Developing secure bitcoin contracts with BitML

We present a toolchain for developing and verifying smart contracts that can be executed on Bitcoin. The toolchain is based on BitML, a recent domain-specific language for smart contracts with a computationally sound embedding into Bitcoin. Our toolchain automatically verifies relevant properties of contracts, among which liquidity, ensuring that funds do not remain frozen within a contract forever. A compiler is provided to translate BitML contracts into sets of standard Bitcoin transactions: executing a contract corresponds to appending these transactions to the blockchain. We assess our toolchain through a benchmark of representative contracts.

[1]  Narciso Martí-Oliet,et al.  Maude: specification and programming in rewriting logic , 2002, Theor. Comput. Sci..

[2]  Massimo Bartoletti,et al.  BitML: A Calculus for Bitcoin Smart Contracts , 2018, IACR Cryptol. ePrint Arch..

[3]  Simon J. Thompson,et al.  Marlowe: Financial Contracts on Blockchain , 2018, ISoLA.

[4]  Nikhil Swamy,et al.  Formal Verification of Smart Contracts: Short Paper , 2016, PLAS@CCS.

[5]  Guillermo Navarro-Arribas,et al.  A Fair Protocol for Data Trading Based on Bitcoin Transactions , 2017, IACR Cryptol. ePrint Arch..

[6]  Prateek Saxena,et al.  Making Smart Contracts Smarter , 2016, IACR Cryptol. ePrint Arch..

[7]  Aggelos Kiayias,et al.  Fair and Robust Multi-party Computation Using a Global Transaction Ledger , 2016, EUROCRYPT.

[8]  Russell O'Connor,et al.  Simplicity: A New Language for Blockchains , 2017, PLAS@CCS.

[9]  Iddo Bentov,et al.  How to Use Bitcoin to Play Decentralized Poker , 2015, CCS.

[10]  Marcin Andrychowicz,et al.  Fair Two-Party Computations via Bitcoin Deposits , 2014, Financial Cryptography Workshops.

[11]  Marcin Andrychowicz,et al.  Modeling Bitcoin Contracts by Timed Automata , 2014, FORMATS.

[12]  Stefan Dziembowski,et al.  Efficient Zero-Knowledge Contingent Payments in Cryptocurrencies Without Scripts , 2016, ESORICS.

[13]  Matteo Maffei,et al.  A Semantic Framework for the Security Analysis of Ethereum smart contracts , 2018, POST.

[14]  Massimo Bartoletti,et al.  A Survey of Attacks on Ethereum Smart Contracts (SoK) , 2017, POST.

[15]  Massimo Bartoletti,et al.  A formal model of Bitcoin transactions , 2018, IACR Cryptol. ePrint Arch..

[16]  Vinod Vaikuntanathan,et al.  Improvements to Secure Computation with Penalties , 2016, CCS.

[17]  Massimo Bartoletti,et al.  SoK: unraveling Bitcoin smart contracts , 2018, IACR Cryptol. ePrint Arch..

[18]  Massimo Bartoletti,et al.  Fun with Bitcoin smart contracts , 2018, IACR Cryptol. ePrint Arch..

[19]  Alex Biryukov,et al.  Findel: Secure Derivative Contracts for Ethereum , 2017, Financial Cryptography Workshops.

[20]  Iddo Bentov,et al.  Amortizing Secure Computation with Penalties , 2016, CCS.

[21]  Yi Zhang,et al.  KEVM: A Complete Formal Semantics of the Ethereum Virtual Machine , 2018, 2018 IEEE 31st Computer Security Foundations Symposium (CSF).

[22]  Emin Gün Sirer,et al.  Bitcoin Covenants , 2016, Financial Cryptography Workshops.

[23]  Massimo Bartoletti,et al.  Constant-Deposit Multiparty Lotteries on Bitcoin , 2017, Financial Cryptography Workshops.

[24]  Massimo Bartoletti,et al.  Verifying liquidity of Bitcoin contracts , 2019, IACR Cryptol. ePrint Arch..

[25]  José Meseguer,et al.  The Maude LTL Model Checker , 2004, WRLA.

[26]  Petar Tsankov,et al.  Securify: Practical Security Analysis of Smart Contracts , 2018, CCS.

[27]  Iddo Bentov,et al.  How to Use Bitcoin to Design Fair Protocols , 2014, CRYPTO.

[28]  Matteo Maffei,et al.  Foundations and Tools for the Static Analysis of Ethereum Smart Contracts , 2018, CAV.

[29]  Andrew Miller,et al.  Zero-Collateral Lotteries in Bitcoin and Ethereum , 2016, 2017 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW).

[30]  Ilya Sergey,et al.  Scilla: a Smart Contract Intermediate-Level LAnguage , 2018, ArXiv.

[31]  Yi Zhang,et al.  A formal verification tool for Ethereum VM bytecode , 2018, ESEC/SIGSOFT FSE.

[32]  Russell O'Connor,et al.  Enhancing Bitcoin Transactions with Covenants , 2017, Financial Cryptography Workshops.

[33]  K. Bhargavan,et al.  : Formal Verification of Smart Contracts , 2016 .

[34]  Karl Crary,et al.  Peer-to-peer affine commitment using bitcoin , 2015, PLDI.

[35]  Marcin Andrychowicz,et al.  Secure Multiparty Computations on Bitcoin , 2014, 2014 IEEE Symposium on Security and Privacy.

[36]  Iddo Bentov,et al.  How to Use Bitcoin to Incentivize Correct Computations , 2014, CCS.