Biblio

Multi-stage Proof-of-Work is a recently proposed protocol which extends the Proof-of-Work protocol used in Bitcoin. It splits Proof-of-Work into multiple stages, to achieve a more efficient block generation and a fair reward distribution. In this paper we study some of the Multi-stage Proof-of-Work security vulnerabilities. Precisely, we present two attacks: a Selfish Mining attack and a Selfish Stage-Withholding attack. We show that Multi-stage Proof-of-Work is not secure against a selfish miner owning more than 25% of the network hashing power. Moreover, we show that Selfish Stage-Withholding is a complementary strategy to boost a selfish miner's profitability.

Most present reconfiguration methods in sharding blockchains rely on a secure randomness, whose generation might be complicated. Besides, a reference committee is usually in charge of the reconfiguration, making the process not decentralized. To address the above issues, this paper proposes a secure and decentralized shard reconfiguration protocol, which allows each shard to complete the selection and confirmation of its own shard members in turn. The PoW mining puzzle is calculated using the public key hash value in the member list confirmed by the last shard. Through the mining and shard member list commitment process, each shard can update its members safely and efficiently once in a while. Furthermore, it is proved that our protocol satisfies the safety, consistency, liveness, and decentralization properties. The honest member proportion in each confirmed shard member list is guaranteed to exceed a certain safety threshold, and all honest nodes have an identical view on the list. The reconfiguration is ensured to make progress, and each node has the same right to participate in the process. Our secure and decentralized shard reconfiguration protocol could be applied to all committee-based sharding blockchains.

Blockchains and distributed ledgers have brought renewed interest in Byzantine fault-tolerant protocols and decentralized systems, two domains studied for several decades. Recent promising works have in particular proposed to use epidemic protocols to overcome the limitations of popular Blockchain mechanisms, such as proof-of-stake or proof-of-work. These works unfortunately assume a perfect peer-sampling service, immune to malicious attacks, a property that is difficult and costly to achieve. We revisit this fundamental problem in this paper, and propose a novel Byzantine-tolerant peer-sampling service that is resilient to Sybil attacks in open systems by exploiting the underlying structure of wide-area networks.

Performing a fair exchange without a Trusted Third Party (TTP) was considered to be impossible. With multi party computation and practices like Proof-of-Work (PoW), blockchain accomplishes a fair exchange in a trustless network. Data confidentiality is a key challenge that has to be resolved before adopting blockchain for enterprise applications where tokenized assets will be transferred. Protocols like Zcash are already providing the same for financial transactions but lacks flexibility required to apply in most of the potential use cases of blockchain. Most of the real world application work in a way where a transaction is carried out when a particular action is performed. Also, the zero knowledge proof method used in Zcash, ZKSNARK has certain weaknesses restricting its adoption. One of the major drawbacks of ZKSNARK is that it requires an initial trust setup phase which is difficult to achieve in blockchain ecosystem. ZKSTARK, an interactive zero knowledge proof does not require this phase and also provides security against post quantum attacks. We propose a system that uses two indistinguishable hash functions along with ZKSTARK to improve the flexibility of blockchain platforms. The two indistinguishable hash functions are chosen from SHA3-finalists based on their security, performance and inner designs.

In a consensus algorithm based on Proof-of-Work, miners are motivated by crypto rewards. Furthermore, security is guaranteed because a cost of a 50% attack chance is higher than the potential rewards. However, because of the sudden price jump of cryptocurrencies and cheap prices of mining machines like ASICs, the cost and profit were on equilibrium for Bitcoin in 2017. In this situation, attackers are motivated by the balance between hash power and profits. In this paper, we describe that there is relevance between mining power on the network and price of tokens that can be taken securely on a blockchain. Users who exchange tokens on the PoW blockchain should monitor mining power and exchange tokens cheaper than the attack cost so that profit and cost of the attacker are not in equilibrium.

Existing data management and searching system for Internet of Things uses centralized database. For this reason, security vulnerabilities are found in this system which consists of server such as IP spoofing, single point of failure and Sybil attack. This paper proposes data management system is based on blockchain which ensures security by using ECDSA digital signature and SHA-256 hash function. Location that is indicated as IP address of data owner and data name are transcribed in block which is included in the blockchain. Furthermore, we devise data manegement and searching method through analyzing block hash value. By using security properties of blockchain such as authentication, non-repudiation and data integrity, this system has advantage of security comparing to previous data management and searching system using centralized database or P2P networks.

The blockchain technology has emerged as an attractive solution to address performance and security issues in distributed systems. Blockchain's public and distributed peer-to-peer ledger capability benefits cloud computing services which require functions such as, assured data provenance, auditing, management of digital assets, and distributed consensus. Blockchain's underlying consensus mechanism allows to build a tamper-proof environment, where transactions on any digital assets are verified by set of authentic participants or miners. With use of strong cryptographic methods, blocks of transactions are chained together to enable immutability on the records. However, achieving consensus demands computational power from the miners in exchange of handsome reward. Therefore, greedy miners always try to exploit the system by augmenting their mining power. In this paper, we first discuss blockchain's capability in providing assured data provenance in cloud and present vulnerabilities in blockchain cloud. We model the block withholding (BWH) attack in a blockchain cloud considering distinct pool reward mechanisms. BWH attack provides rogue miner ample resources in the blockchain cloud for disrupting honest miners' mining efforts, which was verified through simulations.