Proving The Security Of Blockchain Protocols
Download ===== https://tinurll.com/2tlNwJ
Ouroboros is the first provably secure proof-of-stake protocol, and the first blockchain protocol to be based on peer-reviewed research. Ouroboros combines unique technology and mathematically-verified mechanisms - which, in turn, combine behavioral psychology and economic philosophy - to ensure the security and sustainability of the blockchains that depend upon it. The result is a protocol with proven security guarantees able to facilitate the propagation of global, permissionless networks with minimal energy requirements - of which Cardano is the first.
Ouroboros solves the greatest challenge faced by existing blockchains: the need for more and more energy to achieve consensus. Using Ouroboros, Cardano is able to securely, sustainably, and ethically scale, with up to four million times the energy efficiency of bitcoin.
Proof-of-work is the blockchain protocol used by bitcoin. Proof-of-work began a revolution: it enabled the creation of secure, permissionless, distributed networks. But to achieve consensus for each new block, proof-of-work requires an enormous amount of energy: an amount so large that the supported blockchains struggle to sustain and scale to the performance requirements of global networks.
If proving a statement requires that the prover possess some secret information, then the verifier will not be able to prove the statement to anyone else without possessing the secret information. The statement being proved must include the assertion that the prover has such knowledge, but without including or transmitting the knowledge itself in the assertion. Otherwise, the statement would not be proved in zero-knowledge because it provides the verifier with additional information about the statement by the end of the protocol. A zero-knowledge proof of knowledge is a special case when the statement consists only of the fact that the prover possesses the secret information.
Interactive zero-knowledge proofs require interaction between the individual (or computer system) proving their knowledge and the individual validating the proof.[1] Non-interactive zero-knowledge proofs can be constructed from any interactive scheme by relying on the Fiat-Shamir heuristic, which is the most common instantiation of such proofs today.[2] However, the validity of the proof relies on computational assumptions (typically the assumptions of an ideal cryptographic hash function).[3][4]
In this scenario, Peggy knows a Hamiltonian cycle for a large graph G. Victor knows G but not the cycle (e.g., Peggy has generated G and revealed it to him.) Finding a Hamiltonian cycle given a large graph is believed to be computationally infeasible, since its corresponding decision version is known to be NP-complete. Peggy will prove that she knows the cycle without simply revealing it (perhaps Victor is interested in buying it but wants verification first, or maybe Peggy is the only one who knows this information and is proving her identity to Victor).
One of the uses of zero-knowledge proofs within cryptographic protocols is to enforce honest behavior while maintaining privacy. Roughly, the idea is to force a user to prove, using a zero-knowledge proof, that its behavior is correct according to the protocol.[13][14] Because of soundness, we know that the user must really act honestly in order to be able to provide a valid proof. Because of zero knowledge, we know that the user does not compromise the privacy of its secrets in the process of providing the proof.[citation needed]
Zero-knowledge proofs were applied in the Zerocoin and Zerocash protocols, which culminated in the birth of Zcoin[16] (later rebranded as Firo in 2020)[17] and Zcash cryptocurrencies in 2016. Zerocoin has a built-in mixing model that does not trust any peers or centralised mixing providers to ensure anonymity.[16] Users can transact in a base currency and can cycle the currency into and out of Zerocoins.[18] The Zerocash protocol uses a similar model (a variant known as a non-interactive zero-knowledge proof)[19] except that it can obscure the transaction amount, while Zerocoin cannot. Given significant restrictions of transaction data on the Zerocash network, Zerocash is less prone to privacy timing attacks when compared to Zerocoin. However, this additional layer of privacy can cause potentially undetected hyperinflation of Zerocash supply because fraudulent coins cannot be tracked.[16][20]
Oded Goldreich, Silvio Micali, and Avi Wigderson took this one step further, showing that, assuming the existence of unbreakable encryption, one can create a zero-knowledge proof system for the NP-complete graph coloring problem with three colors. Since every problem in NP can be efficiently reduced to this problem, this means that, under this assumption, all problems in NP have zero-knowledge proofs.[26] The reason for the assumption is that, as in the above example, their protocols require encryption. A commonly cited sufficient condition for the existence of unbreakable encryption is the existence of one-way functions, but it is conceivable that some physical means might also achieve it.
It turns out that in an Internet-like setting, where multiple protocols may be executed concurrently, building zero-knowledge proofs is more challenging. The line of research investigating concurrent zero-knowledge proofs was initiated by the work of Dwork, Naor, and Sahai.[30] One particular development along these lines has been the development of witness-indistinguishable proof protocols. The property of witness-indistinguishability is related to that of zero-knowledge, yet witness-indistinguishable protocols do not suffer from the same problems of concurrent execution.[31]
The most popular interactive or non-interactive zero-knowledge proof (e.g., zk-SNARK) protocols can be broadly categorized in the following four categories: Succinct Non-Interactive ARguments of Knowledge (SNARK), Scalable Transparent ARgument of Knowledge (STARK), Verifiable Polynomial Delegation (VPD), and Succinct Non-interactive ARGuments (SNARG). A list of zero-knowledge proof protocols and libraries is provided below along with comparisons based on transparency, universality, plausible post-quantum security, and programming paradigm.[32] A transparent protocol is one that does not require any trusted setup and uses public randomness. A universal protocol is one that does not require a separate trusted setup for each circuit. Finally, a plausibly post-quantum protocol is one that is not susceptible to known attacks involving quantum algorithms.
The advent of blockchains has ignited much excitement, not only for their realization of novel financial instruments, but also for offering alternative solutions to classical problems in fault-tolerant distributed computing and cryptographic protocols. Blockchains are managed and built by miners and are used in various settings, the best known being a distributed ledger that keeps a record of all transactions between users in cryptocurrency systems such as bitcoin.
However, despite the evolution of our understanding of the PoW primitive, pinning down the exact properties sufficient to prove the security of bitcoin and related protocols has been elusive. In fact, all existing instances of the primitive have relied on idealized assumptions.
This paper proposes a model-driven approach for the security modelling and analysis of blockchain based protocols. The modelling is built upon the definition of a UML profile, which is able to capture transaction-oriented information. The analysis is based on existing formal analysis tools. In particular, the paper considers the Tweetchain protocol, a recent proposal that leverages online social networks, i.e., Twitter, for extending blockchain to domains with small-value transactions, such as IoT. A specialized textual notation is added to the UML profile to capture features of this protocol. Furthermore, a model transformation is defined to generate a Tamarin model, from the UML models, via an intermediate well-known notation, i.e., the Alice &Bob notation. Finally, Tamarin Prover is used to verify the model of the protocol against some security properties. This work extends a previous one, where the Tamarin formal models were generated by hand. A comparison on the analysis results, both under the functional and non-functional aspects, is reported here too.
Blockchain is a software layer that provides the basis for verification, validation, recording, and integrity of digital assets transfers, e.g., digital currencies [1]. Blockchain security is therefore a must, which is why it has attracted researchers since its inception. In fact, blockchain technologies are touted as being extremely secure due to the tamper resistant design [2]. However, as also explained in [2], blockchain applications are not immune to malicious actors, who can exploit vulnerabilities and attack them just like websites or applications are attacked today.
Our interest is on the verification of blockchain security properties using a mathematical standpoint. This topic has been successfully addressed in the literature. In particular, model checking, theorem proving or simulation are techniques that have offered good results, as we explore in Sect. 2. Among them, the Tamarin Prover [3] has been used in different works [4, 5] to successfully model and analyze security protocols. However, we are concerned with the development of blockchain applications, and there is still a huge gap between the software development process and the formal verification of the blockchain security properties. This work aims to bridge this gap by offering an approach to reconcile both fields: software design and formal verification of blockchain security properties, i.e., to integrate the latter in the development field. Consider that the development of blockchain applications is a growing huge market that, among many others, includes wallets, smart contracts and decentralized applications. Moreover, it may affect almost any industrial sector, among them financial or logistics. 59ce067264