Issue #36
Paper of the Week:
Paper Title: ContractGuard: Defend Ethereum Smart Contracts with Embedded Intrusion Detection.
TLDR:
There is currently no security tools to protect smart contracts after deployment - once being deployed on Ethereum, smart contract programs are completely exposed to the intruders. If the attack is accepted into the main chain, the loss will be irreversible. There is no second chance to fix the mistake.
Intrusion detection systems (IDS) are commonly applied as a major means of protecting deployed systems from security attack and can be classified as signature-based or anomaly-based.
A typical anomaly-based IDS monitors dynamic program behavior against normal program behavior and raises an alert when detecting an anomaly. The normal behavior is learnt through training and profiling.
This work aims to design a practical anomaly-based IDS that can protect smart contracts after deployment. When detecting abnormal behavior, the IDS will rollback all the changes to the contract states and raise an alarm to the administrators. This provides a chance to prevent the irreparable loss that the vulnerability can cause.
Unique characteristics of blockchain in general and Ethereum in particular make conventional IDS techniques inapplicable to smart contracts: (i) Ethereum is essentially a decentralized application platform and the smart contract programs are executed by mutually untrusted nodes across the whole world, (ii) Ethereum smart contracts run in a highly restrictive environment called Ethereum virtual machine (EVM), which lacks many capabilities that facilitate the implementation of conventional IDSs, and (iii) Ethereum introduces a fundamentally different performance model.
Therefore, this work proposes the first anomaly-based IDS to address these challenges. The key idea is to combine the following two tech- niques to meet the stringent requirements on the effectiveness and efficiency of IDS for smart contracts: (i) Context-tagged acyclic path profiling and (ii) Gas-efficient adaptive path set storage.
This work can scale to real life smart contract programs and effectively defends both real-life and seeded vulnerabilities.
Authors: Xinming Wang*, Jiahao He†, Zhijian Xie†, Gansen Zhao†, and Shing-Chi Cheung‡,
Affiliations: * Lakala Group, † South China Normal University, and ‡ The Hong Kong University of Science and Technology.
Security:
1. Paper Title: Sashimi: Cutting up CSI-FiSh secret keys to produce an actively secure distributed signing protocol.
Summary: The first actively secure variant of a distributed signature scheme based on isogenies.
Authors: Daniele Cozzo* and Nigel P. Smart*†,
Affiliations: * KU Leuven and † University of Bristol.
Privacy:
1. Paper Title: BlockMaze: An Efficient Privacy-Preserving Account-Model Blockchain Based on zk-SNARKs.
Summary: A privacy-preserving account-model blockchain, hiding both transaction amounts and the linkage between a transaction sender and its recipient.
Authors: Zhangshuang Guan*, Zhiguo Wan*, Yang Yang†, Yan Zhou*, and Butian Huang‡,
Affiliations: * Shandong University, † Fuzhou University, and ‡ Hangzhou Yunphant Network Technology Co. Ltd.
Scalability:
1. Paper Title: Concurrency and Privacy with Payment-Channel Networks.
Summary: This work formally defines in the Universal Composability frame- work two modes of operation for PCNs attending to how concurrent payments are handled (blocking versus non-blocking).
Authors: Giulio Malavolta, Pedro Moreno-Sanchez†, Aniket Kate†, Matteo Maffei‡, and Srivatsan Ravi§,
Affiliations: * Friedrich-Alexander-University Erlangen-Nurnberg, † Purdue University, ‡ TU Wien, and § University of Southern California.
Proofs:
No papers.
Consensus Protocols:
1. Paper Title: Consensus on Clock in Universally Composable Timing Model Clock Syncronization Protocol for Full Nodes of a Blockchain.
Summary: A generic synchronization protocol that works on top of a blockchain protocol that takes advantage of regular messaging process (e.g., blocks are sent regularly) to preserve consensus between honest parties’ clocks.
Authors: Handan Kılınc Alper*,
Affiliations: * Web3 Foundation.
2. Paper Title: An Interleaving Hybrid Consensus Protocol.
Summary: A new consensus protocol that combines the ideas of PoW and PoS, simply alternating between PoW and PoS blocks.
Authors: Yao Sun* and Aayush Rajasekaran*,
Affiliations: * The Open Application Network.
3. Paper Title: The combinatorics of the longest-chain rule: Linear consistency for proof-of-stake blockchains.
Summary: A new analysis that offers an additional, but lower order, improvement for several of PoS blockchains.
Authors: Erica Blum*, Aggelos Kiayias†✜, Cristopher Moore‡, Saad Quader§, and Alexander Russell§✜,
Affiliations: * University of Maryland, † University of Edinburgh, ‡ Santa Fe Institute § University of Connecticut, and ✜ IOHK.
Tokenomics:
1. Paper Title: A Cryptoeconomic Traffic Analysis of Bitcoin’s Lightning Network.
Summary: This work analyzes Lightning Network, Bitcoin’s payment channel network from a network scientific and cryptoeconomic point of view.
Authors: Ferenc Beres*, Istvan A. Seres†, and Andras A. Benczur*‡,
Affiliations: * SZTAKI, † Eötvös University, and ‡ Széchenyi University.
2. Paper Title: Anarchy, State, and Blockchain Utopia: Rule of Law versus Lex Cryptographia.
Summary: This article aims to explain why blockchain raises new legal challenges that have a significant impact in terms of fundamental rights and discusses how, in the absence of Rule of Law enforceability, users can protect their fundamental rights through/on blockchain.
Authors: Thibault Schrepel*,
Affiliations: * Harvard Law School.
Upcoming Conferences:
Feb 10-14 - Financial Cryptography and Data Security 2020(Malaysia)
Feb 19-21 - Stanford Blockchain Conference 2020 (Palo Alto)
March 07-08 - Cryptoeconomic Systems Conference 2020 by MIT Press (Boston)
April 13-16 - The 2nd IEEE International Conference on Decentralized Applications and Infrastructures (IEEE DAPPS 2020) (Oxford)
Past Conferences’ Videos:
Jobs:
“Significant research in the blockchain space is constantly being achieved by academic researchers. Unfortunately, a lot of this research is overlooked due to the massive numbers of papers being generated and the way they are being promoted and published. We’ve put together a categorized list of academic papers that can guide our subscribers and keep them up to date.”
Thanks for reading! If we missed anything, shoot us an email so that we can feature it in our next newsletter!
This newsletter is for informational purposes only. This content does not in any way constitute an offer or solicitation of an offer to buy or sell any investment solution or recommendation to buy or sell a security; nor it is to be taken as legal, business, investment, or tax advice. In fact, none of the information in this or other content on zk Capital should be relied on in any manner as advice. None of the authors, contributors, or anyone else connected with zk Capital, in any way whatsoever, can be responsible for your use of the information contained in this newsletter.