Disciple of Dawn

Pre-Print Saturday #2: 16 May 2020

• Stabilizing Congestion in Decentralized Record-Keepers[Semion.io]
  

  The authors present a proposal for a distributed ledger system and accompanying payment system that leverages recent advancements in both PoW consensus and formal verification. The authors also present a formal economic model of their protocol design. Of particular interest is that their proposed system reaches stability in the absence of block rewards - relying solely on transaction fees to maintain consensus.

• A Difficulty in Controlling Blockchain Mining Costs via Cryptopuzzle Difficulty[Semion.io]
  

  The authors model PoW mining as an all-pay auction and prove several properties of the auction's allocation function.

• Practical Hash-based Anonymity for MAC Addresses[Semion.io]
  

  The authors present a viable method for anonymising MAC addresses through hashing. They improve on previous work using a hash-based strategy by using more expensive hash functions and ensuring \(k\)-bit anonymity.

• Scaling Blockchains Without Giving up Decentralization and Security[Semion.io]
  

  The authors present what they consider to be a blockchain design that escapes the so-called blockchain trilemma by providing an arbitrarily scalable blockchain without weakening security nor decentralisation.

• Pump and Dumps in the Bitcoin Era: Real Time Detection of Cryptocurrency Market Manipulations[Semion.io]
  

  The authors present their research into cryptocurrency market manipulation (albeit in centralised crypto-fiat exchanges). They attribute the susceptibility of cryptocurrency to pump and dumps to the often low liquidity in certain more obscure cryptocurrencies. One finding of note is the operation of a large pump and dump community operating on Binance.

• eThor: Practical and Provably Sound Static Analysis of Ethereum Smart Contracts[Semion.io]
  

  The authors present eThor, a provably sound static analyser for Ethereum smart contracts.

  This paper is of particular interest as it provides another advancement in the first pillar of smart contract testing: static analysis. I've written about dynamic analysis tools (mainly fuzzers) before, and previous pre-prints in the series have discussed formal verification too.

• Enabling Deletion in Append-Only Blockchains (Short Summary / Work in Progress)[Semion.io]
  

  The authors describe a method of of deleting previously confirmed blocks in a blockchain. While this seems to be entirely against the point of blockchains in the first place, but the authors provide a consensus-driven method for deleting blocks by way of context isolation.

• Towards Memory Safe Python Enclave for Security Sensitive Computation[Semion.io]
  

  The authors extend advancements in Intel SGX-based memory enclaves implemented in Rust to Python. They cite the existing prevalance of Python in fields such as data science as a reason for such an extension.

• Impact of Geo-distribution and Mining Pools on Blockchains: A Study of Ethereum[Semion.io]
  

  The authors present their findings from a month-long study into Ethereum network structure. Their study used geographically dispersed observation points to observe the geographical distribution of Ethereum and the impact of mining pools on the network.

  Personally, I think their study could have been more geographically dispersed, but I assume there were resource constraints on the authors precluding this.

• CapablePtrs: Securely Compiling Partial Programs using the Pointers-as-Capabilities Principle[Semion.io]
  

  The authors present a C-to-CHERI compiler of their development, which implements the Pointers-as-Capabilities model. One result is that their compiler can provide strong security guarantees for an individual compilation unit - even if it is later linked against buggy or malicious code.

• Identifying Bugs in Make and JVM-Oriented Builds[Semion.io]
  

  The authors present a tool called buildfs which can reason about Make- and JVM-based build systems by interpreting their specification from the build scripts themselves and then analysing file system activity to see how the actual operation of the build may deviate from its specification.

Pre-Print Saturday #1: 9 May 2020

• QuickSync: A Quickly Synchronizing PoS-Based Blockchain Protocol[Semion.io]
  

  The authors present QuickSync, a Proof-of-Stake blockchain consensus protocol based on Ouroboros[6]. The authors claim Byzantine resistance against an adversary with up to 50% stake and also performance improvements. The paper also contains proofs for both the liveness and persistence of this protocol.

• Enabling Cross-chain Transactions: A Decentralized Cryptocurrency Exchange Protocol[Semion.io]
  

  The authors propose a decentralised cross-cryptocurrency exchange, motivated by trading Bitcoins for other cryptocurrencies. The authors implement a prototype as a DApp running on an Ethereum testnet.

  This paper is particularly interesting to me for two main reasons. Firstly, given my current research - both personal and coursework-related - into DExes and other DeFi platforms. Secondly, my interest in projects such as tBTC[7]

• MemShield: GPU-assisted software memory encryption[Semion.io]
  

  The authors propose MemShield, a framework for transparently encrypting primary memory to resist cold boot attacks. MemShield is implemented as a C library that interacts with userfaultfd to monitor for page requests from userspace. This system allows page-level granularity for memory protection.

  Cold boot attacks have always fascinated me, so mitigations against them are of particular interest as well. I'm impressed by both the granularity and compatibility of this project: no changes to existing applications are required.

• Formal Verification of Solidity contracts in Event-B[Semion.io]
  

  The authors define a subset of Solidity which can then be translated into Event-B - a modelling framework of which I have never heard of until discovering this paper. The authors assert that this greatly helps in the formal verification of Ethereum smart contracts.

  Recent coursework that I'm undertaking has required me to study different testing methodologies for Ethereum smart contracts. So far, this has only involved two categories: symbolic execution and fuzzing. This paper expands on the formal verification route - a category which I haven't covered in depth yet.

• Human Factors in Biocybersecurity Wargames[Semion.io]
  

  Admittedly, I included this simply due to the spectacular title. Doesn't it just sound cool?

• JaxNet: Scalable Blockchain Network[Semion.io]
  

  The authors propose a novel design for a scalable, decentralised Proof-of-Work blockchain, called JaxNet. Their design uses a network of parallel chains that rewards miners for their computational effort in maintaining the network.

  This problem obviously garners an incredible amount of attention - both in academia and industry. Any new publications on the matter seem worthy of a mention.

Crackerjack - Introduction and Puzzle A Solution

As part of my journey into reverse engineering, I decided to create my own set of crackmes called Crackerjack. I will be doing a series of articles detailing solutions to each puzzle

Identifying Loops While Reverse Engineering

Often when reverse engineering a binary, it's useful to have some patterns to help identify higher-level code constructs. This post goes through the general structure of various loops in a higher-level language (C) and their corresponding assembly format

Writing a Simple Fuzzer in Python

I have had an interest in fuzzing for quite some time now, and had decided that it was time to start writing some of my own (very basic) fuzzing tools. In this post, we'll step through some of the basic things we might expect from a fuzzer and how we might achieve them using some of the code I have written