The Ring of Gyges: Investigating the Future of Criminal Smart Contracts

Authors:
Ari Juels

Cornell Tech, Jacobs Institute, New York, NY, USA

Cornell Tech, Jacobs Institute, New York, NY, USA
View Profile

,
Ahmed Kosba

University of Maryland, College Park, MD, USA

University of Maryland, College Park, MD, USA
View Profile

,
Elaine Shi

Cornell University, Ithaca, NY, USA

Cornell University, Ithaca, NY, USA
View Profile

CCS '16: Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications SecurityOctober 2016Pages 283–295https://doi.org/10.1145/2976749.2978362

Published:24 October 2016Publication History

CCS '16: Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security

Pages 283–295

ABSTRACT

Thanks to their anonymity (pseudonymity) and elimination of trusted intermediaries, cryptocurrencies such as Bitcoin have created or stimulated growth in many businesses and communities. Unfortunately, some of these are criminal, e.g., money laundering, illicit marketplaces, and ransomware. Next-generation cryptocurrencies such as Ethereum will include rich scripting languages in support of smart contracts, programs that autonomously intermediate transactions. In this paper, we explore the risk of smart contracts fueling new criminal ecosystems. Specifically, we show how what we call criminal smart contracts (CSCs) can facilitate leakage of confidential information, theft of cryptographic keys, and various real-world crimes (murder, arson, terrorism).

We show that CSCs for leakage of secrets (a la Wikileaks) are efficiently realizable in existing scripting languages such as that in Ethereum. We show that CSCs for theft of cryptographic keys can be achieved using primitives, such as Succinct Non-interactive ARguments of Knowledge (SNARKs), that are already expressible in these languages and for which efficient supporting language extensions are anticipated. We show similarly that authenticated data feeds, an emerging feature of smart contract systems, can facilitate CSCs for real-world crimes (e.g., property crimes).

Our results highlight the urgency of creating policy and technical safeguards against CSCs in order to realize the promise of smart contracts for beneficial goals.

References

http://www.smartcontract.com.Google Scholar
http://koinify.com.Google Scholar
https://github.com/darkwallet/darkleaks.Google Scholar
Amazon EC2 pricing. http://aws.amazon.com/ec2/pricing/.Google Scholar
Augur. http://www.augur.net/.Google Scholar
Bitcoin ransomware now spreading via spam campaigns. http://www.coindesk.com/bitcoin-ransomware-now-spreading-via-spam-campaigns/.Google Scholar
bitoinj. https://bitcoinj.github.io/.Google Scholar
CRL issued bby Symantec Class 3 EV SSL CA - G3. http://ss.symcb.com/sr.crl.Google Scholar
NIST randomness beacon. https://beacon.nist.gov/home.Google Scholar
Serpent. https://github.com/ethereum/wiki/wiki/Serpent.Google Scholar
Skuchain. http://www.skuchain.com/.Google Scholar
Verisign revoked certificate test page. https://test-sspev.verisign.com:2443/test-SPPEV-revoked-verisign.html. Accessed: 2015-05--15.Google Scholar
Zcash. Referenced Aug. 2016 at z.cash.Google Scholar
Mt. Gox thinks it's the Fed. freezes acc based on "tainted" coins. (unlocked now). https://bitcointalk.org/index.php?topic=73385.0, 2012.Google Scholar
Blockchain Alliance. www.blockchainalliance.org, 2016.Google Scholar
Ethereum and evil. Forum post at Reddit; url: http://tinyurl.com/k8awj2j, Accessed May 2015.Google Scholar
M. Andrychowicz, S. Dziembowski, D. Malinowski, and L. Mazurek. Secure Multiparty Computations on Bitcoin. In S & P, 2013. Google ScholarDigital Library
J. Bates. Trojan horse: AIDS information introductory diskette version 2.0,. In E. Wilding and F. Skulason, editors, Virus Bulletin, pages 3--6. 1990.Google Scholar
J. Bell. Assassination politics. http://www.outpost-of-freedom.com/jimbellap.htm, 1995--6.Google Scholar
E. Ben-Sasson, A. Chiesa, C. Garman, M. Green, I. Miers, E. Tromer, and M. Virza. Zerocash: Decentralized anonymous payments from Bitcoin. In S & P. IEEE, 2014.Google Scholar
E. Ben-Sasson, A. Chiesa, M. Green, E. Tromer, and M. Virza. Secure sampling of public parameters for succinct zero knowledge proofs. In S & P, 2015. Google ScholarDigital Library
E. Ben-Sasson, A. Chiesa, E. Tromer, and M. Virza. Succinct non-interactive zero knowledge for a von Neumann architecture. In USENIX Security, 2014. Google ScholarDigital Library
I. Bentov and R. Kumaresan. How to Use Bitcoin to Design Fair Protocols. In CRYPTO, 2014.Google ScholarCross Ref
L. Bilge and T. Dumitras. Before we knew it: an empirical study of zero-day attacks in the real world. In CCS, 2012. Google ScholarDigital Library
V. Blue. Cryptolocker's crimewave: A trail of millions in laundered Bitcoin. ZDNet, 22 December 2013.Google Scholar
E. F. Brickell, P. Gemmell, and D. W. Kravitz. Trustee-based tracing extensions to anonymous cash and the making of anonymous change. In SODA, volume 95, pages 457--466, 1995. Google ScholarDigital Library
J. Camenisch and V. Shoup. Practical verifiable encryption and decryption of discrete logarithms. In CRYPTO '03. 2003.Google ScholarCross Ref
R. Canetti. Universally composable security: A new paradigm for cryptographic protocols. In FOCS, 2001. Google ScholarDigital Library
D. Chaum. Blind signatures for untraceable payments. In CRYPTO, pages 199--203, 1983.Google ScholarCross Ref
D. Chaum and T. P. Pedersen. Wallet databases with observers. In CRYPTO'92, pages 89--105, 1993. Google ScholarDigital Library
N. Christin. Traveling the Silk Road: A measurement analysis of a large anonymous online marketplace. In WWW, 2013. Google ScholarDigital Library
R. Cleve. Limits on the security of coin flips when half the processors are faulty. In STOC, 1986. Google ScholarDigital Library
G. Danezis, C. Fournet, M. Kohlweiss, and B. Parno. Pinocchio Coin: building Zerocoin from a succinct pairing-based proof system. In PETShop, 2013. Google ScholarDigital Library
K. Delmolino, M. Arnett, A. Kosba, A. Miller, and E. Shi. Step by step towards creating a safe smart contract: Lessons and insights from a cryptocurrency lab. https://eprint.iacr.org/2015/460.Google Scholar
P. T. et al. Darkwallet on twitter: "DARK LEAKS coming soon. http://t.co/k4ubs16scr". Reddit: http://bit.ly/1A9UShY.Google Scholar
I. Eyal and E. G. Sirer. Majority is not enough: Bitcoin mining is vulnerable. In FC, 2014.Google ScholarCross Ref
E. F. Foundation. EFF SSL observatory. URL: https://www.eff.org/observatory, August 2010.Google Scholar
A. Greenberg. 'Dark Wallet' is about to make Bitcoin money laundering easier than ever. http://www.wired.com/2014/04/dark-wallet/.Google Scholar
A. Greenberg. Alleged silk road boss Ross Ulbricht now accused of six murders-for-hire, denied bail. Forbes, 21 November 2013.Google Scholar
Intel. Intel software guard extensions programming reference. Whitepaper ref. 329298-002US, October 2014.Google Scholar
J. Jonsson and B. Kaliski. Public-Key Cryptography Standards (PKCS)#1: RSA Cryptography Specifications Version 2.1, 2003. RFC 3447. Google ScholarDigital Library
A. Juels, A. Kosba, and E. Shi. The ring of gyges: Investigating the future of criminal smart contracts. Cryptology ePrint Archive, Report 2016/358, 2016. http://eprint.iacr.org/2016/358.Google Scholar
A. Kosba, A. Miller, E. Shi, Z. Wen, and C. Papamanthou. Hawk: The blockchain model of cryptography and privacy-preserving smart contracts. In S & P. IEEE, 2016.Google Scholar
V. Kotov and M. Rajpal. Understanding crypto-ransomware. Bromium whitepaper, 2014.Google Scholar
A. Krellenstein, R. Dermody, and O. Slama. Counterparty announcement. https://bitcointalk.org/index.php?topic=395761.0, January 2014.Google Scholar
R. Kumaresan and I. Bentov. How to Use Bitcoin to Incentivize Correct Computations. In CCS, 2014. Google ScholarDigital Library
D. Mark, V. Zamfir, and E. G. Sirer. A call for a temporary moratorium on "The DAO" (v0.3.2). Referenced Aug. 2016 at http://bit.ly/2aWDhyY, 30 May 2016.Google Scholar
J. Matonis. Why Bitcoin fungibility is essential. CoinDesk, 1 Dec. 2013.Google Scholar
S. Meiklejohn, M. Pomarole, G. Jordan, K. Levchenko, D. McCoy, G. M. Voelker, and S. Savage. A fistful of bitcoins: characterizing payments among men with no names. In IMC, 2013. Google ScholarDigital Library
I. Miers, C. Garman, M. Green, and A. D. Rubin. Zerocoin: Anonymous Distributed E-Cash from Bitcoin. In S & P, 2013. Google ScholarDigital Library
M. Moser, R. Bohme, and D. Breuker. An inquiry into money laundering tools in the bitcoin ecosystem. In eCRS, 2013.Google Scholar
S. Nakamoto. Bitcoin: A Peer-to-Peer Electronic Cash System. http://bitcoin.org/bitcoin.pdf, 2009.Google Scholar
R. Pass and a. shelat. Micropayments for peer-to-peer currencies. Manuscript.Google Scholar
M. Peck. Ethereum developer explores the dark side of Bitcoin-inspired technology. IEEE Spectrum, 19 May 2016.Google Scholar
K. Poulsen. Cybercrime supersite 'DarkMarket' was FBI sting, documents confirm. Wired, 13 Oct. 2008.Google Scholar
D. Ron and A. Shamir. How did Dread Pirate Roberts acquire and protect his bitcoin wealth? In FC. 2014.Google Scholar
S. V. Solms and D. Naccache. On blind signatures and perfect crimes. Computers Security, 11(6):581--583, 1992. Google ScholarDigital Library
M. Stadler, J.-M. Piveteau, and J. Camenisch. Fair blind signatures. In Eurocrypt, pages 209--219, 1995. Google ScholarDigital Library
G. Wood. Ethereum: A secure decentralized transaction ledger. http://gavwood.com/paper.pdf, 2014.Google Scholar
A. Young and M. Yung. Cryptovirology: Extortion-based security threats and countermeasures. In S & P, 1996. Google ScholarDigital Library
F. Zhang, E. Cecchetti, K. Croman, A. Juels, and E. Shi. Town Crier: An authenticated data feed for smart contracts. In ACM CCS, 2016. (To appear.). Google ScholarDigital Library

Index Terms

The Ring of Gyges: Investigating the Future of Criminal Smart Contracts
1. Security and privacy

Recommendations

Proxy Ring Signature: Formal Definitions, Efficient Construction and New Variant
Computational Intelligence and Security

Proxy ring signatures allows proxy signer to sign messages on behalf of the original signer while providing anonymity. In this paper, we give the first formal security definitions and notions of proxy ring signatures. Subsequently, we propose a short ...
Read More
Empirical vulnerability analysis of automated smart contracts security testing on blockchains
CASCON '18: Proceedings of the 28th Annual International Conference on Computer Science and Software Engineering

The emerging blockchain technology supports decentralized computing paradigm shift and is a rapidly approaching phenomenon. While blockchain is thought primarily as the basis of Bitcoin, its application has grown far beyond cryptocurrencies due to the ...
Read More
Unconditionally secure ring authentication
ASIACCS '07: Proceedings of the 2nd ACM symposium on Information, computer and communications security

We propose ring authentication in unconditionally secure setting. In a ring authentication system a sender can choose a set of users and construct an authenticated message for a receiver such that the receiver can verify authenticity of the message with ...
Read More

Comments

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

Published in
CCS '16: Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security
October 2016
1924 pages
ISBN:9781450341394
DOI:10.1145/2976749
General Chairs:
Edgar Weippl
SBA Research, Austria
,
Stefan Katzenbeisser
TU Darmstadt, CYSEC, Germany
,
Program Chairs:
Christopher Kruegel
University of California, Santa Barbara, USA
,
Andrew Myers
Cornell University, USA
,
Shai Halevi
IBM Research, USA
Copyright © 2016 ACM
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]
Sponsors
In-Cooperation
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
- Published: 24 October 2016
Permissions
Request permissions about this article.
Request Permissions

Check for updates
Author Tags
criminal smart contracts
ethereum
Qualifiers
- research-article
Conference

Acceptance Rates
CCS '16 Paper Acceptance Rate137of831submissions,16%Overall Acceptance Rate1,261of6,999submissions,18%
More
Upcoming Conference
CCS '24

Sponsor:

sigsac

ACM SIGSAC Conference on Computer and Communications Security

October 14 - 18, 2024

Salt Lake City , UT , USA
Funding Sources
Other Metrics
View Article Metrics

Article Metrics
- 116
  Total Citations
  View Citations
- 3,453
  Total Downloads
- Downloads (Last 12 months)423
- Downloads (Last 6 weeks)42
Other Metrics
View Author Metrics
Cited By
View all

PDF Format

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

The Ring of Gyges: Investigating the Future of Criminal Smart Contracts

CCS '16: Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security

ABSTRACT

References

Cited By

Index Terms

Recommendations

Proxy Ring Signature: Formal Definitions, Efficient Construction and New Variant

Empirical vulnerability analysis of automated smart contracts security testing on blockchains

Unconditionally secure ring authentication