Dates are inconsistent

Dates are inconsistent

300 results sorted by ID

2024/1844 (PDF) Last updated: 2024-11-10
KLaPoTi: An asymptotically efficient isogeny group action from 2-dimensional isogenies
Lorenz Panny, Christophe Petit, Miha Stopar
Public-key cryptography

We construct and implement an efficient post-quantum commutative cryptographic group action based on combining the SCALLOP framework for group actions from isogenies of oriented elliptic curves on one hand with the recent Clapoti method for polynomial-time evaluation of the CM group action on elliptic curves on the other. We take advantage of the very attractive performance of $(2^e, 2^e)$-isogenies between products of elliptic curves in the theta coordinate system. To successfully apply...

2024/1834 (PDF) Last updated: 2024-11-08
Scutum: Temporal Verification for Cross-Rollup Bridges via Goal-Driven Reduction
Yanju Chen, Juson Xia, Bo Wen, Kyle Charbonnet, Hongbo Wen, Hanzhi Liu, Yu Feng
Implementation

Scalability remains a key challenge for blockchain adoption. Rollups—especially zero-knowledge (ZK) and optimistic rollups—address this by processing transactions off-chain while maintaining Ethereum’s security, thus reducing gas fees and improving speeds. Cross-rollup bridges like Orbiter Finance enable seamless asset transfers across various Layer 2 (L2) rollups and between L2 and Layer 1 (L1) chains. However, the increasing reliance on these bridges raises significant security concerns,...

2024/1830 (PDF) Last updated: 2024-11-07
A Tight Analysis of GHOST Consistency
Peter Gaži, Zahra Motaqy, Alexander Russell
Cryptographic protocols

The GHOST protocol has been proposed as an improvement to the Nakamoto consensus mechanism that underlies Bitcoin. In contrast to the Nakamoto fork-choice rule, the GHOST rule justifies selection of a chain with weights computed over subtrees rather than individual paths. This mechanism has been adopted by a variety of consensus protocols, and is a part of the currently deployed protocol supporting Ethereum. We establish an exact characterization of the security region of the GHOST...

2024/1797 (PDF) Last updated: 2024-11-03
FLock: Robust and Privacy-Preserving Federated Learning based on Practical Blockchain State Channels
Ruonan Chen, Ye Dong, Yizhong Liu, Tingyu Fan, Dawei Li, Zhenyu Guan, Jianwei Liu, Jianying Zhou
Applications

\textit{Federated Learning} (FL) is a distributed machine learning paradigm that allows multiple clients to train models collaboratively without sharing local data. Numerous works have explored security and privacy protection in FL, as well as its integration with blockchain technology. However, existing FL works still face critical issues. \romannumeral1) It is difficult to achieving \textit{poisoning robustness} and \textit{data privacy} while ensuring high \textit{model accuracy}....

2024/1732 (PDF) Last updated: 2024-10-22
Radical 2-isogenies and cryptographic hash functions in dimensions 1, 2 and 3
Sabrina Kunzweiler, Luciano Maino, Tomoki Moriya, Christophe Petit, Giacomo Pope, Damien Robert, Miha Stopar, Yan Bo Ti
Implementation

We provide explicit descriptions for radical 2-isogenies in dimensions one, two and three using theta coordinates. These formulas allow us to efficiently navigate in the corresponding isogeny graphs. As an application of this, we implement different versions of the CGL hash func- tion. Notably, the three-dimensional version is fastest, which demonstrates yet another potential of using higher dimensional isogeny graphs in cryptography.

2024/1605 (PDF) Last updated: 2024-10-09
Nebula: Efficient read-write memory and switchboard circuits for folding schemes
Arasu Arun, Srinath Setty
Foundations

Folding schemes enable prover-efficient incrementally verifiable computation (IVC), where a proof is generated step-by-step, resulting in a space-efficient prover that naturally supports continuations. These attributes make them a promising choice for proving long-running machine executions (popularly, "zkVMs"). A major problem is designing an efficient read-write memory. Another challenge is overheads incurred by unused machine instructions when incrementally proving a program execution...

2024/1592 (PDF) Last updated: 2024-10-08
DART: Distributed argument of knowledge for rough terrains
Steve Thakur
Cryptographic protocols

We describe a fully distributed KZG-based Snark instantiable with any pairing-friendly curve with a sufficiently large scalar field. In particular, the proof system is compatible with Cocks-Pinch or Brezing-Weng outer curves to the the widely used curves such as secp256k1, ED25519, BLS12-381 and BN254. This allows us to retain the fully parallelizable nature and the O(1) communication complexity of Pianist ([LXZ+23]) in conjunction with circumventing the huge overhead of non-native...

2024/1557 (PDF) Last updated: 2024-10-03
Tightly Secure Threshold Signatures over Pairing-Free Groups
Renas Bacho, Benedikt Wagner
Cryptographic protocols

Threshold signatures have been drawing lots of attention in recent years. Of particular interest are threshold signatures that are proven secure under adaptive corruptions (NIST Call 2023). Sadly, existing constructions with provable adaptive security suffer from at least one of the following drawbacks: (i) strong idealizations such as the algebraic group model (AGM), (ii) an unnatural restriction on the corruption threshold being $t/2$ where $t$ is the signing threshold, or (iii)...

2024/1520 (PDF) Last updated: 2024-09-27
On the rough order assumption in imaginary quadratic number fields
Antonio Sanso
Attacks and cryptanalysis

In this paper, we investigate the rough order assumption (\(RO_C\)) introduced by Braun, Damgård, and Orlandi at CRYPTO 23, which posits that class groups of imaginary quadratic fields with no small prime factors in their order are computationally indistinguishable from general class groups. We present a novel attack that challenges the validity of this assumption by leveraging properties of Mordell curves over the rational numbers. Specifically, we demonstrate that if the rank of the...

2024/1516 (PDF) Last updated: 2024-09-26
Practical Mempool Privacy via One-time Setup Batched Threshold Encryption
Arka Rai Choudhuri, Sanjam Garg, Guru-Vamsi Policharla, Mingyuan Wang
Cryptographic protocols

An important consideration with the growth of the DeFi ecosystem is the protection of clients who submit transactions to the system. As it currently stands, the public visibility of these transactions in the memory pool (mempool) makes them susceptible to market manipulations such as frontrunning and backrunning. More broadly, for various reasons—ranging from avoiding market manipulation to including time-sensitive information in their transactions—clients may want the contents of their...

2024/1451 (PDF) Last updated: 2024-09-17
Traffic-aware Merkle Trees for Shortening Blockchain Transaction Proofs
Avi Mizrahi, Noam Koren, Ori Rottenstreich, Yuval Cassuto
Applications

Merkle trees play a crucial role in blockchain networks in organizing network state. They allow proving a particular value of an entry in the state to a node that maintains only the root of the Merkle trees, a hash-based signature computed over the data in a hierarchical manner. Verification of particular state entries is crucial in reaching a consensus on the execution of a block where state information is required in the processing of its transactions. For instance, a payment transaction...

2024/1378 (PDF) Last updated: 2024-09-02
Practical Blind Signatures in Pairing-Free Groups
Michael Klooß, Michael Reichle, Benedikt Wagner
Public-key cryptography

Blind signatures have garnered significant attention in recent years, with several efficient constructions in the random oracle model relying on well-understood assumptions. However, this progress does not apply to pairing-free cyclic groups: fully secure constructions over cyclic groups rely on pairings, remain inefficient, or depend on the algebraic group model or strong interactive assumptions. To address this gap, Chairattana-Apirom, Tessaro, and Zhu (CTZ, Crypto 2024) proposed a new...

2024/1368 (PDF) Last updated: 2024-08-30
Tightly Secure Non-Interactive BLS Multi-Signatures
Renas Bacho, Benedikt Wagner
Public-key cryptography

Due to their simplicity, compactness, and algebraic structure, BLS signatures are among the most widely used signatures in practice. For example, used as multi-signatures, they are integral in Ethereum's proof-of-stake consensus. From the perspective of concrete security, however, BLS (multi-)signatures suffer from a security loss linear in the number of signing queries. It is well-known that this loss can not be avoided using current proof techniques. In this paper, we introduce a new...

2024/1362 (PDF) Last updated: 2024-08-29
A Documentation of Ethereum’s PeerDAS
Benedikt Wagner, Arantxa Zapico
Public-key cryptography

Data availability sampling allows clients to verify availability of data on a peer-to-peer network provided by an untrusted source. This is achieved without downloading the full data by sampling random positions of the encoded data. The long-term vision of the Ethereum community includes a comprehensive data availability protocol using polynomial commitments and tensor codes. As the next step towards this vision, an intermediate solution called PeerDAS is about to integrated, to bridge...

2024/1299 (PDF) Last updated: 2024-08-20
Permissionless Verifiable Information Dispersal (Data Availability for Bitcoin Rollups)
Ben Fisch, Arthur Lazzaretti, Zeyu Liu, Lei Yang
Cryptographic protocols

Rollups are special applications on distributed state machines (aka blockchains) for which the underlying state machine only logs, but does not execute transactions. Rollups have become a popular way to scale applications on Ethereum and there is now growing interest in running rollups on Bitcoin. Rollups scale throughput and reduce transaction costs by using auxiliary machines that have higher throughput and lower cost of executing transactions than the underlying blockchain. State updates...

2024/1189 (PDF) Last updated: 2024-08-14
The Espresso Sequencing Network: HotShot Consensus, Tiramisu Data-Availability, and Builder-Exchange
Jeb Bearer, Benedikt Bünz, Philippe Camacho, Binyi Chen, Ellie Davidson, Ben Fisch, Brendon Fish, Gus Gutoski, Fernando Krell, Chengyu Lin, Dahlia Malkhi, Kartik Nayak, Keyao Shen, Alex Xiong, Nathan Yospe, Sishan Long
Cryptographic protocols

Building a Consensus platform for shared sequencing can power an ecosystem of layer-2 solutions such as rollups which are crucial for scaling blockchains (e.g.,Ethereum). However, it drastically differs from conventional Consensus for blockchains in two key considerations: • (No) Execution: A shared sequencing platform is not responsible for pre-validating blocks nor for processing state updates. Therefore, agreement is formed on a sequence of certificates of block data-availability (DA)...

2024/1175 (PDF) Last updated: 2024-07-20
AVeCQ: Anonymous Verifiable Crowdsourcing with Worker Qualities
Vlasis Koutsos, Sankarshan Damle, Dimitrios Papadopoulos, Sujit Gujar, Dimitris Chatzopoulos
Applications

In crowdsourcing systems, requesters publish tasks, and interested workers provide answers to get rewards. Worker anonymity motivates participation since it protects their privacy. Anonymity with unlinkability is an enhanced version of anonymity because it makes it impossible to ``link'' workers across the tasks they participate in. Another core feature of crowdsourcing systems is worker quality which expresses a worker's trustworthiness and quantifies their historical performance. In this...

2024/1154 (PDF) Last updated: 2024-07-16
Blockchain Space Tokenization
Aggelos Kiayias, Elias Koutsoupias, Philip Lazos, Giorgos Panagiotakos
Cryptographic protocols

Handling congestion in blockchain systems is a fundamental problem given that the security and decentralization objectives of such systems lead to designs that compromise on (horizontal) scalability (what sometimes is referred to as the ``blockchain trilemma''). Motivated by this, we focus on the question whether it is possible to design a transaction inclusion policy for block producers that facilitates fee and delay predictability while being incentive compatible at the same time....

2024/1115 (PDF) Last updated: 2024-07-09
Public vs Private Blockchains lineage storage
Bilel Zaghdoudi, Maria Potop Butucaru
Applications

This paper reports the experimental results related to lineage event storage via smart contracts deployed on private and public blockchain. In our experiments we measure the following three metrics: the cost to deploy the storage smart contract on the blockchain, which measures the initial expenditure, typically in gas units, required to deploy the smart contract that facilitates lineage event storage, then the time and gas costs needed to store a lineage event. We investigated both single...

2024/1081 (PDF) Last updated: 2024-07-07
Practical Non-interactive Multi-signatures, and a Multi-to-Aggregate Signatures Compiler
Matthieu Rambaud, Christophe Levrat
Public-key cryptography

In a fully non-interactive multi-signature, resp. aggregate-signature scheme (fNIM, resp. fNIA), signatures issued by many signers on the same message, resp. on different messages, can be succinctly ``combined'', resp. ``aggregated''. fNIMs are used in the Ethereum consensus protocol, to produce the certificates of validity of blocks which are to be verified by billions of clients. fNIAs are used in some PBFT-like consensus protocols, such as the production version of Diem by Aptos, to...

2024/995 (PDF) Last updated: 2024-06-21
Cross-chain bridges via backwards-compatible SNARKs
Sergio Juárez, Mark Blunden, Joris Koopman, Anish Mohammed, Kapil Shenvi Pause, Steve Thakur
Applications

In recent years, SNARKs have shown great promise as a tool for building trustless bridges to connect the heterogeneous ecosystem of blockchains. Unfortunately, the parameters hardwired for many of the widely used blockchains are incongruous with the conventional SNARKs, which results in unsatisfactory performance. This bottleneck necessitates new proof systems tailored for efficiency in these environments. The primary focus of this paper is on succinct bridges from Cosmos to...

2024/968 (PDF) Last updated: 2024-06-20
Fast SNARK-based Non-Interactive Distributed Verifiable Random Function with Ethereum Compatibility
Jia Liu, Mark Manulis
Cryptographic protocols

Distributed randomness beacons (DRBs) are fundamental for various decentralised applications, such as consensus protocols, decentralised gaming and lotteries, and collective governance protocols. These applications are heavily used on modern blockchain platforms. This paper presents the so far most efficient direct construction and implementation of a non-interactive distributed verifiable random function (NI-DVRF) that is fully compatible with Ethereum. Our NI-DVRF scheme adopts...

2024/873 (PDF) Last updated: 2024-06-01
Cryptanalysis of Algebraic Verifiable Delay Functions
Alex Biryukov, Ben Fisch, Gottfried Herold, Dmitry Khovratovich, Gaëtan Leurent, María Naya-Plasencia, Benjamin Wesolowski
Attacks and cryptanalysis

Verifiable Delay Functions (VDF) are a class of cryptographic primitives aiming to guarantee a minimum computation time, even for an adversary with massive parallel computational power. They are useful in blockchain protocols, and several practical candidates have been proposed based on exponentiation in a large finite field: Sloth++, Veedo, MinRoot. The underlying assumption of these constructions is that computing an exponentiation $x^e$ requires at least $\log_2 e$ sequential...

2024/784 (PDF) Last updated: 2024-05-22
Universal Blockchain Assets
Owen Vaughan
Applications

We present a novel protocol for issuing and transferring tokens across blockchains without the need of a trusted third party or cross-chain bridge. In our scheme, the blockchain is used for double-spend protection only, while the authorisation of token transfers is performed off-chain. Due to the universality of our approach, it works in almost all blockchain settings. It can be implemented immediately on UTXO blockchains such as Bitcoin without modification, and on account-based blockchains...

2024/769 (PDF) Last updated: 2024-05-23
Time-Based Cryptography From Weaker Assumptions: Randomness Beacons, Delay Functions and More
Damiano Abram, Lawrence Roy, Mark Simkin
Foundations

The assumption that certain computations inherently require some sequential time has established itself as a powerful tool for cryptography. It allows for security and liveness guarantees in distributed protocols that are impossible to achieve with classical hardness assumptions. Unfortunately, many constructions from the realm of time-based cryptography are based on new and poorly understood hardness assumptions, which tend not to stand the test of time (cf. Leurent et al. 2023, Peikert &...

2024/768 (PDF) Last updated: 2024-05-20
The Ouroboros of ZK: Why Verifying the Verifier Unlocks Longer-Term ZK Innovation
Denis Firsov, Benjamin Livshits
Implementation

Verifying the verifier in the context of zero-knowledge proof is an essential part of ensuring the long-term integrity of the zero-knowledge ecosystem. This is vital for both zero-knowledge rollups and also other industrial applications of ZK. In addition to further minimizing the required trust and reducing the trusted computing base (TCB), having a verified verifier opens the door to decentralized proof generation by potentially untrusted parties. We outline a research program and justify...

2024/762 (PDF) Last updated: 2024-10-04
Constant-Cost Batched Partial Decryption in Threshold Encryption
Sora Suegami, Shinsaku Ashizawa, Kyohei Shibano
Cryptographic protocols

Threshold public key encryption schemes distribute secret keys among multiple parties, known as the committee, to reduce reliance on a single trusted entity. However, existing schemes face inefficiencies as the committee should perform computation and communication for decryption of each individual ciphertext. As the number of ciphertexts being decrypted per unit of time increases, this can limit the number of committee parties and their decentralization due to increased hardware...

2024/669 (PDF) Last updated: 2024-05-20
Mempool Privacy via Batched Threshold Encryption: Attacks and Defenses
Arka Rai Choudhuri, Sanjam Garg, Julien Piet, Guru-Vamsi Policharla
Cryptographic protocols

With the rising popularity of DeFi applications it is important to implement protections for regular users of these DeFi platforms against large parties with massive amounts of resources allowing them to engage in market manipulation strategies such as frontrunning/backrunning. Moreover, there are many situations (such as recovery of funds from vulnerable smart contracts) where a user may not want to reveal their transaction until it has been executed. As such, it is clear that preserving...

2024/640 (PDF) Last updated: 2024-04-26
On Proving Pairings
Andrija Novakovic, Liam Eagen
Cryptographic protocols

In this paper we explore efficient ways to prove correctness of elliptic curve pairing relations. Pairing-based cryptographic protocols such as the Groth16 and Plonk SNARKs and the BLS signature scheme are used extensively in public blockchains such as Ethereum due in large part to their small size. However the relatively high cost of pairing computation remains a practical problem for many use cases such as verification ``in circuit" inside a SNARK. This naturally arises in recursive SNARK...

2024/594 (PDF) Last updated: 2024-05-29
Greco: Fast Zero-Knowledge Proofs for Valid FHE RLWE Ciphertexts Formation
Enrico Bottazzi
Cryptographic protocols

Fully homomorphic encryption (FHE) allows for evaluating arbitrary functions over encrypted data. In Multi-party FHE applications, different parties encrypt their secret data and submit ciphertexts to a server, which, according to the application logic, performs homomorphic operations on them. For example, in a secret voting application, the tally is computed by summing up the ciphertexts encoding the votes. Valid encrypted votes are of the form $E(0)$ and $E(1)$. A malicious voter could...

2024/514 (PDF) Last updated: 2024-04-28
Zero-Knowledge Proof Vulnerability Analysis and Security Auditing
Xueyan Tang, Lingzhi Shi, Xun Wang, Kyle Charbonnet, Shixiang Tang, Shixiao Sun
Cryptographic protocols

Zero-Knowledge Proof (ZKP) technology marks a revolutionary advancement in the field of cryptography, enabling the verification of certain information ownership without revealing any specific details. This technology, with its paradoxical yet powerful characteristics, provides a solid foundation for a wide range of applications, especially in enhancing the privacy and security of blockchain technology and other cryptographic systems. As ZKP technology increasingly becomes a part of the...

2024/418 (PDF) Last updated: 2024-09-05
Atomic and Fair Data Exchange via Blockchain
Ertem Nusret Tas, István András Seres, Yinuo Zhang, Márk Melczer, Mahimna Kelkar, Joseph Bonneau, Valeria Nikolaenko
Cryptographic protocols

We introduce a blockchain Fair Data Exchange (FDE) protocol, enabling a storage server to transfer a data file to a client atomically: the client receives the file if and only if the server receives an agreed-upon payment. We put forth a new definition for a cryptographic scheme that we name verifiable encryption under committed key (VECK), and we propose two instantiations for this scheme. Our protocol relies on a blockchain to enforce the atomicity of the exchange and uses VECK to ensure...

2024/354 (PDF) Last updated: 2024-02-27
WARPfold : Wrongfield ARithmetic for Protostar folding
Lev Soukhanov
Cryptographic protocols

Inspired by range-check trick from recent Latticefold paper we construct elliptic-curve based IVC capable of simulating non-native arithmetic efficiently. We explain the general principle (which can be applied to both Protostar and Hypernova), and describe the Wrongfield ARithmetic for Protostar folding in details. Our construction supports circuits over mutilple non-native fields simultaneously and allows interfacing between them using range-checked elements. WARPfold...

2024/280 (PDF) Last updated: 2024-10-05
HARTS: High-Threshold, Adaptively Secure, and Robust Threshold Schnorr Signatures
Renas Bacho, Julian Loss, Gilad Stern, Benedikt Wagner
Cryptographic protocols

Threshold variants of the Schnorr signature scheme have recently been at the center of attention due to their applications to cryptocurrencies. However, existing constructions for threshold Schnorr signatures among a set of $n$ parties with corruption threshold $t_c$ suffer from at least one of the following drawbacks: (i) security only against static (i.e., non-adaptive) adversaries, (ii) cubic or higher communication cost to generate a single signature, (iii) strong synchrony assumptions...

2024/265 (PDF) Last updated: 2024-02-16
Beyond the circuit: How to Minimize Foreign Arithmetic in ZKP Circuits
Michele Orrù, George Kadianakis, Mary Maller, Greg Zaverucha
Cryptographic protocols

Zero-knowledge circuits are frequently required to prove gadgets that are not optimised for the constraint system in question. A particularly daunting task is to embed foreign arithmetic such as Boolean operations, field arithmetic, or public-key cryptography. We construct techniques for offloading foreign arithmetic from a zero-knowledge circuit including: (i) equality of discrete logarithms across different groups; (ii) scalar multiplication without requiring elliptic curve...

2024/264 (PDF) Last updated: 2024-03-13
Extractable Witness Encryption for KZG Commitments and Efficient Laconic OT
Nils Fleischhacker, Mathias Hall-Andersen, Mark Simkin
Cryptographic protocols

We present a concretely efficient and simple extractable witness encryption scheme for KZG polynomial commitments. It allows to encrypt a message towards a triple $(\mathsf{com}, \alpha, \beta)$, where $\mathsf{com}$ is a KZG commitment for some polynomial $f$. Anyone with an opening for the commitment attesting $f(\alpha) = \beta$ can decrypt, but without knowledge of a valid opening the message is computationally hidden. Our construction is simple and highly efficient. The ciphertext is...

2024/248 (PDF) Last updated: 2024-06-06
FRIDA: Data Availability Sampling from FRI
Mathias Hall-Andersen, Mark Simkin, Benedikt Wagner
Foundations

As blockchains like Ethereum continue to grow, clients with limited resources can no longer store the entire chain. Light nodes that want to use the blockchain, without verifying that it is in a good state overall, can just download the block headers without the corresponding block contents. As those light nodes may eventually need some of the block contents, they would like to ensure that they are in principle available. Data availability sampling, introduced by Bassam et al., is a...

2024/246 (PDF) Last updated: 2024-02-15
OCash: Fully Anonymous Payments between Blockchain Light Clients
Adam Blatchley Hansen, Jesper Buus Nielsen, Mark Simkin
Cryptographic protocols

We study blockchain-based provably anonymous payment systems between light clients. Such clients interact with the blockchain through full nodes, who can see what the light clients read and write. The goal of our work is to enable light clients to perform anonymous payments, while maintaining privacy even against the full nodes through which they interact with the blockchain. We formalize the problem in the universal composability model and present a provably secure solution to it. In...

2024/201 (PDF) Last updated: 2024-02-09
Breaking the decisional Diffie-Hellman problem in totally non-maximal imaginary quadratic orders
Antonio Sanso
Attacks and cryptanalysis

This paper introduces an algorithm to efficiently break the Decisional Diffie-Hellman (DDH) assumption in totally non-maximal imaginary quadratic orders, specifically when $\Delta_1 = 3$, and $f$ is non-prime with knowledge of a single factor. Inspired by Shanks and Dedekind's work on 3-Sylow groups, we generalize their observations to undermine DDH security.

2024/197 (PDF) Last updated: 2024-02-09
Alba: The Dawn of Scalable Bridges for Blockchains
Giulia Scaffino, Lukas Aumayr, Mahsa Bastankhah, Zeta Avarikioti, Matteo Maffei
Cryptographic protocols

Over the past decade, cryptocurrencies have garnered attention from academia and industry alike, fostering a diverse blockchain ecosystem and novel applications. The inception of bridges improved interoperability, enabling asset transfers across different blockchains to capitalize on their unique features. Despite their surge in popularity and the emergence of Decentralized Finance (DeFi), trustless bridge protocols remain inefficient, either relaying too much information (e.g.,...

2024/184 (PDF) Last updated: 2024-02-07
Threshold Raccoon: Practical Threshold Signatures from Standard Lattice Assumptions
Rafael del Pino, Shuichi Katsumata, Mary Maller, Fabrice Mouhartem, Thomas Prest, Markku-Juhani Saarinen
Cryptographic protocols

Threshold signatures improve both availability and security of digital signatures by splitting the signing key into $N$ shares handed out to different parties. Later on, any subset of at least $T$ parties can cooperate to produce a signature on a given message. While threshold signatures have been extensively studied in the pre-quantum setting, they remain sparse from quantum-resilient assumptions. We present the first efficient lattice-based threshold signatures with signature size 13...

2023/1948 (PDF) Last updated: 2024-04-19
PriDe CT: Towards Public Consensus, Private Transactions, and Forward Secrecy in Decentralized Payments
Yue Guo, Harish Karthikeyan, Antigoni Polychroniadou, Chaddy Huussin
Applications

Anonymous Zether, proposed by Bunz et al. (FC, 2020) and subsequently improved by Diamond (IEEE S&P, 2021) is an account-based confidential payment mechanism that works by using a smart contract to achieve privacy (i.e. identity of receivers to transactions and payloads are hidden). In this work, we look at simplifying the existing protocol while also achieving batching of transactions for multiple receivers, while ensuring consensus and forward secrecy. To the best of our knowledge, this...

2023/1915 (PDF) Last updated: 2024-04-26
Efficient Post-Quantum Secure Deterministic Threshold Wallets from Isogenies
Poulami Das, Andreas Erwig, Michael Meyer, Patrick Struck
Cryptographic protocols

Cryptocurrency networks crucially rely on digital signature schemes, which are used as an authentication mechanism for transactions. Unfortunately, most major cryptocurrencies today, including Bitcoin and Ethereum, employ signature schemes that are susceptible to quantum adversaries, i.e., an adversary with access to a quantum computer can forge signatures and thereby spend coins of honest users. In cryptocurrency networks, signature schemes are typically not executed in isolation, but...

2023/1898 (PDF) Last updated: 2023-12-10
An Empirical Study of Cross-chain Arbitrage in Decentralized Exchanges
Ori Mazor, Ori Rottenstreich
Applications

Blockchain interoperability refers to the ability of blockchains to share information with each other. Decentralized Exchanges (DEXs) are peer-to-peer marketplaces where traders can exchange cryptocurrencies. Several studies have focused on arbitrage analysis within a single blockchain, typically in Ethereum. Recently, we have seen a growing interest in cross-chain technologies to create a more interconnected blockchain network. We present a framework to study cross-chain arbitrage in DEXs....

2023/1888 (PDF) Last updated: 2023-12-08
Reverie: an end-to-end accumulation scheme from Cyclefold
Lev Soukhanov
Foundations

Recent advances in SNARK recursion and incrementally-verifiable computation are vast, but most of the efforts seem to be focused on a particular design goal - proving the result of a large computation known completely in advance. There are other possible applications, requiring different design tradeoffs. Particularly interesting direction is a case with a swarm of collaborating provers, communicating over a peer-to-peer network - which requires to also optimize the amount of data...

2023/1842 (PDF) Last updated: 2024-05-23
Leverage Staking with Liquid Staking Derivatives (LSDs): Opportunities and Risks
Xihan Xiong, Zhipeng Wang, Xi Chen, William Knottenbelt, Michael Huth
Applications

In the Proof of Stake (PoS) Ethereum ecosystem, users can stake ETH on Lido to receive stETH, a Liquid Staking Derivative (LSD) that represents staked ETH and accrues staking rewards. LSDs improve the liquidity of staked assets by facilitating their use in secondary markets, such as for collateralized borrowing on Aave or asset exchanges on Curve. The composability of Lido, Aave, and Curve enables an emerging strategy known as leverage staking, where users supply stETH as collateral on Aave...

2023/1820 (PDF) Last updated: 2023-11-27
Chipmunk: Better Synchronized Multi-Signatures from Lattices
Nils Fleischhacker, Gottfried Herold, Mark Simkin, Zhenfei Zhang
Cryptographic protocols

Multi-signatures allow for compressing many signatures for the same message that were generated under independent keys into one small aggregated signature. This primitive is particularly useful for proof-of-stake blockchains, like Ethereum, where the same block is signed by many signers, who vouch for the block's validity. Being able to compress all signatures for the same block into a short string significantly reduces the on-chain storage costs, which is an important efficiency metric...

2023/1784 (PDF) Last updated: 2024-10-05
Succinct Arguments over Towers of Binary Fields
Benjamin E. Diamond, Jim Posen
Cryptographic protocols

We introduce an efficient SNARK for towers of binary fields. Adapting Brakedown (CRYPTO '23), we construct a multilinear polynomial commitment scheme suitable for polynomials over tiny fields, including that with just two elements. Our commitment scheme, unlike those of previous works, treats small-field polynomials with no embedding overhead. We further introduce binary-field adaptations of HyperPlonk (EUROCRYPT '23)'s product and permutation checks and of Lasso ('23)'s lookup. Our binary...

2023/1662 (PDF) Last updated: 2024-05-09
Families of prime-order endomorphism-equipped embedded curves on pairing-friendly curves
Antonio Sanso, Youssef El Housni
Public-key cryptography

This paper presents a procedure to construct parameterized families of prime-order endomorphism-equipped elliptic curves that are defined over the scalar field of pairing-friendly elliptic curve families such as Barreto–Lynn–Scott (BLS), Barreto–Naehrig (BN) and Kachisa–Schaefer–Scott (KSS), providing general formulas derived from the curves’ seeds. These so-called “embedded curves” are of major interest in SNARK applications that prove statements involving elliptic curve arithmetic...

2023/1648 (PDF) Last updated: 2023-10-24
On-Chain Timestamps Are Accurate
Apostolos Tzinas, Srivatsan Sridhar, Dionysis Zindros
Applications

When Satoshi Nakamoto introduced Bitcoin, a central tenet was that the blockchain functions as a timestamping server. In the Ethereum era, smart contracts widely assume on-chain timestamps are mostly accurate. In this paper, we prove this is indeed the case, namely that recorded timestamps do not wildly deviate from real-world time, a property we call timeliness. Assuming a global clock, we prove that all popular mechanisms for constructing blockchains (proof-of-work, longest chain...

2023/1622 (PDF) Last updated: 2024-04-08
Max Attestation Matters: Making Honest Parties Lose Their Incentives in Ethereum PoS
Mingfei Zhang, Rujia Li, Sisi Duan
Attacks and cryptanalysis

We present staircase attack, the first attack on the incentive mechanism of the Proof-of-Stake (PoS) protocol used in Ethereum 2.0 beacon chain. Our attack targets the penalty of the incentive mechanism that penalizes inactive participation. Our attack can make honest validators suffer from penalties, even if they strictly follow the specification of the protocol. We show both theoretically and experimentally that if the adversary controls 29.6% stake in a moderate-size system, the attack...

2023/1618 (PDF) Last updated: 2024-03-01
Improved algorithms for finding fixed-degree isogenies between supersingular elliptic curves
Benjamin Benčina, Péter Kutas, Simon-Philipp Merz, Christophe Petit, Miha Stopar, Charlotte Weitkämper
Public-key cryptography

Finding isogenies between supersingular elliptic curves is a natural algorithmic problem which is known to be equivalent to computing the curves' endomorphism rings. When the isogeny is additionally required to have a specific known degree $d$, the problem appears to be somewhat different in nature, yet its hardness is also required in isogeny-based cryptography. Let $E_1,E_2$ be supersingular elliptic curves over $\mathbb{F}_{p^2}$. We present improved classical and quantum...

2023/1612 (PDF) Last updated: 2023-10-17
Mitigating MEV via Multiparty Delay Encryption
Amirhossein Khajehpour, Hanzaleh Akbarinodehi, Mohammad Jahanara, Chen Feng
Cryptographic protocols

Ethereum is a decentralized and permissionless network offering several attractive features. However, block proposers in Ethereum can exploit the order of transactions to extract value. This phenomenon, known as maximal extractable value (MEV), not only disrupts the optimal functioning of different protocols but also undermines the stability of the underlying consensus mechanism. In this work, we present a new method to alleviate the MEV problem by separating transaction inclusion and...

2023/1611 (PDF) Last updated: 2023-10-17
Power circuits: a new arithmetization for GKR-styled sumcheck
Lev Soukhanov
Foundations

Goldwasser-Kalai-Rothblum protocol (GKR) for layered circuits is a sumcheck-based argument of knowledge for layered circuits, running in $\sim 2\mu \ell$ amount of rounds, where $\ell$ is the amount of layers and $\mu$ is the average layer logsize. For a layer $i$ of size $2^{\mu_i}$ the main work consists of running a sumcheck protocol of the form \[\underset{x,y}{\sum} \text{Add}_i(x,y,z)(f(x)+f(y)) + \text{Mul}_i(x,y,z)f(x)f(y)\] over a $2^{2\mu_i}$-dimensional cube, where...

2023/1585 (PDF) Last updated: 2023-10-13
How to Rationally Select Your Delegatee in PoS
Yuzhe Zhang, Qin Wang, Shiping Chen, Chen Wang
Applications

This paper centers around a simple yet crucial question for everyday users: How should one choose their delegated validators within proof-of-stake (PoS) protocols, particularly in the context of Ethereum 2.0? This has been a long-overlooked gap, as existing studies have primarily focused on inter-committee (validator set) behaviors and activities, while neglecting the dynamic formation of committees, especially for individual stakeholders seeking reliable validators. Our study bridges this...

2023/1570 (PDF) Last updated: 2024-08-30
Jackpot: Non-Interactive Aggregatable Lotteries
Nils Fleischhacker, Mathias Hall-Andersen, Mark Simkin, Benedikt Wagner
Public-key cryptography

In proof-of-stake blockchains, liveness is ensured by repeatedly selecting random groups of parties as leaders, who are then in charge of proposing new blocks and driving consensus forward. The lotteries that elect those leaders need to ensure that adversarial parties are not elected disproportionately often and that an adversary can not tell who was elected before those parties decide to speak, as this would potentially allow for denial-of-service attacks. Whenever an elected party...

2023/1503 (PDF) Last updated: 2023-10-02
zk-Bench: A Toolset for Comparative Evaluation and Performance Benchmarking of SNARKs
Jens Ernstberger, Stefanos Chaliasos, George Kadianakis, Sebastian Steinhorst, Philipp Jovanovic, Arthur Gervais, Benjamin Livshits, Michele Orrù
Implementation

Zero-Knowledge Proofs (ZKPs), especially Succinct Non-interactive ARguments of Knowledge (SNARKs), have garnered significant attention in modern cryptographic applications. Given the multitude of emerging tools and libraries, assessing their strengths and weaknesses is nuanced and time-consuming. Often, claimed results are generated in isolation, and omissions in details render them irreproducible. The lack of comprehensive benchmarks, guidelines, and support frameworks to navigate the ZKP...

2023/1493 (PDF) Last updated: 2023-10-03
Measuring the Concentration of Control in Contemporary Ethereum
Simon Brown
Foundations

Ethereum is undergoing significant changes to its architecture as it evolves. These changes include its switch to PoS consensus and the introduction of significant infrastructural changes that do not require a change to the core protocol, but that fundamentally affect the way users interact with the network. These changes represent an evolution toward a more modular architecture, in which there exists new exogenous vectors for centralization. This paper builds on previous studies of...

2023/1489 (PDF) Last updated: 2023-09-29
To Broadcast or Not to Broadcast: Decision-Making Strategies for Mining Empty Blocks
Chon Kit Lao, Rui Jiang, Luyao Zhang, Fan Zhang, Ye Wang
Applications

Resource efficiency in blockchain systems remains a pivotal concern in their design. While Ethereum often experiences network congestion, leading to rewarding opportunities for miners through transaction inclusions, a significant amount of block space remains underutilized. Remarkably, instances of entirely unutilized blocks contribute to resource wastage within the Ethereum ecosystem. This study delves into the incentives driving miners to produce empty blocks. We ascertain that the...

2023/1473 (PDF) Last updated: 2024-03-14
Cicada: A framework for private non-interactive on-chain auctions and voting
Noemi Glaeser, István András Seres, Michael Zhu, Joseph Bonneau
Cryptographic protocols

Auction and voting schemes play a crucial role in the Web3 ecosystem. Yet currently deployed implementations either lack privacy or require at least two rounds, hindering usability and security. We introduce Cicada, a general framework for using linearly homomorphic time-lock puzzles (HTLPs) to enable provably secure, non-interactive private auction and voting protocols. We instantiate our framework with an efficient new HTLP construction and novel packing techniques that enable succinct...

2023/1454 (PDF) Last updated: 2023-09-22
Scalable Off-Chain Auctions
Mohsen Minaei, Duc V. Le, Ranjit Kumaresan, Andrew Beams, Pedro Moreno-Sanchez, Yibin Yang, Srinivasan Raghuraman, Panagiotis Chatzigiannis, Mahdi Zamani
Applications

Blockchain auction plays an important role in the price discovery of digital assets (e.g. NFTs). However, despite their importance, implementing auctions directly on blockchains such as Ethereum incurs scalability issues. In particular, the on-chain transactions scale poorly with the number of bidders, leading to network congestion, increased transaction fees, and slower transaction confirmation time. This lack of scalability significantly hampers the ability of the system to handle...

2023/1406 (PDF) Last updated: 2023-10-19
Sigmabus: Binding Sigmas in Circuits for Fast Curve Operations
George Kadianakis, Mary Maller, Andrija Novakovic
Cryptographic protocols

This paper introduces Sigmabus, a technique designed to enhance the efficiency of zero-knowledge circuits by relocating computationally expensive operations outside the circuit. Specifically, Sigmabus focuses on moving elliptic curve group operations, typically proven with expensive non-native field arithmetic, to external computations. By leveraging Sigma protocols, elliptic curve group operations are proven outside the circuit, while additional constraints are applied to the circuit to...

2023/1336 (PDF) Last updated: 2023-09-07
Riggs: Decentralized Sealed-Bid Auctions
Nirvan Tyagi, Arasu Arun, Cody Freitag, Riad Wahby, Joseph Bonneau, David Mazières
Applications

We introduce the first practical protocols for fully decentralized sealed-bid auctions using timed commitments. Timed commitments ensure that the auction is finalized fairly even if all participants drop out after posting bids or if $n-1$ bidders collude to try to learn the $n^{th}$ bidder’s bid value. Our protocols rely on a novel non-malleable timed commitment scheme which efficiently supports range proofs to establish that bidders have sufficient funds to cover a hidden bid value....

2023/1315 (PDF) Last updated: 2023-09-08
LedgerLocks: A Security Framework for Blockchain Protocols Based on Adaptor Signatures
Erkan Tairi, Pedro Moreno-Sanchez, Clara Schneidewind
Cryptographic protocols

The scalability and interoperability challenges in current cryptocurrencies have motivated the design of cryptographic protocols that enable efficient applications on top and across widely used cryptocurrencies such as Bitcoin or Ethereum. Examples of such protocols include (virtual) payment channels, atomic swaps, oracle-based contracts, deterministic wallets, and coin mixing services. Many of these protocols are built upon minimal core functionalities supported by a wide range of...

2023/1301 (PDF) Last updated: 2023-12-28
Short Paper: Accountable Safety Implies Finality
Joachim Neu, Ertem Nusret Tas, David Tse
Cryptographic protocols

Motivated by proof-of-stake (PoS) blockchains such as Ethereum, two key desiderata have recently been studied for Byzantine-fault tolerant (BFT) state-machine replication (SMR) consensus protocols: Finality means that the protocol retains consistency, as long as less than a certain fraction of validators are malicious, even in partially-synchronous environments that allow for temporary violations of assumed network delay bounds. Accountable safety means that in any case of inconsistency, a...

2023/1281 (PDF) Last updated: 2023-08-25
Leveraging Machine Learning for Bidding Strategies in Miner Extractable Value (MEV) Auctions
Christoffer Raun, Benjamin Estermann, Liyi Zhou, Kaihua Qin, Roger Wattenhofer, Arthur Gervais, Ye Wang
Applications

The emergence of blockchain technologies as central components of financial frameworks has amplified the extraction of market inefficiencies, such as arbitrage, through Miner Extractable Value (MEV) from Decentralized Finance smart contracts. Exploiting these opportunities often requires fee payment to miners and validators, colloquially termed as bribes. The recent development of centralized MEV relayers has led to these payments shifting from the public transaction pool to private...

2023/1228 (PDF) Last updated: 2023-08-13
Snowblind: A Threshold Blind Signature in Pairing-Free Groups
Elizabeth Crites, Chelsea Komlo, Mary Maller, Stefano Tessaro, Chenzhi Zhu
Public-key cryptography

Both threshold and blind signatures have, individually, received a considerable amount of attention. However little is known about their combination, i.e., a threshold signature which is also blind, in that no coalition of signers learns anything about the message being signed or the signature being produced. Several applications of blind signatures (e.g., anonymous tokens) would benefit from distributed signing as a means to increase trust in the service and hence reduce the risks of key...

2023/1222 (PDF) Last updated: 2024-08-25
Pay Less for Your Privacy: Towards Cost-Effective On-Chain Mixers
Zhipeng Wang, Marko Cirkovic, Duc V. Le, William Knottenbelt, Christian Cachin
Applications

On-chain mixers, such as Tornado Cash (TC), have become a popular privacy solution for many non-privacy-preserving blockchain users. These mixers enable users to deposit a fixed amount of coins and withdraw them to another address, while effectively reducing the linkability between these addresses and securely obscuring their transaction history. However, the high cost of interacting with existing on-chain mixer smart contracts prohibits standard users from using the mixer, mainly due to the...

2023/1211 (PDF) Last updated: 2023-12-06
Optimal Flexible Consensus and its Application to Ethereum
Joachim Neu, Srivatsan Sridhar, Lei Yang, David Tse
Cryptographic protocols

Classic BFT consensus protocols guarantee safety and liveness for all clients if fewer than one-third of replicas are faulty. However, in applications such as high-value payments, some clients may want to prioritize safety over liveness. Flexible consensus allows each client to opt for a higher safety resilience, albeit at the expense of reduced liveness resilience. We present the first construction that allows optimal safety-liveness tradeoff for every client simultaneously. This...

2023/1197 (PDF) Last updated: 2023-08-07
Towards a Quantum-resistant Weak Verifiable Delay Function
Thomas Decru, Luciano Maino, Antonio Sanso
Cryptographic protocols

In this paper, we present a new quantum-resistant weak Verifiable Delay Function based on a purely algebraic construction. Its delay depends on computing a large-degree isogeny between elliptic curves, whereas its verification relies on the computation of isogenies between products of two elliptic curves. One of its major advantages is its expected fast verification time. However, it is important to note that the practical implementation of our theoretical framework poses significant...

2023/1152 (PDF) Last updated: 2024-09-10
Haze and Daze: Compliant Privacy Mixers
Stanislaw Baranski, Maya Dotan, Ayelet Lotem, Margarita Vald
Applications

Blockchains enable mutually distrustful parties to perform financial operations in a trustless, decentralized, publicly-verifiable environment. Blockchains typically offer little privacy, and thus motivated the construction of privacy mixers, a solution to make funds untraceable. Privacy mixers concern regulators due to their increasing use by bad actors to illegally conceal the origin of funds. Consequently, Tornado Cash, the largest privacy mixer to date, is sanctioned by large portions of...

2023/1112 (PDF) Last updated: 2023-07-19
Tornado Vote: Anonymous Blockchain-Based Voting
Robert Muth, Florian Tschorsch
Applications

Decentralized apps (DApps) often hold significant cryptocurrency assets. In order to manage these assets and coordinate joint investments, shareholders leverage the underlying smart contract functionality to realize a transparent, verifiable, and secure decision-making process. That is, DApps implement proposal-based voting. Permissionless blockchains, however, lead to a conflict between transparency and anonymity; potentially preventing free decision-making if individual votes and...

2023/1079 (PDF) Last updated: 2024-02-12
Foundations of Data Availability Sampling
Mathias Hall-Andersen, Mark Simkin, Benedikt Wagner
Foundations

Towards building more scalable blockchains, an approach known as data availability sampling (DAS) has emerged over the past few years. Even large blockchains like Ethereum are planning to eventually deploy DAS to improve their scalability. In a nutshell, DAS allows the participants of a network to ensure the full availability of some data without any one participant downloading it entirely. Despite the significant practical interest that DAS has received, there are currently no formal...

2023/1025 (PDF) Last updated: 2024-02-14
Monolith: Circuit-Friendly Hash Functions with New Nonlinear Layers for Fast and Constant-Time Implementations
Lorenzo Grassi, Dmitry Khovratovich, Reinhard Lüftenegger, Christian Rechberger, Markus Schofnegger, Roman Walch
Secret-key cryptography

Hash functions are a crucial component in incrementally verifiable computation (IVC) protocols and applications. Among those, recursive SNARKs and folding schemes require hash functions to be both fast in native CPU computations and compact in algebraic descriptions (constraints). However, neither SHA-2/3 nor newer algebraic constructions, such as Poseidon, achieve both requirements. In this work we overcome this problem in several steps. First, for certain prime field domains we propose a...

2023/1017 (PDF) Last updated: 2023-09-15
Stronger Lower Bounds for Leakage-Resilient Secret Sharing
Charlotte Hoffmann, Mark Simkin
Foundations

Threshold secret sharing allows a dealer to split a secret $s$ into $n$ shares, such that any $t$ shares allow for reconstructing $s$, but no $t-1$ shares reveal any information about $s$. Leakage-resilient secret sharing requires that the secret remains hidden, even when an adversary additionally obtains a limited amount of leakage from every share. Benhamouda et al. (CRYPTO'18) proved that Shamir's secret sharing scheme is one bit leakage-resilient for reconstruction threshold...

2023/977 (PDF) Last updated: 2023-06-22
Timed Commitments Revisited
Miguel Ambrona, Marc Beunardeau, Raphaël R. Toledo
Applications

Timed commitments (Boneh and Naor, CRYPTO 2000) are a variant of standard commitments which incorporates a forced opening mechanism that allows anyone to reveal the committed message, but not before a certain prescribed date. Timed commitments have a wide-range of applications such as contract signing, fair multi-party computation, sealed bid auctions or new blockchain applications such as preventing front-running or unbiased randomness generation. We revisit...

2023/973 (PDF) Last updated: 2023-08-30
Demystifying Just-in-Time (JIT) Liquidity Attacks on Uniswap V3
Xihan Xiong, Zhipeng Wang, William Knottenbelt, Michael Huth
Applications

Uniswap is currently the most liquid Decentralized Exchange (DEX) on Ethereum. In May 2021, it upgraded to the third protocol version named Uniswap V3. The key feature update is “concentrated liquidity”, which supports liquidity provision within custom price ranges. However, this design introduces a new type of Miner Extractable Value (MEV) source called Just-in-Time (JIT) liquidity attack, where the adversary mints and burns a liquidity position right before and after a sizable swap. We...

2023/956 (PDF) Last updated: 2024-02-17
Speculative Denial-of-Service Attacks in Ethereum
Aviv Yaish, Kaihua Qin, Liyi Zhou, Aviv Zohar, Arthur Gervais
Attacks and cryptanalysis

Transaction fees compensate actors for resources expended on transactions and can only be charged from transactions included in blocks. But, the expressiveness of Turing-complete contracts implies that verifying if transactions can be included requires executing them on the current blockchain state. In this work, we show that adversaries can craft malicious transactions that decouple the work imposed on blockchain actors from the compensation offered in return. We introduce three attacks:...

2023/951 (PDF) Last updated: 2023-06-17
Latency-First Smart Contract: Overclock the Blockchain for a while
Huayi Qi, Minghui Xu, Xiuzhen Cheng, Weifeng Lyu
Applications

Blockchain systems can become overwhelmed by a large number of transactions, leading to increased latency. As a consequence, latency-sensitive users must bid against each other and pay higher fees to ensure that their transactions are processed in priority. However, most of the time of a blockchain system (78% in Ethereum), there is still a lot of unused computational power, with few users sending transactions. To address this issue and reduce latency for users, we propose the latency-first...

2023/946 (PDF) Last updated: 2023-06-16
Compressing Encrypted Data Over Small Fields
Nils Fleischhacker, Kasper Green Larsen, Mark Simkin
Foundations

$\newcommand{\gen}{\mathsf{Gen}}\newcommand{\enc}{\mathsf{Enc}}\newcommand{\dec}{\mathsf{Dec}}$ A recent work of Fleischhacker, Larsen, and Simkin (Eurocrypt 2023) shows how to efficiently compress encrypted sparse vectors. Subsequently, Fleischhacker, Larsen, Obremski, and Simkin (Eprint 2023) improve upon their work and provide more efficient constructions solving the same problem. Being able to efficiently compress such vectors is very useful in a variety of applications, such as...

2023/939 (PDF) Last updated: 2023-08-23
Speeding up elliptic computations for Ethereum Account Abstraction
Renaud Dubois
Implementation

Account Abstraction is a powerful feature that will transform today Web3 onboarding UX. This notes describes an EVM (Ethereum Virtual Machine) implementation of the well known secp256r1 and ed25519 curves optimized for the specificities of the EVM environment. Our optimizations rely on EVM dedicated XYZZ elliptic coordinates system, hacked precomputations, and assembly tricks to cut from more than 1M to 200K/62K (with or withoutprecomputations)

2023/919 (PDF) Last updated: 2023-06-12
Threshold Private Set Intersection with Better Communication Complexity
Satrajit Ghosh, Mark Simkin
Cryptographic protocols

Given $\ell$ parties with sets $X_1, \dots, X_\ell$ of size $n$, we would like to securely compute the intersection $\cap_{i=1}^\ell X_i$, if it is larger than $n-t$ for some threshold $t$, without revealing any other additional information. It has previously been shown (Ghosh and Simkin, Crypto 2019) that this function can be securely computed with a communication complexity that only depends on $t$ and in particular does not depend on $n$. For small values of $t$, this results in protocols...

2023/918 (PDF) Last updated: 2023-06-12
Invertible Bloom Lookup Tables with Less Memory and Randomness
Nils Fleischhacker, Kasper Green Larsen, Maciej Obremski, Mark Simkin
Foundations

In this work we study Invertible Bloom Lookup Tables (IBLTs) with small failure probabilities. IBLTs are highly versatile data structures that have found applications in set reconciliation protocols, error-correcting codes, and even the design of advanced cryptographic primitives. For storing $n$ elements and ensuring correctness with probability at least $1 - \delta$, existing IBLT constructions require $\Omega(n(\frac{\log(1/\delta)}{\log(n)}+1))$ space and they crucially rely on fully...

2023/916 (PDF) Last updated: 2023-06-12
Unlinkability and Interoperability in Account-Based Universal Payment Channels
Mohsen Minaei, Panagiotis Chatzigiannis, Shan Jin, Srinivasan Raghuraman, Ranjit Kumaresan, Mahdi Zamani, Pedro Moreno-Sanchez
Applications

Payment channels allow a sender to do multiple transactions with a receiver without recording each single transaction on-chain. While most of the current constructions for payment channels focus on UTXO-based cryptocurrencies with reduced scripting capabilities (e.g., Bitcoin or Monero), little attention has been given to the possible benefits of adapting such constructions to cryptocurrencies based on the account model and offering a Turing complete language (e.g., Ethereum). The focus...

2023/902 (PDF) Last updated: 2023-08-11
SublonK: Sublinear Prover PlonK
Arka Rai Choudhuri, Sanjam Garg, Aarushi Goel, Sruthi Sekar, Rohit Sinha
Cryptographic protocols

We propose SublonK - a new zero-knowledge succinct non-interactive argument of knowledge (zkSNARK). SublonK builds on PlonK [EPRINT'19], a popular state-of-the-art practical zkSNARK. Our new construction preserves all the great features of PlonK, i.e., it supports constant size proofs, constant time proof verification, a circuit-independent universal setup, as well as support for custom gates and lookup gates. Moreover, SublonK achieves improved prover running time over PlonK. In PlonK, the...

2023/892 (PDF) Last updated: 2024-05-22
Suboptimality in DeFi
Aviv Yaish, Maya Dotan, Kaihua Qin, Aviv Zohar, Arthur Gervais
Applications

The decentralized finance (DeFi) ecosystem has proven to be popular in facilitating financial operations, such as token exchange and lending. The public availability of DeFi platforms’ code, together with real-time data on all user interactions with them, has given rise to complex tools that find and seize profit opportunities on behalf of users. In this work, we show that both users and the aforementioned tools sometimes act suboptimally: their profits can be increased by more than 100%,...

2023/868 (PDF) Last updated: 2024-06-06
Data Independent Order Policy Enforcement: Limitations and Solutions
Sarisht Wadhwa, Luca Zanolini, Francesco D'Amato, Aditya Asgaonkar, Chengrui Fang, Fan Zhang, Kartik Nayak
Cryptographic protocols

Order manipulation attacks such as frontrunning and sandwiching have become an increasing concern in blockchain applications such as DeFi. To protect from such attacks, several recent works have designed order policy enforcement (OPE) protocols to order transactions fairly in a data-independent fashion. However, while the manipulation attacks are motivated by monetary profits, the defenses assume honesty among a significantly large set of participants. In existing protocols, if all...

2023/787 (PDF) Last updated: 2023-05-30
Private Proof-of-Stake Blockchains using Differentially-private Stake Distortion
Chenghong Wang, David Pujo, Kartik Nayak, Ashwin Machanavajjhala
Cryptographic protocols

Safety, liveness, and privacy are three critical properties for any private proof-of-stake (PoS) blockchain. However, prior work (SP'21) has shown that to obtain safety and liveness, a PoS blockchain must in theory forgo privacy. Specifically, to ensure safety and liveness, PoS blockchains elect parties based on stake proportion, potentially exposing a party's stake even with private transaction processing. In this work, we make two key contributions. First, we present the first stake...

2023/760 (PDF) Last updated: 2023-05-25
Time to Bribe: Measuring Block Construction Market
Anton Wahrstätter, Liyi Zhou, Kaihua Qin, Davor Svetinovic, Arthur Gervais
Applications

With the emergence of Miner Extractable Value (MEV), block construction markets on blockchains have evolved into a competitive arena. Following Ethereum's transition from Proof of Work (PoW) to Proof of Stake (PoS), the Proposer Builder Separation (PBS) mechanism has emerged as the dominant force in the Ethereum block construction market. This paper presents an in-depth longitudinal study of the Ethereum block construction market, spanning from the introduction of PoS and PBS in September...

2023/741 (PDF) Last updated: 2023-05-25
The Referendum Problem in Anonymous Voting for Decentralized Autonomous Organizations
Artem Grigor, Vincenzo Iovino, Giuseppe Visconti
Applications

A natural approach to anonymous voting over Ethereum assumes that there is an off-chain aggregator that performs the following task. The aggregator receives valid signatures of YES/NO preferences from eligible voters and uses them to compute a zk-SNARK proof of the fact that the majority of voters have cast a preference for YES or NO. Then, the aggregator sends to the smart contract the zk-SNARK proof, the smart contract verifies the proof and can trigger an action (e.g., a transfer of...

2023/710 (PDF) Last updated: 2024-05-20
PriFHEte: Achieving Full-Privacy in Account-based Cryptocurrencies is Possible
Varun Madathil, Alessandra Scafuro
Applications

In cryptocurrencies, all transactions are public. For their adoption, it is important that these transactions, while publicly verifiable, do not leak information about the identity and the balances of the transactors. For UTXO-based cryptocurrencies, there are well-established approaches (e.g., ZCash) that guarantee full privacy to the transactors. Full privacy in UTXO means that each transaction is anonymous within the set of all private transactions ever posted on the...

2023/672 (PDF) Last updated: 2023-05-11
SigRec: Automatic Recovery of Function Signatures in Smart Contracts
Ting Chen, Zihao Li, Xiapu Luo, Xiaofeng Wang, Ting Wang, Zheyuan He, Kezhao Fang, Yufei Zhang, Hang Zhu, Hongwei Li, Yan Cheng, Xiaosong Zhang
Applications

Millions of smart contracts have been deployed onto Ethereum for providing various services, whose functions can be invoked. For this purpose, the caller needs to know the function signature of a callee, which includes its function id and parameter types. Such signatures are critical to many applications focusing on smart contracts, e.g., reverse engineering, fuzzing, attack detection, and profiling. Unfortunately, it is challenging to recover the function signatures from contract bytecode,...

2023/592 (PDF) Last updated: 2023-04-29
Blockchain Large Language Models
Yu Gai, Liyi Zhou, Kaihua Qin, Dawn Song, Arthur Gervais
Applications

This paper presents a dynamic, real-time approach to detecting anomalous blockchain transactions. The proposed tool, BlockGPT, generates tracing representations of blockchain activity and trains from scratch a large language model to act as a real-time Intrusion Detection System. Unlike traditional methods, BlockGPT is designed to offer an unrestricted search space and does not rely on predefined rules or patterns, enabling it to detect a broader range of anomalies. We demonstrate the...

2023/522 (PDF) Last updated: 2023-04-11
SAFE: Sponge API for Field Elements
JP Aumasson, Dmitry Khovratovich, Bart Mennink, Porçu Quine
Implementation

From hashing and commitment schemes to Fiat-Shamir and encryption, hash functions are everywhere in zero-knowledge proofsystems (ZKPs), and minor performance changes in ``vanilla'' implementations can translate in major discrepancies when the hash is processed as a circuit within the proofsystem. Protocol designers have resorted to a number of techniques and custom modes to optimize hash functions for ZKPs settings, but so far without a single established, well-studied construction. To...

2023/520 (PDF) Last updated: 2023-09-14
Generic Security of the SAFE API and Its Applications
Dmitry Khovratovich, Mario Marhuenda Beltrán, Bart Mennink
Secret-key cryptography

We provide security foundations for SAFE, a recently introduced API framework for sponge-based hash functions tailored to prime-field-based protocols. SAFE aims to provide a robust and foolproof interface, has been implemented in the Neptune hash framework and some zero-knowledge proof projects, but currently lacks any security proof. In this work we identify the SAFECore as versatile variant sponge construction underlying SAFE, we prove indifferentiability of SAFECore for all (binary and...

2023/445 (PDF) Last updated: 2024-05-27
Fully Adaptive Schnorr Threshold Signatures
Elizabeth Crites, Chelsea Komlo, Mary Maller
Public-key cryptography

We prove adaptive security of a simple three-round threshold Schnorr signature scheme, which we call Sparkle+. The standard notion of security for threshold signatures considers a static adversary – one who must declare which parties are corrupt at the beginning of the protocol. The stronger adaptive adversary can at any time corrupt parties and learn their state. This notion is natural and practical, yet not proven to be met by most schemes in the literature. In this paper, we...

2023/384 Last updated: 2023-09-21
Origami: Fold a Plonk for Ethereum’s VDF
zhenfei zhang
Cryptographic protocols

We present Origami verifiable delay function, build from the MinRoot hash and our dedicated plonk proof system that utilizes a tai- lored custom gate and a folding scheme. MinRoot VDF is the leading candidate for Ethereum adoption. For N iterations of MinRoot hash func- tion, the overall cost of Origami is N +o(N ) group operations; improving the previous best known result of 6N from a Nova based solution. The proof size is 128k + 224 bytes if we fold the proofs for k times; and...

2023/364 (PDF) Last updated: 2023-08-30
Zero-Knowledge Arguments for Subverted RSA Groups
Dimitris Kolonelos, Mary Maller, Mikhail Volkhov
Cryptographic protocols

This work investigates zero-knowledge protocols in subverted RSA groups where the prover can choose the modulus and where the verifier does not know the group order. We introduce a novel technique for extracting the witness from a general homomorphism over a group of unknown order that does not require parallel repetitions. We present a NIZK range proof for general homomorphisms such as Paillier encryptions in the designated verifier model that works under a subverted setup. The key...

2023/347 (PDF) Last updated: 2024-02-12
Programmable Payment Channels
Yibin Yang, Mohsen Minaei, Srinivasan Raghuraman, Ranjit Kumaresan, Duc V. Le, Mahdi Zamani
Applications

One approach for scaling blockchains is to create bilateral, offchain channels, known as payment/state channels, that can protect parties against cheating via onchain collateralization. While such channels have been studied extensively, not much attention has been given to programmability, where the parties can agree to dynamically enforce arbitrary conditions over their payments without going onchain. We introduce the notion of a programmable payment channel ($\mathsf{PPC}$) that allows...

2023/341 (PDF) Last updated: 2023-03-08
On How Zero-Knowledge Proof Blockchain Mixers Improve, and Worsen User Privacy
Zhipeng Wang, Stefanos Chaliasos, Kaihua Qin, Liyi Zhou, Lifeng Gao, Pascal Berrang, Benjamin Livshits, Arthur Gervais
Applications

Zero-knowledge proof (ZKP) mixers are one of the most widely used blockchain privacy solutions, operating on top of smart contract-enabled blockchains. We find that ZKP mixers are tightly intertwined with the growing number of Decentralized Finance (DeFi) attacks and Blockchain Extractable Value (BEV) extractions. Through coin flow tracing, we discover that 205 blockchain attackers and 2,595 BEV extractors leverage mixers as their source of funds, while depositing a total attack revenue of...

Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.