No Arabic abstract
Several emerging PoW blockchain protocols rely on a parallel-chain architecture for scaling, where instead of a single chain, multiple chains are run in parallel and aggregated. A key requirement of practical PoW blockchains is to adapt to mining power variations over time. In this paper, we consider the design of provably secure parallel-chain protocols which can adapt to such mining power variations. The Bitcoin difficulty adjustment rule adjusts the difficulty target of block mining periodically to get a constant mean inter-block time. While superficially simple, the rule has proved itself to be sophisticated and successfully secure, both in practice and in theory. We show that natural adaptations of the Bitcoin adjustment rule to the parallel-chain case open the door to subtle, but catastrophic safety and liveness breaches. We uncover a meta-design principle that allow us to design variable mining difficulty protocols for three popular PoW blockchain proposals (Prism, OHIE, and Fruitchains) inside a common rubric. The principle has three components:(M1) a pivot chain, based on which blocks in all chains choose difficulty, (M2) a monotonicity condition for referencing pivot chain blocks and (M3) translating additional protocol aspects from using levels (depth) to using difficulty levels. We show that protocols employing a subset of these principles may have catastrophic failures. The security of the designs is also proved using a common rubric - the key technical challenge involves analyzing the interaction between the pivot chain and the other chains, as well as bounding the sudden changes in difficulty target experienced in non-pivot chains. We empirically investigate the responsivity of the new mining difficulty rule via simulations based on historical Bitcoin data, and find that the protocol very effectively controls the forking rate across all the chains.
The Nakamoto longest chain protocol is remarkably simple and has been proven to provide security against any adversary with less than 50% of the total hashing power. Proof-of-stake (PoS) protocols are an energy efficient alternative; however existing protocols adopting Nakamotos longest chain design achieve provable security only by allowing long-term predictability (which have serious security implications). In this paper, we prove that a natural longest chain PoS protocol with similar predictability as Nakamotos PoW protocol can achieve security against any adversary with less than 1/(1+e) fraction of the total stake. Moreover we propose a new family of longest chain PoS protocols that achieve security against a 50% adversary, while only requiring short-term predictability. Our proofs present a new approach to analyzing the formal security of blockchains, based on a notion of adversary-proof convergence.
Off-chain protocols constitute one of the most promising approaches to solve the inherent scalability issue of blockchain technologies. The core idea is to let parties transact on-chain only once to establish a channel between them, leveraging later on the resulting channel paths to perform arbitrarily many peer-to-peer transactions off-chain. While significant progress has been made in terms of proof techniques for off-chain protocols, existing approaches do not capture the game-theoretic incentives at the core of their design, which led to overlooking significant attack vectors like the Wormhole attack in the past. This work introduces the first game-theoretic model that is expressive enough to reason about the security of off-chain protocols. We advocate the use of Extensive Form Games - EFGs and introduce two instances of EFGs to capture security properties of the closing and the routing of the Lightning Network. Specifically, we model the closing protocol, which relies on punishment mechanisms to disincentivize the uploading on-chain of old channel states, as well as the routing protocol, thereby formally characterizing the Wormhole attack, a vulnerability that undermines the fee-based incentive mechanism underlying the Lightning Network.
In the field of distributed consensus and blockchains, the synchronous communication model assumes that all messages between honest parties are delayed at most by a known constant $Delta$. Recent literature establishes that the longest-chain blockchain protocol is secure under the synchronous model. However, for a fixed mining rate, the security guarantees degrade with $Delta$. We analyze the performance of the longest-chain protocol under the assumption that the communication delays are random, independent, and identically distributed. This communication model allows for distributions with unbounded support and is a strict generalization of the synchronous model. We provide safety and liveness guarantees with simple, explicit bounds on the failure probabilities. These bounds hold for infinite-horizon executions and decay exponentially with the security parameter. In particular, we show that the longest-chain protocol has good security guarantees when delays are sporadically large and possibly unbounded, which is reflective of real-world network conditions.
Due to the rise of Industrial Control Systems (ICSs) cyber-attacks in the recent decade, various security frameworks have been designed for anomaly detection. While advanced ICS attacks use sequential phases to launch their final attacks, existing anomaly detection methods can only monitor a single source of data. Therefore, analysis of multiple security data can provide comprehensive and system-wide anomaly detection in industrial networks. In this paper, we propose an anomaly detection framework for ICSs that consists of two stages: i) blockchain-based log management where the logs of ICS devices are collected in a secure and distributed manner, and ii) multi-source anomaly detection where the blockchain logs are analysed using multi-source deep learning which in turn provides a system wide anomaly detection method. We validated our framework using two ICS datasets: a factory automation dataset and a Secure Water Treatment (SWAT) dataset. These datasets contain physical and network level normal and abnormal traffic. The performance of our new framework is compared with single-source machine learning methods. The precision of our framework is 95% which is comparable with single-source anomaly detectors.
A variety of innovative software solutions, addressing product anti-counterfeiting and record provenance of the wider supply chain industry, have been implemented. However, these solutions have been developed with centralized system architecture which could be susceptible to malicious modifications on states of product records and various potential security attacks leading to system failure and downtime. Blockchain technology has been enabling decentralized trust with a network of distributed peer nodes to maintain consistent shared states via a decentralized consensus reached, with which an idea of developing decentralized and reliable solutions has been basing on. A Decentralized NFC-Enabled Anti-Counterfeiting System (dNAS) was therefore proposed and developed, decentralizing a legacy anti-counterfeiting system of supply chain industry utilizing enterprise blockchain protocols and enterprise consortium, to facilitate trustworthy data provenance retrieval, verification and management, as well as strengthening capability of product anti-counterfeiting and traceability in supply chain industry. The adoption of enterprise blockchain protocols and implementations has been surging in supply chain industry given its advantages in scalability, governance and compatibility with existing supply chain systems and networks, but development and adoption of decentralized solutions could also impose additional implications to supply chain integrity, in terms of security, privacy and confidentiality. In this research, an empirical analysis performed against decentralized solutions, including dNAS, summarizes the effectiveness, limitations and future opportunities of developing decentralized solutions built around existing enterprise blockchain protocols and implementations for supply chain anti-counterfeiting and traceability.