Yuxin Zheng,Jiongjiong Mo,Jiarui Liu,Faxin Yu

DOI: https://doi.org/10.1109/icetis61828.2024.10593766

2024-01-01

Abstract:Unlike data packets governed by specific protocols, the data stream of input and output ports in signal processing blocks within chips lacks flags such as start and end, hindering individual data packet comparison during verification. A protocol-agnostic data stream verification framework based on the universal verification methodology (UVM) is proposed. Two-stage comparison is employed to match the outputs of the reference model and the design under test (DUT), enabling real-time comparison of the protocol-agnostic data stream. The stimulus generator operates independently outside the UVM environment, delivering stimuli to the DUT through a generic data interface. Featuring high-level abstraction and easy scalability, this framework is suited for complex scenarios with multi-module cascading. Finally, it facilitates the construction of a digital down converter (DDC) verification platform, and running on an Intel Core i7-8086K processor with 6 cores, achieved comparison of all module data streams in just 9 seconds. Moreover, this platform has also been extended to other different digital designs, all completing verification at a rapid pace.

Benjamin Wesolowski

DOI: https://doi.org/10.1007/s00145-020-09364-x

2020-09-09

Journal of Cryptology

Abstract:We construct a verifiable delay function (VDF). A VDF is a function whose evaluation requires running a given number of sequential steps, yet the result can be efficiently verified. They have applications in decentralised systems, such as the generation of trustworthy public randomness in a trustless environment, or resource-efficient blockchains. To construct our VDF, we actually build a trapdoor VDF. A trapdoor VDF is essentially a VDF which can be evaluated efficiently by parties who know a secret (the trapdoor). By setting up this scheme in a way that the trapdoor is unknown (not even by the party running the setup, so that there is no need for a trusted setup environment), we obtain a simple VDF. Our construction is based on groups of unknown order such as an RSA group or the class group of an imaginary quadratic field. The output of our construction is very short (the result and the proof of correctness are each a single element of the group), and the verification of correctness is very efficient.

computer science, theory & methods,engineering, electrical & electronic,mathematics, applied

Yunhua He,Yigang Yang,Chao Wang,Anke Xie,Li Ma,Bin Wu,Yongdong Wu

DOI: https://doi.org/10.1016/j.dcan.2024.03.003

IF: 6.348

2024-03-01

Digital Communications and Networks

Abstract:The wide application of smart contracts allows industry companies to implement some complex distributed collaborative businesses, which involve the calculation of complex functions, such as matrix operations. However, complex functions such as matrix operations are difficult to implement on Ethereum Virtual Machine (EVM)-based smart contract platforms due to their distributed security environment limitations. Existing off-chain methods often result in a significant reduction in contract execution efficiency, thus a platform software development kit interface implementation method has become a feasible way to reduce overheads, but this method cannot verify operation correctness and may leak sensitive user data. To solve the above problems, we propose a verifiable EVM-based smart contract cross-language implementation scheme for complex operations, especially matrix operations, which can guarantee operation correctness and user privacy while ensuring computational efficiency. In this scheme, a verifiable interaction process is designed to verify the computation process and results, and a matrix blinding technology is introduced to protect sensitive user data in the calculation process. The security analysis and performance tests show that the proposed scheme can satisfy the correctness and privacy of the cross-language implementation of smart contracts at a small additional efficiency cost.

telecommunications

Pourya Soltani,Farid Ashtiani

2024-09-17

Abstract:Proto-Danksharding, proposed in Ethereum Improvement Proposal 4844 (EIP-4844), aims to incrementally improve the scalability of the Ethereum blockchain by introducing a new type of transaction known as blob-carrying transactions. These transactions incorporate binary large objects (blobs) of data that are stored off-chain but referenced and verified on-chain to ensure data availability. By decoupling data availability from transaction execution, Proto-Danksharding alleviates network congestion and reduces gas fees, laying the groundwork for future, more advanced sharding solutions. This letter provides an analytical model to derive the delay for these new transactions. We model the system as an $\mathrm{M/D}^B/1$ queue which we then find its steady state distribution through embedding a Markov chain and use of supplementary variable method. We show that transactions with more blobs but less frequent impose higher delays on the system compared to lower blobs but more frequent.

Distributed, Parallel, and Cluster Computing

Souvik Sur

DOI: https://doi.org/10.48550/arXiv.2112.05997

2021-12-11

Cryptography and Security

Abstract:A Verifiable Delay Function (VDF) is a function that takes a specified sequential time to be evaluated, but can be efficiently verified. VDFs are useful in several applications ranging from randomness beacons to sustainable blockchains but are really rare in practice. Most of the VDFs are based on algebraic assumptions like time-lock puzzle in unknown group orders [6, 8] and isogenies over pairing groups [4]. The number of modulo squaring required for verification in the time-lock puzzle based VDFs are proportional to their security parameter. This paper proposes a verifiable delay function that requires only 2- modulo squaring for verification. So the sequential effort required for verification is independent of the security parameter.

Jason Teutsch,Christian Reitwießner

DOI: https://doi.org/10.48550/arXiv.1908.04756

2019-08-12

Cryptography and Security

Abstract:Bitcoin and Ethereum, whose miners arguably collectively comprise the most powerful computational resource in the history of mankind, offer no more power for processing and verifying transactions than a typical smart phone. The system described herein bypasses this bottleneck and brings scalable computation to Ethereum. Our new system consists of a financial incentive layer atop a dispute resolution layer where the latter takes form of a versatile "verification game." In addition to secure outsourced computation, immediate applications include decentralized mining pools whose operator is an Ethereum smart contract, a cryptocurrency with scalable transaction throughput, and a trustless means for transferring currency between disjoint cryptocurrency systems.

Bo Gao,Siyuan Shen,Ling Shi,Jiaying Li,Jun Sun,Lei Bu

DOI: https://doi.org/10.1109/apsec53868.2021.00034

2021-01-01

Abstract:Smart contracts are computerized transaction protocols built on top of blockchain networks. Users are charged with fees, a.k.a. gas in Ethereum, when they create, deploy or execute smart contracts. Since smart contracts may contain vulnerabilities which may result in huge financial loss, developers and smart contract compilers often insert codes for security checks. The trouble is that those codes consume gas every time they are executed. Many of the inserted codes are however redundant. In this work, we present sOptimize, a tool that optimizes smart contract gas consumption automatically without compromising functionality or security. sOptimize works on smart contract bytecode, statically identifies 3 kinds of code patterns, and further removes them through verification-assisted techniques. The resulting code is guaranteed to be equivalent to the original one and can be directly deployed on blockchain. We evaluate sOptimize on a collection of 1,152 real-world smart contracts and show that it optimizes 43% of them, and the reduction on gas consumption is about 2.0% while in deployment and 1.2% in transactions, the amount can be as high as 954,201 gas units per contract.

Christos Patsonakis,Katerina Samari,Aggelos Kiayias,Mema Roussopoulos

DOI: https://doi.org/10.1109/DAPPCON.2019.00022

2019-02-03

Abstract:Public key infrastructures (PKIs) are one of the main building blocks for securing communications over the Internet. Currently, PKIs are under the control of centralized authorities, which is problematic as evidenced by numerous incidents where they have been compromised. The distributed, fault tolerant log of transactions provided by blockchains and more recently, smart contract platforms, constitutes a powerful tool for the decentralization of PKIs. To verify the validity of identity records, blockchain-based identity systems store on chain either all identity records, or, a small (or even constant) sized amount of data to verify identity records stored off chain. However, as most of these systems have never been implemented, there is little information regarding the practical implications of each design's tradeoffs. In this work, we first implement and evaluate the only provably secure, smart contract based PKI of [1] on top of Ethereum. This construction incurs constant-sized storage at the expense of computational complexity. To explore this tradeoff, we propose and implement a second construction which, eliminates the need for trusted setup, preserves the security properties of [1] and, as illustrated through our evaluation, is the only version with constant-sized state that can be deployed on the live chain of Ethereum. Furthermore, we compare these two systems with the simple approach of most prior works, e.g., the Ethereum Name Service, where all identity records are stored on the smart contract's state, to illustrate several shortcomings of Ethereum and its cost model. We propose several modifications for fine tuning the model, which would be useful to be considered for any smart contract platform like Ethereum so that it reaches its full potential to support arbitrary distributed applications.

Distributed, Parallel, and Cluster Computing

Emrah Sariboz,Kartick Kolachala,Gaurav Panwar,Roopa Vishwanathan,Satyajayant Misra

DOI: https://doi.org/10.48550/arXiv.2104.09569

2021-04-25

Abstract:We propose a novel framework for off-chain execution and verification of computationally-intensive smart contracts. Our framework is the first solution that avoids duplication of computing effort across multiple contractors, does not require trusted execution environments, supports computations that do not have deterministic results, and supports general-purpose computations written in a high-level language. Our experiments reveal that some intensive applications may require as much as 141 million gas, approximately 71x more than the current block gas limit for computation in Ethereum today, and can be avoided by utilizing the proposed framework.

Cryptography and Security

Maher Alharby,Roben Castagna Lunardi,Amjad Aldweesh,Aad van Moorsel

DOI: https://doi.org/10.48550/arXiv.2004.12768

2020-04-27

Abstract:In proof-of-work based blockchains such as Ethereum, verification of blocks is an integral part of establishing consensus across nodes. However, in Ethereum, miners do not receive a reward for verifying. This implies that miners face the Verifier's Dilemma: use resources for verification, or use them for the more lucrative mining of new blocks? We provide an extensive analysis of the Verifier's Dilemma, using a data-driven model-based approach that combines closed-form expressions, machine learning techniques and discrete-event simulation. We collect data from over 300,000 smart contracts and experimentally obtain their CPU execution times. Gaussian Mixture Models and Random Forest Regression transform the data into distributions and inputs suitable for the simulator. We show that, indeed, it is often economically rational not to verify. We consider two approaches to mitigate the implications of the Verifier's Dilemma, namely parallelization and active insertion of invalid blocks, both will be shown to be effective.

Cryptography and Security,Computer Science and Game Theory,Performance

Xiaofei He,Xinyu Yang,Rui Li,Qingyu Yang

DOI: https://doi.org/10.1007/978-3-642-39701-1_8

2013-01-01

Abstract:Smart measurement devices play an important role in smart grid and might always be connected through open network interfaces. In this scenario, the adversary could launch code injection attacks to compromise these measurement devices and gain benefits by these compromised devices. To deal with this issue, a number of attestation schemes have been designed to defense the malicious attacks in the past. However, because the detection methods of these schemes are based on extra CPU clock cycles, they could be ineffective when the network delivery delay is significant. To address this problem, in this paper we propose a novel Delay-resilient Remote Memory Attestation scheme (DRMA), which can eliminate the impact of network delivery delay in the multi-hop networks and achieve great accuracy on compromised measurement devices detection. Specially, without sending beacon packets periodically, the proposed scheme can not only get the real-time end-to-end delay via evaluating the time difference reported by the relay nodes in the challenge-response attestation process, but also reduce the network load and achieve great accuracy of network delay. Via extensive theoretical analysis and experiments, our scheme shows better performance and less computing overhead in comparison with existing schemes.

Jing Chen,Samuel McCauley,Shikha Singh

DOI: https://doi.org/10.1007/978-3-319-99660-8_14

2018-01-01

Abstract:As modern computing moves towards smaller devices and powerful cloud platforms, more and more computation is being delegated to powerful service providers. Interactive proofs are a widely-used model to design efficient protocols for verifiable computation delegation. Rational proofs are payment-based interactive proofs. The payments are designed to incentivize the provers to give correct answers. If the provers misreport the answer then they incur a payment loss of at least 1/u, where u is the utility gap of the protocol. In this work, we tightly characterize the power of rational proofs that are super efficient, that is, require only logarithmic time and communication for verification. We also characterize the power of single-round rational protocols that require only logarithmic space and randomness for verification. Our protocols have strong (that is, polynomial, logarithmic, and even constant) utility gap. Finally, we show when and how rational protocols can be converted to give the completeness and soundness guarantees of classical interactive proofs.

Luca Zulberti,Pietro Nannipieri,Sergio Saponara,Luca Fanucci,Stefano Di Di Matteo

DOI: https://doi.org/10.3390/electronics11223704

IF: 2.9

2022-11-13

Electronics

Abstract:Digital designs complexity has exponentially increased in the last decades. Heterogeneous Systems-on-Chip integrate many different hardware components which require a reliable and scalable verification environment. The effort to set up such environments has increased as well and plays a significant role in digital design projects, taking more than 50% of the total project time. Several solutions have been developed with the goal of automating this task, integrating various steps of the Very Large Scale Integration design flow, but without addressing the exploration of the design space on both the software and hardware sides. Early in the co-design phase, designers break down the system into hardware and software parts taking into account different choices to explore the design space. This work describes the use of a framework for automating the verification of such choices, considering both hardware and software development flows. The framework automates compilation of software, cycle-true simulations and analyses on synthesised netlists. It accelerates the design space exploration exploiting the GNU Make tool, and we focus on ensuring consistency of results and providing a mechanism to obtain reproducibility of the design flow. In design teams, the last feature increases cooperation and knowledge sharing from single expert to the whole team. Using flow recipes, designers can configure various third-party tools integrated into the modular structure of the framework, and make workflow execution customisable. We demonstrate how the developed framework can be used to speed up the setup of the evaluation flow of an Elliptic-Curve-Cryptography accelerator, performing post-synthesis analyses. The framework can be easily configured taking approximately 30 min, instead of few days, to build up an environment to assess the accelerator performance and its resistance to simple power analysis side-channel attacks.

engineering, electrical & electronic,computer science, information systems,physics, applied

Sunbeom So,Myungho Lee,Jisu Park,Heejo Lee,Hakjoo Oh

DOI: https://doi.org/10.48550/arXiv.1908.11227

2019-08-30

Abstract:We present VeriSmart, a highly precise verifier for ensuring arithmetic safety of Ethereum smart contracts. Writing safe smart contracts without unintended behavior is critically important because smart contracts are immutable and even a single flaw can cause huge financial damage. In particular, ensuring that arithmetic operations are safe is one of the most important and common security concerns of Ethereum smart contracts nowadays. In response, several safety analyzers have been proposed over the past few years, but state-of-the-art is still unsatisfactory; no existing tools achieve high precision and recall at the same time, inherently limited to producing annoying false alarms or missing critical bugs. By contrast, VeriSmart aims for an uncompromising analyzer that performs exhaustive verification without compromising precision or scalability, thereby greatly reducing the burden of manually checking undiscovered or incorrectly-reported issues. To achieve this goal, we present a new domain-specific algorithm for verifying smart contracts, which is able to automatically discover and leverage transaction invariants that are essential for precisely analyzing smart contracts. Evaluation with real-world smart contracts shows that VeriSmart can detect all arithmetic bugs with a negligible number of false alarms, far outperforming existing analyzers.

Programming Languages,Cryptography and Security

Jieyi Long

DOI: https://doi.org/10.48550/arXiv.1908.06394

2021-07-20

Abstract:This paper presents a new consensus protocol based on verifiable delay function. First, we introduce the concept of verifiable delay puzzle (VDP), which resembles the hashing puzzle used in the PoW mechanism but can only be solved sequentially. We then present a VDP implementation based on the continuous verifiable delay function. Further, we show that VDP can be combined with the Nakamoto consensus in a proof-of-stake/proof-of-delay hybrid protocol. We analyze the persistence and liveness of the protocol, and show that compared to PoW, our proposal consumes much less energy; compared to BFT leader-election based consensus algorithms, our proposal achieves better resistance to long-range attacks and DoS attacks targeting the block proposers.

Distributed, Parallel, and Cluster Computing

Zheng Yang,Hang Lei

DOI: https://doi.org/10.23940/ijpe.18.08.p9.17261734

2018-01-01

Abstract:This paper reports on the development and verification of a novel formal symbolic process virtual machine (FSPVM) for verifying the reliability and security of Ethereum smart contracts, denoted as FSPVM-E, completely in Coq proof assistant. It adopts execution-verification isomorphism (EVI), an extension of Curry-Howard isomorphism (CHI), as its fundamental theoretical framework. The current version of FSPVM-E is constructed on a general, extensible, and reusable formal memory (GERM) framework, an extensible and universal formal intermediate programming language Lolisa, which is a large subset of the Solidity programming language using generalized algebraic datatypes, and the corresponding formally verified interpreter of Lolisa, denoted as FEther. It supports the ERC20 standard and can automatically simultaneously symbolically execute the smart contract programs of Ethereum and verify their reliability and security properties using Hoare logic in Coq. In addition, this work, contributes to solving the problems of automation, inconsistency and reusability in higher-order logic theorem proving.

Sepideh Avizheh,Mahmudun Nabi,Reihaneh Safavi-Naini

DOI: https://doi.org/10.1109/tdsc.2024.3372848

2024-01-01

IEEE Transactions on Dependable and Secure Computing

Abstract:Outsourcing computation enables a weak client to expand its computational power as the need arises. A basic requirement of outsourcing computation is the guarantee that the computation result is correct. Cryptographic solutions that provide verifiability for the computation result when the computation is outsourced to a single server, are complex and fragile. We consider the intuitive approach of verifiable computation, called verifiable computation by replication, when the computation is replicated on multiple servers, and a referee decides the result of the final computation using the outputs of all servers. We consider the case when a smart contact is used as the referee. We propose a security model in the Universal Composability (UC) framework of Canetti, and design a 2-server and an n-server protocol with proved security in our model. Our protocols build on the Refereed Delegation of Computation (RDoC) framework of Canetti, Riva, and Rothblum, underline the challenges of using a smart contract as a referee, and address those challenges in the designed protocols. We give the efficiency analysis of the protocols, provide a proof of concept implementation for our protocols using Ethereum smart contact, and give concrete cost values for an example computation.

computer science, information systems, software engineering, hardware & architecture

Michael Pacheco,Gustavo A. Oliva,Gopi Krishnan Rajbahadur,Ahmed E. Hassan

DOI: https://doi.org/10.48550/arXiv.2206.08959

2022-06-18

Abstract:Ethereum is one of the most popular platforms for the development of blockchain-powered applications. These applications are known as Dapps. When engineering Dapps, developers need to translate requests captured in the front-end of their application into one or more smart contract transactions. Developers need to pay for these transactions and, the more they pay (i.e., the higher the gas price), the faster the transaction is likely to be processed. Therefore developers need to optimize the balance between cost (transaction fees) and user experience (transaction processing times). Online services have been developed to provide transaction issuers (e.g., Dapp developers) with an estimate of how long transactions will take to be processed given a certain gas price. These estimation services are crucial in the Ethereum domain and several popular wallets such as Metamask rely on them. However, their accuracy has not been empirically investigated so far. In this paper, we quantify the transaction processing times in Ethereum, investigate the relationship between processing times and gas prices, and determine the accuracy of state-of-the-practice estimation services. We find that transactions are processed in a median of 57s and that 90% of the transactions are processed within 8m. The higher gas prices result in faster transaction processing times with diminishing returns. In particular, we observe no practical difference in processing time between expensive and very expensive transactions. In terms of accuracy of processing time estimation services, we note that they are equivalent. However, when stratifying transactions by gas prices, Etherscan's Gas Tracker is the most accurate estimation service for very cheap and cheap transaction. EthGasStation's Gas Price API, in turn, is the most accurate estimation service for regular, expensive, and very expensive transactions.

Software Engineering

Ting Chen,Xiaoqi Li,Ying Wang,Jiachi Chen,Zihao Li,Xiapu Luo,Man Ho Au,Xiaosong Zhang

DOI: https://doi.org/10.1007/978-3-319-72359-4_1

2017-01-01

Abstract:The gas mechanism in Ethereum charges the execution of every operation to ensure that smart contracts running in EVM (Ethereum Virtual Machine) will be eventually terminated. Failing to properly set the gas costs of EVM operations allows attackers to launch DoS attacks on Ethereum. Although Ethereum recently adjusted the gas costs of EVM operations to defend against known DoS attacks, it remains unknown whether the new setting is proper and how to configure it to defend against unknown DoS attacks. In this paper, we make the first step to address this challenging issue by first proposing an emulation-based framework to automatically measure the resource consumptions of EVM operations. The results reveal that Ethereum's new setting is still not proper. Moreover, we obtain an insight that there may always exist exploitable under-priced operations if the cost is fixed. Hence, we propose a novel gas cost mechanism, which dynamically adjusts the costs of EVM operations according to the number of executions, to thwart DoS attacks. This method punishes the operations that are executed much more frequently than before and lead to high gas costs. To make our solution flexible and secure and avoid frequent update of Ethereum client, we design a special smart contract that collaborates with the updated EVM for dynamic parameter adjustment. Experimental results demonstrate that our method can effectively thwart both known and unknown DoS attacks with flexible parameter settings. Moreover, our method only introduces negligible additional gas consumption for benign users.

Jean-Guillaume Dumas,Aude Maignan,Clément Pernet,Daniel S. Roche

DOI: https://doi.org/10.48550/arXiv.2110.02022

2023-03-13

Abstract:Proofs of Retrievability are protocols which allow a Client to store data remotely and to efficiently ensure, via audits, that the entirety of that data is still intact. Dynamic Proofs of Retrievability (DPoR) also support efficient retrieval and update of any small portion of the <a class="link-external link-http" href="http://data.We" rel="external noopener nofollow">this http URL</a> propose a novel protocol for arbitrary outsourced data storage that achieves both low remote storage size and audit complexity.A key ingredient, that can be also of intrinsic interest, reduces to efficiently evaluating a secret polynomial at given public points, when the (encrypted) polynomial is stored on an untrusted <a class="link-external link-http" href="http://Server.The" rel="external noopener nofollow">this http URL</a> Server performs the evaluations and also returns associated certificates. A Client can check that the evaluations are correct using the certificates and some pre-computed keys, more efficiently than re-evaluating the <a class="link-external link-http" href="http://polynomial.Our" rel="external noopener nofollow">this http URL</a> protocols support two important features: the polynomial itself can be encrypted on the Server, and it can be dynamically updated by changing individual coefficients cheaply without redoing the entire <a class="link-external link-http" href="http://setup.Our" rel="external noopener nofollow">this http URL</a> methods rely on linearly homomorphic encryption and pairings, and our implementation shows good performance for polynomial evaluations with millions of coefficients, and efficient DPoR with terabytes of <a class="link-external link-http" href="http://data.For" rel="external noopener nofollow">this http URL</a> instance, for a 1TB database, compared to the state of art, we can reduce the Client storage by 5000x, communication size by 20x, and client-side audit time by 2x, at the cost of one order of magnitude increase in server-side audit time.

Cryptography and Security,Symbolic Computation