-
Zero-Knowledge Location Privacy via Accurate Floating Point SNARKs
Authors:
Jens Ernstberger,
Chengru Zhang,
Luca Ciprian,
Philipp Jovanovic,
Sebastian Steinhorst
Abstract:
This paper introduces Zero-Knowledge Location Privacy (ZKLP), enabling users to prove to third parties that they are within a specified geographical region while not disclosing their exact location. ZKLP supports varying levels of granularity, allowing for customization depending on the use case. To realize ZKLP, we introduce the first set of Zero-Knowledge Proof (ZKP) circuits that are fully comp…
▽ More
This paper introduces Zero-Knowledge Location Privacy (ZKLP), enabling users to prove to third parties that they are within a specified geographical region while not disclosing their exact location. ZKLP supports varying levels of granularity, allowing for customization depending on the use case. To realize ZKLP, we introduce the first set of Zero-Knowledge Proof (ZKP) circuits that are fully compliant to the IEEE 754 standard for floating-point arithmetic.
Our results demonstrate that our floating point implementation scales efficiently, requiring only $69$ constraints per multiplication for $2^{15}$ single-precision floating-point multiplications. We utilize our floating point implementation to realize the ZKLP paradigm. In comparison to the state-of-the-art, we find that our optimized implementation has $14.1 \times$ less constraints utilizing single precision floating-point values, and $11.2 \times$ less constraints when utilizing double precision floating-point values. We demonstrate the practicability of ZKLP by building a protocol for privacy preserving peer-to-peer proximity testing - Alice can test if she is close to Bob by receiving a single message, without either party revealing any other information about their location. In such a configuration, Bob can create a proof of (non-)proximity in $0.27 s$, whereas Alice can verify her distance to about $250$ peers per second
△ Less
Submitted 23 April, 2024;
originally announced April 2024.
-
SoK: What don't we know? Understanding Security Vulnerabilities in SNARKs
Authors:
Stefanos Chaliasos,
Jens Ernstberger,
David Theodore,
David Wong,
Mohammad Jahanara,
Benjamin Livshits
Abstract:
Zero-knowledge proofs (ZKPs) have evolved from being a theoretical concept providing privacy and verifiability to having practical, real-world implementations, with SNARKs (Succinct Non-Interactive Argument of Knowledge) emerging as one of the most significant innovations. Prior work has mainly focused on designing more efficient SNARK systems and providing security proofs for them. Many think of…
▽ More
Zero-knowledge proofs (ZKPs) have evolved from being a theoretical concept providing privacy and verifiability to having practical, real-world implementations, with SNARKs (Succinct Non-Interactive Argument of Knowledge) emerging as one of the most significant innovations. Prior work has mainly focused on designing more efficient SNARK systems and providing security proofs for them. Many think of SNARKs as "just math," implying that what is proven to be correct and secure is correct in practice. In contrast, this paper focuses on assessing end-to-end security properties of real-life SNARK implementations. We start by building foundations with a system model and by establishing threat models and defining adversarial roles for systems that use SNARKs. Our study encompasses an extensive analysis of 141 actual vulnerabilities in SNARK implementations, providing a detailed taxonomy to aid developers and security researchers in understanding the security threats in systems employing SNARKs. Finally, we evaluate existing defense mechanisms and offer recommendations for enhancing the security of SNARK-based systems, paving the way for more robust and reliable implementations in the future.
△ Less
Submitted 6 March, 2024; v1 submitted 23 February, 2024;
originally announced February 2024.
-
Blockchain Censorship
Authors:
Anton Wahrstätter,
Jens Ernstberger,
Aviv Yaish,
Liyi Zhou,
Kaihua Qin,
Taro Tsuchiya,
Sebastian Steinhorst,
Davor Svetinovic,
Nicolas Christin,
Mikolaj Barczentewicz,
Arthur Gervais
Abstract:
Permissionless blockchains promise to be resilient against censorship by a single entity. This suggests that deterministic rules, and not third-party actors, are responsible for deciding if a transaction is appended to the blockchain or not. In 2022, the U.S. Office of Foreign Assets Control (OFAC) sanctioned a Bitcoin mixer and an Ethereum application, putting the neutrality of permissionless blo…
▽ More
Permissionless blockchains promise to be resilient against censorship by a single entity. This suggests that deterministic rules, and not third-party actors, are responsible for deciding if a transaction is appended to the blockchain or not. In 2022, the U.S. Office of Foreign Assets Control (OFAC) sanctioned a Bitcoin mixer and an Ethereum application, putting the neutrality of permissionless blockchains to the test.
In this paper, we formalize quantify and analyze the security impact of blockchain censorship. We start by defining censorship, followed by a quantitative assessment of current censorship practices. We find that 46% of Ethereum blocks were made by censoring actors that intend to comply with OFAC sanctions, indicating the significant impact of OFAC sanctions on the neutrality of public blockchains.
We further uncover that censorship not only impacts neutrality, but also security. We show how after Ethereum's move to Proof-of-Stake (PoS) and adoption of Proposer-Builder Separation (PBS) the inclusion of censored transactions was delayed by an average of 85%. Inclusion delays compromise a transaction's security by, e.g., strengthening a sandwich adversary. Finally we prove a fundamental limitation of PoS and Proof-of-Work (PoW) protocols against censorship resilience.
△ Less
Submitted 2 June, 2023; v1 submitted 29 May, 2023;
originally announced May 2023.
-
Mitigating Decentralized Finance Liquidations with Reversible Call Options
Authors:
Kaihua Qin,
Jens Ernstberger,
Liyi Zhou,
Philipp Jovanovic,
Arthur Gervais
Abstract:
Liquidations in Decentralized Finance (DeFi) are both a blessing and a curse -- whereas liquidations prevent lenders from capital loss, they simultaneously lead to liquidation spirals and system-wide failures. Since most lending and borrowing protocols assume liquidations are indispensable, there is an increased interest in alternative constructions that prevent immediate systemic-failure under un…
▽ More
Liquidations in Decentralized Finance (DeFi) are both a blessing and a curse -- whereas liquidations prevent lenders from capital loss, they simultaneously lead to liquidation spirals and system-wide failures. Since most lending and borrowing protocols assume liquidations are indispensable, there is an increased interest in alternative constructions that prevent immediate systemic-failure under uncertain circumstances.
In this work, we introduce reversible call options, a novel financial primitive that enables the seller of a call option to terminate it before maturity. We apply reversible call options to lending in DeFi and devise Miqado, a protocol for lending platforms to replace the liquidation mechanisms. To the best of our knowledge, Miqado is the first protocol that actively mitigates liquidations to reduce the risk of liquidation spirals. Instead of selling collateral, Miqado incentivizes external entities, so-called supporters, to top-up a borrowing position and grant the borrower additional time to rescue the debt. Our simulation shows that Miqado reduces the amount of liquidated collateral by 89.82% in a worst-case scenario.
△ Less
Submitted 27 March, 2023; v1 submitted 10 February, 2023;
originally announced March 2023.
-
SoK: Decentralized Finance (DeFi) Attacks
Authors:
Liyi Zhou,
Xihan Xiong,
Jens Ernstberger,
Stefanos Chaliasos,
Zhipeng Wang,
Ye Wang,
Kaihua Qin,
Roger Wattenhofer,
Dawn Song,
Arthur Gervais
Abstract:
Within just four years, the blockchain-based Decentralized Finance (DeFi) ecosystem has accumulated a peak total value locked (TVL) of more than 253 billion USD. This surge in DeFi's popularity has, unfortunately, been accompanied by many impactful incidents. According to our data, users, liquidity providers, speculators, and protocol operators suffered a total loss of at least 3.24 billion USD fr…
▽ More
Within just four years, the blockchain-based Decentralized Finance (DeFi) ecosystem has accumulated a peak total value locked (TVL) of more than 253 billion USD. This surge in DeFi's popularity has, unfortunately, been accompanied by many impactful incidents. According to our data, users, liquidity providers, speculators, and protocol operators suffered a total loss of at least 3.24 billion USD from Apr 30, 2018 to Apr 30, 2022. Given the blockchain's transparency and increasing incident frequency, two questions arise: How can we systematically measure, evaluate, and compare DeFi incidents? How can we learn from past attacks to strengthen DeFi security?
In this paper, we introduce a common reference frame to systematically evaluate and compare DeFi incidents, including both attacks and accidents. We investigate 77 academic papers, 30 audit reports, and 181 real-world incidents. Our data reveals several gaps between academia and the practitioners' community. For example, few academic papers address "price oracle attacks" and "permissonless interactions", while our data suggests that they are the two most frequent incident types (15% and 10.5% correspondingly). We also investigate potential defenses, and find that: (i) 103 (56%) of the attacks are not executed atomically, granting a rescue time frame for defenders; (ii) SoTA bytecode similarity analysis can at least detect 31 vulnerable/23 adversarial contracts; and (iii) 33 (15.3%) of the adversaries leak potentially identifiable information by interacting with centralized exchanges.
△ Less
Submitted 7 April, 2023; v1 submitted 27 August, 2022;
originally announced August 2022.