Who: Daniele Friolo from Sapienza University of Rome, Italy \
When: 15:00 - 16:00 Wednesday {{ page.date | date_to_long_string }}\
Where: Room 5128, EDIT building.\
Title: {{ page.title }}
Abstract:\
We investigate the security of smart contracts within a blockchain that can fork (as Bitcoin and Ethereum). In particular, we focus on multi-party computation (MPC) protocols run on-chain with the aid of smart contracts, and observe that honest players face the following dilemma: Should I rush sending protocol’s messages based on the current view of the blockchain, or rather wait that a message is confirmed on the chain before sending the next one?
To the best of our knowledge, the (implicit) default option used in previous work is the second one and thus known on-chain MPC protocols take long time to be executed on those blockchains with a long confirmation time (e.g., 1 hour per transaction in Bitcoin). While the first option would clearly be preferable for efficiency, we show that this is not necessarily the case for security, as there are natural examples of on-chain MPC protocols that simply become insecure in presence of rushing players.
Our contributions are twofold:
Our techniques are inspired by ideas on resettably secure computation (Goyal and Sahai, EUROCRYPT ‘09). We also provide a prototype implementation of our coin tossing protocol using Ethereum smart contracts, and instantiate our generic compiler in a concrete setting, showing that both our constructions yield considerable improvements in terms of efficiency.
{: .t60 } {% include list-posts tag=‘csstalk’%}