Stanford Blockchain Conference Day1: New Attack Can Crack Anonymity of Zcash or Monero?

From February 20th to 22nd, Beijing time, the 2020 Stanford Blockchain Conference hosted by Findora was held at Stanford University. This meeting focused on security engineering and risk management methods in blockchain systems, and explored the application of encryption technology. , Decentralized protocols, formal methods, and empirical analysis to improve the security of blockchain systems.

The first day of the conference can be divided into four major topics: scalability, attacks, zero-knowledge proof SNARKs, and new blockchains.


Scalability Topic: Limitations of Plasma Technology and Proof of Work (PoNW)

On the topic of scalability, Stefan Dziembowski from the University of Warsaw delivered a speech entitled "The Boundaries of the Off-Chain Protocol: Exploring the Limitations of Plasma Technology", according to which they investigated the inherent limitations of Plasma's system, and It shows that malicious parties can always launch attacks, forcing honest parties to transfer large amounts of data to the blockchain. This research shows that every plasma system (such as Plasma Cash) must have a large exit, otherwise it will inevitably suffer from a large number of exit problems caused by data unavailability, which cannot be circumvented by introducing additional cryptographic assumptions.

Stefan Dziembowski stated in his speech:

"I think at this stage, Plasma needs more formalization and expansion."

Paper link:

Assimakis Kattis, a PhD student from New York University, presented the results of his "Proof of Necessary Work (PoNW): Concise State Verification and Fair Guarantee". It is reported that this research enables stateless light clients Effectively verify the entire blockchain history in milliseconds. In his speech, he mentioned:

"Our contribution is that the concise client can accept about 1 kilobyte of initialization data. In the trust model in this model, you only need to access a proof of the longest chain, and then it is OK. This prototype is a bit A simplified version of the coin, which is based on the account model. It has no fancy scripts and no UTXO. The certificate in the system is very small, only about 373 bytes. The size of the certificate is the same regardless of the total number of transactions. "

Paper link:

Ed Felten from Off-chain Labs gave a talk entitled "Arbitrum 2.0: Fast Off-Chain Contract with On-Chain Security", which introduced an expansion product called Arbitrum Rollup.

Attack topic: Cracking the anonymity of Zcash or Monero through a remote side channel attack

In addition to the topic of scalability, the topic of blockchain security has also received much attention.

In this regard, Florian Tramer from Stanford University gave a lecture entitled "Anonymous Transactions Linked via Remote Side Channel Attacks", which described a common type of time side channel and traffic analysis attack method that allows remote adversaries to bypass anonymous currencies Cryptographic protection provided.

These attacks enable active remote attackers to identify the (secret) payee of any transaction in Zcash or Monero. Studies have found that in the implementation of Zcash, the time to generate a zero-knowledge proof depends on the secret transaction data, especially the transaction funds. Quantity. Therefore, although the proof system has zero-knowledge attributes, an attacker who can measure the proof generation time may undermine the confidentiality of the transaction.

It is reported that this research was done jointly by Florian Tramer and Dan Boneh and Professor Kenny Paterson.

Florian Tramer said in his speech:

"We responsibly disclosed the problem to the affected Zcash and Monero project parties, and they have now patched the vulnerability."

Paper link:

In addition, Daniel Perez, a researcher from Imperial College London, introduced a new type of DoS attack called a resource exhaustion attack, which uses defects in blockchain systems such as Ethereum to generate low-throughput contracts. These contracts are available In order to prevent nodes with lower hardware capacity from participating in the network, the degree of decentralization of the network is artificially reduced.

Paper link:

Zero-knowledge proof topic: Stackexchange can achieve 9000-18000 tps

In recent years, research on zero-knowledge proofs has become increasingly hot, and this Stanford blockchain conference also focused on the research progress in this area.

For example, the chief scientist from Starkware, Israel Institute of Technology, gave a lecture on computer science professor Eli Ben-Sasson about STARK technology.

"STARKs and StarkWare are known for achieving high scalability. Today, with the StarkExchange smart contract system, we can already achieve approximately 9,000 transactions / second on Ethereum, and for payments, we can achieve 18,000 transactions / second. This system will soon be launched on the Ethereum mainnet, and we are expanding these features to serve non-homogeneous tokens. "

Nick Spooner from the University of California, Berkeley, presented "Fractal: Holography-Based Post-Quantum and Transparent Recursive Proof" at the conference. He stated:

"One of the most powerful features of SNARK is the so-called recursive proof in which you can actually prove that another SNARK is correct, and Fractal is a show that shows how to actually do this and how to use post-quantum security to get Recursive SNARK system. "

Paper link:

Summary: During the first day of the conference, the topics of scalability and privacy remained the main concerns of researchers. In addition, some project parties also demonstrated their own technical characteristics. The Libra blockchain and their Move programming language were introduced at the conference, while Marek Olszewski from the Celo protocol focused on their ultralight client.


Trailer: In tomorrow ’s conference, Ethereum co-founder Vitalik Buterin will give a speech on the topic of 51% attacks, and Lei Yang from MIT will introduce a new consensus mechanism called Prism, which can achieve 10,000 times Bitcoin Expansion, everyone can look forward to it.