-
FIRST: FrontrunnIng Resilient Smart ConTracts
Authors:
Emrah Sariboz,
Gaurav Panwar,
Roopa Vishwanathan,
Satyajayant Misra
Abstract:
Owing to the meteoric rise in the usage of cryptocurrencies, there has been a widespread adaptation of traditional financial applications such as lending, borrowing, margin trading, and more, to the cryptocurrency realm. In some cases, the inherently transparent and unregulated nature of cryptocurrencies leads to attacks on users of these applications. One such attack is frontrunning, where a mali…
▽ More
Owing to the meteoric rise in the usage of cryptocurrencies, there has been a widespread adaptation of traditional financial applications such as lending, borrowing, margin trading, and more, to the cryptocurrency realm. In some cases, the inherently transparent and unregulated nature of cryptocurrencies leads to attacks on users of these applications. One such attack is frontrunning, where a malicious entity leverages the knowledge of currently unprocessed financial transactions submitted by users and attempts to get its own transaction(s) executed ahead of the unprocessed ones. The consequences of this can be financial loss, inaccurate transactions, and even exposure to more attacks. We propose FIRST, a framework that prevents frontrunning attacks, and is built using cryptographic protocols including verifiable delay functions and aggregate signatures. In our design, we have a federated setup for generating the public parameters of the VDF, thus removing the need for a single trusted setup. We formally analyze FIRST, prove its security using the Universal Composability framework and experimentally demonstrate the effectiveness of FIRST.
△ Less
Submitted 24 April, 2024; v1 submitted 2 April, 2022;
originally announced April 2022.
-
Off-chain Execution and Verification of Computationally Intensive Smart Contracts
Authors:
Emrah Sariboz,
Kartick Kolachala,
Gaurav Panwar,
Roopa Vishwanathan,
Satyajayant Misra
Abstract:
We propose a novel framework for off-chain execution and verification of computationally-intensive smart contracts. Our framework is the first solution that avoids duplication of computing effort across multiple contractors, does not require trusted execution environments, supports computations that do not have deterministic results, and supports general-purpose computations written in a high-leve…
▽ More
We propose a novel framework for off-chain execution and verification of computationally-intensive smart contracts. Our framework is the first solution that avoids duplication of computing effort across multiple contractors, does not require trusted execution environments, supports computations that do not have deterministic results, and supports general-purpose computations written in a high-level language. Our experiments reveal that some intensive applications may require as much as 141 million gas, approximately 71x more than the current block gas limit for computation in Ethereum today, and can be avoided by utilizing the proposed framework.
△ Less
Submitted 25 April, 2021; v1 submitted 19 April, 2021;
originally announced April 2021.
-
Security, Privacy, and Access Control in Information-Centric Networking: A Survey
Authors:
Reza Tourani,
Travis Mick,
Satyajayant Misra,
Gaurav Panwar
Abstract:
Information-Centric Networking (ICN) is a new networking paradigm, which replaces the widely used host-centric networking paradigm in communication networks (e.g., Internet, mobile ad hoc networks) with an information-centric paradigm, which prioritizes the delivery of named content, oblivious of the contents origin. Content and client security are more intrinsic in the ICN paradigm versus the cur…
▽ More
Information-Centric Networking (ICN) is a new networking paradigm, which replaces the widely used host-centric networking paradigm in communication networks (e.g., Internet, mobile ad hoc networks) with an information-centric paradigm, which prioritizes the delivery of named content, oblivious of the contents origin. Content and client security are more intrinsic in the ICN paradigm versus the current host centric paradigm where they have been instrumented as an after thought. By design, the ICN paradigm inherently supports several security and privacy features, such as provenance and identity privacy, which are still not effectively available in the host-centric paradigm. However, given its nascency, the ICN paradigm has several open security and privacy concerns, some that existed in the old paradigm, and some new and unique. In this article, we survey the existing literature in security and privacy research sub-space in ICN. More specifically, we explore three broad areas: security threats, privacy risks, and access control enforcement mechanisms.
We present the underlying principle of the existing works, discuss the drawbacks of the proposed approaches, and explore potential future research directions. In the broad area of security, we review attack scenarios, such as denial of service, cache pollution, and content poisoning. In the broad area of privacy, we discuss user privacy and anonymity, name and signature privacy, and content privacy. ICN's feature of ubiquitous caching introduces a major challenge for access control enforcement that requires special attention. In this broad area, we review existing access control mechanisms including encryption-based, attribute-based, session-based, and proxy re-encryption-based access control schemes. We conclude the survey with lessons learned and scope for future work.
△ Less
Submitted 1 June, 2017; v1 submitted 10 March, 2016;
originally announced March 2016.