Kota Chin,Keita Emura,Kazumasa Omote

DOI: https://doi.org/10.48550/arXiv.2309.03480

2023-09-07

Cryptography and Security

Abstract:Account abstraction allows a contract wallet to initiate transaction execution. Thus, account abstraction is useful for preserving the privacy of externally owned accounts (EOAs) because it can remove a transaction issued from an EOA to the contract wallet and hides who issued the transaction by additionally employing anonymous authentication procedures such as ring signatures. However, unconditional anonymity is undesirable in practice because it prevents to reveal who is accountable for a problem when it arises. Thus, maintaining a balancing between anonymity and accountability is important. In this paper, we propose an anonymous yet accountable contract wallet system. In addition to account abstraction, the proposed system also utilizes accountable ring signatures (Bootle et al., ESORICS 2015). The proposed system provides (1) anonymity of a transaction issuer that hides who agreed with running the contract wallet, and (2) accountability of the issuer, which allows the issuer to prove they agreed with running the contract wallet. Moreover, due to a security requirement of accountable ring signatures, the transaction issuer cannot claim that someone else issued the transaction. This functionality allows us to clarify the accountability involved in issuing a transaction. In addition, the proposed system allows an issuer to employ a typical signature scheme, e.g., ECDSA, together with the ring signature scheme. This functionality can be considered an extension of the common multi-signatures that require a certain number of ECDSA signatures to run a contract wallet. The proposed system was implemented using zkSync (Solidity). We discuss several potential applications of the proposed system, i.e., medical information sharing and asset management.

Peng Qian,Zhenguang Liu,Xun Wang,Jianhai Chen,Bei Wang,Roger Zimmermann

DOI: https://doi.org/10.1109/ccis48116.2019.9073733

2019-01-01

Abstract:The protection of digital resource copyrights has drawn extensive public concern in the past decade. Traditional methods, however, fail to satisfy the requirements due to their poor timeliness, frequent infringement, and cumbersome in rights confirmation, etc. In this paper, we investigate and design a novel approach for cross-platform digital resource rights confirmation and infringement tracking based on smart contracts. We utilize smart contracts to realize rights transactions and protection. As another contribution, we propose to establish fine-grained digital resource rights, which are divided into ownership and usufruct. For tracking infringement acts, we invoke smart contracts to extract the rights transfer chain for resources. Furthermore, we reveal the source of resource leakage by embedding digital watermarks when distributing the resources. By combining resource rights transfer chain and digital watermarking, we can effectively achieve digital resource rights confirmation and infringement tracking. Extensive experiments show the effectiveness of our proposed method.

Hongxin Zhang,Xin Zou,Guanghuan Xie,Zhuo Li

DOI: https://doi.org/10.1007/978-981-19-8877-6_3

2022-01-01

Abstract:In order to avoid the risk of theft and loss of the private key of the blockchain wallet, a novel secure and stable blockchain multi-party signature system combining software and hardware is proposed. First, at the software level, multi-party key management method is adopted to divide the blockchain wallet key into multiple fragments for multi-point storage. Threshold signature technology is adopted to provide key escrow and retrieval services. Then a cold wallet for storing keys is designed at the hardware level. In order to avoid the risk of being attacked by hackers through network contact, a visible light communication method based on Quick Response Code is proposed. The Base45 coding scheme is adopted to improve the coding efficiency of QR Code, and the GG18 multi-party signature process is optimized. Finally, this paper analyzes the security of visible light communication, and verifies the efficiency of this method by experiments.

Han Luo,Moumita Das,Jun Wang,Jack C.P. Cheng

DOI: https://doi.org/10.22260/isarc2019/0168

2019-01-01

Abstract:Construction Payment Automation through Smart Contract-based Blockchain Framework Han Luo, Moumita Das, Jun Wang and Jack C.P. Cheng Pages 1254-1260 (2019 Proceedings of the 36th ISARC, Banff, Canada, ISBN 978-952-69524-0-6, ISSN 2413-5844) Abstract: A construction contract facilitates payments through the supply chain by integrating people, activities, and events throughout the project period through obligations, permissions, and prohibitions in its terms and conditions. The management of payments is a manual process and is more difficult in the case of construction projects as different stakeholders at different levels of the project organizational structure are bound by different contracts. Moreover, payments are strongly affected by the lack of clarity in the definitions of the obligations, responsibilities, and liabilities of various stakeholders in construction contracts. This intensifies disputes and causes delays in construction payments leading to additional expenditure, cash flow problems, and lack of trust. Therefore, to address these problems, we propose a methodology to automate construction payments by formalizing them into smart contracts and executing on a decentralized blockchain based framework. We formalize the payment logic that binds the prohibitions and liabilities associated with financial commitments, such as interim payments on completion of tasks in a construction project, and convert it into a computer-executable code. A framework based on blockchain is used to host this smart contract and to automate actions such as the triggering of payments after achieving consensus among the relevant project stakeholders. This framework also address the conditions required for the security of information in construction projects, such as confidentiality and information integrity in a multi-party environment. The proposed framework is demonstrated through a case-based scenario. Keywords: Blockchain; Smart Contracts; Construction Projects; Interim Payments DOI: https://doi.org/10.22260/ISARC2019/0168 Download fulltext Download BibTex Download Endnote (RIS) TeX Import to Mendeley

Qianwen Wei,Shujun Li,Wei Li,Hong Li,Mingsheng Wang

DOI: https://doi.org/10.1007/978-3-030-23597-0_29

2019-01-01

Abstract:In Bitcoin, the knowledge of private key equals to the ownership of bitcoin, which occurs two problems: the first problem is that the private key must be kept properly, and the second one is that once the private key is given, it can't be taken back, hence the bitcoin system can only implement the transfer function. In this paper, we first propose a new digital signature algorithm and use it to design an online wallet, which can help the user derive the signature without obtaining the user's private key. Secondly, using our proposed online wallet, we extend the application of private key so that the cryptocurrency system can implement the authorization function. In more detail, we define a new primitive that we call decentralized hierarchical authorized payment scheme (DHAP scheme). We next propose a concrete instantiation and prove its correctness. Finally, we analyze the security and usability of our scheme. For security, we prove our scheme to be secure under the random oracle model. For usability, we examine its performance and compare it with bitcoin's performance.

Ivan Homoliak,Dominik Breitenbacher,Ondrej Hujnak,Pieter Hartel,Alexander Binder,Pawel Szalachowski

DOI: https://doi.org/10.1145/3419614.3423257

2023-12-01

Abstract:With the recent rise of cryptocurrencies' popularity, the security and management of crypto-tokens have become critical. We have witnessed many attacks on users and providers, which have resulted in significant financial losses. To remedy these issues, several wallet solutions have been proposed. However, these solutions often lack either essential security features, usability, or do not allow users to customize their spending rules. In this paper, we propose SmartOTPs, a smart-contract wallet framework that gives a flexible, usable, and secure way of managing crypto-tokens in a self-sovereign fashion. The proposed framework consists of four components (i.e., an authenticator, a client, a hardware wallet, and a smart contract), and it provides 2-factor authentication (2FA) performed in two stages of interaction with the blockchain. To the best of our knowledge, our framework is the first one that utilizes one-time passwords (OTPs) in the setting of the public blockchain. In SmartOTPs, the OTPs are aggregated by a Merkle tree and hash chains whereby for each authentication only a short OTP (e.g., 16B-long) is transferred from the authenticator to the client. Such a novel setting enables us to make a fully air-gapped authenticator by utilizing small QR codes or a few mnemonic words, while additionally offering resilience against quantum cryptanalysis. We have made a proof-of-concept based on the Ethereum platform. Our cost analysis shows that the average cost of a transfer operation is comparable to existing 2FA solutions using smart contracts with multi-signatures.

Cryptography and Security

Zhao Zhang,Chunxiang Xu,Changsong Jiang

DOI: https://doi.org/10.1109/tsc.2024.3404372

IF: 11.019

2024-01-01

IEEE Transactions on Services Computing

Abstract:Decentralized finance (DeFi) relies on crypto assets in blockchains to provide financial services. High volatility of crypto assets puts users at risk of financial loss. Options contracts address this issue by empowering a buyer to exchange his asset with that of a seller, which mitigates risks for both parties. Existing options contract protocols have the following two weaknesses: (i) The buyer have to lock his asset during the contract's lifespan, incurring heavy opportunity costs; (ii) Turing-completed smart contract (TCSC)/hash time lock contract (HTLC) is required to exchange assets, which restricts applicability as TCSC/HTLC is supported by a limited number of blockchains. In this paper, we propose UP-BLOC, a universal and practical blockchain-based options contract. We construct UP-BLOC using a buyer-pay-first design, and propose a blockchain-based secret storage mechanism to ensure the security of the assets involved. This allows the buyer to engage in an options contract without locking any asset and resulting opportunity costs, and thus is more practical than existing works. Besides, UP-BLOC achieves the exchange of assets using standard digital signatures instead of TCSC/HTLC. Hence, UP-BLOC is compatible with all blockchains and is universal. Security analysis and performance evaluation demonstrate that UP-BLOC is secure and efficient.

Vivek Nair,Dawn Song

DOI: https://doi.org/10.1109/ICBC56567.2023.10174998

2023-06-14

Abstract:The average cryptocurrency user today faces a difficult choice between centralized custodial wallets, which are notoriously prone to spontaneous collapse, or cumbersome self-custody solutions, which if not managed properly can cause a total loss of funds. In this paper, we present a "best of both worlds" cryptocurrency wallet design that looks like, and inherits the user experience of, a centralized custodial solution, while in fact being entirely decentralized in design and implementation. In our design, private keys are not stored on any device, but are instead derived directly from a user's authentication factors, such as passwords, soft tokens (e.g., Google Authenticator), hard tokens (e.g., YubiKey), or out-of-band authentication (e.g., SMS). Public parameters (salts, one-time pads, etc.) needed to access the wallet can be safely stored in public view, such as on a public blockchain, thereby providing strong availability guarantees. Users can then simply "log in" to their decentralized wallet on any device using standard credentials and even recover from lost credentials, thereby providing the usability of a custodial wallet with the trust and security of a decentralized approach.

Cryptography and Security

Fan Zhang,Philip Daian,Iddo Bentov

2018-01-01

Abstract:Conventional (M,N )-threshold signature schemes leave users with a painful choice. SettingM = N offers maximum resistance to key compromise. With this choice, though, loss of a single key renders the signing capability unavailable, creating paralysis in systems that use signatures for access control. Lower M improves availability, but at the expense of security. For example, a (3, 3)-multisignature cryptocurrency wallet experiences access-control paralysis upon loss of a single key, but a (2, 3)-multisig allows any two players to collude and steal funds from the third. In this paper, we introduce techniques that address this impasse by making general cryptographic access structures dynamic. Our schemes permit, e.g., a (3, 3)-multisig, to be downgraded to a (2, 3)multisig if a player goes missing. This downgrading is secure in the sense that it occurs only if a player is provably unavailable. Our main tool is what we call a Paralysis Proof, evidence that players, i.e., key holders, are unavailable or incapacitated. Using Paralysis Proofs, we show how to construct a Dynamic Access Structure System, which can securely and flexibly update target access structures without a trusted third party such as a system administrator. We present DASS constructions that combine a trust anchor (a trusted execution environment or smart contract) with a censorshipresistant channel in the form of a blockchain. We offer a formal framework for specifying DASS policies, and define and show how to achieve critical security and usability properties (safety, liveness, and paralysis-freeness) in a DASS. Paralysis Proofs can help address pervasive key-management challenges in many different settings. We present DASS schemes for three important example use cases: recovery of cryptocurrency funds should players become unavailable, returning funds to users when cryptocurrency custodians fail, and remediating critical smartcontract failures such as frozen funds. We report on practical implementations for Bitcoin and Ethereum.

Zhimin Gao,Lei Xu,Keshav Kasichainula,Lin Chen,Bogdan Carbunar,Weidong Shi

DOI: https://doi.org/10.48550/arXiv.1909.06535

2019-09-14

Cryptography and Security

Abstract:Bitcoin brings a new type of digital currency that does not rely on a central system to maintain transactions. By benefiting from the concept of decentralized ledger, users who do not know or trust each other can still conduct transactions in a peer-to-peer manner. Inspired by Bitcoin, other cryptocurrencies were invented in recent years such as Ethereum, Dash, Zcash, Monero, Grin, etc. Some of these focus on enhancing privacy for instance crypto note or systems that apply the similar concept of encrypted notes used for transactions to enhance privacy (e.g., Zcash, Monero). However, there are few mechanisms to support the exchange of privacy-enhanced notes or assets on the chain, and at the same time preserving the privacy of the exchange operations. Existing approaches for fair exchanges of assets with privacy mostly rely on off-chain/side-chain, escrow or centralized services. Thus, we propose a solution that supports oblivious and privacy-protected fair exchange of crypto notes or privacy enhanced crypto assets. The technology is demonstrated by extending zero-knowledge based crypto notes. To address "privacy" and "multi-currency", we build a new zero-knowledge proving system and extend note format with new property to represent various types of tokenized assets or cryptocurrencies. By extending the payment protocol, exchange operations are realized through privacy enhanced transactions (e.g., shielded transactions). Based on the possible scenarios during the exchange operation, we add new constraints and conditions to the zero-knowledge proving system used for validating transactions publicly.

Daniele Friolo,Geoffrey Goodell,Dann Toliver,Hazem Danny Nakib

2024-10-14

Abstract:This article builds upon the protocol for digital transfers described by Goodell, Toliver, and Nakib, which combines privacy by design for consumers with strong compliance enforcement for recipients of payments and self-validating assets that carry their own verifiable provenance information. We extend the protocol to allow for the verification that reissued assets were created in accordance with rules prohibiting the creation of new assets by anyone but the issuer, without exposing information about the circumstances in which the assets were created that could be used to identify the payer. The modified protocol combines an audit log with zero-knowledge proofs, so that a consumer spending an asset can demonstrate that there exists a valid entry on the audit log that is associated with the asset, without specifying which entry it is. This property is important as a means to allow money to be reissued within the system without the involvement of system operators within the zone of control of the original issuer. Additionally, we identify a key property of privacy-respecting electronic payments, wherein the payer is not required to retain secrets arising from one transaction until the following transaction, and argue that this property is essential to framing security requirements for storage of digital assets and the risk of blackmail or coercion as a way to exfiltrate information about payment history. We claim that the design of our protocol strongly protects the anonymity of payers with respect to their payment transactions, while preventing the creation of assets by any party other than the original issuer without destroying assets of equal value.

Cryptography and Security,Computers and Society

Benedikt Bünz,Shashank Agrawal,Mahdi Zamani,Dan Boneh

DOI: https://doi.org/10.1007/978-3-030-51280-4_23

2020-01-01

Abstract:Smart contract platforms such as Ethereum and Libra provide ways to seamlessly remove trust and add transparency to various distributed applications. Yet, these platforms lack mechanisms to guarantee user privacy, even at the level of simple payments, which are essential for most smart contracts.In this paper, we propose Zether, a trustless mechanism for privacy-preserving payments in smart contract platforms. We take an account-based approach similar to Ethereum and Libra for efficiency and usability. Zether is implemented as a smart contract that keeps account balances encrypted and exposes methods to deposit, transfer, and withdraw funds to/from accounts through cryptographic proofs at only a small cost.We address several technical challenges to protect Zether against replay attacks and front-running situations and develop a mechanism to enable interoperability with arbitrary smart contracts, making applications like auctions, payment channels, and voting privacy-preserving. To make Zether efficient, we propose documentclass[12pt]{minimal}usepackage{amsmath}usepackage{wasysym}usepackage{amsfonts}usepackage{amssymb}usepackage{amsbsy}usepackage{mathrsfs}usepackage{upgreek}setlength{oddsidemargin}{-69pt}egin{document}$$varSigma $$end{document}-Bullets, a zero-knowledge proof system that is optimized for documentclass[12pt]{minimal}usepackage{amsmath}usepackage{wasysym}usepackage{amsfonts}usepackage{amssymb}usepackage{amsbsy}usepackage{mathrsfs}usepackage{upgreek}setlength{oddsidemargin}{-69pt}egin{document}$$varSigma $$end{document}-protocols. We implement Zether as an Ethereum smart contract and show its practicality by measuring the amount of gas used by the Zether contract. A Zether confidential transaction costs about 0.014 ETH or approximately $1.51 (as of early 2019), which can be drastically reduced with minor changes to Ethereum that we describe in the paper.

Emanuel Palm,Ulf Bodin,Olov Schelén

2024-08-12

Abstract:While the blockchain-based smart contract has become a hot topic of research over the last decade, not the least in the context of Industry 4.0, it now has well-known legal and technical shortcomings that currently prohibit its real-world application. These shortcomings come from (1) that a smart contract is a computer program, not a document describing legal obligations, and (2) that blockchain-based systems are complicated to use and operate. In this paper, we present a refined and extended summary of our work taking key technologies from the blockchain sphere and applying them to the ricardian contract, which is a traditional contract in digital form with machine-readable parameters. By putting the ricardian contract in the context of our contract network architecture, we facilitate the infrastructure required for contracts to be offered, negotiated, performed, renegotiated and terminated in a completely digital and automatable fashion. Our architecture circumvents the legal issues of blockchains by facilitating an artifact very much alike a traditional contract, as well as its operational complexity by requiring consensus only between nodes representing directly involved parties. To demonstrate its utility, we also present how it could be used for (1) private data purchasing, (2) treasury management, (3) order-driven manufacturing and (4) automated device on-boarding.

Software Engineering

Ulrich Gallersdörfer,Florian Matthes

DOI: https://doi.org/10.48550/arXiv.2004.14033

2020-04-29

Cryptography and Security

Abstract:Although almost all information about Smart Contract addresses is shared via websites, emails, or other forms of digital communication, Blockchains and distributed ledger technology are unable to establish secure bindings between websites and corresponding Smart Contracts. For a user, it is impossible to differentiate whether a website links to a legitimate Smart Contract set up by owners of a business or to an illicit contract aiming to steal users' funds. Surprisingly, current attempts to solve this issue mostly comprise of information redundancy, e.g., displaying contract addresses multiple times in varying forms of images and texts. These processes are burdensome, as the user is responsible for verifying the correctness of an address. More importantly, they do not address the core issue, as the contract itself does not contain information about its authenticity. To solve current issues for these applications and increase security, we propose a solution that facilitates publicly issued SSL/TLS-certificates of Fully-Qualified Domain Names (FQDN) to ensure the authenticity of Smart Contracts and their owners. Our approach combines on-chain identity assertion utilizing signatures from the respective certificate and off-chain authentication of the Smart Contract stored on the Blockchain. This approach allows to tackle the aforementioned issue and further enables applications such as the identification of consortia members in permissioned networks. The system is open and transparent, as the only requirement for usage is ownership of an SSL/TLS-certificate. To enable privacy-preserving authenticated Smart Contracts, we allow one-way and two-way binding between website and contract. Further, low creation and maintenance costs, a widely accepted public key infrastructure and user empowerment will drive potential adaption of Ethereum Authenticated Smart Contracts (AuthSC).

Yathin Kethepalli,Rony Joseph,Sai Raja Vajrala,Jashwanth Vemula,Nenavath Srinivas Naik

DOI: https://doi.org/10.48550/arXiv.2308.07309

2023-08-14

Cryptography and Security

Abstract:Crypto-wallets or digital asset wallets are a crucial aspect of managing cryptocurrencies and other digital assets such as NFTs. However, these wallets are not immune to security threats, particularly from the growing risk of quantum computing. The use of traditional public-key cryptography systems in digital asset wallets makes them vulnerable to attacks from quantum computers, which may increase in the future. Moreover, current digital wallets require users to keep track of seed-phrases, which can be challenging and lead to additional security risks. To overcome these challenges, a new algorithm is proposed that uses post-quantum cryptography (PQC) and zero-knowledge proof (ZKP) to enhance the security of digital asset wallets. The research focuses on the use of the Lattice-based Threshold Secret Sharing Scheme (LTSSS), Kyber Algorithm for key generation and ZKP for wallet unlocking, providing a more secure and user-friendly alternative to seed-phrase, brain and multi-sig protocol wallets. This algorithm also includes several innovative security features such as recovery of wallets in case of downtime of the server, and the ability to rekey the private key associated with a specific username-password combination, offering improved security and usability. The incorporation of PQC and ZKP provides a robust and comprehensive framework for securing digital assets in the present and future. This research aims to address the security challenges faced by digital asset wallets and proposes practical solutions to ensure their safety in the era of quantum computing.

Noor Sabah Mohammed,Omar Abdulrahman Dawood,Ali Makki Sagheer,Ahmed Adil Nafea

DOI: https://doi.org/10.21123/bsj.2023.8164

2023-05-20

Baghdad Science Journal

Abstract:Blockchain is an innovative technology that has gained interest in all sectors in the era of digital transformation where it manages transactions and saves them in a database. With the increasing financial transactions and the rapidly developed society with growing businesses many people looking for the dream of a better financially independent life, stray from large corporations and organizations to form startups and small businesses. Recently, the increasing demand for employees or institutes to prepare and manage contracts, papers, and the verifications process, in addition to human mistakes led to the emergence of a smart contract. The smart contract has been developed to save time and provide more confidence while dealing, as well as to cover the security aspects of digital management and to solve negotiation concerns. The smart contract was employed in creating a distributed ledger to eliminate the need for centralization. In this paper, a simple prototype has been implemented for the smart contract integrated with blockchain which is simulated in a local server with a set of nodes. Several security objectives, such as confidentiality, authorization, integrity, and non-repudiation, have been achieved in the proposed system. Besides, the paper discussed the importance of using the Blockchain technique, and how it contributed to the management of transactions in addition to how it was implemented in highly transparent real-estate scenarios. The smart contract was employed in creating a distributed ledger to eliminate the need for centralization. The elliptic-curve public key has been adopted as an alternative for the RSA in a signature generation/verification process and encryption protocol. For secure transactions, The Secure Socket Layer (SSL) also has been adopted as a secure layer in the web browser. The results have been investigated and evaluated from different aspects and the implementation was in a restricted environment. Experiments showed us the complexity of time and cost when using the (ECC) algorithm and using (RSA) algorithm depending on the size and length of the key. So if the size of the key in (ECC) equals (160) bits, and it corresponds to (1024) bits in (RSA), which is equivalent to 40% for (ECC) and 30% for (RSA). As a result, the (ECC) algorithm is complex, its key is smaller and the process of generating the key is faster, so it has achieved a high level of security.

Michael Specter,Sunoo Park,Matthew Green

DOI: https://doi.org/10.48550/arXiv.1904.06425

2019-04-13

Abstract:Email breaches are commonplace, and they expose a wealth of personal, business, and political data that may have devastating consequences. The current email system allows any attacker who gains access to your email to prove the authenticity of the stolen messages to third parties -- a property arising from a necessary anti-spam / anti-spoofing protocol called DKIM. This exacerbates the problem of email breaches by greatly increasing the potential for attackers to damage the users' reputation, blackmail them, or sell the stolen information to third parties. In this paper, we introduce "non-attributable email", which guarantees that a wide class of adversaries are unable to convince any third party of the authenticity of stolen emails. We formally define non-attributability, and present two practical system proposals -- KeyForge and TimeForge -- that provably achieve non-attributability while maintaining the important protection against spam and spoofing that is currently provided by DKIM. Moreover, we implement KeyForge and demonstrate that that scheme is practical, achieving competitive verification and signing speed while also requiring 42% less bandwidth per email than RSA2048.

Cryptography and Security,Computers and Society,Networking and Internet Architecture

Carlos Efrain Quintero-Narvaez,Raul Monroy-Borja

DOI: https://doi.org/10.48550/arXiv.2310.13618

2023-10-20

Cryptography and Security

Abstract:We present an implementation of a Web3 platform that leverages the Groth16 Zero-Knowledge Proof schema to verify the validity of questionnaire results within Smart Contracts. Our approach ensures that the answer key of the questionnaire remains undisclosed throughout the verification process, while ensuring that the evaluation is done fairly. To accomplish this, users respond to a series of questions, and their answers are encoded and securely transmitted to a hidden backend. The backend then performs an evaluation of the user's answers, generating the overall result of the questionnaire. Additionally, it generates a Zero-Knowledge Proof, attesting that the answers were appropriately evaluated against a valid set of constraints. Next, the user submits their result along with the proof to a Smart Contract, which verifies their validity and issues a non-fungible token (NFT) as an attestation of the user's test result. In this research, we implemented the Zero-Knowledge functionality using Circom 2 and deployed the Smart Contract using Solidity, thereby showcasing a practical and secure solution for questionnaire validity verification in the context of Smart Contracts.

Yimika Erinle,Yathin Kethepalli,Yebo Feng,Jiahua Xu

2023-08-04

Abstract:The rapid growth of decentralized digital currencies, enabled by blockchain technology, has ushered in a new era of peer-to-peer transactions, revolutionizing the global economy. Cryptocurrency wallets, serving as crucial endpoints for these transactions, have become increasingly prevalent. However, the escalating value and usage of these wallets also expose them to significant security risks and challenges. This research aims to comprehensively explore the security aspects of cryptocurrency wallets. It provides a taxonomy of wallet types, analyzes their design and implementation, identifies common vulnerabilities and attacks, and discusses defense mechanisms and mitigation strategies. The taxonomy covers custodial, non-custodial, hot, and cold wallets, highlighting their unique characteristics and associated security considerations. The security analysis scrutinizes the theoretical and practical aspects of wallet design, while assessing the efficacy of existing security measures and protocols. Notable wallet attacks, such as Binance, Mt. Gox are examined to understand their causes and consequences. Furthermore, the paper surveys defense mechanisms, transaction monitoring, evaluating their effectiveness in mitigating threats.

Cryptography and Security,Distributed, Parallel, and Cluster Computing

Aritra Banerjee,Michael Clear,Hitesh Tewari

DOI: https://doi.org/10.1109/brains52497.2021.9569822

2021-09-27

Abstract:Cryptocurrencies have received a lot of research attention in recent years following the release of the first cryp-tocurrency Bitcoin. With the rise in cryptocurrency transactions, the need for smart contracts has also increased. Smart contracts, in a nutshell, are digitally executed contracts wherein some parties execute a common goal. The main problem with most of the current smart contracts is that there is no privacy for a party's input to the contract from either the blockchain or the other parties. Our research builds on the Hawk project that provides transaction privacy along with support for smart contracts. However, Hawk relies on a special trusted party known as a manager, which must be trusted not to leak each party's input to the smart contract. In this paper, we present a practical private smart contract protocol that replaces the manager with an MPC protocol such that the function to be executed by the MPC protocol is relatively lightweight, involving little overhead added to the smart contract function, and uses practical sigma protocols and homomorphic commitments to prove to the blockchain that the sum of the incoming balances to the smart contract matches the sum of the outgoing balances. An extended version of the paper is available at [1].