-
Efficient Data Management for IPFS dApps
Authors:
Vero Estrada-Galiñanes,
Ahmad ElRouby,
Léo Marc-André Theytaz
Abstract:
Inefficient data management has been the Achilles heel of blockchain-based decentralized applications (dApps). An off-chain storage layer, which lies between the application and the blockchain layers, can improve space efficiency and data availability with erasure codes and decentralized maintenance. This paper presents two fundamental components of such storage layer designed and implemented for…
▽ More
Inefficient data management has been the Achilles heel of blockchain-based decentralized applications (dApps). An off-chain storage layer, which lies between the application and the blockchain layers, can improve space efficiency and data availability with erasure codes and decentralized maintenance. This paper presents two fundamental components of such storage layer designed and implemented for the IPFS network. The IPFS Community is a component built on top of the IPFS network that encodes and decodes data before uploading to the network. Since data is encoded with alpha entanglement codes, the solution requires less storage space than the native IPFS solution which replicates data by pinning content with the IPFS Cluster. To detect and repair failures in a timely manner, we introduce the monitoring and repair component. This novel component is activated by any node and distributes the load of repairs among various nodes. These two components are implemented as pluggable modules, and can, therefore, be easily migrated to other distributed file systems by adjusting the connector component.
△ Less
Submitted 24 April, 2024;
originally announced April 2024.
-
E-Vote Your Conscience: Perceptions of Coercion and Vote Buying, and the Usability of Fake Credentials in Online Voting
Authors:
Louis-Henri Merino,
Alaleh Azhir,
Haoqian Zhang,
Simone Colombo,
Bernhard Tellenbach,
Vero Estrada-Galiñanes,
Bryan Ford
Abstract:
Online voting is attractive for convenience and accessibility, but is more susceptible to voter coercion and vote buying than in-person voting. One mitigation is to give voters fake voting credentials that they can yield to a coercer. Fake credentials appear identical to real ones, but cast votes that are silently omitted from the final tally. An important unanswered question is how ordinary voter…
▽ More
Online voting is attractive for convenience and accessibility, but is more susceptible to voter coercion and vote buying than in-person voting. One mitigation is to give voters fake voting credentials that they can yield to a coercer. Fake credentials appear identical to real ones, but cast votes that are silently omitted from the final tally. An important unanswered question is how ordinary voters perceive such a mitigation: whether they could understand and use fake credentials, and whether the coercion risks justify the costs of mitigation. We present the first systematic study of these questions, involving 150 diverse individuals in Boston, Massachusetts. All participants "registered" and "voted" in a mock election: 120 were exposed to coercion resistance via fake credentials, the rest forming a control group. Of the 120 participants exposed to fake credentials, 96% understood their use. 53% reported that they would create fake credentials in a real-world voting scenario, given the opportunity. 10% mistakenly voted with a fake credential, however. 22% reported either personal experience with or direct knowledge of coercion or vote-buying incidents. These latter participants rated the coercion-resistant system essentially as trustworthy as in-person voting via hand-marked paper ballots. Of the 150 total participants to use the system, 87% successfully created their credentials without assistance; 83% both successfully created and properly used their credentials. Participants give a System Usability Scale score of 70.4, which is slightly above the industry's average score of 68. Our findings appear to support the importance of the coercion problem in general, and the promise of fake credentials as a possible mitigation, but user error rates remain an important usability challenge for future work.
△ Less
Submitted 18 April, 2024;
originally announced April 2024.
-
Tit-for-Token: Understanding Fairness when Forwarding Data by Incentivized Peers in Decentralized Storage Networks
Authors:
Vahid Heidaripour Lakhani,
Arman Babaei,
Leander Jehl,
Georgy Ishmaev,
Vero Estrada-Galiñanes
Abstract:
Decentralized storage networks offer services with intriguing possibilities to reduce inequalities in an extremely centralized market. The challenge is to conceive incentives that are fair in regard to the income distribution among peers. Despite many systems using tokens to incentivize forwarding data, like Swarm, little is known about the interplay between incentives, storage-, and network-param…
▽ More
Decentralized storage networks offer services with intriguing possibilities to reduce inequalities in an extremely centralized market. The challenge is to conceive incentives that are fair in regard to the income distribution among peers. Despite many systems using tokens to incentivize forwarding data, like Swarm, little is known about the interplay between incentives, storage-, and network-parameters. This paper aims to help fill this gap by develo** Tit-for-Token (Tit4Tok), a framework to understand fairness. Tit4Tok realizes a triad of altruism (acts of kindness such as debt forgiveness), reciprocity (Tit-for-Tat's mirroring cooperation), and monetary rewards as desired in the free market. Tit4Tok sheds light on incentives across the accounting and settlement layers. We present a comprehensive exploration of different factors when incentivized peers share bandwidth in a libp2p-based network, including uneven distributions emerging when gateways provide data to users outside the network. We quantified the Income-Fairness with the Gini coefficient, using multiple model instantiations and diverse approaches for debt cancellation. We propose regular changes to the gateway neighborhood and show that our shuffling method improves the Income-Fairness from 0.66 to 0.16. We quantified the non-negligible cost of tolerating free-riding (altruism). The performance is evaluated by extensive computer simulations and using an IPFS workload to study the effects of caching.
△ Less
Submitted 2 October, 2023; v1 submitted 5 July, 2023;
originally announced July 2023.
-
Breaking Blockchain Rationality with Out-of-Band Collusion
Authors:
Haoqian Zhang,
Mahsa Bastankhah,
Louis-Henri Merino,
Vero Estrada-Galiñanes,
Bryan Ford
Abstract:
Blockchain systems often rely on rationality assumptions for their security, expecting that nodes are motivated to maximize their profits. These systems thus design their protocols to incentivize nodes to execute the honest protocol but fail to consider out-of-band collusion. Existing works analyzing rationality assumptions are limited in their scope, either by focusing on a specific protocol or r…
▽ More
Blockchain systems often rely on rationality assumptions for their security, expecting that nodes are motivated to maximize their profits. These systems thus design their protocols to incentivize nodes to execute the honest protocol but fail to consider out-of-band collusion. Existing works analyzing rationality assumptions are limited in their scope, either by focusing on a specific protocol or relying on non-existing financial instruments. We propose a general rational attack on rationality by leveraging an external channel that incentivizes nodes to collude against the honest protocol. Our approach involves an attacker creating an out-of-band bribery smart contract to motivate nodes to double-spend their transactions in exchange for shares in the attacker's profits. We provide a game theory model to prove that any rational node is incentivized to follow the malicious protocol. We discuss our approach to attacking the Bitcoin and Ethereum blockchains, demonstrating that irrational behavior can be rational in real-world blockchain systems when analyzing rationality in a larger ecosystem. We conclude that rational assumptions only appear to make the system more secure and offer a false sense of security under the flawed analysis.
△ Less
Submitted 30 April, 2023;
originally announced May 2023.
-
Fair Incentivization of Bandwidth Sharing in Decentralized Storage Networks
Authors:
Vahid Heidaripour Lakhani,
Leander Jehl,
Rinke Hendriksen,
Vero Estrada-Galiñanes
Abstract:
Peer-to-peer (p2p) networks are not independent of their peers, and the network efficiency depends on peers contributing resources. Because shared resources are not free, this contribution must be rewarded. Peers across the network may share computation power, storage capacity, and bandwidth. This paper looks at how bandwidth incentive encourages peers to share bandwidth and rewards them for their…
▽ More
Peer-to-peer (p2p) networks are not independent of their peers, and the network efficiency depends on peers contributing resources. Because shared resources are not free, this contribution must be rewarded. Peers across the network may share computation power, storage capacity, and bandwidth. This paper looks at how bandwidth incentive encourages peers to share bandwidth and rewards them for their contribution. With the advent of blockchain technology, many p2p networks attempt to reward contributions by crypto-assets. We conduct simulations to better understand current incentive mechanisms, assess the fairness of these mechanisms, and to look for ways to make those incentives more equitable. The following are the primary contributions of this study: (i) We investigate and simulate bandwidth incentives within Swarm, a cutting-edge p2p storage network; (ii) We demonstrate one approach to make the current bandwidth incentives more equitable; (iii) We use the Gini coefficient to define two quantifiable fairness characteristics to evaluate reward sharing in a decentralized p2p storage network.
△ Less
Submitted 15 August, 2022;
originally announced August 2022.
-
F3B: A Low-Overhead Blockchain Architecture with Per-Transaction Front-Running Protection
Authors:
Haoqian Zhang,
Louis-Henri Merino,
Ziyan Qu,
Mahsa Bastankhah,
Vero Estrada-Galinanes,
Bryan Ford
Abstract:
Front-running attacks, which benefit from advanced knowledge of pending transactions, have proliferated in the blockchain space since the emergence of decentralized finance. Front-running causes devastating losses to honest participants and continues to endanger the fairness of the ecosystem. We present Flash Freezing Flash Boys (F3B), a blockchain architecture that addresses front-running attacks…
▽ More
Front-running attacks, which benefit from advanced knowledge of pending transactions, have proliferated in the blockchain space since the emergence of decentralized finance. Front-running causes devastating losses to honest participants and continues to endanger the fairness of the ecosystem. We present Flash Freezing Flash Boys (F3B), a blockchain architecture that addresses front-running attacks by using threshold cryptography. In F3B, a user generates a symmetric key to encrypt their transaction, and once the underlying consensus layer has finalized the transaction, a decentralized secret-management committee reveals this key. F3B mitigates front-running attacks because, before the consensus group finalizes it, an adversary can no longer read the content of a transaction, thus preventing the adversary from benefiting from advanced knowledge of pending transactions. Unlike other mitigation systems, F3B properly ensures that all unfinalized transactions, even with significant delays, remain private by adopting per-transaction protection. Furthermore, F3B addresses front-running at the execution layer; thus, our solution is agnostic to the underlying consensus algorithm and compatible with existing smart contracts. We evaluated F3B on Ethereum with a modified execution layer and found only a negligible (0.026%) increase in transaction latency, specifically due to running threshold decryption with a 128-member secret-management committee after a transaction is finalized; this indicates that F3B is both practical and low-cost.
△ Less
Submitted 5 September, 2023; v1 submitted 17 May, 2022;
originally announced May 2022.
-
TRIP: Trust-Limited Coercion-Resistant In-Person Voter Registration
Authors:
Louis-Henri Merino,
Simone Colombo,
Rene Reyes,
Alaleh Azhir,
Haoqian Zhang,
Jeff Allen,
Bernhard Tellenbach,
Vero Estrada-Galiñanes,
Bryan Ford
Abstract:
Remote electronic voting is convenient and flexible, but presents risks of coercion and vote buying. One promising mitigation strategy enables voters to give a coercer fake voting credentials, which silently cast votes that do not count. However, current proposals make problematic assumptions during credential issuance, such as relying on a trustworthy registrar, on trusted hardware, or on voters…
▽ More
Remote electronic voting is convenient and flexible, but presents risks of coercion and vote buying. One promising mitigation strategy enables voters to give a coercer fake voting credentials, which silently cast votes that do not count. However, current proposals make problematic assumptions during credential issuance, such as relying on a trustworthy registrar, on trusted hardware, or on voters interacting with multiple registrars. We present TRIP, the first voter registration scheme that addresses these challenges by leveraging the physical security of in-person interaction. Voters use a kiosk in a privacy booth to print real and fake paper credentials, which appear indistinguishable to others. Voters interact with only one authority, need no trusted hardware during credential issuance, and need not trust the registrar except when actually under coercion. For verifiability, each credential includes an interactive zero-knowledge proof, which is sound in real credentials and unsound in fake credentials. Voters learn the difference by observing the order of printing steps, and need not understand the technical details. We prove formally that TRIP satisfies coercion-resistance and verifiability. In a user study with 150 participants, 83% successfully used TRIP.
△ Less
Submitted 17 March, 2024; v1 submitted 14 February, 2022;
originally announced February 2022.
-
A Tree-based Construction for Verifiable Diplomas with Issuer Transparency
Authors:
Rodrigo Q. Saramago,
Leander Jehl,
Hein Meling,
Vero Estrada-Galiñanes
Abstract:
Still to this day, academic credentials are primarily paper-based, and the process to verify the authenticity of such documents is costly, time-consuming, and prone to human error and fraud. Digitally signed documents facilitate a cost-effective verification process. However, vulnerability to fraud remains due to reliance on centralized authorities that lack full transparency. In this paper, we pr…
▽ More
Still to this day, academic credentials are primarily paper-based, and the process to verify the authenticity of such documents is costly, time-consuming, and prone to human error and fraud. Digitally signed documents facilitate a cost-effective verification process. However, vulnerability to fraud remains due to reliance on centralized authorities that lack full transparency. In this paper, we present the mechanisms we designed to create secure and machine-verifiable academic credentials. Our protocol models a diploma as an evolving set of immutable credentials. The credentials are built as a tree-based data structure with linked time-stam**, where portions of credentials are distributed over a set of smart contracts. Our design prevents fraud of diplomas and eases the detection of degree mills, while increasing the transparency and trust in the issuer's procedures. Our evaluation shows that our solution offers a certification system with strong cryptographic security and imposes a high level of transparency of the certification process. We achieve these benefits with acceptable costs compared to existing solutions that lack such transparency.
△ Less
Submitted 23 September, 2021;
originally announced September 2021.
-
[Invited talk] Building a Disaster-resilient Storage Layer for Next Generation Networks: The Role of Redundancy
Authors:
Vero Estrada-Galinanes,
Racin Nygaard,
Viktor Tron,
Rodrigo Saramago,
Leander Jehl,
Hein Meling
Abstract:
Blockchain is the driving force behind a myriad of decentralized applications (dapps) that promise to transform the Internet. The next generation Internet, or web3, introduces a "universal state layer" to store data in p2p networks. Swarm, a native layer of the Ethereum web3 stack, aims at providing redundant storage for dapp code, data, as well as, blockchain and state data. Based on a diploma ve…
▽ More
Blockchain is the driving force behind a myriad of decentralized applications (dapps) that promise to transform the Internet. The next generation Internet, or web3, introduces a "universal state layer" to store data in p2p networks. Swarm, a native layer of the Ethereum web3 stack, aims at providing redundant storage for dapp code, data, as well as, blockchain and state data. Based on a diploma verification dapp use case, we share insights on the role of redundancy strategies in designing a reliable storage layer. Our proof-of-concept improves Swarm's resilience to failures by balancing repairs and storage, with a slightly added latency.
△ Less
Submitted 5 December, 2019;
originally announced December 2019.
-
Alpha Entanglement Codes: Practical Erasure Codes to Archive Data in Unreliable Environments
Authors:
Vero Estrada-Galiñanes,
Ethan Miller,
Pascal Felber,
Jehan-François Pâris
Abstract:
Data centres that use consumer-grade disks drives and distributed peer-to-peer systems are unreliable environments to archive data without enough redundancy. Most redundancy schemes are not completely effective for providing high availability, durability and integrity in the long-term. We propose alpha entanglement codes, a mechanism that creates a virtual layer of highly interconnected storage de…
▽ More
Data centres that use consumer-grade disks drives and distributed peer-to-peer systems are unreliable environments to archive data without enough redundancy. Most redundancy schemes are not completely effective for providing high availability, durability and integrity in the long-term. We propose alpha entanglement codes, a mechanism that creates a virtual layer of highly interconnected storage devices to propagate redundant information across a large scale storage system. Our motivation is to design flexible and practical erasure codes with high fault-tolerance to improve data durability and availability even in catastrophic scenarios. By flexible and practical, we mean code settings that can be adapted to future requirements and practical implementations with reasonable trade-offs between security, resource usage and performance. The codes have three parameters. Alpha increases storage overhead linearly but increases the possible paths to recover data exponentially. Two other parameters increase fault-tolerance even further without the need of additional storage. As a result, an entangled storage system can provide high availability, durability and offer additional integrity: it is more difficult to modify data undetectably. We evaluate how several redundancy schemes perform in unreliable environments and show that alpha entanglement codes are flexible and practical codes. Remarkably, they excel at code locality, hence, they reduce repair costs and become less dependent on storage locations with poor availability. Our solution outperforms Reed-Solomon codes in many disaster recovery scenarios.
△ Less
Submitted 6 October, 2018;
originally announced October 2018.
-
Visions and Challenges in Managing and Preserving Data to Measure Quality of Life
Authors:
Vero Estrada-Galinanes,
Katarzyna Wac
Abstract:
Health-related data analysis plays an important role in self-knowledge, disease prevention, diagnosis, and quality of life assessment. With the advent of data-driven solutions, a myriad of apps and Internet of Things (IoT) devices (wearables, home-medical sensors, etc) facilitates data collection and provide cloud storage with a central administration. More recently, blockchain and other distribut…
▽ More
Health-related data analysis plays an important role in self-knowledge, disease prevention, diagnosis, and quality of life assessment. With the advent of data-driven solutions, a myriad of apps and Internet of Things (IoT) devices (wearables, home-medical sensors, etc) facilitates data collection and provide cloud storage with a central administration. More recently, blockchain and other distributed ledgers became available as alternative storage options based on decentralised organisation systems. We bring attention to the human data bleeding problem and argue that neither centralised nor decentralised system organisations are a magic bullet for data-driven innovation if individual, community and societal values are ignored. The motivation for this position paper is to elaborate on strategies to protect privacy as well as to encourage data sharing and support open data without requiring a complex access protocol for researchers. Our main contribution is to outline the design of a self-regulated Open Health Archive (OHA) system with focus on quality of life (QoL) data.
△ Less
Submitted 6 September, 2018;
originally announced September 2018.
-
Limiting Lamport Exposure to Distant Failures in Globally-Managed Distributed Systems
Authors:
Cristina Băsescu,
Georgia Fragkouli,
Enis Ceyhun Alp,
Michael F. Nowlan,
Jose M. Faleiro,
Gaylor Bosson,
Kelong Cong,
Pierluca Borsò-Tan,
Vero Estrada-Galiñanes,
Bryan Ford
Abstract:
Globalized computing infrastructures offer the convenience and elasticity of globally managed objects and services, but lack the resilience to distant failures that localized infrastructures such as private clouds provide. Providing both global management and resilience to distant failures, however, poses a fundamental problem for configuration services: How to discover a possibly migratory, stron…
▽ More
Globalized computing infrastructures offer the convenience and elasticity of globally managed objects and services, but lack the resilience to distant failures that localized infrastructures such as private clouds provide. Providing both global management and resilience to distant failures, however, poses a fundamental problem for configuration services: How to discover a possibly migratory, strongly-consistent service/object in a globalized infrastructure without dependencies on globalized state? Limix is the first metadata configuration service that addresses this problem. With Limix, global strongly-consistent data-plane services and objects are insulated from remote gray failures by ensuring that the definitive, strongly-consistent metadata for any object is always confined to the same region as the object itself. Limix guarantees availability bounds: any user can continue accessing any strongly consistent object that matters to the user located at distance $Δ$ away, insulated from failures outside a small multiple of $Δ$. We built a Limix metadata service based on CockroachDB. Our experiments on Internet-like networks and on AWS, using realistic trace-driven workloads, show that Limix enables global management and significantly improves availability over the state-of-the-art.
△ Less
Submitted 15 July, 2022; v1 submitted 3 May, 2014;
originally announced May 2014.