Phoenix: A Formally Verified Regenerating Vault

An attacker that gains access to a cryptocurrency user’s private keys can perform any operation in her stead. Due to the decentralized nature of most cryptocurrencies, no entity can revert those operations. This is a central challenge for decentralized systems, illustrated by numerous high-profile heists. Vault contracts reduce this risk by introducing artificial delay on operations, allowing abortion by the contract owner during the delay. However, the theft of a key still renders the vault unusable and puts funds at risk. We introduce Phoenix, a novel contract architecture that allows the user to restore its security properties after key loss. Phoenix takes advantage of users’ ability to store keys in easily-available but less secure storage (tier-two) as well as more secure storage that is harder to access (tierone). Unlike previous solutions, the user can restore Phoenix security after the theft of tier-two keys and does not lose funds despite losing keys in either tier. Phoenix also introduces a mechanism to reduce the damage an attacker can cause in case of a tier-one compromise. We formally specify Phoenix’s required behavior and provide a prototype implementation of Phoenix as an Ethereum contract. Since such an implementation is highly sensitive and vulnerable to subtle bugs, we apply a formal verification tool to prove specific code properties and identify faults. We highlight a bug identified by the tool that could be exploited by an attacker to compromise Phoenix. After fixing the bug, the tool proved the low-level executable code’s correctness.

[1]  Anwar Alruwaili,et al.  Intelligent Transaction Techniques for Blockchain Platforms , 2019, 2019 International Conference on Computing, Electronics & Communications Engineering (iCCECE).

[2]  Jun Sun,et al.  sFuzz: An Efficient Adaptive Fuzzer for Solidity Smart Contracts , 2020, 2020 IEEE/ACM 42nd International Conference on Software Engineering (ICSE).

[3]  Aoi Nakamoto,et al.  W-Shield: Protection against Cryptocurrency Wallet Credential Stealing , 2018 .

[4]  Bowen Alpern,et al.  Defining Liveness , 1984, Inf. Process. Lett..

[5]  Joseph Bonneau,et al.  The Bitcoin Brain Drain : A Short Paper on the Use and Abuse of Bitcoin Brain Wallets , 2016 .

[6]  Andrew Hinkes,et al.  Throw Away the Key, or the Key Holder? Coercive Contempt for Lost or Forgotten Cryptoasset Private Keys, or Obstinate Holders , 2019 .

[7]  Arvind Narayanan,et al.  Bitcoin and Cryptocurrency Technologies - A Comprehensive Introduction , 2016 .

[8]  Jean-Christophe Filliâtre,et al.  Why3 - Where Programs Meet Provers , 2013, ESOP.

[9]  Marko Vukolic,et al.  Hyperledger fabric: a distributed operating system for permissioned blockchains , 2018, EuroSys.

[10]  Massimo Bartoletti,et al.  Bitcoin covenants unchained , 2020, ISoLA.

[11]  Karan Singh Garewal Cryptocurrency Transaction Processing , 2020 .

[12]  Daniel Davis Wood,et al.  ETHEREUM: A SECURE DECENTRALISED GENERALISED TRANSACTION LEDGER , 2014 .

[13]  Nikolaj Bjørner,et al.  Z3: An Efficient SMT Solver , 2008, TACAS.

[14]  Satoshi Nakamoto Bitcoin : A Peer-to-Peer Electronic Cash System , 2009 .

[15]  Karlene Cousins,et al.  Individuals' Cryptocurrency Adoption: A Proposed Moderated-Mediation Model , 2019, AMCIS.

[16]  Sara Tucci Piergiovanni,et al.  On Cancellation of Transactions in Bitcoin-Like Blockchains , 2018, OTM Conferences.

[17]  Emin Gün Sirer,et al.  Bitcoin Covenants , 2016, Financial Cryptography Workshops.

[18]  Omer Shlomovits,et al.  CryptoWills: How to Bequeath Cryptoassets , 2020, 2020 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW).

[19]  Bryan Bishop,et al.  Custody Protocols Using Bitcoin Vaults , 2020, ArXiv.

[20]  K. Rustan M. Leino,et al.  Dafny: An Automatic Program Verifier for Functional Correctness , 2010, LPAR.

[21]  S. Athey,et al.  Bitcoin Pricing, Adoption, and Usage: Theory and Evidence , 2016 .

[22]  Lauretta O. Osho,et al.  Axiomatic Basis for Computer Programming , 2013 .