-
Fully Automated Selfish Mining Analysis in Efficient Proof Systems Blockchains
Authors:
Krishnendu Chatterjee,
Amirali Ebrahimzadeh,
Mehrdad Karrabi,
Krzysztof Pietrzak,
Michelle Yeo,
Đorđe Žikelić
Abstract:
We study selfish mining attacks in longest-chain blockchains like Bitcoin, but where the proof of work is replaced with efficient proof systems -- like proofs of stake or proofs of space -- and consider the problem of computing an optimal selfish mining attack which maximizes expected relative revenue of the adversary, thus minimizing the chain quality. To this end, we propose a novel selfish mini…
▽ More
We study selfish mining attacks in longest-chain blockchains like Bitcoin, but where the proof of work is replaced with efficient proof systems -- like proofs of stake or proofs of space -- and consider the problem of computing an optimal selfish mining attack which maximizes expected relative revenue of the adversary, thus minimizing the chain quality. To this end, we propose a novel selfish mining attack that aims to maximize this objective and formally model the attack as a Markov decision process (MDP). We then present a formal analysis procedure which computes an $ε$-tight lower bound on the optimal expected relative revenue in the MDP and a strategy that achieves this $ε$-tight lower bound, where $ε>0$ may be any specified precision. Our analysis is fully automated and provides formal guarantees on the correctness. We evaluate our selfish mining attack and observe that it achieves superior expected relative revenue compared to two considered baselines.
In concurrent work [Sarenche FC'24] does an automated analysis on selfish mining in predictable longest-chain blockchains based on efficient proof systems. Predictable means the randomness for the challenges is fixed for many blocks (as used e.g., in Ouroboros), while we consider unpredictable (Bitcoin-like) chains where the challenge is derived from the previous block.
△ Less
Submitted 7 May, 2024;
originally announced May 2024.
-
Pressure-driven relaxation processes in nanocomposite ionic glass LiFe$_{0.75}$V$_{0.10}$PO$_{4}$
Authors:
Szymon Starzonek,
Sylwester J. Rzoska,
Aleksandra Drozd-Rzoska,
Michal Bockowski,
Tomasz K. Pietrzak,
Jerzy E. Garbarczyk
Abstract:
This paper presents results for systems formed in a solid glassy state after nanocrystallization process above the glass temperature. We analyze electric conductivity and relaxation processes after such treatment under high temperature (HT) and high pressure (HP-HT) as well. The latter leads to ca. 8% increase of density, two decades (100) increase of electric conductivity as well as qualitative c…
▽ More
This paper presents results for systems formed in a solid glassy state after nanocrystallization process above the glass temperature. We analyze electric conductivity and relaxation processes after such treatment under high temperature (HT) and high pressure (HP-HT) as well. The latter leads to ca. 8% increase of density, two decades (100) increase of electric conductivity as well as qualitative changes in relaxation processes. The previtreous-type changes of the relaxation time on cooling is analyzed by the use of critical-like and the 'critical-activated' description. Presented results correspond well with obtained for this material and shown in ref. [8]. The evidence for pressure evolution of the glass and crystallization temperatures, indicating the unique possibility of maxima and crossovers is also reported.
△ Less
Submitted 27 June, 2022;
originally announced June 2022.
-
Wiser: Increasing Throughput in Payment Channel Networks with Transaction Aggregation
Authors:
Samarth Tiwari,
Michelle Yeo,
Zeta Avarikioti,
Iosif Salem,
Krzysztof Pietrzak,
Stefan Schmid
Abstract:
Payment channel networks (PCNs) are one of the most prominent solutions to the limited transaction throughput of blockchains. Nevertheless, PCNs suffer themselves from a throughput limitation due to the capital constraints of their channels. A similar dependence on high capital is also found in inter-bank payment settlements, where the so-called netting technique is used to mitigate liquidity dema…
▽ More
Payment channel networks (PCNs) are one of the most prominent solutions to the limited transaction throughput of blockchains. Nevertheless, PCNs suffer themselves from a throughput limitation due to the capital constraints of their channels. A similar dependence on high capital is also found in inter-bank payment settlements, where the so-called netting technique is used to mitigate liquidity demands.
In this work, we alleviate this limitation by introducing the notion of transaction aggregation: instead of executing transactions sequentially through a PCN, we enable senders to aggregate multiple transactions and execute them simultaneously to benefit from several amounts that may "cancel out". Two direct advantages of our proposal is the decrease in intermediary fees paid by senders as well as the obfuscation of the transaction data from the intermediaries.
We formulate the transaction aggregation as a computational problem, a generalization of the Bank Clearing Problem. We present a generic framework for the transaction aggregation execution, and thereafter we propose Wiser as an implementation of this framework in a specific hub-based setting. To overcome the NP-hardness of the transaction aggregation problem, in Wiser we propose a fixed-parameter linear algorithm for a special case of transaction aggregation as well as the Bank Clearing Problem. Wiser can also be seen as a modern variant of the Hawala money transfer system, as well as a decentralized implementation of the overseas remittance service of Wise.
△ Less
Submitted 23 May, 2022;
originally announced May 2022.
-
HIDE & SEEK: Privacy-Preserving Rebalancing on Payment Channel Networks
Authors:
Zeta Avarikioti,
Krzysztof Pietrzak,
Iosif Salem,
Stefan Schmid,
Samarth Tiwari,
Michelle Yeo
Abstract:
Payment channels effectively move the transaction load off-chain thereby successfully addressing the inherent scalability problem most cryptocurrencies face. A major drawback of payment channels is the need to ``top up'' funds on-chain when a channel is depleted. Rebalancing was proposed to alleviate this issue, where parties with depleting channels move their funds along a cycle to replenish thei…
▽ More
Payment channels effectively move the transaction load off-chain thereby successfully addressing the inherent scalability problem most cryptocurrencies face. A major drawback of payment channels is the need to ``top up'' funds on-chain when a channel is depleted. Rebalancing was proposed to alleviate this issue, where parties with depleting channels move their funds along a cycle to replenish their channels off-chain. Protocols for rebalancing so far either introduce local solutions or compromise privacy.
In this work, we present an opt-in rebalancing protocol that is both private and globally optimal, meaning our protocol maximizes the total amount of rebalanced funds. We study rebalancing from the framework of linear programming. To obtain full privacy guarantees, we leverage multi-party computation in solving the linear program, which is executed by selected participants to maintain efficiency. Finally, we efficiently decompose the rebalancing solution into incentive-compatible cycles which conserve user balances when executed atomically.
Keywords: Payment Channel Networks, Privacy and Rebalancing.
△ Less
Submitted 17 October, 2021;
originally announced October 2021.
-
LightPIR: Privacy-Preserving Route Discovery for Payment Channel Networks
Authors:
Krzysztof Pietrzak,
Iosif Salem,
Stefan Schmid,
Michelle Yeo
Abstract:
Payment channel networks are a promising approach to improve the scalability of cryptocurrencies: they allow to perform transactions in a peer-to-peer fashion, along multi-hop routes in the network, without requiring consensus on the blockchain. However, during the discovery of cost-efficient routes for the transaction, critical information may be revealed about the transacting entities.
This pa…
▽ More
Payment channel networks are a promising approach to improve the scalability of cryptocurrencies: they allow to perform transactions in a peer-to-peer fashion, along multi-hop routes in the network, without requiring consensus on the blockchain. However, during the discovery of cost-efficient routes for the transaction, critical information may be revealed about the transacting entities.
This paper initiates the study of privacy-preserving route discovery mechanisms for payment channel networks. In particular, we present LightPIR, an approach which allows a source to efficiently discover a shortest path to its destination without revealing any information about the endpoints of the transaction. The two main observations which allow for an efficient solution in LightPIR are that: (1) surprisingly, hub labelling algorithms - which were developed to preprocess "street network like" graphs so one can later efficiently compute shortest paths - also work well for the graphs underlying payment channel networks, and that (2) hub labelling algorithms can be directly combined with private information retrieval.
LightPIR relies on a simple hub labeling heuristic on top of existing hub labeling algorithms which leverages the specific topological features of cryptocurrency networks to further minimize storage and bandwidth overheads. In a case study considering the Lightning network, we show that our approach is an order of magnitude more efficient compared to a privacy-preserving baseline based on using private information retrieval on a database that stores all pairs shortest paths.
△ Less
Submitted 9 April, 2021;
originally announced April 2021.
-
Properties of LiMnBO3 glasses and nanostructured glass-ceramics
Authors:
P. P. Michalski,
A. Gołębiewska,
J. Trébosc,
O. Lafon,
T. K. Pietrzak,
J. Ryl,
J. L. Nowiński,
M. Wasiucionek,
J. E. Garbarczyk
Abstract:
Polycrystalline LiMnBO3 is a promising cathode material for Li-ion batteries. In this work, we investigated the thermal, structural and electrical properties of glassy and nanocrystallized materials having the same chemical composition. The original glass was obtained via a standard meltquenching method. SEM and 7Li solid-state NMR indicate that it contains a mixture of two distinct glassy phases.…
▽ More
Polycrystalline LiMnBO3 is a promising cathode material for Li-ion batteries. In this work, we investigated the thermal, structural and electrical properties of glassy and nanocrystallized materials having the same chemical composition. The original glass was obtained via a standard meltquenching method. SEM and 7Li solid-state NMR indicate that it contains a mixture of two distinct glassy phases. The results suggest that the electrical conductivity of the glass is dominated by the ionic one. The dc conductivity of initial glass was estimated to be in the order of 10-18 S.cm-1 at room temperature. The thermal nanocrystallization of the glass produces a nanostructured glass-ceramics containing MnBO3 and LiMnBO3 phases. The electric conductivity of this glass-ceramics is increased by 6 orders of magnitude, compared to the starting material at room temperature. Compared to other manganese and borate containing glasses reported in the literature, the conductivity of the nanostructured glass ceramics is higher than that of the previously reported glassy materials. Such improved conductivity stems from the facilitated electronic transport along the grain boundaries.
△ Less
Submitted 22 July, 2019;
originally announced July 2019.
-
Sustained Space Complexity
Authors:
Joel Alwen,
Jeremiah Blocki,
Krzysztof Pietrzak
Abstract:
Memory-hard functions (MHF) are functions whose evaluation cost is dominated by memory cost. MHFs are egalitarian, in the sense that evaluating them on dedicated hardware (like FPGAs or ASICs) is not much cheaper than on off-the-shelf hardware (like x86 CPUs). MHFs have interesting cryptographic applications, most notably to password hashing and securing blockchains.
Alwen and Serbinenko [STOC'1…
▽ More
Memory-hard functions (MHF) are functions whose evaluation cost is dominated by memory cost. MHFs are egalitarian, in the sense that evaluating them on dedicated hardware (like FPGAs or ASICs) is not much cheaper than on off-the-shelf hardware (like x86 CPUs). MHFs have interesting cryptographic applications, most notably to password hashing and securing blockchains.
Alwen and Serbinenko [STOC'15] define the cumulative memory complexity (cmc) of a function as the sum (over all time-steps) of the amount of memory required to compute the function. They advocate that a good MHF must have high cmc. Unlike previous notions, cmc takes into account that dedicated hardware might exploit amortization and parallelism. Still, cmc has been critizised as insufficient, as it fails to capture possible time-memory trade-offs, as memory cost doesn't scale linearly, functions with the same cmc could still have very different actual hardware cost.
In this work we address this problem, and introduce the notion of sustained-memory complexity, which requires that any algorithm evaluating the function must use a large amount of memory for many steps. We construct functions (in the parallel random oracle model) whose sustained-memory complexity is almost optimal: our function can be evaluated using $n$ steps and $O(n/\log(n))$ memory, in each step making one query to the (fixed-input length) random oracle, while any algorithm that can make arbitrary many parallel queries to the random oracle, still needs $Ω(n/\log(n))$ memory for $Ω(n)$ steps.
Our main technical contribution is the construction is a family of DAGs on $n$ nodes with constant indegree with high "sustained-space complexity", meaning that any parallel black-pebbling strategy requires $Ω(n/\log(n))$ pebbles for at least $Ω(n)$ steps.
△ Less
Submitted 7 July, 2017; v1 submitted 15 May, 2017;
originally announced May 2017.
-
Non-Uniform Attacks Against Pseudoentropy
Authors:
Krzysztof Pietrzak,
Maciej Skorski
Abstract:
De, Trevisan and Tulsiani [CRYPTO 2010] show that every distribution over $n$-bit strings which has constant statistical distance to uniform (e.g., the output of a pseudorandom generator map** $n-1$ to $n$ bit strings), can be distinguished from the uniform distribution with advantage $ε$ by a circuit of size $O( 2^nε^2)$.
We generalize this result, showing that a distribution which has less t…
▽ More
De, Trevisan and Tulsiani [CRYPTO 2010] show that every distribution over $n$-bit strings which has constant statistical distance to uniform (e.g., the output of a pseudorandom generator map** $n-1$ to $n$ bit strings), can be distinguished from the uniform distribution with advantage $ε$ by a circuit of size $O( 2^nε^2)$.
We generalize this result, showing that a distribution which has less than $k$ bits of min-entropy, can be distinguished from any distribution with $k$ bits of $δ$-smooth min-entropy with advantage $ε$ by a circuit of size $O(2^kε^2/δ^2)$. As a special case, this implies that any distribution with support at most $2^k$ (e.g., the output of a pseudoentropy generator map** $k$ to $n$ bit strings) can be distinguished from any given distribution with min-entropy $k+1$ with advantage $ε$ by a circuit of size $O(2^kε^2)$.
Our result thus shows that pseudoentropy distributions face basically the same non-uniform attacks as pseudorandom distributions.
△ Less
Submitted 28 April, 2017; v1 submitted 27 April, 2017;
originally announced April 2017.
-
Condensed Unpredictability
Authors:
Maciej Skorski,
Alexander Golovnev,
Krzysztof Pietrzak
Abstract:
We consider the task of deriving a key with high HILL entropy from an unpredictable source. Previous to this work, the only known way to transform unpredictability into a key that was $\eps$ indistinguishable from having min-entropy was via pseudorandomness, for example by Goldreich-Levin (GL) hardcore bits. This approach has the inherent limitation that from a source with $k$ bits of unpredictabi…
▽ More
We consider the task of deriving a key with high HILL entropy from an unpredictable source. Previous to this work, the only known way to transform unpredictability into a key that was $\eps$ indistinguishable from having min-entropy was via pseudorandomness, for example by Goldreich-Levin (GL) hardcore bits. This approach has the inherent limitation that from a source with $k$ bits of unpredictability entropy one can derive a key of length (and thus HILL entropy) at most $k-2\log(1/ε)$ bits. In many settings, e.g. when dealing with biometric data, such a $2\log(1/ε)$ bit entropy loss in not an option. Our main technical contribution is a theorem that states that in the high entropy regime, unpredictability implies HILL entropy. The loss in circuit size in this argument is exponential in the entropy gap $d$. To overcome the above restriction, we investigate if it's possible to first "condense" unpredictability entropy and make the entropy gap small. We show that any source with $k$ bits of unpredictability can be condensed into a source of length $k$ with $k-3$ bits of unpredictability entropy. Our condenser simply "abuses" the GL construction and derives a $k$ bit key from a source with $k$ bits of unpredicatibily. The original GL theorem implies nothing when extracting that many bits, but we show that in this regime, GL still behaves like a "condenser" for unpredictability. This result comes with two caveats (1) the loss in circuit size is exponential in $k$ and (2) we require that the source we start with has \emph{no} HILL entropy (equivalently, one can efficiently check if a guess is correct). We leave it as an intriguing open problem to overcome these restrictions or to prove they're inherent.
△ Less
Submitted 28 April, 2015;
originally announced April 2015.