research-article

Cloak: Transitioning States on Legacy Blockchains Using Secure and Publicly Verifiable Off-Chain Multi-Party Computation

Authors:

Bangdao ChenAuthors Info & Claims

ACSAC '22: Proceedings of the 38th Annual Computer Security Applications Conference

Pages 117 - 131

https://doi.org/10.1145/3564625.3567995

Published: 05 December 2022 Publication History

Abstract

In recent years, the confidentiality of smart contracts has become a fundamental requirement for practical applications. While many efforts have been made to develop architectural capabilities for enforcing confidential smart contracts, a few works arise to extend confidential smart contracts to Multi-Party Computation (MPC), i.e., multiple parties jointly evaluate a transaction off-chain and commit the outputs on-chain without revealing their secret inputs/outputs to each other. However, existing solutions lack public verifiability and require O(n) transactions to enable negotiation or resist adversaries, thus suffering from inefficiency and compromised security.

In this paper, we propose Cloak, a framework for enabling Multi-Party Transaction (MPT) on existing blockchains. An MPT refers to transitioning blockchain states by an publicly verifiable off-chain MPC. We identify and handle the challenges of securing MPT by harmonizing TEE and blockchain. Consequently, Cloak secures the off-chain nondeterministic negotiation process (a party joins an MPT without knowing identities or the total number of parties until the MPT proposal settles), achieves public verifiability (the public can validate that the MPT correctly handles the secret inputs/outputs from multiple parties and reads/writes states on-chain), and resists Byzantine adversaries. According to our proof, Cloak achieves better security with only 2 transactions, superior to previous works that achieve compromised security at O(n) transactions cost. By evaluating examples and real-world MPTs, the gas cost of Cloak reduces by 32.4% on average.

References

[1]

Martín Abadi, Mihai Budiu, Ulfar Erlingsson, and Jay Ligatti. 2009. Control-flow integrity principles, implementations, and applications. ACM Transactions on Information and System Security (TISSEC) 13, 1(2009), 1–40.

Digital Library

[2]

AMD. 2020. AMD SEV-SNP: Strengthening VM Isolation with Integrity Protection and More. https://www.amd.com/system/files/TechDocs/SEV-SNP-strengthening-vm-isolation-with-integrity-protection-and-more.pdf.

[3]

Elli Androulaki, Artem Barger, Vita Bortnikov, Christian Cachin, Konstantinos Christidis, Angelo De Caro, David Enyeart, Christopher Ferris, Gennady Laventman, Yacov Manevich, 2018. Hyperledger fabric: a distributed operating system for permissioned blockchains. In Proceedings of the thirteenth EuroSys conference. 1–15.

Digital Library

[4]

Foteini Baldimtsi, Aggelos Kiayias, Thomas Zacharias, and Bingsheng Zhang. 2020. Crowd Verifiable Zero-Knowledge and End-to-End Verifiable Multiparty Computation. In Advances in Cryptology – ASIACRYPT 2020: 26th International Conference on the Theory and Application of Cryptology and Information Security, Daejeon, South Korea, December 7–11, 2020, Proceedings, Part III (Daejeon, Korea (Republic of)). Springer-Verlag, Berlin, Heidelberg, 717–748. https://doi.org/10.1007/978-3-030-64840-4_24

Digital Library

[5]

Carsten Baum, Ivan Damgård, and Claudio Orlandi. 2014. Publicly Auditable Secure Multi-Party Computation. In Security and Cryptography for Networks, Michel Abdalla and Roberto De Prisco (Eds.). Springer International Publishing, Cham, 175–196.

[6]

Andrea Biondo, Mauro Conti, Lucas Davi, Tommaso Frassetto, and Ahmad-Reza Sadeghi. 2018. The Guard’s Dilemma: Efficient Code-Reuse Attacks Against Intel SGX. In 27th {USENIX} Security Symposium ({USENIX} Security 18). USENIX Association, Baltimore, MD, 1213–1227. https://www.usenix.org/conference/usenixsecurity18/presentation/biondo

[7]

Sean Bowe, Alessandro Chiesa, Matthew Green, Ian Miers, Pratyush Mishra, and Howard Wu. 2020. ZEXE: Enabling Decentralized Private Computation. 2020 IEEE Symposium on Security and Privacy(2020). https://doi.org/10.1109/sp40000.2020.00050

[8]

Ferdinand Brasser, Urs Müller, Alexandra Dmitrienko, Kari Kostiainen, Srdjan Capkun, and Ahmad-Reza Sadeghi. 2017. Software Grand Exposure: SGX Cache Attacks Are Practical. In 11th USENIX Workshop on Offensive Technologies (WOOT 17). USENIX Association, Vancouver, BC. https://www.usenix.org/conference/woot17/workshop-program/presentation/brasser

Digital Library

[9]

Jo Van Bulck, Marina Minkin, Ofir Weisse, Daniel Genkin, Baris Kasikci, Frank Piessens, Mark Silberstein, Thomas F. Wenisch, Yuval Yarom, and Raoul Strackx. 2018. Foreshadow: Extracting the Keys to the Intel SGX Kingdom with Transient Out-of-Order Execution. In 27th {USENIX} Security Symposium ({USENIX} Security 18). USENIX Association, Baltimore, MD, 991–1008. https://www.usenix.org/conference/usenixsecurity18/presentation/bulck

[10]

Nathan Burow, Scott A Carr, Joseph Nash, Per Larsen, Michael Franz, Stefan Brunthaler, and Mathias Payer. 2017. Control-flow integrity: Precision, security, and performance. ACM Computing Surveys (CSUR) 50, 1 (2017), 1–33.

Digital Library

[11]

Lorenzo Cavallaro, Johannes Kinder, XiaoFeng Wang, Jonathan Katz, Iddo Bentov, Yan Ji, Fan Zhang, Lorenz Breidenbach, Philip Daian, and Ari Juels. 2019. Tesseract: Real-Time Cryptocurrency Exchange Using Trusted Hardware(Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security). 1521–1538. https://doi.org/10.1145/3319535.3363221

Digital Library

[12]

BNB Chain. 2022. Multi-Party Threshold Signature Scheme. https://github.com/bnb-chain/tss-lib.

[13]

Raymond Cheng, Fan Zhang, Jernej Kos, Warren He, Nicholas Hynes, Noah Johnson, Ari Juels, Andrew Miller, and Dawn Song. 2019. Ekiden: A Platform for Confidentiality-Preserving, Trustworthy, and Performant Smart Contracts. 2019 IEEE European Symposium on Security and Privacy (EuroS&P) 00 (2019), 185–200. https://doi.org/10.1109/eurosp.2019.00023 arXiv:1804.05141

[14]

Bitcoin Core. 2022. libsecp256k1. https://github.com/bitcoin-core/secp256k1.

[15]

Victor Costan, Ilia Lebedev, and Srinivas Devadas. 2016. Sanctum: Minimal hardware extensions for strong software isolation. In 25th {USENIX} Security Symposium ({USENIX} Security 16). 857–874.

[16]

Poulami Das, Lisa Eckey, Tommaso Frassetto, David Gens, Kristina Hostáková, Patrick Jauernig, Sebastian Faust, and Ahmad-Reza Sadeghi. 2019. FastKitten: Practical Smart Contracts on Bitcoin. In 28th {USENIX} Security Symposium ({USENIX} Security 19). USENIX Association, Santa Clara, CA, 801–818. https://www.usenix.org/conference/usenixsecurity19/presentation/das

[17]

Lucas Vincenzo Davi, Alexandra Dmitrienko, Stefan Nürnberger, and Ahmad-Reza Sadeghi. 2013. Gadge me if you can: secure and efficient ad-hoc instruction-level randomization for x86 and ARM. In Proceedings of the 8th ACM SIGSAC symposium on Information, computer and communications security. 299–310.

Digital Library

[18]

Open Enclave. 2021. Open Enclave SDK. https://github.com/openenclave/openenclave. https://github.com/openenclave/openenclave

[19]

Ethereum. 2021. Solc 0.8.10. https://github.com/ethereum/solidity/releases/tag/v0.8.10. https://github.com/ethereum/solidity/releases/tag/v0.8.10

[20]

Ethereum Foundation. 2020. Ethereum Virtual Machine. https://ethereum.org/en/developers/docs/evm/

[21]

Daniel Gruss, Julian Lettner, Felix Schuster, Olya Ohrimenko, Istvan Haller, and Manuel Costa. 2017. Strong and efficient cache side-channel protection using hardware transactional memory. In 26th {USENIX} Security Symposium ({USENIX} Security 17). 217–233.

[22]

Intel. 2021. Resources and Response to Side Channel L1 Terminal Fault. https://www.intel.com/content/www/us/en/architecture-and-technology/l1tf.html?wapkw=l1tf

[23]

Yuekai Jia, Shuang Liu, Wenhao Wang, Yu Chen, Zhengde Zhai, Shoumeng Yan, and Zhengyu He. 2022. HyperEnclave: An Open and Cross-platform Trusted Execution Environment. In 2022 USENIX Annual Technical Conference (USENIX ATC 22). USENIX Association, Carlsbad, CA, 437–454. https://www.usenix.org/conference/atc22/presentation/jia-yuekai

[24]

S. Kanjalkar, Y. Zhang, S. Gandlur, and A. Miller. 2021. Publicly Auditable MPC-as-a-Service with succinct verification and universal setup. In 2021 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW). IEEE Computer Society, Los Alamitos, CA, USA, 386–411. https://doi.org/10.1109/EuroSPW54576.2021.00048

[25]

Ahmed Kosba, Andrew Miller, Elaine Shi, Zikai Wen, and Charalampos Papamanthou. 2016. Hawk: The Blockchain Model of Cryptography and Privacy-Preserving Smart Contracts. 2016 IEEE Symposium on Security and Privacy (SP) (2016), 839–858. https://doi.org/10.1109/sp.2016.55

[26]

Jinghui Liao, Fengwei Zhang, Wenhai Sun, and Weisong Shi. 2022. Speedster: An Efficient Multi-party State Channel via Enclaves. In Proceedings of the 2022 ACM on Asia Conference on Computer and Communications Security. 637–651.

Digital Library

[27]

David Maier, Rachel Pottinger, AnHai Doan, Wang-Chiew Tan, Abdussalam Alawini, Hung Q Ngo, Ying Yan, Changzheng Wei, Xuepeng Guo, Xuming Lu, Xiaofu Zheng, Qi Liu, Chenhui Zhou, Xuyang Song, Boran Zhao, Hui Zhang, and Guofei Jiang. 2020. Confidentiality Support over Financial Grade Consortium Blockchain. 2227–2240. https://doi.org/10.1145/3318464.3386127

Digital Library

[28]

Satoshi Nakamoto. 2008. Bitcoin: A peer-to-peer electronic cash system. Decentralized Business Review(2008), 21260.

[29]

Job Noorman, Pieter Agten, Wilfried Daniels, Raoul Strackx, Anthony Van Herrewege, Christophe Huygens, Bart Preneel, Ingrid Verbauwhede, and Frank Piessens. 2013. Sancus: Low-cost trustworthy extensible networked devices with a zero-software trusted computing base. In 22nd {USENIX} Security Symposium ({USENIX} Security 13). 479–498.

[30]

Alex Ozdemir and Dan Boneh. 2022. Experimenting with Collaborative zk-SNARKs: Zero-Knowledge Proofs for Distributed Secrets. In 31st {USENIX} Security Symposium ({USENIX} Security 22). USENIX Association, Boston, MA, 4291–4308. https://www.usenix.org/conference/usenixsecurity22/presentation/ozdemir

[31]

Indrajit Ray, Ninghui Li, Christopher Kruegel, Ranjit Kumaresan, Tal Moran, and Iddo Bentov. 2015. How to Use Bitcoin to Play Decentralized Poker. Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security (2015). https://doi.org/10.1145/2810103.2813712

Digital Library

[32]

Qian Ren, Han Liu, Yue Li, and Hong Lei. 2021. Demo: Cloak: A Framework For Development of Confidential Blockchain Smart Contracts. In 2021 IEEE 41st International Conference on Distributed Computing Systems (ICDCS). 1102–1105. https://doi.org/10.1109/ICDCS51616.2021.00111

[33]

Mark Russinovich, Edward Ashton, Christine Avanessians, Miguel Castro, Amaury Chamayou, Sylvan Clebsch, and et al.2019. CCF: A Framework for Building Confidential Verifiable Replicated Services. Technical Report. Microsoft Research and Microsoft Azure.

[34]

Berry Schoenmakers and Meilof Veeningen. 2015. Universally Verifiable Multiparty Computation from Threshold Homomorphic Cryptosystems. In Applied Cryptography and Network Security, Tal Malkin, Vladimir Kolesnikov, Allison Bishop Lewko, and Michalis Polychronakis (Eds.). Springer International Publishing, Cham, 3–22.

[35]

Jaebaek Seo, Byoungyoung Lee, Seong Min Kim, Ming-Wei Shih, Insik Shin, Dongsu Han, and Taesoo Kim. 2017. SGX-Shield: Enabling Address Space Layout Randomization for SGX Programs. In NDSS.

[36]

Ming-Wei Shih, Sangho Lee, Taesoo Kim, and Marcus Peinado. 2017. T-SGX: Eradicating Controlled-Channel Attacks Against Enclave Programs. In NDSS.

[37]

Rohit Sinha. 2020. LucidiTEE: A TEE-Blockchain System for Policy-Compliant Multiparty Computation with Fairness.

[38]

Second State and Oasis Labs. 2020. Confidential Ethereum Smart Contracts. Technical Report.

[39]

Samuel Steffen, Benjamin Bichsel, Roger Baumgartner, and Martin Vechev. 2022. ZeeStar: Private Smart Contracts by Homomorphic Encryption and Zero-knowledge Proofs. In 2022 IEEE Symposium on Security and Privacy (SP). 179–197. https://doi.org/10.1109/SP46214.2022.9833732

[40]

Truffle Suite. 2021. Ganache. https://github.com/trufflesuite/ganache. https://github.com/trufflesuite/ganache

[41]

David Cerezo Sánchez. 2018. Raziel: Private and Verifiable Smart Contracts on Blockchains. arXiv (2018). arXiv:1807.09484

[42]

Bhavani Thuraisingham, David Evans, Tal Malkin, Dongyan Xu, Arka Rai Choudhuri, Matthew Green, Abhishek Jain, Gabriel Kaptchuk, and Ian Miers. 2017. Fairness in an Unfair World: Fair Multiparty Computation from Public Bulletin Boards(Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security). 719–728. https://doi.org/10.1145/3133956.3134092

Digital Library

[43]

Edgar Weippl, Stefan Katzenbeisser, Christopher Kruegel, Andrew Myers, Shai Halevi, Ranjit Kumaresan, and Iddo Bentov. 2016. Amortizing Secure Computation with Penalties. Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security (2016). https://doi.org/10.1145/2976749.2978424

Digital Library

[44]

Edgar Weippl, Stefan Katzenbeisser, Christopher Kruegel, Andrew Myers, Shai Halevi, Ranjit Kumaresan, Vinod Vaikuntanathan, and Prashant Nalini Vasudevan. 2016. Improvements to Secure Computation with Penalties. Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security (2016), 406–417. https://doi.org/10.1145/2976749.2978421

Digital Library

[45]

Gavin Wood 2014. Ethereum: A secure decentralised generalised transaction ledger. Ethereum project yellow paper(2014).

Cited By

Deng ARen QWu YLei HChen B(2024)Proof of Finalization: A Self-Fulfilling Function of BlockchainIEEE Transactions on Information Forensics and Security10.1109/TIFS.2024.345135519(8052-8065)Online publication date: 2024
https://doi.org/10.1109/TIFS.2024.3451355
Ren QLi YWu YWu YLei HWang LChen B(2024)DeCloak: Enable Secure and Cheap Multi-Party Transactions on Legacy Blockchains by a Minimally Trusted TEE NetworkIEEE Transactions on Information Forensics and Security10.1109/TIFS.2023.331893519(88-103)Online publication date: 1-Jan-2024
https://dl.acm.org/doi/10.1109/TIFS.2023.3318935
Zhang YYang JLei HBao ZLu NShi WChen B(2024)PACTA: An IoT Data Privacy Regulation Compliance Scheme Using TEE and BlockchainIEEE Internet of Things Journal10.1109/JIOT.2023.332130811:5(8882-8893)Online publication date: 1-Mar-2024
https://doi.org/10.1109/JIOT.2023.3321308

Index Terms

Cloak: Transitioning States on Legacy Blockchains Using Secure and Publicly Verifiable Off-Chain Multi-Party Computation
1. Security and privacy

Recommendations

Publicly verifiable ciphertexts
Advances in Security for Communication Networks

In many applications where encrypted traffic flows from an open public domain to a protected private domain there exists a gateway that bridges these two worlds, faithfully forwarding all incoming traffic to the receiver. We observe that the notion of ...
Round-Optimal Secure Multi-party Computation
Abstract
Secure multi-party computation (MPC) is a central cryptographic task that allows a set of mutually distrustful parties to jointly compute some function of their private inputs where security should hold in the presence of an active (i.e. malicious)...
Publicly Verifiable Zero Knowledge from (Collapsing) Blockchains
Public-Key Cryptography – PKC 2021
Abstract
Publicly Verifiable Zero-Knowledge proofs are known to exist only from setup assumptions such as a trusted common reference string or a random oracle. Unfortunately, the former requires a trusted party while the latter does not exist.
Blockchains ...

Comments

Information & Contributors

Information

Published In

cover image ACM Other conferences

ACSAC '22: Proceedings of the 38th Annual Computer Security Applications Conference

December 2022

1021 pages

ISBN:9781450397599

DOI:10.1145/3564625

Copyright © 2022 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 05 December 2022

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Badges

Artifacts Evaluated & Functional / v1.1

Qualifiers

Research-article
Research
Refereed limited

Conference

ACSAC

ACSAC: Annual Computer Security Applications Conference

December 5 - 9, 2022

TX, Austin, USA

Acceptance Rates

Overall Acceptance Rate 104 of 497 submissions, 21%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

3
Total Citations
View Citations
324
Total Downloads

Downloads (Last 12 months)92
Downloads (Last 6 weeks)6

Reflects downloads up to 07 Nov 2024

Other Metrics

View Author Metrics

Citations

Cited By

Deng ARen QWu YLei HChen B(2024)Proof of Finalization: A Self-Fulfilling Function of BlockchainIEEE Transactions on Information Forensics and Security10.1109/TIFS.2024.345135519(8052-8065)Online publication date: 2024
https://doi.org/10.1109/TIFS.2024.3451355
Ren QLi YWu YWu YLei HWang LChen B(2024)DeCloak: Enable Secure and Cheap Multi-Party Transactions on Legacy Blockchains by a Minimally Trusted TEE NetworkIEEE Transactions on Information Forensics and Security10.1109/TIFS.2023.331893519(88-103)Online publication date: 1-Jan-2024
https://dl.acm.org/doi/10.1109/TIFS.2023.3318935
Zhang YYang JLei HBao ZLu NShi WChen B(2024)PACTA: An IoT Data Privacy Regulation Compliance Scheme Using TEE and BlockchainIEEE Internet of Things Journal10.1109/JIOT.2023.332130811:5(8882-8893)Online publication date: 1-Mar-2024
https://doi.org/10.1109/JIOT.2023.3321308
Qi HXu MYu DCheng X(2024)SoK: Privacy-preserving smart contractHigh-Confidence Computing10.1016/j.hcc.2023.1001834:1(100183)Online publication date: Mar-2024
https://doi.org/10.1016/j.hcc.2023.100183

View Options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

HTML Format

View this article in HTML Format.

Media

Figures

Other

Tables

View Table of Contents