verification of blockchains and smart contracts
play

Verification of blockchains and smart contracts Formal Methods - PowerPoint PPT Presentation

Aug 16, 2023 •474 likes •859 views

Verification of blockchains and smart contracts Formal Methods Update, 2018 BITS Pilani Goa Madhavan Mukund Chennai Mathematical Institute http:/ /www.cmi.ac.in/~madhavan Outline Introduction to blockchains Smart contracts

  1. Verification of blockchains and 
 smart contracts Formal Methods Update, 2018 BITS Pilani Goa Madhavan Mukund 
 Chennai Mathematical Institute http:/ /www.cmi.ac.in/~madhavan

  2. Outline Introduction to blockchains Smart contracts Verification issues

  3. Introduction to blockchains

  4. Banks and ledgers Record of all transactions Maintained by a trusted authority Each entry is validated Compute net balance etc

  5. Public ledgers Ledgers are private Can we maintain a public ledger? Eliminate trusted authority

  6. Challenges Integrity of individual transactions Consensus on overall set of transactions

  7. A solution Maintain a distributed ledger Duplication prevents tampering Cryptography for authentication

  8. A solution A physical ledger has pages Distributed version has blocks of data These blocks are linked together Blockchain!

  9. Blocks Each block is a collection of transactions Each block points to parent block

  10. Hash function Compute random The quick brown summary of input fox jumps over the lazy dog. “Impossible” to invert Collisions rare Different inputs 0d7006cd055e94cf produce 614587e1d2ae0c8e different outputs

  11. Blockchain integrity parent hash(parent) Each block has a hash(my hash of the transactions) transactions it Transactions contains Each block parent includes a hash hash(parent) hash(my of parent block transactions) Transactions

  12. Public key cryptography Each person P has The quick brown a pUblic key U and fox jumps over the lazy dog. a pRivate key R U U and R are 0d7006cd055e94cf inverses 614587e1d2ae0c8e To encrypt text t R for P to read, The quick brown send U(t) fox jumps over R(U(t)) = t the lazy dog.

  13. Digital signatures U and R are Madhavan Mukund inverses R R(U(t)) = t Also, 
 0d7006cd055e94cf U(R(t)) = t !! 614587e1d2ae0c8e Sign using R U Recipient can Madhavan Mukund verify using U

  14. Transactions Who writes the transactions in the blockchain? Transaction No centralised From A authority To B Transactions are Amount created by originator

  15. Transactions A digitally signs Cannot repudiate later Transaction From A A uses B’ s public Dig Sig of A key to create a To B challenge only B Challenge can solve Amount Only B can claim this amount

  16. Transactions Where’ s the money? Transaction No centralised From A authority to certify Dig Sig of A the money A holds To B Must refer to Challenge previous Amount transactions where Sources of A acquired the funds money

  17. Adding blocks Peer to peer network Transactions broadcast to all nodes Periodically, collect transactions into a block and add to chain

  18. Mining blocks Process of adding a block is called mining Mining is decentralised Blockchain may fork Integrity of the ledger is lost!

  19. Distributed consensus All nodes should agree on blocks Elegant solution due to Satoshi Nakomoto Emerging distributed consensus

  20. Proof of work Adding a node requires solving a hashing problem Brute force search Calibrated so that it takes about 10 minutes to solve on current hardware

  21. Proof of work After mining a block, miner broadcasts Other miners abandon efforts, accept this block, move to next block Serial numbers

  22. Blockchain forking Two miners may succeed in parallel Variants of chain may propagate Mismatch between your chain and new block — keep longer chain Eventually converges

  23. Incentive for mining Why spend computational effort to mine? Transaction fees and other incentives Bitcoin!

  24. Smart contracts

  25. Transactions A uses B’ s public key to create a Transaction challenge only B From A can solve Dig Sig of A To B Only B can claim Challenge this amount Amount How is this done?

  26. Challenge scripts Simple stack based programming language Locking script DUP HASH160 <PubKHash> EQUALVERIFY CHECKSIG <PubKHash> — hash of B’ s public key Unlocking script <Sig> <PubK> <Sig> <PubK> — signature, public key of B

  27. Challenge scripts … Concatenate and execute on stack VM <Sig> <PubK> DUP HASH160 <PubKHash> EQUALVERIFY CHECKSIG

  28. More general scripts Multisignature N public keys recorded in the script M must provide signatures to unlock Conditional Three partners, majority must sign Lawyer can access with one partner

  29. Scripting language Bitcoin Scripting language is intentionally Turing incomplete Conditionals, but no loops Ethereum Richer language, Turing complete High level language Solidity that compiles down to stack language

  30. Smart contracts A script that executes when a transaction is invoked Ethereum contracts can express objects with encapsulated state Example: DAO Decentralized Autonomous Organisation

  31. Verification

  32. Blockchain convergence Proof of work — eventually convergent solution to distributed consensus Ensures blockchain does not fork Need majority collusion to fabricate alternate chain Would allow double spending

  33. Vulnerability Hijacking Bitcoin: routing attacks on cryptocurrencies, Apostolaki et al, IEEE Security and Privacy 2017 
 Structure of Internet is not uniform Concentration of switches, routers make partitioning possible Can also delay packets

  34. Model checking Modeling and Verification of the Bitcoin Protocol, Chaudhury et al, MARS Workshop 2015 
 UPPAAl model of Bitcoin network Investigate forking, double spending Model checking of a very small scale model, 4 nodes, 1 malicious

  35. Smart contract verification Online Detection of Effectively Callback Free Objects with Applications to Smart Contracts, Grossman et al, POPL 2018 Decentralized Autonomous Organisation DAO bug stole $150 million dollars Reentrant code (callbacks) Automatic verification of effectively callback free objects

  36. DAO Object Dao Map <Object,int> credit 
 int balance Invariant 
 (sum o: credit[o]) = balance Method 
 Method 
 withdrawAll(Object o) deposit(Object o, 
 int amount) if (credit[o] > 0) 
 this.balance -= 
 credit[o] += amount 
 credit[o] 
 balance += amount o.pay(credit[o]) 
 credit[o] = 0

  37. DAO attack Method 
 Object Attacker withdrawAll(Object o) Object Dao 
 if (credit[o] > 0) 
 bool stop = false 
 this.balance -= 
 int balance credit[o] 
 o.pay(credit[o]) 
 Method pay(int profit) credit[o] = 0 this.balance += 
 profit Method 
 if (!stop) deposit(Object o, 
 int amount) stop = true 
 Dao. 
 credit[o] += amount 
 withdrawAll(this) 
 balance += amount stop = false

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Blockchains, Smart Contracts (DApps), and Regulation A briefing from Coin Center Peter Van

Blockchains, Smart Contracts (DApps), and Regulation A briefing from Coin Center Peter Van

Blockchains, Smart Contracts (DApps), and Regulation A briefing from Coin Center Peter Van Valkenburgh Intro: What is Coin Center and what do we do? OUR SUPPORTERS What we do: Education Policy Research Advocacy Backgrounders Reports

830 views • 67 slides
Writing Smart Contracts Dionysis Zindros Smart Contracts Day Athens, March 2017 We talked all

Writing Smart Contracts Dionysis Zindros Smart Contracts Day Athens, March 2017 We talked all

Writing Smart Contracts Dionysis Zindros Smart Contracts Day Athens, March 2017 We talked all about what smart contracts are... ...but what does a real smart contract look like? Lets talk about writing actual Smart Contracts with code

809 views • 50 slides
Automated Formal Verification of Smart Contracts Florian Hubert Dana Drachsler- Andrei Arthur

Automated Formal Verification of Smart Contracts Florian Hubert Dana Drachsler- Andrei Arthur

Automated Formal Verification of Smart Contracts Florian Hubert Dana Drachsler- Andrei Arthur Quentin Petar Martin Buenzli Ritzdorf Cohen Dan Gervais Hibon Tsankov Vechev Growth of the Ethereum Ecosystem $27B Billions of USD are

180 views • 16 slides
SMART CONTRACTS LEGAL IMPLICATIONS PROF. DR. MIRJAM EGGEN Source: bits on blocks AGENDA

SMART CONTRACTS LEGAL IMPLICATIONS PROF. DR. MIRJAM EGGEN Source: bits on blocks AGENDA

SMART CONTRACTS LEGAL IMPLICATIONS PROF. DR. MIRJAM EGGEN Source: bits on blocks AGENDA AGENDA 1 DEFINITION 2 EXAMPLE 3 OBLIGATION 4 TRANSFER 5 DEFAULT DEFINITION IN THE CONTEXT OF BLOCKCHAINS, A SMART CONTRACT IS: PRE-WRITTEN

276 views • 9 slides
Quantitative Analysis of Smart Contracts Krishnendu Chatterjee 1 Amir Goharshady 1 Yaron Velner 2 1

Quantitative Analysis of Smart Contracts Krishnendu Chatterjee 1 Amir Goharshady 1 Yaron Velner 2 1

Quantitative Analysis of Smart Contracts Krishnendu Chatterjee 1 Amir Goharshady 1 Yaron Velner 2 1 IST Austria 2 Hebrew University of Jerusalem ESOP 2018 Outline Smart Contracts Bugs in Smart Contracts Language Design Games and Abstraction

1.06k views • 73 slides
Enter Hydra towards (more) secure smart contracts Philip Daian, Ari Juels Cornell [Tech] .

Enter Hydra towards (more) secure smart contracts Philip Daian, Ari Juels Cornell [Tech] .

Enter Hydra towards (more) secure smart contracts Philip Daian, Ari Juels Cornell [Tech] . Lorenz Breidenbach ETH Zurich, Cornell [Tech] . Florian Tramer . Stanford . Smart Contract Security - The Prongs Formal Verification (+Specification)

960 views • 28 slides
Smart Contracts Jrgen Modin The two building blocks of smart contracts Digital signatures

Smart Contracts Jrgen Modin The two building blocks of smart contracts Digital signatures

Smart Contracts Jrgen Modin The two building blocks of smart contracts Digital signatures The blockchain What does the blockchain do? One timestamp, and one context for each signature You can detect if someone is promising

289 views • 7 slides
SmartChainDB: Towards Semantic Events on Blockchains for Smart Manufacturing Abhisha

SmartChainDB: Towards Semantic Events on Blockchains for Smart Manufacturing Abhisha

. . . . . . . . . . . . . . . . SmartChainDB: Towards Semantic Events on Blockchains for Smart Manufacturing Abhisha Bhattacharyya, Rahul Iyer, Kemafor Anyanwu October 26, 2019 NC State University . . . . . . . . . . .

212 views • 10 slides
Smart Contracts and Ethereum Winter School on Cryptocurrency Loi Luu and Blockchain Technologies

Smart Contracts and Ethereum Winter School on Cryptocurrency Loi Luu and Blockchain Technologies

Smart Contracts and Ethereum Winter School on Cryptocurrency Loi Luu and Blockchain Technologies National University of Singapore Shanghai, Jan. 15-17 2017 Some slides are courtesy of Vitalik Buterin 1 Agenda Smart contracts and

1.12k views • 79 slides
Bitcoin Smart Contracts Saravanan Vijayakumaran sarva@ee.iitb.ac.in Department of Electrical

Bitcoin Smart Contracts Saravanan Vijayakumaran sarva@ee.iitb.ac.in Department of Electrical

Bitcoin Smart Contracts Saravanan Vijayakumaran sarva@ee.iitb.ac.in Department of Electrical Engineering Indian Institute of Technology Bombay August 26, 2019 1 / 17 Smart Contracts Computer protocols which help execution/enforcement of

288 views • 17 slides
Smart Contract Security Assessing Solidity smart contracts About Me Evangelos Deirmentzoglou

Smart Contract Security Assessing Solidity smart contracts About Me Evangelos Deirmentzoglou

Smart Contract Security Assessing Solidity smart contracts About Me Evangelos Deirmentzoglou Security Consultant Smart contract audits Nmap/Ncrack contributor Certs: OSCE, OSCP, OSWP Blockchain Basics Front Running

642 views • 30 slides
Designing Secure Ethereum Smart Contracts: A Finite State Machine Based Approach Anastasia

Designing Secure Ethereum Smart Contracts: A Finite State Machine Based Approach Anastasia

Designing Secure Ethereum Smart Contracts: A Finite State Machine Based Approach Anastasia Mavridou 1 and Aron Laszka 2 1 Vanderbilt University 2 University of Houston 2 Smart Contract Insecurity Smart contracts are riddled with bugs and

575 views • 21 slides
A Concurrent Perspective on Smart Contracts Ilya Sergey Aquinas Hobor 1st Workshop on

A Concurrent Perspective on Smart Contracts Ilya Sergey Aquinas Hobor 1st Workshop on

A Concurrent Perspective on Smart Contracts Ilya Sergey Aquinas Hobor 1st Workshop on Trusted Smart Contracts 7 April 2017 class ConcurrentQueue &lt;E&gt; { public synchronized void enqueue(E elem) {} public synchronized E dequeue()

605 views • 21 slides
Blockchain and Smart Contracts in the Energy Industry: A European Perspective Dr. Matthias Lang

Blockchain and Smart Contracts in the Energy Industry: A European Perspective Dr. Matthias Lang

Blockchain and Smart Contracts in the Energy Industry: A European Perspective Dr. Matthias Lang Bird &amp; Bird LLP, Dsseldorf, Germany April 11, 2019 Table of contents I. Introduction II. Blockchain and Smart Contracts in a Nutshell

787 views • 41 slides
Permissioned Blockchains - Who is the Controller? Permissioned Blockchains Re-centralization of

Permissioned Blockchains - Who is the Controller? Permissioned Blockchains Re-centralization of

Permissioned Blockchains - Who is the Controller? Permissioned Blockchains Re-centralization of Blockchain and its consequences for data protection agenda Controllers and the GDPR How do we apply a centralized regulation on a

382 views • 17 slides
BitML Stefano Lande Nicola Atzei Roberto Zunino Massimo Bartoletti University of Cagliari

BitML Stefano Lande Nicola Atzei Roberto Zunino Massimo Bartoletti University of Cagliari

Design and verification of Bitcoin smart contracts with BitML Stefano Lande Nicola Atzei Roberto Zunino Massimo Bartoletti University of Cagliari University of Trento Why smart contracts on Bitcoin? well-understood security of the

626 views • 34 slides
Introductions CSci 8271 Security and Privacy in Computing Day 1: Introduction and Logistics

Introductions CSci 8271 Security and Privacy in Computing Day 1: Introduction and Logistics

Introductions CSci 8271 Security and Privacy in Computing Day 1: Introduction and Logistics Stephen McCamant University of Minnesota Outline What is computer security? Big-Picture Introduction Keep bad things from happening Course

371 views • 8 slides
Ouroboros Crypsinous Privacy-Preserving Proof-of-Stake Thomas Kerber Aggelos Kiayias

Ouroboros Crypsinous Privacy-Preserving Proof-of-Stake Thomas Kerber Aggelos Kiayias

Ouroboros Crypsinous Privacy-Preserving Proof-of-Stake Thomas Kerber Aggelos Kiayias t.kerber@ed.ac.uk akiayias@ed.ac.uk Markulf Kohlweiss Vassilis Zikas mkohlwei@ed.ac.uk vzikas@ed.ac.uk The University of Edinburgh &amp; IOHK May 17,

286 views • 28 slides
Blockchain and Distributed Ledgers Blockchain allows mul/ple compe/ng par/es

Blockchain and Distributed Ledgers Blockchain allows mul/ple compe/ng par/es

State of Blockchain at LF Christopher Ferris, CTO Open Technology, IBM Blockchain and Distributed Ledgers Blockchain allows mul/ple compe/ng par/es to securely interact with the same universal

567 views • 31 slides
Hyperledger Fabric: a Distributed Operating System for Permissioned Blockchains. (2018) Authors:

Hyperledger Fabric: a Distributed Operating System for Permissioned Blockchains. (2018) Authors:

Hyperledger Fabric: a Distributed Operating System for Permissioned Blockchains. (2018) Authors: Elli Androulaki, Artem Barger, et al. Presented by Chi Chen 1/11 Why Fabric? Permissioned blockchains require every peer to execute every

574 views • 11 slides
Simple Arrays Short introduction to processing data Recording and storing sound Analog

Simple Arrays Short introduction to processing data Recording and storing sound Analog

Simple Arrays Short introduction to processing data Recording and storing sound Analog http://www.soundsetal.com/blog-how-do-vinyl-records-work/ Playback of stored analog sound Power Amplification What about digital? Sampling: Audio CD

590 views • 23 slides
Topic #3 CS162 Topic #3 1 Topic #3 Abstract Data Types Introduction to...Object Models

Topic #3 CS162 Topic #3 1 Topic #3 Abstract Data Types Introduction to...Object Models

Introduction to C++ Data Abstraction w/ Classes Topic #3 CS162 Topic #3 1 Topic #3 Abstract Data Types Introduction to...Object Models Introduction to...Data Abstraction Using Data Abstraction in C++ ...an introduction to the

955 views • 73 slides
Smoke-free Foster Care: Tales from the Field June 24, 2014 Tobacco Control Legal Consortium

Smoke-free Foster Care: Tales from the Field June 24, 2014 Tobacco Control Legal Consortium

Smoke-free Foster Care: Tales from the Field June 24, 2014 Tobacco Control Legal Consortium Webinar Series Providing substantive public health policy knowledge, competencies &amp; research in an interactive format Covering public

1.04k views • 70 slides
15-721 ADVANCED DATABASE SYSTEMS Lecture #18 Parallel Join Algorithms (Hashing) Andy Pavlo

15-721 ADVANCED DATABASE SYSTEMS Lecture #18 Parallel Join Algorithms (Hashing) Andy Pavlo

15-721 ADVANCED DATABASE SYSTEMS Lecture #18 Parallel Join Algorithms (Hashing) Andy Pavlo / / Carnegie Mellon University / / Spring 2016 @Andy_Pavlo // Carnegie Mellon University // Spring 2017 2 TODAYS AGENDA Background Parallel

1.02k views • 81 slides

More recommend