Paralysis Proofs : Secure Dynamic Access Structures for Cryptocurrencies and More

Conventional (M,N )-threshold signature schemes leave users with a painful choice. SettingM = N offers maximum resistance to key compromise. With this choice, though, loss of a single key renders the signing capability unavailable, creating paralysis in systems that use signatures for access control. Lower M improves availability, but at the expense of security. For example, a (3, 3)-multisignature cryptocurrency wallet experiences access-control paralysis upon loss of a single key, but a (2, 3)-multisig allows any two players to collude and steal funds from the third. In this paper, we introduce techniques that address this impasse by making general cryptographic access structures dynamic. Our schemes permit, e.g., a (3, 3)-multisig, to be downgraded to a (2, 3)multisig if a player goes missing. This downgrading is secure in the sense that it occurs only if a player is provably unavailable. Our main tool is what we call a Paralysis Proof, evidence that players, i.e., key holders, are unavailable or incapacitated. Using Paralysis Proofs, we show how to construct a Dynamic Access Structure System, which can securely and flexibly update target access structures without a trusted third party such as a system administrator. We present DASS constructions that combine a trust anchor (a trusted execution environment or smart contract) with a censorshipresistant channel in the form of a blockchain. We offer a formal framework for specifying DASS policies, and define and show how to achieve critical security and usability properties (safety, liveness, and paralysis-freeness) in a DASS. Paralysis Proofs can help address pervasive key-management challenges in many different settings. We present DASS schemes for three important example use cases: recovery of cryptocurrency funds should players become unavailable, returning funds to users when cryptocurrency custodians fail, and remediating critical smartcontract failures such as frozen funds. We report on practical implementations for Bitcoin and Ethereum.

[1]  Matthew Green,et al.  Giving State to the Stateless: Augmenting Trustworthy Computation with Ledgers , 2019, NDSS.

[2]  Dawn Xiaodong Song,et al.  Ekiden: A Platform for Confidentiality-Preserving, Trustworthy, and Performant Smart Contract Execution , 2018, ArXiv.

[3]  Fan Zhang,et al.  Tesseract: Real-Time Cryptocurrency Exchange using Trusted Hardware , 2017, IACR Cryptol. ePrint Arch..

[4]  Ari Juels,et al.  Enter the Hydra: Towards Principled Bug Bounties and Exploit-Resistant Smart Contracts , 2018, IACR Cryptol. ePrint Arch..

[5]  Matthew Green,et al.  Fairness in an Unfair World: Fair Multiparty Computation from Public Bulletin Boards , 2017, CCS.

[6]  Dan Boneh,et al.  IRON: Functional Encryption using Intel SGX , 2017, CCS.

[7]  Taesoo Kim,et al.  SGX-Bomb: Locking Down the Processor via Rowhammer Attack , 2017, SysTEX@SOSP.

[8]  Brent Byunghoon Kang,et al.  Hacking in Darkness: Return-oriented Programming against Secure Enclaves , 2017, USENIX Security Symposium.

[9]  Carl A. Gunter,et al.  Leaky Cauldron on the Dark Land: Understanding Memory Side-Channel Hazards in SGX , 2017, CCS.

[10]  Elaine Shi,et al.  Formal Abstractions for Attested Execution Secure Processors , 2017, EUROCRYPT.

[11]  Fan Zhang,et al.  Sealed-Glass Proofs: Using Transparent Enclaves to Prove and Sell Knowledge , 2017, 2017 IEEE European Symposium on Security and Privacy (EuroS&P).

[12]  Johannes Götzfried,et al.  Cache Attacks on Intel SGX , 2017, EUROSEC.

[13]  Russell O'Connor,et al.  Enhancing Bitcoin Transactions with Covenants , 2017, Financial Cryptography Workshops.

[14]  Gorka Irazoqui Apecechea,et al.  CacheZoom: How SGX Amplifies The Power of Cache Attacks , 2017, CHES.

[15]  Shweta Shinde,et al.  Panoply: Low-TCB Linux Applications With SGX Enclaves , 2017, NDSS.

[16]  Stefan Mangard,et al.  Malware Guard Extension: Using SGX to Conceal Cache Attacks , 2017, DIMVA.

[17]  Srdjan Capkun,et al.  Software Grand Exposure: SGX Cache Attacks Are Practical , 2017, WOOT.

[18]  Marcus Peinado,et al.  Inferring Fine-grained Control Flow Inside SGX Enclaves with Branch Shadowing , 2016, USENIX Security Symposium.

[19]  W. Bolt Bitcoin and Cryptocurrency Technologies : A Comprehensive Introduction , 2017 .

[20]  Srdjan Capkun,et al.  ROTE: Rollback Protection for Trusted Execution , 2017, USENIX Security Symposium.

[21]  TU Dresden mhaehnel High-Resolution Side Channels for Untrusted Operating Systems , 2017 .

[22]  Fan Zhang,et al.  Town Crier: An Authenticated Data Feed for Smart Contracts , 2016, CCS.

[23]  Jongkil Kim,et al.  A Cryptographically Enforced Access Control with a Flexible User Revocation on Untrusted Cloud Storage , 2016, Data Science and Engineering.

[24]  Ari Juels,et al.  Setting Standards for Altering and Undoing Smart Contracts , 2016, RuleML.

[25]  Arvind Narayanan,et al.  Threshold-Optimal DSA/ECDSA Signatures and an Application to Bitcoin Wallet Security , 2016, ACNS.

[26]  Fazlullah Khan,et al.  An Innovative Approach to Investigate Various Software Testing Techniques and Strategies , 2016 .

[27]  Steven Myers,et al.  On the Practicality of Cryptographically Enforcing Dynamic Access Control Policies in the Cloud , 2016, 2016 IEEE Symposium on Security and Privacy (SP).

[28]  Edgar R. Weippl,et al.  The Other Side of the Coin: User Experiences with Bitcoin Security and Privacy , 2016, Financial Cryptography.

[29]  Emin Gün Sirer,et al.  Bitcoin-NG: A Scalable Blockchain Protocol , 2015, NSDI.

[30]  Emin Gün Sirer,et al.  Bitcoin Covenants , 2016, Financial Cryptography Workshops.

[31]  Dimitriadis Evangelos,et al.  The Quest to Replace Passwords : a Framework for Comparative Evaluation of Web Authentication Schemes , 2016 .

[32]  Jason Teutsch,et al.  Demystifying Incentives in the Consensus Computer , 2015, CCS.

[33]  Marcus Peinado,et al.  Controlled-Channel Attacks: Deterministic Side Channels for Untrusted Operating Systems , 2015, 2015 IEEE Symposium on Security and Privacy.

[34]  Feng Hao,et al.  ZombieCoin: Powering Next-Generation Botnets with Bitcoin , 2015, Financial Cryptography Workshops.

[35]  David Lee Kuo Chuen,et al.  Chapter 28 – Bitcoin Exchanges , 2015 .

[36]  Daniel Davis Wood,et al.  ETHEREUM: A SECURE DECENTRALISED GENERALISED TRANSACTION LEDGER , 2014 .

[37]  Juan del Cuvillo,et al.  Using innovative instructions to create trustworthy software solutions , 2013, HASP '13.

[38]  Carlos V. Rozas,et al.  Innovative instructions and software model for isolated execution , 2013, HASP '13.

[39]  Ittai Anati,et al.  Innovative Technology for CPU Based Attestation and Sealing , 2013 .

[40]  Rong Hao,et al.  Two Protocols for Member Revocation in Secret Sharing Schemes , 2011, PAISI.

[41]  Manoj Prabhakaran,et al.  Attribute-Based Signatures , 2011, CT-RSA.

[42]  Sean Stolberg,et al.  Enabling Agile Testing through Continuous Integration , 2009, 2009 Agile Conference.

[43]  Andrew Glover,et al.  Continuous Integration: Improving Software Quality and Reducing Risk (The Addison-Wesley Signature Series) , 2007 .

[44]  Mihir Bellare,et al.  Multi-signatures in the plain public-Key model and a general forking lemma , 2006, CCS '06.

[45]  Roy H. Campbell,et al.  Dynamic access control: preserving safety and trust for network defense operations , 2003, SACMAT '03.

[46]  Ran Canetti,et al.  Universally composable security: a new paradigm for cryptographic protocols , 2001, Proceedings 2001 IEEE International Conference on Cluster Computing.

[47]  Douglas R. Stinson,et al.  Provably Secure Distributed Schnorr Signatures and a (t, n) Threshold Scheme for Implicit Certificates , 2001, ACISP.

[48]  Sushil Jajodia,et al.  Redistributing Secret Shares to New Access Structures and Its Applications , 1997 .

[49]  P. Feaver Command and Control in Emerging Nuclear Nations , 1992 .

[50]  Mitsuru Ito,et al.  Secret sharing scheme realizing general access structure , 1989 .

[51]  Adi Shamir,et al.  How to share a secret , 1979, CACM.