Hao Bu,Meng Sun

DOI: https://doi.org/10.1007/978-3-030-63406-3_17

2020-01-01

Abstract:The Nervos CKB (Common Knowledge Base) is the base layer of a new kind of blockchain. The CKB block synchronization protocol provides a set of rules that participating nodes must obey while synchronizing their blocks. This protocol mainly consists of three parts: connecting header, downloading block and accepting block. In this paper, we model the CKB block synchronization protocol in Coq and verify the correctness of the protocol. Our model takes the communication between nodes and the reliability of implementation into consideration to reflect a more realistic environment faced by the blockchain. We prove the soundness and the completeness of the protocol under several reliability and consistency assumptions. We also prove that without some of these assumptions, the protocol may fail to guarantee the correctness of block synchronization. Our formal verification can ensure the security of the protocol and provide ways to prevent potential attacks.

Meng Sun,Yuteng Lu,Yichun Feng,Qi Zhang,Shaoying Liu

DOI: https://doi.org/10.3390/math9222954

IF: 2.4

2021-01-01

Mathematics

Abstract:The Nervos CKB (Common Knowledge Base) is a public permissionless blockchain designed for the Nervos ecosystem. The CKB consensus protocol is the key protocol of the Nervos CKB, which improves the limit of the consensus's performance for Bitcoin. In this paper, we developed the formal model of the CKB consensus protocol using timed automata. Based on the model, we formally verified various important properties of the Nervos CKB to provide a sufficient trustworthiness assurance. Especially, the security of the Nervos CKB against the selfish mining attacks to the protocol was investigated.

Yi-Chun Feng,Yuteng Lu,Meng Sun

DOI: https://doi.org/10.18293/seke2021-072

2021-01-01

Abstract:The Nervos CKB (Common Knowledge Base) is a public permissionless blockchain designed for a peer-to-peer crypto-economy network.The CKB Consensus Protocol is a key part of the Nervos CKB blockchain that improves the Consensus's performance limit of Bitcoin.In this paper, we develop a formal model of the CKB Consensus Protocol and verify some important properties of the protocol using the UPPAAL model checker.Based on the formal model, the reliability of CKB Consensus Protocol can be guaranteed.

Jianhong Zhao,Yongwang Zhao,Peisen Yao,Fanlang Zeng,Bohua Zhan,Kui Ren

2024-05-01

Abstract:Complex safety-critical systems require multiple models for a comprehensive description, resulting in error-prone development and laborious verification. Bidirectional transformation (BX) is an approach to automatically synchronizing these models. However, existing BX frameworks lack formal verification to enforce these models' consistency rigorously. This paper introduces KBX, a formal bidirectional transformation framework for verified model synchronization. First, we present a matching logic-based BX model, providing a logical foundation for constructing BX definitions within the $\mathbb{K}$ framework. Second, we propose algorithms to synthesize formal BX definitions from unidirectional ones, which allows developers to focus on crafting the unidirectional definitions while disregarding the reverse direction and missing information recovery for synchronization. Afterward, we harness $\mathbb{K}$ to generate a formal synchronizer from the synthesized definitions for consistency maintenance and verification. To evaluate the effectiveness of KBX, we conduct a comparative analysis against existing BX frameworks. Furthermore, we demonstrate the application of KBX in constructing a BX between UML and HCSP for real-world scenarios, showcasing an 82.8\% reduction in BX development effort compared to manual specification writing in $\mathbb{K}$.

Software Engineering

Andrew C. Yao,Moti Yung,Yunlei Zhao

DOI: https://doi.org/10.1007/s00145-014-9191-z

2014-01-01

Journal of Cryptology

Abstract:Knowledge extraction is a fundamental notion, modeling machine possession of values (witnesses) in a computational complexity sense and enabling one to argue about the internal state of a party in a protocol without probing its internal secret state. However, when transactions are concurrent (e.g., over the Internet) with players possessing public-keys (as is common in cryptography), assuring that entities "know" what they claim to know, where adversaries may be well coordinated across different transactions, turns out to be much more subtle and in need of re-examination. Here, we investigate how to formally treat knowledge possession by parties (with registered public-keys) interacting over the Internet. Stated more technically, we look into the relative power of the notion of "concurrent knowledge-extraction" (CKE) in the concurrent zero-knowledge (CZK) bare public-key (BPK) model where statements being proven can be dynamically and adaptively chosen by the prover.We show the potential vulnerability of man-in-the-middle (MIM) attacks turn out to be a real security threat to existing natural protocols running concurrently in the public-key model, which motivates us to introduce and formalize the notion of CKE, alone with clarifications of various subtleties. Then, both generic (based on standard polynomial assumptions), and efficient (employing complexity leveraging in a novel way) implementations for NP are presented for constant-round (in particular, round-optimal) concurrently knowledge-extractable concurrent zero-knowledge (CZK-CKE) arguments in the BPK model. The efficient implementation can be further practically instantiated for specific number-theoretic language.

Steven Cao,Swanand Kadhe,Kannan Ramchandran

DOI: https://doi.org/10.48550/arXiv.2010.00217

2020-10-01

Abstract:Validating a blockchain incurs heavy computation, communication, and storage costs. As a result, clients with limited resources, called light nodes, cannot verify transactions independently and must trust full nodes, making them vulnerable to security attacks. Motivated by this problem, we ask a fundamental question: can light nodes securely validate without any full nodes? We answer affirmatively by proposing CoVer, a decentralized protocol that allows a group of light nodes to collaboratively verify blocks even under a dishonest majority, achieving the same level of security for block validation as full nodes while only requiring a fraction of the work. In particular, work per node scales down proportionally with the number of participants (up to a log factor), resulting in computation, communication, and storage requirements that are sublinear in block size. Our main contributions are light-node-only protocols for fraud proofs and data availability.

Cryptography and Security

Nathalie Bertrand,Pranav Ghorpade,Sasha Rubin,Bernhard Scholz,Pavle Subotic

2024-07-02

Abstract:DAG-based consensus protocols are being adoption by blockchain companies to decrease energy footprints and improve security. A DAG-based consensus protocol collaboratively constructs a partial order of blocks of transactions and produces linearly ordered blocks. The ubiquity and strategic importance of blockchains call for formal proof of the correctness of key components, namely, consensus protocols. This paper presents a safety-proven formal specification of two DAG-based protocols. Our specification highlights several dissemination, DAG construction, and ordering variations that can be combined to express the two protocols. The formalization requires a refinement approach for modeling the consensus. In an abstract model, we first show the safety of DAG-based consensus on leader blocks and then further refine the specification to encompass all blocks for all processes. The TLA+ specification for a given protocol consists of 492-732 lines, and the proof system TLAPS verifies 2025-2294 obligations in 6-8 minutes.

Logic in Computer Science,Distributed, Parallel, and Cluster Computing,Software Engineering

Wei Liu,Jian Weng,Bingsheng Zhang,Kai He,Junjie Huang

DOI: https://doi.org/10.1016/j.ins.2022.09.026

IF: 8.1

2022-01-01

Information Sciences

Abstract:Non-interactive zero-knowledge (NIZK) proof systems are very useful for statement verification without interaction in cryptography; they entail just one message, called the proof, that convinces the verifier of the truth of the statement without leaking any extra information. Many NIZK proof systems are related to quadratic residuosity languages and follow three main steps. First, the prover and the verifier sample a common reference string (CRS) in some particular form. Second, the prover proves that n is a Blum integer (BL , n = p 1 t 1 · p 2 t 2, where p 1 and p 2 are different primes both congruent to 3 modulo 4, and t 1 and t 2 are odd). Third, various statements (e.g., NQR n , OR n , AND n , T ( k , t ), and 3 SAT) can be proven by the prover based on the properties of BL . In this study, we improve the NIZK proof system for n ∈ BL based on the special distribution of the square roots modulo n and embed this proof in the third step. Moreover, we show that the CRS can be sampled more efficiently using the improved process.

Wei Yao,Fadi P.Deek,Renita Murimi,Guiling Wang

DOI: https://doi.org/10.1109/ACCESS.2023.3298675

2023-09-27

Abstract:Consensus algorithms are central to blockchain technology and an emerging research area. In this paper, we begin with an overview of the different types and architectures of blockchain networks. Then, with a focus on consortium blockchains, we survey, classify, and assess their principal consensus mechanisms. Furthermore, as consensus mechanisms determine network reliability, enhance performance efficiency, and ensure system security, we conduct a critical analysis of the strengths and weaknesses of consensus algorithms using a taxonomy of three different criteria: reliability, performance, and security. We conclude with insights into current and future research challenges and opportunities in this domain.

Data Structures and Algorithms,Distributed, Parallel, and Cluster Computing

Kaylash Chaudhary,Ansgar Fehnker,Jaco van de Pol,Marielle Stoelinga

DOI: https://doi.org/10.4204/EPTCS.196.5

2015-11-13

Abstract:Bitcoin is a popular digital currency for online payments, realized as a decentralized peer-to-peer electronic cash system. Bitcoin keeps a ledger of all transactions; the majority of the participants decides on the correct ledger. Since there is no trusted third party to guard against double spending, and inspired by its popularity, we would like to investigate the correctness of the Bitcoin protocol. Double spending is an important threat to electronic payment systems. Double spending would happen if one user could force a majority to believe that a ledger without his previous payment is the correct one. We are interested in the probability of success of such a double spending attack, which is linked to the computational power of the attacker. This paper examines the Bitcoin protocol and provides its formalization as an UPPAAL model. The model will be used to show how double spending can be done if the parties in the Bitcoin protocol behave maliciously, and with what probability double spending occurs.

Logic in Computer Science,Cryptography and Security

Ivan Fedotov,Anton Khritankov,Artem Barger

DOI: https://doi.org/10.48550/arXiv.2112.02397

2021-12-04

Cryptography and Security

Abstract:Blockchain technology and related frameworks have recently received extensive attention. Blockchain systems use multi-party consensus protocols to reach agreements on transactions. Hyperledger Fabric framework exposes a multi-party consensus, based on endorsement policy protocol, to reach a consensus on a transaction. In this paper, we define a problem of verification of a blockchain multi-party consensus with probabilistic properties. Further, we propose a verification technique of endorsement policies using statistical model checking and hypothesis testing. We analyze several aspects of the policies, including the ability to assign weights to organizations and the refusal probabilities of organizations. We demonstrate on experiments the work of our verification technique and how one can use experimental results to make the model satisfiable the specification. One can use our technique to design enterprise applications with the Hyperledger Fabric framework.

Beom-Heyn Kim

DOI: https://doi.org/10.3390/electronics13061153

IF: 2.9

2024-03-21

Electronics

Abstract:Many cloud services are relying on distributed key-value stores such as ZooKeeper, Cassandra, HBase, etc. However, distributed key-value stores are notoriously difficult to design and implement without any mistakes. Because data consistency is the contract for clients that defines what the correct values to read are for a given history of operations under a specific consistency model, consistency violations can confuse client applications by showing invalid values. As a result, serious consequences such as data loss, data corruption, and unexpected behavior of client applications can occur. Software bugs are one of main reasons why consistency violations may occur. Formal verification techniques may be used to make designs correct and minimize the risks of having bugs in the implementation. However, formal verification is not a panacea due to limitations such as the cost of verification, inability to verify existing implementations, and human errors involved. Implementation-level model checking has been heavily explored by researchers for the past decades to formally verify whether the underlying implementation of distributed systems have bugs or not. Nevertheless, previous proposals are limited because their invariant checking is not versatile enough to check for the wide spectrum of consistency models, from eventual consistency to strong consistency. In this work, consistency oracles are employed for consistency invariant checking that can be used by implementation-level model checkers to formally verify data consistency model implementations of distributed key-value stores. To integrate consistency oracles with implementation-level distributed system model checkers, the partial-order information obtained via API is leveraged to avoid the exhaustive search during consistency invariant checking. Our evaluation results show that, by using the proposed method for consistency invariant checking, our prototype model checker, VConMC, can detect consistency violations caused by several real-world software bugs in a well-known distributed key-value store, ZooKeeper.

engineering, electrical & electronic,computer science, information systems,physics, applied

Yuanliang Chen,Fuchen Ma,Yuanhang Zhou,Yu Jiang,Ting Chen,Jiaguang Sun

DOI: https://doi.org/10.1109/sp46215.2023.10179386

2023-01-01

Abstract:Blockchain is a decentralized distributed system on which a large number of financial applications have been deployed. The consensus process in it plays an important role, which guarantees that legal transactions on the chain can be executed and recorded fairly and consistently. However, because of Consensus Failure Bugs (CFBs), many blockchain systems do not provide even this basic guarantee. The validity and consistency of blockchain systems rely on the soundness of complex consensus logic implementation. Any bugs which cause the blockchain consensus failure can be crucial. In this work, we introduce Tyr, an open-source tool for detecting CFBs in blockchain systems with a large number of abnormal divergent consensus behaviors. First, we design four oracle detectors to monitor the behaviors of nodes and analyze the violation of consensus properties. To trigger these oracles effectively, Tyr harnesses a behavior divergent model to constantly generate consensus messages and make nodes behave as differently as possible. We implemented and evaluated Tyr on six widely used commercial blockchain consensus systems, including IBM Fabric, WeBank FISCO-BCOS, ConsenSys Quorum, Facebook Diem, Go-Ethereum, and EOS. Compared with the state-of-the-art tools Peach, Fluffy, and Twins, Tyr covers 27.3%, 228.2%, and 297.1% more branches, respectively. Furthermore, Tyr has detected 20 serious previously unknown vulnerabilities, all of which have been repaired by the corresponding maintainers.

Xiangyu Luo,Kaile Su,Ming Gu,Lijun Wu,Jinji Yang

DOI: https://doi.org/10.1007/978-3-642-20674-0_8

2010-01-01

Abstract:The importance of anonymity has increased over the past few years in many applications. Herbivore is a distributed anonymous communication system, providing private file sharing and messaging over the Internet. In this paper, we utilize MCTK to model the round protocol of the Herbivore system and verify the anonymity and other knowledge properties that the protocol should provide, where MCTK is an OBDD-based symbolic model checker for temporal logic of knowledge developed by us, under the semantics of interpreted systems with local propositions. We model the round protocol of the Herbivore system in MCTK under the assumption that all agents have perfect recall of all observations. We implement the round protocol of the Herbivore system in MCTK and another epistemic model checker MCK. The encouraging experimental results show the validity of our MCTK.

Leifeng He,Guanjun Liu

DOI: https://doi.org/10.1109/TCSS.2022.3164052

2020-12-18

Abstract:Computation Tree Logic of Knowledge (CTLK) can specify many design requirements of privacy and security of multi-agent systems (MAS). In our conference paper, we defined Knowledge-oriented Petri Nets (KPN) to model MAS and proposed Reachability Graphs with Equivalence Relations (RGER) to verify CTLK. In this paper, we use the technique of Ordered Binary Decision Diagrams (OBDD) to encode RGER in order to alleviate the state explosion problem and enhance the verification efficiency. We propose a heuristic method to order those variables in OBDD, which can well improve the time and space performance of producing, encoding and exploring a huge state space. More importantly, our method does not produce and encode any transition or equivalence relation of states when producing and encoding an RGER, and in fact it dynamically produces those transition or equivalence relations that are required in the verification process of CTLK formulas. This policy can save a lot of time and space since the number of transition or equivalence relations of states is much greater than the number of states themselves. We design symbolic model checking algorithms, develop a tool and apply them to two famous examples: Alice-Bob Protocol and Dining Cryptographers Protocol. We compare our tool with MCMAS which is the state-of-the-art model checker of verifying CTLK. The experimental results illustrate the advantages of our model and method. Our tool running in a general PC can totally spend less than 14 hours to verify Dining Cryptographers Protocol with 1200 concurrent cryptographers where there are about $10^{1080}$ states and the two verified CTLK formulas have more than 6000 atomic propositions and more than 3600 operators. These good performances are owed to a combination of the OBDD technique and the structure characteristics of KPN.

Software Engineering

Rajagopal Nagarajan,Simon Gay

DOI: https://doi.org/10.48550/arXiv.quant-ph/0203086

2002-03-18

Abstract:We propose to analyse quantum protocols by applying formal verification techniques developed in classical computing for the analysis of communicating concurrent systems. One area of successful application of these techniques is that of classical security protocols, exemplified by Lowe's discovery and fix of a flaw in the well-known Needham-Schroeder authentication protocol. Secure quantum cryptographic protocols are also notoriously difficult to design. Quantum cryptography is therefore an interesting target for formal verification, and provides our first example; we expect the approach to be transferable to more general quantum information processing scenarios. The example we use is the quantum key distribution protocol proposed by Bennett and Brassard, commonly referred to as BB84. We present a model of the protocol in the process calculus CCS and the results of some initial analyses using the Concurrency Workbench of the New Century (CWB-NC).

Quantum Physics

Marta Misiaszek-Schreyner,Miriam Kosik,Mirek Sopek

2023-08-31

Abstract:We explore the potential of Time-Bin Conference Key Agreement (TB CKA) protocol as a means to achieve consensus among multiple parties. We provide an explanation of the underlying physical implementation, i.e. TB CKA fundamentals and illustrate how this process can be seen as a natural realization of the global common coin primitive. Next, we present how TB CKA could be embodied in classical consensus algorithms to create hybrid classical-quantum solutions to the Byzantine Agreement problem.

Cryptography and Security,Quantum Physics

Song Gao,Bohua Zhan,Zhilin Wu,Lijun Zhang

DOI: https://doi.org/10.1109/DSN58291.2024.00047

2024-09-26

Abstract:Randomized fault-tolerant consensus protocols with common coins are widely used in cloud computing and blockchain platforms. Due to their fundamental role, it is vital to guarantee their correctness. Threshold automata is a formal model designed for the verification of fault-tolerant consensus protocols. It has recently been extended to probabilistic threshold automata (PTAs) to verify randomized fault-tolerant consensus protocols. Nevertheless, PTA can only model randomized consensus protocols with local coins. In this work, we extend PTA to verify randomized fault-tolerant consensus protocols with common coins. Our main idea is to add a process to simulate the common coin (the so-called common-coin process). Although the addition of the common-coin process destroys the symmetry and poses technical challenges, we show how PTA can be adapted to overcome the challenges. We apply our approach to verify the agreement, validity and almost-sure termination properties of 8 randomized consensus protocols with common coins.

Distributed, Parallel, and Cluster Computing,Formal Languages and Automata Theory

Mohit Tekriwal,Avi Tachna-Fram,Jean-Baptiste Jeannin,Manos Kapritsos,Dimitra Panagou

2024-01-31

Abstract:Distributed architectures are used to improve performance and reliability of various systems. Examples include drone swarms and load-balancing servers. An important capability of a distributed architecture is the ability to reach consensus among all its nodes. Several consensus algorithms have been proposed, and many of these algorithms come with intricate proofs of correctness, that are not mechanically checked. In the controls community, algorithms often achieve consensus asymptotically, e.g., for problems such as the design of human control systems, or the analysis of natural systems like bird flocking. This is in contrast to exact consensus algorithm such as Paxos, which have received much more recent attention in the formal methods community. This paper presents the first formal proof of an asymptotic consensus algorithm, and addresses various challenges in its formalization. Using the Coq proof assistant, we verify the correctness of a widely used consensus algorithm in the distributed controls community, the Weighted-Mean Subsequence Reduced (W-MSR) algorithm. We formalize the necessary and sufficient conditions required to achieve resilient asymptotic consensus under the assumed attacker model. During the formalization, we clarify several imprecisions in the paper proof, including an imprecision on quantifiers in the main theorem.

Programming Languages,Optimization and Control

Dexi Wang,Yu Jiang,Houbing Song,Fei He,Ming Gu,Jiaguang Sun

DOI: https://doi.org/10.1109/access.2017.2697918

IF: 3.9

2017-01-01

IEEE Access

Abstract:Cryptographic hash functions have become the basis of modern network computing for identity authorization and secure computing; protocol consistency of cryptographic hash functions is one of the most important properties that affect the security and correctness of cryptographic implementations, and protocol consistency should be well proven before being applied in practice. Software verification has seen substantial application in safety-critical areas and has shown the ability to deliver better quality assurance for modern software; thus, applying software verification to a protocol consistency proof for cryptographic hash functions is a reasonable approach to prove their correctness. Verification of protocol consistency of cryptographic hash functions includes modeling of the cryptographic protocol and program analysis of the cryptographic implementation; these require a dedicated cryptographic implementation model that preserves the semantics of the code, efficient analysis of cryptographic operations on arrays and bits, and the ability to verify large-scale implementations. In this paper, we propose a fully automatic software verification framework, VeriHash, that brings software verification to protocol consistency proofs for cryptographic hash function implementations. It solves the above challenges by introducing a novel cryptographic model design for modeling the semantics of cryptographic hash function implementations, extended array theories for analysis of operations, and compositional verification for scalability. We evaluated our verification framework on two SHA-3 cryptographic hash function implementations: the winner of the NIST SHA-3 competition, Keccack; and an open-source hash program, RHash. We successfully verified the core parts of the two implementations and reproduced a bug in the published edition of RHash.