prisma enables interleaving contract and client logic within the same program and adopts a direct style (DS) notation for encoding send-and-receive operations (with our awaitCl language construct) akin to languages with async/await [Gavin M. Bierman et al., 2012; Scala async rfc]. DS addresses shortcomings with the currently dominant encoding of the protocol’s finite state machines (FSM) [Mix, 2019; Michael J. Coblenz, 2017; Franklin Schrans et al., 2018; Franklin Schrans et al., 2019; Michael J. Coblenz et al., 2019; Michael J. Coblenz et al., 2019]. We argue writing FSM style corresponds to a control-flow graph of basic blocks, which is low-level and more suited to be written by a compiler than by a human. With FSM style, the contract is a passive entity whose execution is driven by clients. whereas the DS encoding allows the contract to actively ask clients for input, fitting dApp execution where a dominant contract controls execution and diverts control to other parties when their input is needed. In the following Prisma snippet, the payout function is a function invoked by the contract when it is time to pay money to a client. In Prisma, variables, methods and classes are separated into two namespaces, one for the contract and one for the clients. The payout method is located on the contract via the annotation @co. The body of the method diverts the control to the client using awaitCl(...) { ... }, hence the contained readLine call is executed on the client. Note that no explicit send/receive operations are needed but the communication protocol is expressed through the program control flow. Only after the check client == toBePayed that the correct client replied, the current contact balance balance() is transferred to the client via transfer. @co def payout(toBePayed: Arr[Address]): Unit = { awaitCl(client => client == toBePayed) { readLine("Press enter for payout") } toBePayed.transfer(balance()) } Overall, Prisma relieves the developer from the responsibility of correctly managing distributed, asynchronous program flows and the heterogeneous technology stack. Instead, the burden is put on the compiler, which distributes the program flow by means of selective continuation-passing-style (CPS) translation and defunctionalisation and inserts guards against malicious client interactions. We needed to develop a CPS translation for the code that runs on the Ethereum Virtual Machine (EVM) since the EVM has no built-in support for concurrency primitives which could be used for asynchronous communication. While CPS translations are well-known, we cannot use them out-of-the-box because the control flow is interwoven with distribution in our case. A CPS translation that does not take distribution into account would allow malicious clients to force the contract to deviate from the intended control flow by sending a spoofed continuation. Thus, it was imperative to prove correctness of our distributed CPS translation to ensure control-flow integrity of the contract. }, keywords = {}, pubstate = {published}, tppubtype = {inproceedings} } Decentralized applications (dApps) consist of smart contracts that run on blockchains and clients that model collaborating parties. dApps are used to model financial and legal business functionality. Today, contracts and clients are written as separate programs - in different programming languages - communicating via send and receive operations. This makes distributed program flow awkward to express and reason about, increasing the potential for mismatches in the client-contract interface, which can be exploited by malicious clients, potentially leading to huge financial losses. In this paper, we present Prisma, a language for tierless decentralized applications, where the contract and its clients are defined in one unit. Pairs of send and receive actions that "belong together" are encapsulated into a single direct-style operation, which is executed differently by sending and receiving parties. This enables expressing distributed program flow via standard control flow and renders mismatching communication impossible. We prove formally that our compiler preserves program behavior in presence of an attacker controlling the client code. We systematically compare Prisma with mainstream and advanced programming models for dApps and provide empirical evidence for its expressiveness and performance. The design space of dApp programming and other multi-party languages depends on one major choice: a local model versus a global model. In a local model, parties are defined in separate programs and their interactions are encoded via send and receive effects. In a global language, parties are defined within one shared program and interactions are encoded via combined send-and-receive operations with no effects visible to the outside world. The global model is followed by tierless [Christian Queinnec, 2000; Cooper et al., 2007; Choi and Chang, 2019; Fowler et al., 2019; Serrano et al., 2006; Serrano and Prunet, 2016; Radanne et al., 2016; Weisenburger et al., 2018] and choreographic [Kohei Honda et al., 2011; Fabrizio Montesi et al., 2014; Saverio Giallorenzo et al., 2020] languages. However, known approaches to dApp programming follow the local model, thus rely on explicitly specifying the client-contract interaction protocol. Moreover, the contract and clients are implemented in different languages, hence, developers have to master two technology stacks. The dominating approach in industry is Solidity [Mix, 2019] for the contract and JavaScript for clients. Solidity relies on expressing the protocol using assertions in the contract code, which are checked at run time [Solidity documentation - common patterns, 2020]. Failing to insert the correct assertions may give parties illegal access to monetary values to the detriment of others [Nikolić et al., 2018; Luu et al., 2016]. In research, contract languages [Ankush Das et al., 2019; Michael J. Coblenz, 2017; Franklin Schrans et al., 2018; Franklin Schrans et al., 2019; Michael J. Coblenz et al., 2019; Michael J. Coblenz et al., 2019; Reed Oei et al., 2020; Sam Blackshear et al., 2019] have been proposed that rely on advanced type systems such as session types, type states, and linear types. The global model has not been explored for dApp programming. This is unfortunate given the potential to get by with a standard typing discipline and to avoid intricacies and potential mismatches of a two-language stack. Our work fills this gap by proposing Prisma - the first language that features a global programming model for Ethereum dApps. While we focus on the Ethereum blockchain, we believe our techniques to be applicable to other smart contract platforms. Prisma enables interleaving contract and client logic within the same program and adopts a direct style (DS) notation for encoding send-and-receive operations (with our awaitCl language construct) akin to languages with async/await [Gavin M. Bierman et al., 2012; Scala async rfc]. DS addresses shortcomings with the currently dominant encoding of the protocol’s finite state machines (FSM) [Mix, 2019; Michael J. Coblenz, 2017; Franklin Schrans et al., 2018; Franklin Schrans et al., 2019; Michael J. Coblenz et al., 2019; Michael J. Coblenz et al., 2019]. We argue writing FSM style corresponds to a control-flow graph of basic blocks, which is low-level and more suited to be written by a compiler than by a human. With FSM style, the contract is a passive entity whose execution is driven by clients. whereas the DS encoding allows the contract to actively ask clients for input, fitting dApp execution where a dominant contract controls execution and diverts control to other parties when their input is needed. In the following Prisma snippet, the payout function is a function invoked by the contract when it is time to pay money to a client. In Prisma, variables, methods and classes are separated into two namespaces, one for the contract and one for the clients. The payout method is located on the contract via the annotation @co. The body of the method diverts the control to the client using awaitCl(...) { ... }, hence the contained readLine call is executed on the client. Note that no explicit send/receive operations are needed but the communication protocol is expressed through the program control flow. Only after the check client == toBePayed that the correct client replied, the current contact balance balance() is transferred to the client via transfer. @co def payout(toBePayed: Arr[Address]): Unit = { awaitCl(client => client == toBePayed) { readLine("Press enter for payout") } toBePayed.transfer(balance()) } Overall, Prisma relieves the developer from the responsibility of correctly managing distributed, asynchronous program flows and the heterogeneous technology stack. Instead, the burden is put on the compiler, which distributes the program flow by means of selective continuation-passing-style (CPS) translation and defunctionalisation and inserts guards against malicious client interactions. We needed to develop a CPS translation for the code that runs on the Ethereum Virtual Machine (EVM) since the EVM has no built-in support for concurrency primitives which could be used for asynchronous communication. While CPS translations are well-known, we cannot use them out-of-the-box because the control flow is interwoven with distribution in our case. A CPS translation that does not take distribution into account would allow malicious clients to force the contract to deviate from the intended control flow by sending a spoofed continuation. Thus, it was imperative to prove correctness of our distributed CPS translation to ensure control-flow integrity of the contract. |
Das, Poulami; Eckey, Lisa; Faust, Sebastian; Loss, Julian; Maitra, Monosij Round Efficient Byzantine Agreement from VDFs Miscellaneous Cryptology ePrint Archive, Paper 2022/823, 2022. @misc{Das2022, title = {Round Efficient Byzantine Agreement from VDFs}, author = {Poulami Das and Lisa Eckey and Sebastian Faust and Julian Loss and Monosij Maitra}, url = {https://eprint.iacr.org/2022/823}, year = {2022}, date = {2022-06-23}, howpublished = {Cryptology ePrint Archive, Paper 2022/823}, keywords = {}, pubstate = {published}, tppubtype = {misc} } |
Esser, Andre; Zweydinger, Floyd; May, Alexander McEliece needs a Break -- Solving McEliece-1284 and Quasi-Cyclic-2918 with Modern ISD Inproceedings Eurocrypt 2022 , IACR, 2022. @inproceedings{Esser2022, title = {McEliece needs a Break -- Solving McEliece-1284 and Quasi-Cyclic-2918 with Modern ISD }, author = {Andre Esser and Floyd Zweydinger and Alexander May }, url = {https://eprint.iacr.org/2021/1634}, year = {2022}, date = {2022-05-30}, booktitle = {Eurocrypt 2022 }, publisher = {IACR}, abstract = {With the recent shift to post-quantum algorithms it becomes increasingly important to provide precise bit-security estimates for code-based cryptography such as McEliece and quasi-cyclic schemes like BIKE and HQC. While there has been significant progress on information set decoding (ISD) algorithms within the last decade, it is still unclear to which extent this affects current cryptographic security estimates. We provide the first concrete implementations for representation-based ISD, such as May-Meurer-Thomae (MMT) or Becker-Joux-May-Meurer (BJMM), that are parameter-optimized for the McEliece and quasi-cyclic setting. Although MMT and BJMM consume more memory than naive ISD algorithms like Prange, we demonstrate that these algorithms lead to significant speedups for practical cryptanalysis on medium-sized instances (around 60 bit). More concretely, we provide data for the record computations of McEliece-1223 and McEliece-1284 (old record: 1161), and for the quasi-cyclic setting up to code length 2918 (before: 1938). Based on our record computations we extrapolate to the bit-security level of the proposed BIKE, HQC and McEliece parameters in NIST's standardization process. For BIKE/HQC, we also show how to transfer the Decoding-One-Out-of-Many (DOOM) technique to MMT/BJMM. Although we achieve significant DOOM speedups, our estimates confirm the bit-security levels of BIKE and HQC. For the proposed McEliece round-3 parameter sets of 192 and 256 bit, however, our extrapolation indicates a security level overestimate by roughly 20 and 10 bits, respectively, i.e., the high-security McEliece instantiations may be a bit less secure than desired.}, keywords = {}, pubstate = {published}, tppubtype = {inproceedings} } With the recent shift to post-quantum algorithms it becomes increasingly important to provide precise bit-security estimates for code-based cryptography such as McEliece and quasi-cyclic schemes like BIKE and HQC. While there has been significant progress on information set decoding (ISD) algorithms within the last decade, it is still unclear to which extent this affects current cryptographic security estimates. We provide the first concrete implementations for representation-based ISD, such as May-Meurer-Thomae (MMT) or Becker-Joux-May-Meurer (BJMM), that are parameter-optimized for the McEliece and quasi-cyclic setting. Although MMT and BJMM consume more memory than naive ISD algorithms like Prange, we demonstrate that these algorithms lead to significant speedups for practical cryptanalysis on medium-sized instances (around 60 bit). More concretely, we provide data for the record computations of McEliece-1223 and McEliece-1284 (old record: 1161), and for the quasi-cyclic setting up to code length 2918 (before: 1938). Based on our record computations we extrapolate to the bit-security level of the proposed BIKE, HQC and McEliece parameters in NIST's standardization process. For BIKE/HQC, we also show how to transfer the Decoding-One-Out-of-Many (DOOM) technique to MMT/BJMM. Although we achieve significant DOOM speedups, our estimates confirm the bit-security levels of BIKE and HQC. For the proposed McEliece round-3 parameter sets of 192 and 256 bit, however, our extrapolation indicates a security level overestimate by roughly 20 and 10 bits, respectively, i.e., the high-security McEliece instantiations may be a bit less secure than desired. |
Richter, David ; Kretzler, David ; Weisenburger, Pascal ; Salvaneschi, Guido ; Faust, Sebastian ; Mezini, Mira Prisma: A Tierless Language for Enforcing Contract-Client Protocols in Decentralized Applications (Extended Version) Miscellaneous arXiv, 2022. @misc{Richter2022, title = {Prisma: A Tierless Language for Enforcing Contract-Client Protocols in Decentralized Applications (Extended Version)}, author = {Richter, David and Kretzler, David and Weisenburger, Pascal and Salvaneschi, Guido and Faust, Sebastian and Mezini, Mira}, url = {https://arxiv.org/abs/2205.07780}, doi = {10.48550/arXiv.2205.07780}, year = {2022}, date = {2022-05-16}, abstract = {Decentralized applications (dApps) consist of smart contracts that run on blockchains and clients that model collaborating parties. dApps are used to model financial and legal business functionality. Today, contracts and clients are written as separate programs -- in different programming languages -- communicating via send and receive operations. This makes distributed program flow awkward to express and reason about, increasing the potential for mismatches in the client-contract interface, which can be exploited by malicious clients, potentially leading to huge financial losses. In this paper, we present Prisma, a language for tierless decentralized applications, where the contract and its clients are defined in one unit and pairs of send and receive actions that "belong together" are encapsulated into a single direct-style operation, which is executed differently by sending and receiving parties. This enables expressing distributed program flow via standard control flow and renders mismatching communication impossible. We prove formally that our compiler preserves program behavior in presence of an attacker controlling the client code. We systematically compare Prisma with mainstream and advanced programming models for dApps and provide empirical evidence for its expressiveness and performance. }, howpublished = {arXiv}, keywords = {}, pubstate = {published}, tppubtype = {misc} } Decentralized applications (dApps) consist of smart contracts that run on blockchains and clients that model collaborating parties. dApps are used to model financial and legal business functionality. Today, contracts and clients are written as separate programs -- in different programming languages -- communicating via send and receive operations. This makes distributed program flow awkward to express and reason about, increasing the potential for mismatches in the client-contract interface, which can be exploited by malicious clients, potentially leading to huge financial losses. In this paper, we present Prisma, a language for tierless decentralized applications, where the contract and its clients are defined in one unit and pairs of send and receive actions that "belong together" are encapsulated into a single direct-style operation, which is executed differently by sending and receiving parties. This enables expressing distributed program flow via standard control flow and renders mismatching communication impossible. We prove formally that our compiler preserves program behavior in presence of an attacker controlling the client code. We systematically compare Prisma with mainstream and advanced programming models for dApps and provide empirical evidence for its expressiveness and performance. |
Kölbel, Tobias; Gawlitza, Tobias; Weinhardt, Christof Shaping Governance in Self-Sovereign Identity Ecosystems: Towards a Cooperative Business Model Inproceedings 17th International Conference on Wirtschaftsinformatik: WI 2022 Proceedings, 2022. @inproceedings{Kölbel2022c, title = {Shaping Governance in Self-Sovereign Identity Ecosystems: Towards a Cooperative Business Model}, author = {Tobias Kölbel and Tobias Gawlitza and Christof Weinhardt}, year = {2022}, date = {2022-02-21}, booktitle = {17th International Conference on Wirtschaftsinformatik: WI 2022 Proceedings}, abstract = {The Internet has created great opportunities for consumers. With the digitalization wave breaking, Single Sign-On services emerged that satisfy the desire for seamless online journeys and provide users with their digital identities. On a global scale, oligopoly structures evolved where" tech giants" primarily manage identities and personal data. Conversely, recent developments stemmed from the desire for data privacy, digital sovereignty, and self-determination, both from the user perspective and legislature. In line with recent discussions, this study focuses on Self-Sovereign Identity, a new paradigm that promises independence from intermediary identity providers. We follow an appeal for further research on business aspects and strategic alliances and adopt an exploratory research approach with semi-structured interviews. We identify cooperatives as suitable to govern Self-Sovereign Identity Ecosystems, shape their business model along Al-Debei and Avison’s V4Business Model dimensions, and outline paths for future inquiries.}, keywords = {}, pubstate = {published}, tppubtype = {inproceedings} } The Internet has created great opportunities for consumers. With the digitalization wave breaking, Single Sign-On services emerged that satisfy the desire for seamless online journeys and provide users with their digital identities. On a global scale, oligopoly structures evolved where" tech giants" primarily manage identities and personal data. Conversely, recent developments stemmed from the desire for data privacy, digital sovereignty, and self-determination, both from the user perspective and legislature. In line with recent discussions, this study focuses on Self-Sovereign Identity, a new paradigm that promises independence from intermediary identity providers. We follow an appeal for further research on business aspects and strategic alliances and adopt an exploratory research approach with semi-structured interviews. We identify cooperatives as suitable to govern Self-Sovereign Identity Ecosystems, shape their business model along Al-Debei and Avison’s V4Business Model dimensions, and outline paths for future inquiries. |
Sandner, Philipp; Gross, Jonas The digital euro from a geopolitical perspective: Will Europe lag behind? Technical Report Frankfurt School Blockchain Center, Digital Euro Association 2022. @techreport{Sandner2022, title = {The digital euro from a geopolitical perspective: Will Europe lag behind?}, author = {Philipp Sandner and Jonas Gross}, url = {https://philippsandner.medium.com/the-digital-euro-from-a-geopolitical-perspective-will-europe-lag-behind-f9956ca751d9 http://explore-ip.com/2022-The-digital-euro-from-a-geopolitical-perspective-will-europe-lag-behind.pdf}, year = {2022}, date = {2022-02-15}, institution = {Frankfurt School Blockchain Center, Digital Euro Association}, abstract = {The digital euro is not a monolithic project. On the contrary: The fields of application are broad, and possible solutions are diverse. This article provides an overview of use cases, application domains, and infrastructures for the digital euro that differ significantly. A comparison with solutions for the digital dollar and the digital yuan leads to the conclusion that, in the most extreme case, the euro could become a regional currency for Europe. The main reason for this argument is the design and prioritization of current approaches within Europe as well as the European Central Bank’s digital euro project, and that stablecoin approaches seem to be neglected as solutions for the digital euro.}, keywords = {}, pubstate = {published}, tppubtype = {techreport} } The digital euro is not a monolithic project. On the contrary: The fields of application are broad, and possible solutions are diverse. This article provides an overview of use cases, application domains, and infrastructures for the digital euro that differ significantly. A comparison with solutions for the digital dollar and the digital yuan leads to the conclusion that, in the most extreme case, the euro could become a regional currency for Europe. The main reason for this argument is the design and prioritization of current approaches within Europe as well as the European Central Bank’s digital euro project, and that stablecoin approaches seem to be neglected as solutions for the digital euro. |
Kölbel, Tobias ; Dann, David ; Weinhardt, Christof Giant or Dwarf? A Literature Review on Blockchain-enabled Marketplaces in Business Ecosystems Inproceedings WI 2022 Proceedings: 17th International Conference on Wirtschaftsinformatik, 2022. @inproceedings{Kölbel2022, title = {Giant or Dwarf? A Literature Review on Blockchain-enabled Marketplaces in Business Ecosystems}, author = {Kölbel, Tobias and Dann, David and Weinhardt, Christof}, url = {https://www.researchgate.net/publication/358125637_Giant_or_Dwarf_A_Literature_Review_on_Blockchain-enabled_Marketplaces_in_Business_Ecosystems}, year = {2022}, date = {2022-02-01}, booktitle = {WI 2022 Proceedings: 17th International Conference on Wirtschaftsinformatik}, abstract = {While advocates argue for the disruptive impact of marketplace business models and Blockchain in various regards, their practical effects on today's organizations are still limited. This study reviews the current body of literature on Blockchain-enabled Marketplaces in Business Ecosystems, outlines present scopes, and disregarded topics. Our review shows that publications predominantly focus on conceptual models that favor Blockchain-for-all-solutions and neglect several fundamental marketplace dimensions. We raise a critical voice regarding the status quo and outline paths for future research.}, keywords = {}, pubstate = {published}, tppubtype = {inproceedings} } While advocates argue for the disruptive impact of marketplace business models and Blockchain in various regards, their practical effects on today's organizations are still limited. This study reviews the current body of literature on Blockchain-enabled Marketplaces in Business Ecosystems, outlines present scopes, and disregarded topics. Our review shows that publications predominantly focus on conceptual models that favor Blockchain-for-all-solutions and neglect several fundamental marketplace dimensions. We raise a critical voice regarding the status quo and outline paths for future research. |
Meyer, Eva ; Welpe, Isabell M; Sandner, Philipp Decentralized Finance - A Systematic Literature Review and Research Directions Inproceedings ECIS 2022 Research Papers., SSRN, 2022. @inproceedings{Meyer2022, title = {Decentralized Finance - A Systematic Literature Review and Research Directions}, author = {Meyer, Eva and Welpe, Isabell M. and Sandner, Philipp}, url = {https://philippsandner.medium.com/decentralized-finance-a-systematic-literature-review-and-research-directions-fb3ce59bebda https://papers.ssrn.com/sol3/papers.cfm?abstract_id=4016497}, doi = {10.2139/ssrn.4016497 }, year = {2022}, date = {2022-01-28}, booktitle = {ECIS 2022 Research Papers.}, volume = {25}, publisher = {SSRN}, abstract = {Decentralized Finance (DeFi) is the (r)evolutionary movement to create a solely code-based, intermediary-independent financial system—a movement which has grown from $4bn to $104bn in assets locked in the last three years. We present the first systematic literature review of the yet fragmented DeFi research field. By identifying, analyzing, and integrating 83 peer-reviewed DeFi-related publications, our results contribute fivefold. First, we confirm the increasing growth of academic DeFi publications through systematic analysis. Second, we frame DeFi-related literature into three levels of abstraction (micro, meso, and macro) and seven subcategories. Third, we identify Ethereum as the blockchain in main academic focus. Fourth, we show that prototyping is the dominant research method applied whereas only one paper has used primary research data. Fifth, we derive four prioritized research avenues, namely concerning i) DeFi protocol interaction and aggregation platforms, ii) decentralized off-chain data integration to DeFi, iii) DeFi agents, and iv) regulation.}, keywords = {}, pubstate = {published}, tppubtype = {inproceedings} } Decentralized Finance (DeFi) is the (r)evolutionary movement to create a solely code-based, intermediary-independent financial system—a movement which has grown from $4bn to $104bn in assets locked in the last three years. We present the first systematic literature review of the yet fragmented DeFi research field. By identifying, analyzing, and integrating 83 peer-reviewed DeFi-related publications, our results contribute fivefold. First, we confirm the increasing growth of academic DeFi publications through systematic analysis. Second, we frame DeFi-related literature into three levels of abstraction (micro, meso, and macro) and seven subcategories. Third, we identify Ethereum as the blockchain in main academic focus. Fourth, we show that prototyping is the dominant research method applied whereas only one paper has used primary research data. Fifth, we derive four prioritized research avenues, namely concerning i) DeFi protocol interaction and aggregation platforms, ii) decentralized off-chain data integration to DeFi, iii) DeFi agents, and iv) regulation. |
2021 |
Faust, Sebastian; Hazay, Carmit; Kretzler, David; Schlosser, Benjamin Financially Backed Covert Security Inproceedings Public-Key Cryptography - (PKC) 2022 - 25th {IACR} International Conference on Practice and Theory of Public Key Cryptography, Virtual Event, May 07-11, 2021, Proceedings, 2021. @inproceedings{cryptoeprint:2021:1652, title = {Financially Backed Covert Security}, author = {Sebastian Faust and Carmit Hazay and David Kretzler and Benjamin Schlosser}, url = {https://eprint.iacr.org/2021/1652.pdf}, year = {2021}, date = {2021-12-16}, booktitle = {Public-Key Cryptography - (PKC) 2022 - 25th {IACR} International Conference on Practice and Theory of Public Key Cryptography, Virtual Event, May 07-11, 2021, Proceedings}, keywords = {}, pubstate = {published}, tppubtype = {inproceedings} } |
Esser, Andre ; Kübler, Robert ; Zweydinger, Floyd A Faster Algorithm for Finding Closest Pairs in Hamming Metric Inproceedings Bojanczy, Mikolaj ; Chekuri, Chandra (Ed.): 41st IARCS Annual Conference on Foundations of Software Technology and Theoretical Computer Science (FSTTCS 2021), pp. 20:1–20:21, Schloss Dagstuhl -- Leibniz-Zentrum für Informatik, 2021, ISBN: 978-3-95977-215-0. @inproceedings{Esser2021, title = {A Faster Algorithm for Finding Closest Pairs in Hamming Metric}, author = {Esser, Andre and Kübler, Robert and Zweydinger, Floyd}, editor = {Bojanczy, Mikolaj and Chekuri, Chandra}, url = {https://drops.dagstuhl.de/opus/volltexte/2021/15531/pdf/LIPIcs-FSTTCS-2021-20.pdf}, doi = {10.4230/LIPIcs.FSTTCS.2021.20}}, isbn = {978-3-95977-215-0}, year = {2021}, date = {2021-11-29}, booktitle = {41st IARCS Annual Conference on Foundations of Software Technology and Theoretical Computer Science (FSTTCS 2021)}, volume = {213}, pages = {20:1--20:21}, publisher = {Schloss Dagstuhl -- Leibniz-Zentrum für Informatik}, series = {Leibniz International Proceedings in Informatics (LIPIcs)}, abstract = {We study the Closest Pair Problem in Hamming metric, which asks to find the pair with the smallest Hamming distance in a collection of binary vectors. We give a new randomized algorithm for the problem on uniformly random input outperforming previous approaches whenever the dimension of input points is small compared to the dataset size. For moderate to large dimensions, our algorithm matches the time complexity of the previously best-known locality sensitive hashing based algorithms. Technically our algorithm follows similar design principles as Dubiner (IEEE Trans. Inf. Theory 2010) and May-Ozerov (Eurocrypt 2015). Besides improving the time complexity in the aforementioned areas, we significantly simplify the analysis of these previous works. We give a modular analysis, which allows us to investigate the performance of the algorithm also on non-uniform input distributions. Furthermore, we give a proof of concept implementation of our algorithm which performs well in comparison to a quadratic search baseline. This is the first step towards answering an open question raised by May and Ozerov regarding the practicability of algorithms following these design principles. }, keywords = {}, pubstate = {published}, tppubtype = {inproceedings} } We study the Closest Pair Problem in Hamming metric, which asks to find the pair with the smallest Hamming distance in a collection of binary vectors. We give a new randomized algorithm for the problem on uniformly random input outperforming previous approaches whenever the dimension of input points is small compared to the dataset size. For moderate to large dimensions, our algorithm matches the time complexity of the previously best-known locality sensitive hashing based algorithms. Technically our algorithm follows similar design principles as Dubiner (IEEE Trans. Inf. Theory 2010) and May-Ozerov (Eurocrypt 2015). Besides improving the time complexity in the aforementioned areas, we significantly simplify the analysis of these previous works. We give a modular analysis, which allows us to investigate the performance of the algorithm also on non-uniform input distributions. Furthermore, we give a proof of concept implementation of our algorithm which performs well in comparison to a quadratic search baseline. This is the first step towards answering an open question raised by May and Ozerov regarding the practicability of algorithms following these design principles. |
Sandner, Prof. Dr. Philipp; Lichti, Constantin; Richter, Robert; Heidt, Cedric; Schaub, Benjamin Study: The Carbon Emissions of Bitcoin From an Investor Perspective Technical Report Frankfurt School Blockchain Center, INTAS.tech 2021. @techreport{Sandner2021, title = {Study: The Carbon Emissions of Bitcoin From an Investor Perspective}, author = {Prof. Dr. Philipp Sandner and Constantin Lichti and Robert Richter and Cedric Heidt and Benjamin Schaub}, url = {https://philippsandner.medium.com/study-the-carbon-emissions-of-bitcoin-from-an-investor-perspective-4c90707474b8 http://explore-ip.com/2021-The-Carbon-Emissions-of-Bitcoin-From-an-Investor-Perspective.pdf}, year = {2021}, date = {2021-11-16}, institution = {Frankfurt School Blockchain Center, INTAS.tech}, abstract = {The Frankfurt School Blockchain Center (FSBC) and INTAS.tech published a study outlining a new approach on how to offset the CO2 emissions caused by the Bitcoin network. The study outlines a two-pronged flexible carbon compensation model, in line with Greenhouse Gas Protocol Scope 3 emissions, for investors, asset managers, crypto exchanges, and custodians. With this approach, interested parties can adjust their carbon offset strategy over time according to their corresponding business model focusing on either the number of Bitcoins held or on the proportional network usage in relation to the Bitcoin blockchain growth during a specific period of time.}, keywords = {}, pubstate = {published}, tppubtype = {techreport} } The Frankfurt School Blockchain Center (FSBC) and INTAS.tech published a study outlining a new approach on how to offset the CO2 emissions caused by the Bitcoin network. The study outlines a two-pronged flexible carbon compensation model, in line with Greenhouse Gas Protocol Scope 3 emissions, for investors, asset managers, crypto exchanges, and custodians. With this approach, interested parties can adjust their carbon offset strategy over time according to their corresponding business model focusing on either the number of Bitcoins held or on the proportional network usage in relation to the Bitcoin blockchain growth during a specific period of time. |
Das, Poulami; Erwig, Andreas; Faust, Sebastian; Loss, Julian; Riahi, Siavash The Exact Security of BIP32 Wallets Inproceedings CCS ’21- Proceedings of the 2021 ACM SIGSAC Conference on Computer and Communications Security, ACM, 2021. @inproceedings{Das2021, title = {The Exact Security of BIP32 Wallets}, author = {Poulami Das and Andreas Erwig and Sebastian Faust and Julian Loss and Siavash Riahi }, year = {2021}, date = {2021-11-15}, booktitle = {CCS ’21- Proceedings of the 2021 ACM SIGSAC Conference on Computer and Communications Security}, publisher = {ACM}, keywords = {}, pubstate = {published}, tppubtype = {inproceedings} } |
Döttling, Nico; Hartmann, Dominik; Hofheinz, Dennis; Kiltz, Eike; Schäge, Sven; Ursu, Bogdan On the Impossibility of Purely Algebraic Signatures Inproceedings Theory of Cryptography (TCC 2021), Springer International Publishing, 2021. @inproceedings{Döttling2021, title = {On the Impossibility of Purely Algebraic Signatures}, author = {Nico Döttling and Dominik Hartmann and Dennis Hofheinz and Eike Kiltz and Sven Schäge and Bogdan Ursu}, url = {https://eprint.iacr.org/2021/738}, year = {2021}, date = {2021-11-08}, booktitle = {Theory of Cryptography (TCC 2021)}, publisher = {Springer International Publishing}, abstract = {The existence of one-way functions implies secure digital signatures, but not public-key encryption (at least in a black-box setting). Somewhat surprisingly, though, efficient public-key encryption schemes appear to be much easier to construct from concrete algebraic assumptions (such as the factoring of Diffie-Hellman-like assumptions) than efficient digital signature schemes. In this work, we provide one reason for this apparent difficulty to construct efficient signature schemes. Specifically, we prove that a wide range of algebraic signature schemes (in which verification essentially checks a number of linear equations over a group) fall to conceptually surprisingly simple linear algebra attacks. In fact, we prove that in an algebraic signature scheme, sufficiently many signatures can be linearly combined to a signature of a fresh message. We present attacks both in known-order and hidden-order groups (although in hidden-order settings, we have to restrict our definition of algebraic signatures a little). More explicitly, we show: - the insecurity of all signature schemes in Maurer's generic group model (in pairing-free groups), as long as the signature schemes do not rely on other cryptographic assumptions, such as hash functions. - the insecurity of a natural class of signatures in hidden-order groups, where verification consists of linear equations over group elements. We believe that this highlights the crucial role of public verifiability in digital signature schemes. Namely, while public-key encryption schemes do not require any publicly verifiable structure on ciphertexts, it is exactly this structure on signatures that invites attacks like ours and makes it hard to construct efficient signatures. }, keywords = {}, pubstate = {published}, tppubtype = {inproceedings} } The existence of one-way functions implies secure digital signatures, but not public-key encryption (at least in a black-box setting). Somewhat surprisingly, though, efficient public-key encryption schemes appear to be much easier to construct from concrete algebraic assumptions (such as the factoring of Diffie-Hellman-like assumptions) than efficient digital signature schemes. In this work, we provide one reason for this apparent difficulty to construct efficient signature schemes. Specifically, we prove that a wide range of algebraic signature schemes (in which verification essentially checks a number of linear equations over a group) fall to conceptually surprisingly simple linear algebra attacks. In fact, we prove that in an algebraic signature scheme, sufficiently many signatures can be linearly combined to a signature of a fresh message. We present attacks both in known-order and hidden-order groups (although in hidden-order settings, we have to restrict our definition of algebraic signatures a little). More explicitly, we show: - the insecurity of all signature schemes in Maurer's generic group model (in pairing-free groups), as long as the signature schemes do not rely on other cryptographic assumptions, such as hash functions. - the insecurity of a natural class of signatures in hidden-order groups, where verification consists of linear equations over group elements. We believe that this highlights the crucial role of public verifiability in digital signature schemes. Namely, while public-key encryption schemes do not require any publicly verifiable structure on ciphertexts, it is exactly this structure on signatures that invites attacks like ours and makes it hard to construct efficient signatures. |
Abera, Tigist ; Brasser, Ferdinand ; Gunn, Lachlan ; Jauernig, Patrick ; Koisser, David ; Sadeghi, Ahmad-Reza GrandDetAuto: Detecting Malicious Nodes in Large-Scale Autonomous Networks Inproceedings 24th International Symposium on Research in Attacks, Intrusions and Defenses (RAID 2021), 2021. @inproceedings{Abera2021, title = {GrandDetAuto: Detecting Malicious Nodes in Large-Scale Autonomous Networks}, author = {Abera, Tigist and Brasser, Ferdinand and Gunn, Lachlan and Jauernig, Patrick and Koisser, David and Sadeghi, Ahmad-Reza}, year = {2021}, date = {2021-10-06}, booktitle = {24th International Symposium on Research in Attacks, Intrusions and Defenses (RAID 2021)}, keywords = {}, pubstate = {published}, tppubtype = {inproceedings} } |
Forster, Maximilian; Gross, Jonas; Kamping, Anja Kristina; Katilmis, Serkan; Reichel, Dr. Mario; Sandner, Prof. Dr. Philipp; Schröder, Philipp The future of payments: Programmable payments for the Internet-of-Things (IoT) Technical Report CashOnLedger Technologies GmbH, Digital Euro Association, Frankfurt School Blockchain Center, PPI AG 2021. @techreport{Forster2021, title = {The future of payments: Programmable payments for the Internet-of-Things (IoT)}, author = {Maximilian Forster and Jonas Gross and Anja Kristina Kamping and Serkan Katilmis and Dr. Mario Reichel and Prof. Dr. Philipp Sandner and Philipp Schröder}, url = {https://philippsandner.medium.com/the-future-of-payments-programmable-payments-for-the-internet-of-things-iot-d4905e3959e7 http://explore-ip.com/2021-IoT-Payments-EN.pdf http://explore-ip.com/2021-IoT-Payments.pdf}, year = {2021}, date = {2021-07-23}, institution = {CashOnLedger Technologies GmbH, Digital Euro Association, Frankfurt School Blockchain Center, PPI AG}, abstract = {Digitization is taking hold of entire industries, including in Germany. The area of the “Internet of Things (IoT)”, in particular, promises revolutionary, new types of business models. In this context, the term IoT refers to the increasing connection of machines and devices to the Internet. These devices are equipped with digital identities to communicate with each other and execute processes autonomously without human intervention. This trend will become increasingly relevant in the future. For example, the total number of IoT devices is expected to rise to 75 billion by 2025, according to estimates.}, keywords = {}, pubstate = {published}, tppubtype = {techreport} } Digitization is taking hold of entire industries, including in Germany. The area of the “Internet of Things (IoT)”, in particular, promises revolutionary, new types of business models. In this context, the term IoT refers to the increasing connection of machines and devices to the Internet. These devices are equipped with digital identities to communicate with each other and execute processes autonomously without human intervention. This trend will become increasingly relevant in the future. For example, the total number of IoT devices is expected to rise to 75 billion by 2025, according to estimates. |
Giallorenzo, Saverio ; Montesi, Fabrizio ; Peressotti, Marco ; Richter, David ; Salvaneschi, Guido ; Weisenburger, Pascal Multiparty Languages: The Choreographic and Multitier Cases (Pearl) Inproceedings Moller, Anders ; Sridharan, Manu (Ed.): 35th European Conference on Object-Oriented Programming (ECOOP 2021), pp. 22:1–22:27, Schloss Dagstuhl -- Leibniz-Zentrum für Informatik, Dagstuhl, Germany, 2021, ISBN: 978-3-95977-190-0, (Distinguished Paper Award). @inproceedings{Giallorenzo2021, title = {Multiparty Languages: The Choreographic and Multitier Cases (Pearl)}, author = {Giallorenzo, Saverio and Montesi, Fabrizio and Peressotti, Marco and Richter, David and Salvaneschi, Guido and Weisenburger, Pascal}, editor = {Moller, Anders and Sridharan, Manu}, url = {https://drops.dagstuhl.de/opus/volltexte/2021/14065}, doi = {10.4230/LIPIcs.ECOOP.2021.22}, isbn = {978-3-95977-190-0}, year = {2021}, date = {2021-07-15}, booktitle = {35th European Conference on Object-Oriented Programming (ECOOP 2021)}, volume = {194}, pages = {22:1--22:27}, publisher = {Schloss Dagstuhl -- Leibniz-Zentrum für Informatik}, address = {Dagstuhl, Germany}, series = {Leibniz International Proceedings in Informatics (LIPIcs)}, abstract = {Choreographic languages aim to express multiparty communication protocols, by providing primitives that make interaction manifest. Multitier languages enable programming computation that spans across several tiers of a distributed system, by supporting primitives that allow computation to change the location of execution. Rooted into different theoretical underpinnings - respectively process calculi and lambda calculus - the two paradigms have been investigated independently by different research communities with little or no contact. As a result, the link between the two paradigms has remained hidden for long. In this paper, we show that choreographic languages and multitier languages are surprisingly similar. We substantiate our claim by isolating the core abstractions that differentiate the two approaches and by providing algorithms that translate one into the other in a straightforward way. We believe that this work paves the way for joint research and cross-fertilisation among the two communities. }, note = {Distinguished Paper Award}, keywords = {}, pubstate = {published}, tppubtype = {inproceedings} } Choreographic languages aim to express multiparty communication protocols, by providing primitives that make interaction manifest. Multitier languages enable programming computation that spans across several tiers of a distributed system, by supporting primitives that allow computation to change the location of execution. Rooted into different theoretical underpinnings - respectively process calculi and lambda calculus - the two paradigms have been investigated independently by different research communities with little or no contact. As a result, the link between the two paradigms has remained hidden for long. In this paper, we show that choreographic languages and multitier languages are surprisingly similar. We substantiate our claim by isolating the core abstractions that differentiate the two approaches and by providing algorithms that translate one into the other in a straightforward way. We believe that this work paves the way for joint research and cross-fertilisation among the two communities. |
Amler, Hendrik; Eckey, Lisa; Faust, Sebastian; Kaiser, Marcel; Sandner, Philipp; Schlosser, Benjamin DeFi-ning DeFi: Challenges & Pathway Miscellaneous arXiv eprint report arXiv:2101.05589, 2021. @misc{Amler2021, title = {DeFi-ning DeFi: Challenges & Pathway}, author = {Hendrik Amler and Lisa Eckey and Sebastian Faust and Marcel Kaiser and Philipp Sandner and Benjamin Schlosser}, url = {https://arxiv.org/pdf/2101.05589.pdf}, year = {2021}, date = {2021-01-14}, journal = {arXiv}, number = {2101.05589}, abstract = {The decentralized and trustless nature of cryptocurrencies and blockchain technology leads to a shift in the digital world. The possibility to execute small programs, called smart contracts, on cryptocurrencies like Ethereum opened doors to countless new applications. One particular exciting use case is decentralized finance (DeFi), which aims to revolutionize traditional financial services by founding them on a decentralized infrastructure. We show the potential of DeFi by analyzing its advantages compared to traditional finance. Additionally, we survey the state-of-the-art of DeFi products and categorize existing services. Since DeFi is still in its infancy, there are countless hurdles for mass adoption. We discuss the most prominent challenges and point out possible solutions. Finally, we analyze the economics behind DeFi products. By carefully analyzing the state-of-the-art and discussing current challenges, we give a perspective on how the DeFi space might develop in the near future.}, howpublished = {arXiv eprint report arXiv:2101.05589}, keywords = {}, pubstate = {published}, tppubtype = {misc} } The decentralized and trustless nature of cryptocurrencies and blockchain technology leads to a shift in the digital world. The possibility to execute small programs, called smart contracts, on cryptocurrencies like Ethereum opened doors to countless new applications. One particular exciting use case is decentralized finance (DeFi), which aims to revolutionize traditional financial services by founding them on a decentralized infrastructure. We show the potential of DeFi by analyzing its advantages compared to traditional finance. Additionally, we survey the state-of-the-art of DeFi products and categorize existing services. Since DeFi is still in its infancy, there are countless hurdles for mass adoption. We discuss the most prominent challenges and point out possible solutions. Finally, we analyze the economics behind DeFi products. By carefully analyzing the state-of-the-art and discussing current challenges, we give a perspective on how the DeFi space might develop in the near future. |
Erwig, Andreas; Faust, Sebastian; Hostáková, Kristina; Maitra, Monosij; Riahi, Siavash Two-Party Adaptor Signatures From Identification Schemes Miscellaneous Cryptology ePrint Archive, Report 2021/150, 2021. @misc{cryptoeprint:2021:150, title = {Two-Party Adaptor Signatures From Identification Schemes}, author = {Andreas Erwig and Sebastian Faust and Kristina Hostáková and Monosij Maitra and Siavash Riahi}, url = {https://eprint.iacr.org/2021/150}, year = {2021}, date = {2021-01-01}, abstract = {Adaptor signatures are a novel cryptographic primitive with important applications for cryptocurrencies. They have been used to construct second layer solutions such as payment channels or cross-currency swaps. The basic idea of an adaptor signature scheme is to tie the signing process to the revelation of a secret value in the sense that, much like a regular signature scheme, an adaptor signature scheme can authenticate messages, but simultaneously leaks a secret to certain parties. Recently, Aumayr et al. provide the first formalization of adaptor signature schemes, and present provably secure constructions from ECDSA and Schnorr signatures. Unfortunately, the formalization and constructions given in this work have two limitations: (1) current schemes are limited to ECDSA and Schnorr signatures, and no generic transformation for constructing adaptor signatures is known; (2) they do not offer support for aggregated two-party signing, which can significantly reduce the blockchain footprint in applications of adaptor signatures. In this work, we address these two shortcomings. First, we show that signature schemes that are constructed from identification (ID) schemes, which additionally satisfy certain homomorphic properties, can generically be transformed into adaptor signature schemes. We further provide an impossibility result which proves that unique signature schemes (e.g., the BLS scheme) cannot be transformed into an adaptor signature scheme. In addition, we define two-party adaptor signature schemes with aggregatable public keys and show how to instantiate them via a generic transformation from ID-based signature schemes. Finally, we give instantiations of our generic transformations for the Schnorr, Katz-Wang and Guillou-Quisquater signature schemes.}, howpublished = {Cryptology ePrint Archive, Report 2021/150}, keywords = {}, pubstate = {published}, tppubtype = {misc} } Adaptor signatures are a novel cryptographic primitive with important applications for cryptocurrencies. They have been used to construct second layer solutions such as payment channels or cross-currency swaps. The basic idea of an adaptor signature scheme is to tie the signing process to the revelation of a secret value in the sense that, much like a regular signature scheme, an adaptor signature scheme can authenticate messages, but simultaneously leaks a secret to certain parties. Recently, Aumayr et al. provide the first formalization of adaptor signature schemes, and present provably secure constructions from ECDSA and Schnorr signatures. Unfortunately, the formalization and constructions given in this work have two limitations: (1) current schemes are limited to ECDSA and Schnorr signatures, and no generic transformation for constructing adaptor signatures is known; (2) they do not offer support for aggregated two-party signing, which can significantly reduce the blockchain footprint in applications of adaptor signatures. In this work, we address these two shortcomings. First, we show that signature schemes that are constructed from identification (ID) schemes, which additionally satisfy certain homomorphic properties, can generically be transformed into adaptor signature schemes. We further provide an impossibility result which proves that unique signature schemes (e.g., the BLS scheme) cannot be transformed into an adaptor signature scheme. In addition, we define two-party adaptor signature schemes with aggregatable public keys and show how to instantiate them via a generic transformation from ID-based signature schemes. Finally, we give instantiations of our generic transformations for the Schnorr, Katz-Wang and Guillou-Quisquater signature schemes. |
Faust, Sebastian; Hazay, Carmit; Kretzler, David; Schlosser, Benjamin Generic Compiler for Publicly Verifiable Covert Multi-Party Computation Inproceedings Advances in Cryptology - EUROCRYPT 2021 - 40th Annual International Conference on the Theory and Applications of Cryptographic Techniques, Zagreb, Croatia, October 17-21, 2021, Proceedings, Part II, pp. 782–811, Springer, 2021. @inproceedings{DBLP:conf/eurocrypt/FaustHKS21, title = {Generic Compiler for Publicly Verifiable Covert Multi-Party Computation}, author = {Sebastian Faust and Carmit Hazay and David Kretzler and Benjamin Schlosser}, url = {https://eprint.iacr.org/2021/251.pdf}, doi = {10.1007/978-3-030-77886-6_27}, year = {2021}, date = {2021-01-01}, booktitle = {Advances in Cryptology - EUROCRYPT 2021 - 40th Annual International Conference on the Theory and Applications of Cryptographic Techniques, Zagreb, Croatia, October 17-21, 2021, Proceedings, Part II}, volume = {12697}, pages = {782--811}, publisher = {Springer}, series = {Lecture Notes in Computer Science}, keywords = {}, pubstate = {published}, tppubtype = {inproceedings} } |
2020 |
iBlockchain Konsortium, iBlockchain Policy Paper: Empfehlungen und Erkenntnisse für die Politik Miscellaneous medium.com, 2020. @misc{iBlockchainKonsortium2020, title = {iBlockchain Policy Paper: Empfehlungen und Erkenntnisse für die Politik}, author = {iBlockchain Konsortium}, url = {https://iblockchain-projekt.de/wp-content/uploads/2021/02/Policy_paper_final.pdf https://medium.com/@industrial_blockchain/iblockchain-policy-paper-empfehlungen-und-erkenntnisse-f%C3%BCr-die-politik-b5b24ad8f800}, year = {2020}, date = {2020-12-14}, abstract = {In diesem Artikel werden aus der Arbeit des iBlockchain-Projektes hervorgegangene technologische und regulatorische Erkenntnisse und Anforderungen zum Thema Blockchain und DLT im Industrie-Kontext zusammengefasst.}, howpublished = {medium.com}, keywords = {}, pubstate = {published}, tppubtype = {misc} } In diesem Artikel werden aus der Arbeit des iBlockchain-Projektes hervorgegangene technologische und regulatorische Erkenntnisse und Anforderungen zum Thema Blockchain und DLT im Industrie-Kontext zusammengefasst. |
Hebborn, Phil; Lambin, Baptiste; Leander, Gregor; Todo, Yosuke Lower Bounds on the Degree of Block Ciphers Inproceedings Advances in Cryptology - ASIACRYPT 2020 - 26th International Conference on the Theory and Application of Cryptology and Information Security, 2020. @inproceedings{Hebborn2020, title = {Lower Bounds on the Degree of Block Ciphers}, author = {Phil Hebborn and Baptiste Lambin and Gregor Leander and Yosuke Todo}, url = {https://eprint.iacr.org/2020/1051}, year = {2020}, date = {2020-12-07}, booktitle = {Advances in Cryptology - ASIACRYPT 2020 - 26th International Conference on the Theory and Application of Cryptology and Information Security}, abstract = {Only the method to estimate the upper bound of the algebraic degree on block ciphers is known so far, but it is not useful for the designer to guarantee the security. In this paper we provide meaningful lower bounds on the algebraic degree of modern block ciphers.}, keywords = {}, pubstate = {published}, tppubtype = {inproceedings} } Only the method to estimate the upper bound of the algebraic degree on block ciphers is known so far, but it is not useful for the designer to guarantee the security. In this paper we provide meaningful lower bounds on the algebraic degree of modern block ciphers. |
Erwig, Andreas; Faust, Sebastian; Riahi, Siavash; Stöckert, Tobias CommiTEE: An Efficient and Secure Commit-Chain Protocol using TEEs Miscellaneous Cryptology ePrint Archive, Report 2020/1486, 2020. @misc{cryptoeprint:2020:1486, title = {CommiTEE: An Efficient and Secure Commit-Chain Protocol using TEEs}, author = {Andreas Erwig and Sebastian Faust and Siavash Riahi and Tobias Stöckert}, url = {https://eprint.iacr.org/2020/1486}, year = {2020}, date = {2020-11-27}, abstract = {Permissionless blockchain systems such as Bitcoin or Ethereum are slow and expensive, since transactions are processed in a distributed network by a large set of parties. To improve on these shortcomings, a prominent approach is given by so-called 2nd-layer protocols. In these protocols parties process transactions off-chain directly between each other, thereby drastically reducing the costly and slow interaction with the blockchain. In particular, in the optimistic case, when parties behave honestly, no interaction with the blockchain is needed. One of the most popular off-chain solutions are Plasma protocols (often also called commit-chains). These protocols are orchestrated by a so-called operator that maintains the system and processes transactions between parties. Importantly, the operator is trustless, i.e., even if it is malicious users of the system are guaranteed to not lose funds. To achieve this guarantee, Plasma protocols are highly complex and require involved and expensive dispute resolution processes. This has significantly slowed down development and deployment of these systems. In this work we propose CommiTEE-- a simple and efficient Plasma system leveraging the power of trusted execution environments (TEE). Besides its simplicity, our protocol requires minimal interaction with the blockchain, thereby drastically reducing costs and improving efficiency. An additional benefit of our solution is that it allows for switching between operators, in case the main operator goes offline due to system failure, or behaving maliciously. We implemented and evaluated our system over Ethereum and show that it is at least 2 times (and in some cases more than 16 times) cheaper in terms of communication complexity when compared to existing Plasma implementations. Moreover, for protocols using zero-knowledge proofs (like NOCUST-ZKP), CommiTEE decreases the on-chain gas cost by a factor ≈19 compared to prior solution. }, howpublished = {Cryptology ePrint Archive, Report 2020/1486}, keywords = {}, pubstate = {published}, tppubtype = {misc} } Permissionless blockchain systems such as Bitcoin or Ethereum are slow and expensive, since transactions are processed in a distributed network by a large set of parties. To improve on these shortcomings, a prominent approach is given by so-called 2nd-layer protocols. In these protocols parties process transactions off-chain directly between each other, thereby drastically reducing the costly and slow interaction with the blockchain. In particular, in the optimistic case, when parties behave honestly, no interaction with the blockchain is needed. One of the most popular off-chain solutions are Plasma protocols (often also called commit-chains). These protocols are orchestrated by a so-called operator that maintains the system and processes transactions between parties. Importantly, the operator is trustless, i.e., even if it is malicious users of the system are guaranteed to not lose funds. To achieve this guarantee, Plasma protocols are highly complex and require involved and expensive dispute resolution processes. This has significantly slowed down development and deployment of these systems. In this work we propose CommiTEE-- a simple and efficient Plasma system leveraging the power of trusted execution environments (TEE). Besides its simplicity, our protocol requires minimal interaction with the blockchain, thereby drastically reducing costs and improving efficiency. An additional benefit of our solution is that it allows for switching between operators, in case the main operator goes offline due to system failure, or behaving maliciously. We implemented and evaluated our system over Ethereum and show that it is at least 2 times (and in some cases more than 16 times) cheaper in terms of communication complexity when compared to existing Plasma implementations. Moreover, for protocols using zero-knowledge proofs (like NOCUST-ZKP), CommiTEE decreases the on-chain gas cost by a factor ≈19 compared to prior solution. |
Alkadri, Nabil Alkeilani; Das, Poulami; Erwig, Andreas; Faust, Sebastian; Krämer, Juliane; Riahi, Siavash; Struck, Patrick Deterministic Wallets in a Quantum World Inproceedings CCS ’20- Proceedings of the 2020 ACM SIGSAC Conference on Computer and Communications Security, ACM, 2020. @inproceedings{Alkadri2020, title = {Deterministic Wallets in a Quantum World}, author = {Nabil Alkeilani Alkadri and Poulami Das and Andreas Erwig and Sebastian Faust and Juliane Krämer and Siavash Riahi and Patrick Struck}, year = {2020}, date = {2020-11-09}, booktitle = {CCS ’20- Proceedings of the 2020 ACM SIGSAC Conference on Computer and Communications Security}, publisher = {ACM}, keywords = {}, pubstate = {published}, tppubtype = {inproceedings} } |
Lohr, Matthias; Schlosser, Benjamin; Jürjens, Jan; Staab, Steffen Cost Fairness for Blockchain-Based Two-Party Exchange Protocols Inproceedings IEEE International Conference on Blockchain, Blockchain 2020, 2020. @inproceedings{Lohr2020, title = {Cost Fairness for Blockchain-Based Two-Party Exchange Protocols}, author = {Matthias Lohr and Benjamin Schlosser and Jan Jürjens and Steffen Staab}, year = {2020}, date = {2020-11-02}, booktitle = {IEEE International Conference on Blockchain, Blockchain 2020}, journal = {IEEE Blockchain Conference 2020}, keywords = {}, pubstate = {published}, tppubtype = {inproceedings} } |
Eckey, Lisa; Faust, Sebastian; Schlosser, Benjamin OptiSwap: Fast Optimistic Fair Exchange Inproceedings Proceedings of the 15th ACM Asia Conference on Computer and Communications Security, pp. 543–557, ACM, New York, NY, USA, 2020, ISBN: 9781450367509. @inproceedings{cryptoeprint:2019:1330, title = {OptiSwap: Fast Optimistic Fair Exchange}, author = {Lisa Eckey and Sebastian Faust and Benjamin Schlosser}, url = {https://dl.acm.org/doi/pdf/10.1145/3320269.3384749 https://eprint.iacr.org/2019/1330.pdf}, doi = {10.1145/3320269.3384749}, isbn = {9781450367509}, year = {2020}, date = {2020-10-01}, booktitle = {Proceedings of the 15th ACM Asia Conference on Computer and Communications Security}, pages = { 543–557}, publisher = {ACM}, address = {New York, NY, USA}, series = {ASIA CCS '20}, abstract = {Selling digital commodities securely over the Internet is a challenging task when Seller and Buyer do not trust each other. With the advent of cryptocurrencies, one prominent solution for digital exchange is to rely on a smart contract as a trusted arbiter that fairly resolves disputes when Seller and Buyer disagree. Such protocols have an optimistic mode, where the digital exchange between the parties can be completed with only minimal interaction with the smart contract. In this work we present OptiSwap, a new smart contract based fair exchange protocol that significantly improves the optimistic case of smart contract based fair exchange protocols. In particular, OptiSwap has almost no overhead in communication complexity, and improves on the computational overheads of the parties compared to prior solutions. An additional feature of OptiSwap is a protection mechanism against so-called grieving attacks, where an adversary attempts to violate the financial fairness of the protocol by forcing the honest party to pay fees. We analyze OptiSwap's security in the UC model and provide benchmark results over Ethereum.}, howpublished = {Cryptology ePrint Archive, Report 2019/1330}, keywords = {}, pubstate = {published}, tppubtype = {inproceedings} } Selling digital commodities securely over the Internet is a challenging task when Seller and Buyer do not trust each other. With the advent of cryptocurrencies, one prominent solution for digital exchange is to rely on a smart contract as a trusted arbiter that fairly resolves disputes when Seller and Buyer disagree. Such protocols have an optimistic mode, where the digital exchange between the parties can be completed with only minimal interaction with the smart contract. In this work we present OptiSwap, a new smart contract based fair exchange protocol that significantly improves the optimistic case of smart contract based fair exchange protocols. In particular, OptiSwap has almost no overhead in communication complexity, and improves on the computational overheads of the parties compared to prior solutions. An additional feature of OptiSwap is a protection mechanism against so-called grieving attacks, where an adversary attempts to violate the financial fairness of the protocol by forcing the honest party to pay fees. We analyze OptiSwap's security in the UC model and provide benchmark results over Ethereum. |
Böhme, Rainer ; Eckey, Lisa ; Moore, Tyler ; Narula, Neha ; Ruffing, Tim ; Zohar, Aviv Responsible Vulnerability Disclosure in Cryptocurrencies Journal Article Commun. ACM, 63 (10), pp. 62–71, 2020, ISSN: 0001-0782. @article{10.1145/3372115, title = {Responsible Vulnerability Disclosure in Cryptocurrencies}, author = {Böhme, Rainer and Eckey, Lisa and Moore, Tyler and Narula, Neha and Ruffing, Tim and Zohar, Aviv}, url = {https://doi.org/10.1145/3372115}, doi = {10.1145/3372115}, issn = {0001-0782}, year = {2020}, date = {2020-10-01}, journal = {Commun. ACM}, volume = {63}, number = {10}, pages = {62–71}, abstract = {Software weaknesses in cryptocurrencies create unique challenges in responsible revelations.}, keywords = {}, pubstate = {published}, tppubtype = {article} } Software weaknesses in cryptocurrencies create unique challenges in responsible revelations. |
Neureither, Jens; Dmitrienko, Alexandra; Koisser, David; Brasser, Ferdinand; Sadeghi, Ahmad-Reza LegIoT: Ledgered Trust Management Platform for IoT Inproceedings European Symposium on Research in Computer Security (ESORICS), 2020. @inproceedings{neureither2020legiot, title = {LegIoT: Ledgered Trust Management Platform for IoT}, author = {Jens Neureither and Alexandra Dmitrienko and David Koisser and Ferdinand Brasser and Ahmad-Reza Sadeghi }, url = {https://se.informatik.uni-wuerzburg.de/secure-software-systems-group/staff0/alexandra-dmitrienko/?tx_extbibsonomycsl_publicationlist%5BuserName%5D=sssgroup&tx_extbibsonomycsl_publicationlist%5BintraHash%5D=74fa5167627be7d794d5ddd457ba1bbb&tx_extbibsonomycsl_publicationlist%5BfileName%5D=LegIoT_camera_ready-v4.pdf&tx_extbibsonomycsl_publicationlist%5Baction%5D=download&tx_extbibsonomycsl_publicationlist%5Bcontroller%5D=Document&cHash=d3e5fdff7d78ca4cb3b00d4bb92b70ee}, year = {2020}, date = {2020-09-14}, booktitle = {European Symposium on Research in Computer Security (ESORICS)}, abstract = {We investigate and address the currently unsolved problem of trust establishment in large-scale Internet of Things (IoT) networks where heterogeneous devices and mutually mistrusting stakeholders are involved. We design, prototype and evaluate LegIoT, a novel, probabilistic trust management system that enables secure, dynamic and flexible(yet inexpensive) trust relationships in large IoT networks. The core component of LegIoT is a novel graph-based scheme that allows network devices (graph nodes) to re-use the already existing trust associations(graph edges) very efficiently; thus, significantly reducing the number of individually conducted trust assessments. Since no central trusted third party exists, LegIoT leverages Distributed Ledger Technology(DLT) to create and manage the trust relation graph in a decentralized manner.The trust assessment among devices can be instantiated by any appropriate assessment technique, for which we focus on remote attestation(integrity verification) in this paper. We prototyped LegIoT for Hyper-ledger Sawtooth and demonstrated through evaluation that the number of trust assessments in the network can be significantly reduced – e.g.,by a factor of 20 for a network of 400 nodes and factor 5 for 1000 nodes.}, keywords = {}, pubstate = {published}, tppubtype = {inproceedings} } We investigate and address the currently unsolved problem of trust establishment in large-scale Internet of Things (IoT) networks where heterogeneous devices and mutually mistrusting stakeholders are involved. We design, prototype and evaluate LegIoT, a novel, probabilistic trust management system that enables secure, dynamic and flexible(yet inexpensive) trust relationships in large IoT networks. The core component of LegIoT is a novel graph-based scheme that allows network devices (graph nodes) to re-use the already existing trust associations(graph edges) very efficiently; thus, significantly reducing the number of individually conducted trust assessments. Since no central trusted third party exists, LegIoT leverages Distributed Ledger Technology(DLT) to create and manage the trust relation graph in a decentralized manner.The trust assessment among devices can be instantiated by any appropriate assessment technique, for which we focus on remote attestation(integrity verification) in this paper. We prototyped LegIoT for Hyper-ledger Sawtooth and demonstrated through evaluation that the number of trust assessments in the network can be significantly reduced – e.g.,by a factor of 20 for a network of 400 nodes and factor 5 for 1000 nodes. |
Beyne, Tim; Canteaut, Anne; Dinur, Itai; Eichlseder, Maria; Leander, Gregor; Leurent, Gaëtan; Naya-Plasencia, María; Perrin, Léo; Sasaki, Yu; Todo, Yosuke; Wiemer, Friedrich Out of Oddity - New Cryptanalytic Techniques against Symmetric Primitives Optimized for Integrity Proof Systems Inproceedings Advances in Cryptology - CRYPTO 2020 - 40th Annual International Cryptology Conference, 2020. @inproceedings{Beyne2020, title = {Out of Oddity - New Cryptanalytic Techniques against Symmetric Primitives Optimized for Integrity Proof Systems}, author = {Tim Beyne and Anne Canteaut and Itai Dinur and Maria Eichlseder and Gregor Leander and Gaëtan Leurent and María Naya-Plasencia and Léo Perrin and Yu Sasaki and Yosuke Todo and Friedrich Wiemer}, url = {https://eprint.iacr.org/2020/188}, year = {2020}, date = {2020-08-17}, booktitle = {Advances in Cryptology - CRYPTO 2020 - 40th Annual International Cryptology Conference}, abstract = {The security and performance of many integrity proof systems like SNARKs, STARKs and Bulletproofs highly depend on the underlying hash function. For this reason several new proposals have recently been developed. These primitives obviously require an in-depth security evaluation, especially since their implementation constraints have led to less standard design approaches. This work compares the security levels offered by two recent families of such primitives, namely GMiMC and HadesMiMC. We exhibit low-complexity distinguishers against the GMiMC and HadesMiMC permutations for most parameters proposed in recently launched public challenges for STARK-friendly hash functions. In the more concrete setting of the sponge construction corresponding to the practical use in the ZK-STARK protocol, we present a practical collision attack on a round-reduced version of GMiMC and a preimage attack on some instances of HadesMiMC. To achieve those results, we adapt and generalize several cryptographic techniques to fields of odd characteristic.}, keywords = {}, pubstate = {published}, tppubtype = {inproceedings} } The security and performance of many integrity proof systems like SNARKs, STARKs and Bulletproofs highly depend on the underlying hash function. For this reason several new proposals have recently been developed. These primitives obviously require an in-depth security evaluation, especially since their implementation constraints have led to less standard design approaches. This work compares the security levels offered by two recent families of such primitives, namely GMiMC and HadesMiMC. We exhibit low-complexity distinguishers against the GMiMC and HadesMiMC permutations for most parameters proposed in recently launched public challenges for STARK-friendly hash functions. In the more concrete setting of the sponge construction corresponding to the practical use in the ZK-STARK protocol, we present a practical collision attack on a round-reduced version of GMiMC and a preimage attack on some instances of HadesMiMC. To achieve those results, we adapt and generalize several cryptographic techniques to fields of odd characteristic. |
Couteau, Geoffroy ; Hartmann, Dominik Shorter Non-interactive Zero-Knowledge Arguments and ZAPs for Algebraic Languages Inproceedings Micciancio, Daniele ; Ristenpart, Thomas (Ed.): Advances in Cryptology -- CRYPTO 2020, pp. 768–798, Springer International Publishing, 2020, ISBN: 978-3-030-56877-1. @inproceedings{Couteau2020, title = {Shorter Non-interactive Zero-Knowledge Arguments and ZAPs for Algebraic Languages}, author = {Couteau, Geoffroy and Hartmann, Dominik}, editor = {Micciancio, Daniele and Ristenpart, Thomas}, url = {https://link.springer.com/chapter/10.1007/978-3-030-56877-1_27}, isbn = {978-3-030-56877-1}, year = {2020}, date = {2020-08-10}, booktitle = {Advances in Cryptology -- CRYPTO 2020}, pages = {768--798}, publisher = {Springer International Publishing}, abstract = {We put forth a new framework for building pairing-based non-interactive zero-knowledge (NIZK) arguments for a wide class of algebraic languages, which are an extension of linear languages, containing disjunctions of linear languages and more. Our approach differs from the Groth-Sahai methodology, in that we rely on pairings to compile a Σ-protocol into a NIZK. Our framework enjoys a number of interesting features: conceptual simplicity, parameters derive from the Σ -protocol; proofs as short as resulting from the Fiat-Shamir heuristic applied to the underlying Σ -protocol; fully adaptive soundness and perfect zero-knowledge in the common random string model with a single random group element as CRS; yields simple and efficient two-round, public coin, publicly-verifiable perfect witness-indistinguishable (WI) arguments(ZAPs) in the plain model. To our knowledge, this is the first construction of two-rounds statistical witness-indistinguishable arguments from pairing assumptions. Our proof system relies on a new (static, falsifiable) assumption over pairing groups which generalizes the standard kernel Diffie-Hellman assumption in a natural way and holds in the generic group model (GGM) and in the algebraic group model (AGM). Replacing Groth-Sahai NIZKs with our new proof system allows to improve several important cryptographic primitives. In particular, we obtain the shortest tightly-secure structure-preserving signature scheme (which are a core component in anonymous credentials), the shortest tightly-secure quasi-adaptive NIZK with unbounded simulation soundness (which in turns implies the shortest tightly-mCCA-secure cryptosystem), and shorter ring signatures.}, keywords = {}, pubstate = {published}, tppubtype = {inproceedings} } We put forth a new framework for building pairing-based non-interactive zero-knowledge (NIZK) arguments for a wide class of algebraic languages, which are an extension of linear languages, containing disjunctions of linear languages and more. Our approach differs from the Groth-Sahai methodology, in that we rely on pairings to compile a Σ-protocol into a NIZK. Our framework enjoys a number of interesting features: conceptual simplicity, parameters derive from the Σ -protocol; proofs as short as resulting from the Fiat-Shamir heuristic applied to the underlying Σ -protocol; fully adaptive soundness and perfect zero-knowledge in the common random string model with a single random group element as CRS; yields simple and efficient two-round, public coin, publicly-verifiable perfect witness-indistinguishable (WI) arguments(ZAPs) in the plain model. To our knowledge, this is the first construction of two-rounds statistical witness-indistinguishable arguments from pairing assumptions. Our proof system relies on a new (static, falsifiable) assumption over pairing groups which generalizes the standard kernel Diffie-Hellman assumption in a natural way and holds in the generic group model (GGM) and in the algebraic group model (AGM). Replacing Groth-Sahai NIZKs with our new proof system allows to improve several important cryptographic primitives. In particular, we obtain the shortest tightly-secure structure-preserving signature scheme (which are a core component in anonymous credentials), the shortest tightly-secure quasi-adaptive NIZK with unbounded simulation soundness (which in turns implies the shortest tightly-mCCA-secure cryptosystem), and shorter ring signatures. |
Frank, Joel; Aschermann, Cornelius; Holz, Thorsten ETHBMC: A Bounded Model Checker for Smart Contracts Inproceedings 29th USENIX Security Symposium (USENIX Security 20), USENIX Association, Boston, MA, 2020. @inproceedings{251546, title = {ETHBMC: A Bounded Model Checker for Smart Contracts}, author = {Joel Frank and Cornelius Aschermann and Thorsten Holz}, url = {https://www.usenix.org/conference/usenixsecurity20/presentation/frank}, year = {2020}, date = {2020-08-01}, booktitle = {29th USENIX Security Symposium (USENIX Security 20)}, publisher = {USENIX Association}, address = {Boston, MA}, abstract = {The introduction ofsmart contractshas significantly advancedthe state-of-the-art in cryptocurrencies. Smart contracts areprograms who live on the blockchain, governing the flow ofmoney. However, the promise of monetary gain has attractedmiscreants, resulting in spectacular hacks which resulted inthe loss of millions worth of currency. In response, severalpowerful static analysis tools were developed to address theseproblems. We surveyed eight recently proposed static analyzers for Ethereum smart contracts and found that none ofthem captures all relevant features of the Ethereum ecosystem.For example, we discovered that a precise memory model ismissing and inter-contract analysis is only partially supported. Based on these insights, we present the design and implementation of ETHBMC, a bounded model checker basedon symbolic execution which provides a precise model ofthe Ethereum network. We demonstrate its capabilities in aseries of experiments. First, we compare against the eightaforementioned tools, showing that even relatively simple toyexamples can obstruct other analyzers. Further proving thatprecise modeling is indispensable, we leverage ETHBMC ca-pabilities for automatic vulnerability scanning.We perform alarge-scale analysis of roughly 2.2 million accounts currentlyactive on the blockchain and automatically generate 5,905 valid inputs which trigger a vulnerability. From these, 1,989 can destroy a contract at will (so calledsuicidal contracts) and the rest can be used by an adversary to arbitrarily extractmoney. Finally, we compare our large-scale analysis againsttwo previous analysis runs, finding significantly more inputs (22.8%) than previous approaches.}, keywords = {}, pubstate = {published}, tppubtype = {inproceedings} } The introduction ofsmart contractshas significantly advancedthe state-of-the-art in cryptocurrencies. Smart contracts areprograms who live on the blockchain, governing the flow ofmoney. However, the promise of monetary gain has attractedmiscreants, resulting in spectacular hacks which resulted inthe loss of millions worth of currency. In response, severalpowerful static analysis tools were developed to address theseproblems. We surveyed eight recently proposed static analyzers for Ethereum smart contracts and found that none ofthem captures all relevant features of the Ethereum ecosystem.For example, we discovered that a precise memory model ismissing and inter-contract analysis is only partially supported. Based on these insights, we present the design and implementation of ETHBMC, a bounded model checker basedon symbolic execution which provides a precise model ofthe Ethereum network. We demonstrate its capabilities in aseries of experiments. First, we compare against the eightaforementioned tools, showing that even relatively simple toyexamples can obstruct other analyzers. Further proving thatprecise modeling is indispensable, we leverage ETHBMC ca-pabilities for automatic vulnerability scanning.We perform alarge-scale analysis of roughly 2.2 million accounts currentlyactive on the blockchain and automatically generate 5,905 valid inputs which trigger a vulnerability. From these, 1,989 can destroy a contract at will (so calledsuicidal contracts) and the rest can be used by an adversary to arbitrarily extractmoney. Finally, we compare our large-scale analysis againsttwo previous analysis runs, finding significantly more inputs (22.8%) than previous approaches. |
Ricky Lamberty, Alexander Poddey Regulation conform DLT-operable payment adapter based on trustless - justified trust combined generalized state channels Miscellaneous arXiv, Nr. 2007.01605, 2020. @misc{arXiv:2007.01605, title = {Regulation conform DLT-operable payment adapter based on trustless - justified trust combined generalized state channels}, author = {Ricky Lamberty, Alexander Poddey}, url = {https://arxiv.org/pdf/2007.01605 https://arxiv.org/abs/2007.01605}, year = {2020}, date = {2020-07-03}, abstract = {Open technologies, decentralized computation and intelligent applications enable the third-generation web, Web 3.0, thereby digitizing whole industries. The emerging Economy of Things (EoT) will be based on software agents running on peer-to-peer trustless networks that require a programmable, regulation conform means of payment. We give an overview of current solutions that differ in their fundamental values and technological possibilities, like e.g. private-issued stablecoins, DLT-issued electronic money and genuine cryptocurrencies. Based on this analysis, we present the concept of justified trust and propose to combine the strengths of the crypto based, decentralized trustless elements with established and well regulated means of payment, based on this concept, via a secure external re-balancing interface. Combining the advantages, e.g. lightweight, trustless, efficient high frequency micro state transfers on the one hand, and ease of use, widely spread, accepted alignment to a multitude of regulative requirements, on the other hand, while neither leading into a lock-in in any of the proposed solutions, nor undermining the basic principles of the crypto-movement or unnecessarily reinforcing the banking system provides a synergy and the necessary flexibility for further evolution alongside the regulative framework. This offers a regulation conform transitional solution that can be implemented in the short term, which enables companies to place their decentralized business operations in a regulated environment. The contribution of our work is twofold: First, we illustrate and discuss different DLT-operable means of payment. Second, our research proposes a novel hybrid payment solution by interfacing trustless with justified trust combined generalized state channels.}, howpublished = {arXiv, Nr. 2007.01605}, keywords = {}, pubstate = {published}, tppubtype = {misc} } Open technologies, decentralized computation and intelligent applications enable the third-generation web, Web 3.0, thereby digitizing whole industries. The emerging Economy of Things (EoT) will be based on software agents running on peer-to-peer trustless networks that require a programmable, regulation conform means of payment. We give an overview of current solutions that differ in their fundamental values and technological possibilities, like e.g. private-issued stablecoins, DLT-issued electronic money and genuine cryptocurrencies. Based on this analysis, we present the concept of justified trust and propose to combine the strengths of the crypto based, decentralized trustless elements with established and well regulated means of payment, based on this concept, via a secure external re-balancing interface. Combining the advantages, e.g. lightweight, trustless, efficient high frequency micro state transfers on the one hand, and ease of use, widely spread, accepted alignment to a multitude of regulative requirements, on the other hand, while neither leading into a lock-in in any of the proposed solutions, nor undermining the basic principles of the crypto-movement or unnecessarily reinforcing the banking system provides a synergy and the necessary flexibility for further evolution alongside the regulative framework. This offers a regulation conform transitional solution that can be implemented in the short term, which enables companies to place their decentralized business operations in a regulated environment. The contribution of our work is twofold: First, we illustrate and discuss different DLT-operable means of payment. Second, our research proposes a novel hybrid payment solution by interfacing trustless with justified trust combined generalized state channels. |
Aumayr, Lukas; Ersoy, Oguzhan; Erwig, Andreas; Faust, Sebastian; Hostáková, Kristina; Maffei, Matteo; Moreno-Sanchez, Pedro; Riahi, Siavash Bitcoin-Compatible Virtual Channels Miscellaneous Cryptology ePrint Archive, Report 2020/554, 2020. @misc{cryptoeprint:2020:554, title = {Bitcoin-Compatible Virtual Channels}, author = {Lukas Aumayr and Oguzhan Ersoy and Andreas Erwig and Sebastian Faust and Kristina Hostáková and Matteo Maffei and Pedro Moreno-Sanchez and Siavash Riahi}, url = {https://eprint.iacr.org/2020/554}, year = {2020}, date = {2020-05-12}, abstract = {Current permissionless cryptocurrencies such as Bitcoin suffer from a limited transaction rate and slow confirmation time, which hinders their large scale adoption. Payment channels are one of the most promising solutions to address these problems, as they allow two end-points of the channel to perform arbitrarily many payments in a peer-to-peer fashion while uploading only two transactions on the blockchain. This concept has been generalized into payment-channel networks where a path of payment channels is used to settle the payment between two users that might not share a channel between them. However, this approach requires the active involvement of each user in the path, making the system less reliable (they might be offline), more expensive (they charge fees per payment) and slower (intermediaries need to be actively involved in the payment). To mitigate this issue, recent work has introduced the concept of virtual channels, which involve intermediaries only in the initial creation of a bridge between payer and payee, who can later on independently perform arbitrarily many off-chain transactions. Unfortunately, existing constructions are only available for Ethereum, as they rely on its account model and Turing-complete scripting language. The realization of virtual channels in other blockchain technologies with limited scripting capabilities, like Bitcoin, was considered so far an open challenge. In this work, we present the first virtual channel protocols that are built on the UTXO-model and require a script language supporting only a digital signature scheme and a timelock functionality, being thus backwards compatible with virtually every cryptocurrency, including Bitcoin. We formalize the security properties of virtual channels as an ideal functionality in the Universal Composability framework, and prove that our protocol constitutes a secure realization thereof. We have prototyped and evaluated our protocol on the Bitcoin blockchain, demonstrating its efficiency: for n sequential payments, they require an off-chain exchange of 11+2⋅(n−1) transactions or a total of 4219+695⋅(n−1) bytes, with no on-chain footprint in the optimistic case. }, howpublished = {Cryptology ePrint Archive, Report 2020/554}, keywords = {}, pubstate = {published}, tppubtype = {misc} } Current permissionless cryptocurrencies such as Bitcoin suffer from a limited transaction rate and slow confirmation time, which hinders their large scale adoption. Payment channels are one of the most promising solutions to address these problems, as they allow two end-points of the channel to perform arbitrarily many payments in a peer-to-peer fashion while uploading only two transactions on the blockchain. This concept has been generalized into payment-channel networks where a path of payment channels is used to settle the payment between two users that might not share a channel between them. However, this approach requires the active involvement of each user in the path, making the system less reliable (they might be offline), more expensive (they charge fees per payment) and slower (intermediaries need to be actively involved in the payment). To mitigate this issue, recent work has introduced the concept of virtual channels, which involve intermediaries only in the initial creation of a bridge between payer and payee, who can later on independently perform arbitrarily many off-chain transactions. Unfortunately, existing constructions are only available for Ethereum, as they rely on its account model and Turing-complete scripting language. The realization of virtual channels in other blockchain technologies with limited scripting capabilities, like Bitcoin, was considered so far an open challenge. In this work, we present the first virtual channel protocols that are built on the UTXO-model and require a script language supporting only a digital signature scheme and a timelock functionality, being thus backwards compatible with virtually every cryptocurrency, including Bitcoin. We formalize the security properties of virtual channels as an ideal functionality in the Universal Composability framework, and prove that our protocol constitutes a secure realization thereof. We have prototyped and evaluated our protocol on the Bitcoin blockchain, demonstrating its efficiency: for n sequential payments, they require an off-chain exchange of 11+2⋅(n−1) transactions or a total of 4219+695⋅(n−1) bytes, with no on-chain footprint in the optimistic case. |
Tobias Kölbel, Daniel Kunz Mechanisms of intermediary platforms Miscellaneous arXiv, Nr. 2005.02111, 2020. @misc{arXiv:2005.02111, title = {Mechanisms of intermediary platforms}, author = {Tobias Kölbel, Daniel Kunz}, url = {https://arxiv.org/pdf/2005.02111 https://arxiv.org/abs/2005.02111}, year = {2020}, date = {2020-05-06}, abstract = {In the current digital age of the Internet, with ever-growing networks and data-driven business models, digital platforms and especially marketplaces are becoming increasingly important. These platforms focus primarily on digital businesses by offering services that bring together consumers and producers. Due to added value created for consumers, the profit-driven operators of these platforms Matchmakers are extremely successful and have come to dominate their respective markets. The aim of this article is to understand how Matchmakers and coordination networks gain market dominance. The following sections will take a closer look at network and coordination effects as well as intermediary platform mechanisms and entailing disadvantages for users. Considering strategic and business challenges, we suggest a possible solution and strategy to avoid dependencies on individual players in the digital economy. We present a cooperative approach towards a fair and open Economy of Things (EoT) based on decentralized technologies.}, howpublished = {arXiv, Nr. 2005.02111}, keywords = {}, pubstate = {published}, tppubtype = {misc} } In the current digital age of the Internet, with ever-growing networks and data-driven business models, digital platforms and especially marketplaces are becoming increasingly important. These platforms focus primarily on digital businesses by offering services that bring together consumers and producers. Due to added value created for consumers, the profit-driven operators of these platforms Matchmakers are extremely successful and have come to dominate their respective markets. The aim of this article is to understand how Matchmakers and coordination networks gain market dominance. The following sections will take a closer look at network and coordination effects as well as intermediary platform mechanisms and entailing disadvantages for users. Considering strategic and business challenges, we suggest a possible solution and strategy to avoid dependencies on individual players in the digital economy. We present a cooperative approach towards a fair and open Economy of Things (EoT) based on decentralized technologies. |
Aumayr, Lukas; Ersoy, Oguzhan; Erwig, Andreas; Faust, Sebastian; Hostakova, Kristina; Maffei, Matteo; Moreno-Sanchez, Pedro; Riahi, Siavash Generalized Bitcoin-Compatible Channels Miscellaneous Cryptology ePrint Archive, Report 2020/476, 2020. @misc{cryptoeprint:2020:476, title = {Generalized Bitcoin-Compatible Channels}, author = {Lukas Aumayr and Oguzhan Ersoy and Andreas Erwig and Sebastian Faust and Kristina Hostakova and Matteo Maffei and Pedro Moreno-Sanchez and Siavash Riahi}, url = {https://eprint.iacr.org/2020/476.pdf}, year = {2020}, date = {2020-04-23}, howpublished = {Cryptology ePrint Archive, Report 2020/476}, keywords = {}, pubstate = {published}, tppubtype = {misc} } |
Erwig, Andreas; Hesse, Julia; Orlt, Maximilian; Riahi, Siavash Fuzzy Asymmetric Password-Authenticated Key Exchange Inproceedings Moriai, Shiho; Wang, Huaxiong (Ed.): Advances in Cryptology - ASIACRYPT 2020 - 26th International Conference on the Theory and Application of Cryptology and Information Security, Daejeon, South Korea, December 7-11, 2020, Proceedings, Part II, pp. 761–784, Springer, 2020. @inproceedings{DBLP:conf/asiacrypt/ErwigHO020, title = {Fuzzy Asymmetric Password-Authenticated Key Exchange}, author = {Andreas Erwig and Julia Hesse and Maximilian Orlt and Siavash Riahi}, editor = {Shiho Moriai and Huaxiong Wang}, url = {https://eprint.iacr.org/2020/987.pdf}, doi = {10.1007/978-3-030-64834-3_26}, year = {2020}, date = {2020-01-01}, booktitle = {Advances in Cryptology - ASIACRYPT 2020 - 26th International Conference on the Theory and Application of Cryptology and Information Security, Daejeon, South Korea, December 7-11, 2020, Proceedings, Part II}, volume = {12492}, pages = {761--784}, publisher = {Springer}, series = {Lecture Notes in Computer Science}, keywords = {}, pubstate = {published}, tppubtype = {inproceedings} } |
Eckey, Lisa; Faust, Sebastian; Hostáková, Kristina; Roos, Stefanie Splitting Payments Locally While Routing Interdimensionally Journal Article IACR Cryptol. ePrint Arch., 2020 , pp. 555, 2020. @article{DBLP:journals/iacr/EckeyFHR20, title = {Splitting Payments Locally While Routing Interdimensionally}, author = {Lisa Eckey and Sebastian Faust and Kristina Hostáková and Stefanie Roos}, url = {https://eprint.iacr.org/2020/555.pdf}, year = {2020}, date = {2020-01-01}, journal = {IACR Cryptol. ePrint Arch.}, volume = {2020}, pages = {555}, keywords = {}, pubstate = {published}, tppubtype = {article} } |
Dziembowski, Stefan; Fabiański, Grzegorz; Faust, Sebastian; Riahi, Siavash Lower Bounds for Off-Chain Protocols: Exploring the Limits of Plasma Miscellaneous Cryptology ePrint Archive, Report 2020/175, 2020. @misc{cryptoeprint:2020:175, title = {Lower Bounds for Off-Chain Protocols: Exploring the Limits of Plasma}, author = {Stefan Dziembowski and Grzegorz Fabiański and Sebastian Faust and Siavash Riahi}, url = {https://eprint.iacr.org/2020/175.pdf}, year = {2020}, date = {2020-01-01}, howpublished = {Cryptology ePrint Archive, Report 2020/175}, keywords = {}, pubstate = {published}, tppubtype = {misc} } |
2019 |
Das, Poulami; Eckey, Lisa; Frassetto, Tommaso; Gens, David; Hostáková, Kristina; Jauernig, Patrick; Faust, Sebastian; Sadeghi, Ahmad-Reza FastKitten: Practical Smart Contracts on Bitcoin Inproceedings 28th USENIX Security Symposium, USENIX Security 2019, Santa Clara, CA, USA, August 14-16, 2019, pp. 801–818, 2019. @inproceedings{DBLP:conf/uss/0003EFGHJFS19b, title = {FastKitten: Practical Smart Contracts on Bitcoin}, author = {Poulami Das and Lisa Eckey and Tommaso Frassetto and David Gens and Kristina Hostáková and Patrick Jauernig and Sebastian Faust and Ahmad-Reza Sadeghi}, url = {https://www.usenix.org/system/files/sec19fall_das_prepub.pdf}, year = {2019}, date = {2019-01-01}, booktitle = {28th USENIX Security Symposium, USENIX Security 2019, Santa Clara, CA, USA, August 14-16, 2019}, pages = {801--818}, crossref = {DBLP:conf/uss/2019}, keywords = {}, pubstate = {published}, tppubtype = {inproceedings} } |
2023 |
EF/CF: High Performance Smart Contract Fuzzing for Exploit Generation Inproceedings IEEE EuroS&P’23, 2023. |
Putting the Online Phase on a Diet: Covert Security from Short MACs Inproceedings CT-RSA 2023, 2023. |
New Time-Memory Trade-Offs for Subset Sum - Improving ISD in Theory and Practice Inproceedings Eurocrypt 2023, 2023. |
POSE: Practical Off-chain Smart Contract Execution Inproceedings NDSS 2023, 2023. |
Enterprise Business Models Leveraging Self-Sovereign Identity: Towards a User-Empowering Me2X Economy Inproceedings Hawaii International Conference on System Sciences (HICSS), 2023. |
Requirements and Design Principles for Blockchain-enabled Matchmaking-Marketplaces in Additive Manufacturing Inproceedings Hawaii International Conference on System Sciences (HICSS), 2023. |
2022 |
Parallel Isogeny Path Finding with Limited Memory Inproceedings Isobe, Takanori; Sarkar, Santanu (Ed.): Progress in Cryptology - {INDOCRYPT} 2022 - 23rd International Conference on Cryptology in India, Kolkata, India, December 11-14, 2022, Proceedings, pp. 294–316, Springer, 2022. |
Fostering Value Co-Creation in Incumbent Firms: The Case of Bosch’s IoT Ecosystem Landscape Inproceedings International Conference on Information Systems (ICIS) 2022, 2022. |
Deterministic Wallets for Adaptor Signatures Inproceedings Atluri, Vijayalakshmi ; Di Pietro, Roberto ; Jensen, Christian D; Meng, Weizhi (Ed.): Computer Security - ESORICS 2022, pp. 487–506, Springer, 2022, ISBN: 978-3-031-17146-8. |
The Green Bitcoin - CO2 Compensation for the World’s Largest Cryptocurrency Miscellaneous Medium.com, 2022. |
Legendre PRF (Multiple) Key Attacks and the Power of Preprocessing Inproceedings 35th IEEE Computer Security Foundations Symposium, pp. 11, IEEE, 2022. |
Spotlight on DeFi Centerpieces Towards an Economic Perspective on Asset Tokenization Services Inproceedings Pacific Asia Conference on Information Systems: PACIS 2022 Proceedings, 2022. |
Prisma: A Tierless Language for Enforcing Contract-Client Protocols in Decentralized Applications (Extended Abstract) Inproceedings 36th European Conference on Object-Oriented Programming (ECOOP 2022), pp. 35:1–35:4, Schloss Dagstuhl -- Leibniz-Zentrum für Informatik, 2022, ISBN: 978-3-95977-225-9. |
Round Efficient Byzantine Agreement from VDFs Miscellaneous Cryptology ePrint Archive, Paper 2022/823, 2022. |
McEliece needs a Break -- Solving McEliece-1284 and Quasi-Cyclic-2918 with Modern ISD Inproceedings Eurocrypt 2022 , IACR, 2022. |
Prisma: A Tierless Language for Enforcing Contract-Client Protocols in Decentralized Applications (Extended Version) Miscellaneous arXiv, 2022. |
Shaping Governance in Self-Sovereign Identity Ecosystems: Towards a Cooperative Business Model Inproceedings 17th International Conference on Wirtschaftsinformatik: WI 2022 Proceedings, 2022. |
The digital euro from a geopolitical perspective: Will Europe lag behind? Technical Report Frankfurt School Blockchain Center, Digital Euro Association 2022. |
Giant or Dwarf? A Literature Review on Blockchain-enabled Marketplaces in Business Ecosystems Inproceedings WI 2022 Proceedings: 17th International Conference on Wirtschaftsinformatik, 2022. |
Decentralized Finance - A Systematic Literature Review and Research Directions Inproceedings ECIS 2022 Research Papers., SSRN, 2022. |
2021 |
Financially Backed Covert Security Inproceedings Public-Key Cryptography - (PKC) 2022 - 25th {IACR} International Conference on Practice and Theory of Public Key Cryptography, Virtual Event, May 07-11, 2021, Proceedings, 2021. |
A Faster Algorithm for Finding Closest Pairs in Hamming Metric Inproceedings Bojanczy, Mikolaj ; Chekuri, Chandra (Ed.): 41st IARCS Annual Conference on Foundations of Software Technology and Theoretical Computer Science (FSTTCS 2021), pp. 20:1–20:21, Schloss Dagstuhl -- Leibniz-Zentrum für Informatik, 2021, ISBN: 978-3-95977-215-0. |
Study: The Carbon Emissions of Bitcoin From an Investor Perspective Technical Report Frankfurt School Blockchain Center, INTAS.tech 2021. |
The Exact Security of BIP32 Wallets Inproceedings CCS ’21- Proceedings of the 2021 ACM SIGSAC Conference on Computer and Communications Security, ACM, 2021. |
On the Impossibility of Purely Algebraic Signatures Inproceedings Theory of Cryptography (TCC 2021), Springer International Publishing, 2021. |
GrandDetAuto: Detecting Malicious Nodes in Large-Scale Autonomous Networks Inproceedings 24th International Symposium on Research in Attacks, Intrusions and Defenses (RAID 2021), 2021. |
The future of payments: Programmable payments for the Internet-of-Things (IoT) Technical Report CashOnLedger Technologies GmbH, Digital Euro Association, Frankfurt School Blockchain Center, PPI AG 2021. |
Multiparty Languages: The Choreographic and Multitier Cases (Pearl) Inproceedings Moller, Anders ; Sridharan, Manu (Ed.): 35th European Conference on Object-Oriented Programming (ECOOP 2021), pp. 22:1–22:27, Schloss Dagstuhl -- Leibniz-Zentrum für Informatik, Dagstuhl, Germany, 2021, ISBN: 978-3-95977-190-0, (Distinguished Paper Award). |
DeFi-ning DeFi: Challenges & Pathway Miscellaneous arXiv eprint report arXiv:2101.05589, 2021. |
Two-Party Adaptor Signatures From Identification Schemes Miscellaneous Cryptology ePrint Archive, Report 2021/150, 2021. |
Generic Compiler for Publicly Verifiable Covert Multi-Party Computation Inproceedings Advances in Cryptology - EUROCRYPT 2021 - 40th Annual International Conference on the Theory and Applications of Cryptographic Techniques, Zagreb, Croatia, October 17-21, 2021, Proceedings, Part II, pp. 782–811, Springer, 2021. |
2020 |
iBlockchain Policy Paper: Empfehlungen und Erkenntnisse für die Politik Miscellaneous medium.com, 2020. |
Lower Bounds on the Degree of Block Ciphers Inproceedings Advances in Cryptology - ASIACRYPT 2020 - 26th International Conference on the Theory and Application of Cryptology and Information Security, 2020. |
CommiTEE: An Efficient and Secure Commit-Chain Protocol using TEEs Miscellaneous Cryptology ePrint Archive, Report 2020/1486, 2020. |
Deterministic Wallets in a Quantum World Inproceedings CCS ’20- Proceedings of the 2020 ACM SIGSAC Conference on Computer and Communications Security, ACM, 2020. |
Cost Fairness for Blockchain-Based Two-Party Exchange Protocols Inproceedings IEEE International Conference on Blockchain, Blockchain 2020, 2020. |
OptiSwap: Fast Optimistic Fair Exchange Inproceedings Proceedings of the 15th ACM Asia Conference on Computer and Communications Security, pp. 543–557, ACM, New York, NY, USA, 2020, ISBN: 9781450367509. |
Responsible Vulnerability Disclosure in Cryptocurrencies Journal Article Commun. ACM, 63 (10), pp. 62–71, 2020, ISSN: 0001-0782. |
LegIoT: Ledgered Trust Management Platform for IoT Inproceedings European Symposium on Research in Computer Security (ESORICS), 2020. |
Out of Oddity - New Cryptanalytic Techniques against Symmetric Primitives Optimized for Integrity Proof Systems Inproceedings Advances in Cryptology - CRYPTO 2020 - 40th Annual International Cryptology Conference, 2020. |
Shorter Non-interactive Zero-Knowledge Arguments and ZAPs for Algebraic Languages Inproceedings Micciancio, Daniele ; Ristenpart, Thomas (Ed.): Advances in Cryptology -- CRYPTO 2020, pp. 768–798, Springer International Publishing, 2020, ISBN: 978-3-030-56877-1. |
ETHBMC: A Bounded Model Checker for Smart Contracts Inproceedings 29th USENIX Security Symposium (USENIX Security 20), USENIX Association, Boston, MA, 2020. |
Regulation conform DLT-operable payment adapter based on trustless - justified trust combined generalized state channels Miscellaneous arXiv, Nr. 2007.01605, 2020. |
Bitcoin-Compatible Virtual Channels Miscellaneous Cryptology ePrint Archive, Report 2020/554, 2020. |
Mechanisms of intermediary platforms Miscellaneous arXiv, Nr. 2005.02111, 2020. |
Generalized Bitcoin-Compatible Channels Miscellaneous Cryptology ePrint Archive, Report 2020/476, 2020. |
Fuzzy Asymmetric Password-Authenticated Key Exchange Inproceedings Moriai, Shiho; Wang, Huaxiong (Ed.): Advances in Cryptology - ASIACRYPT 2020 - 26th International Conference on the Theory and Application of Cryptology and Information Security, Daejeon, South Korea, December 7-11, 2020, Proceedings, Part II, pp. 761–784, Springer, 2020. |
Splitting Payments Locally While Routing Interdimensionally Journal Article IACR Cryptol. ePrint Arch., 2020 , pp. 555, 2020. |
Lower Bounds for Off-Chain Protocols: Exploring the Limits of Plasma Miscellaneous Cryptology ePrint Archive, Report 2020/175, 2020. |
2019 |
FastKitten: Practical Smart Contracts on Bitcoin Inproceedings 28th USENIX Security Symposium, USENIX Security 2019, Santa Clara, CA, USA, August 14-16, 2019, pp. 801–818, 2019. |