ABSTRACT
Thanks to their anonymity (pseudonymity) and elimination of trusted intermediaries, cryptocurrencies such as Bitcoin have created or stimulated growth in many businesses and communities. Unfortunately, some of these are criminal, e.g., money laundering, illicit marketplaces, and ransomware. Next-generation cryptocurrencies such as Ethereum will include rich scripting languages in support of smart contracts, programs that autonomously intermediate transactions. In this paper, we explore the risk of smart contracts fueling new criminal ecosystems. Specifically, we show how what we call criminal smart contracts (CSCs) can facilitate leakage of confidential information, theft of cryptographic keys, and various real-world crimes (murder, arson, terrorism).
We show that CSCs for leakage of secrets (a la Wikileaks) are efficiently realizable in existing scripting languages such as that in Ethereum. We show that CSCs for theft of cryptographic keys can be achieved using primitives, such as Succinct Non-interactive ARguments of Knowledge (SNARKs), that are already expressible in these languages and for which efficient supporting language extensions are anticipated. We show similarly that authenticated data feeds, an emerging feature of smart contract systems, can facilitate CSCs for real-world crimes (e.g., property crimes).
Our results highlight the urgency of creating policy and technical safeguards against CSCs in order to realize the promise of smart contracts for beneficial goals.
- http://www.smartcontract.com.Google Scholar
- http://koinify.com.Google Scholar
- https://github.com/darkwallet/darkleaks.Google Scholar
- Amazon EC2 pricing. http://aws.amazon.com/ec2/pricing/.Google Scholar
- Augur. http://www.augur.net/.Google Scholar
- Bitcoin ransomware now spreading via spam campaigns. http://www.coindesk.com/bitcoin-ransomware-now-spreading-via-spam-campaigns/.Google Scholar
- bitoinj. https://bitcoinj.github.io/.Google Scholar
- CRL issued bby Symantec Class 3 EV SSL CA - G3. http://ss.symcb.com/sr.crl.Google Scholar
- NIST randomness beacon. https://beacon.nist.gov/home.Google Scholar
- Serpent. https://github.com/ethereum/wiki/wiki/Serpent.Google Scholar
- Skuchain. http://www.skuchain.com/.Google Scholar
- Verisign revoked certificate test page. https://test-sspev.verisign.com:2443/test-SPPEV-revoked-verisign.html. Accessed: 2015-05--15.Google Scholar
- Zcash. Referenced Aug. 2016 at z.cash.Google Scholar
- Mt. Gox thinks it's the Fed. freezes acc based on "tainted" coins. (unlocked now). https://bitcointalk.org/index.php?topic=73385.0, 2012.Google Scholar
- Blockchain Alliance. www.blockchainalliance.org, 2016.Google Scholar
- Ethereum and evil. Forum post at Reddit; url: http://tinyurl.com/k8awj2j, Accessed May 2015.Google Scholar
- M. Andrychowicz, S. Dziembowski, D. Malinowski, and L. Mazurek. Secure Multiparty Computations on Bitcoin. In S & P, 2013. Google ScholarDigital Library
- J. Bates. Trojan horse: AIDS information introductory diskette version 2.0,. In E. Wilding and F. Skulason, editors, Virus Bulletin, pages 3--6. 1990.Google Scholar
- J. Bell. Assassination politics. http://www.outpost-of-freedom.com/jimbellap.htm, 1995--6.Google Scholar
- E. Ben-Sasson, A. Chiesa, C. Garman, M. Green, I. Miers, E. Tromer, and M. Virza. Zerocash: Decentralized anonymous payments from Bitcoin. In S & P. IEEE, 2014.Google Scholar
- E. Ben-Sasson, A. Chiesa, M. Green, E. Tromer, and M. Virza. Secure sampling of public parameters for succinct zero knowledge proofs. In S & P, 2015. Google ScholarDigital Library
- E. Ben-Sasson, A. Chiesa, E. Tromer, and M. Virza. Succinct non-interactive zero knowledge for a von Neumann architecture. In USENIX Security, 2014. Google ScholarDigital Library
- I. Bentov and R. Kumaresan. How to Use Bitcoin to Design Fair Protocols. In CRYPTO, 2014.Google ScholarCross Ref
- L. Bilge and T. Dumitras. Before we knew it: an empirical study of zero-day attacks in the real world. In CCS, 2012. Google ScholarDigital Library
- V. Blue. Cryptolocker's crimewave: A trail of millions in laundered Bitcoin. ZDNet, 22 December 2013.Google Scholar
- E. F. Brickell, P. Gemmell, and D. W. Kravitz. Trustee-based tracing extensions to anonymous cash and the making of anonymous change. In SODA, volume 95, pages 457--466, 1995. Google ScholarDigital Library
- J. Camenisch and V. Shoup. Practical verifiable encryption and decryption of discrete logarithms. In CRYPTO '03. 2003.Google ScholarCross Ref
- R. Canetti. Universally composable security: A new paradigm for cryptographic protocols. In FOCS, 2001. Google ScholarDigital Library
- D. Chaum. Blind signatures for untraceable payments. In CRYPTO, pages 199--203, 1983.Google ScholarCross Ref
- D. Chaum and T. P. Pedersen. Wallet databases with observers. In CRYPTO'92, pages 89--105, 1993. Google ScholarDigital Library
- N. Christin. Traveling the Silk Road: A measurement analysis of a large anonymous online marketplace. In WWW, 2013. Google ScholarDigital Library
- R. Cleve. Limits on the security of coin flips when half the processors are faulty. In STOC, 1986. Google ScholarDigital Library
- G. Danezis, C. Fournet, M. Kohlweiss, and B. Parno. Pinocchio Coin: building Zerocoin from a succinct pairing-based proof system. In PETShop, 2013. Google ScholarDigital Library
- K. Delmolino, M. Arnett, A. Kosba, A. Miller, and E. Shi. Step by step towards creating a safe smart contract: Lessons and insights from a cryptocurrency lab. https://eprint.iacr.org/2015/460.Google Scholar
- P. T. et al. Darkwallet on twitter: "DARK LEAKS coming soon. http://t.co/k4ubs16scr". Reddit: http://bit.ly/1A9UShY.Google Scholar
- I. Eyal and E. G. Sirer. Majority is not enough: Bitcoin mining is vulnerable. In FC, 2014.Google ScholarCross Ref
- E. F. Foundation. EFF SSL observatory. URL: https://www.eff.org/observatory, August 2010.Google Scholar
- A. Greenberg. 'Dark Wallet' is about to make Bitcoin money laundering easier than ever. http://www.wired.com/2014/04/dark-wallet/.Google Scholar
- A. Greenberg. Alleged silk road boss Ross Ulbricht now accused of six murders-for-hire, denied bail. Forbes, 21 November 2013.Google Scholar
- Intel. Intel software guard extensions programming reference. Whitepaper ref. 329298-002US, October 2014.Google Scholar
- J. Jonsson and B. Kaliski. Public-Key Cryptography Standards (PKCS)#1: RSA Cryptography Specifications Version 2.1, 2003. RFC 3447. Google ScholarDigital Library
- A. Juels, A. Kosba, and E. Shi. The ring of gyges: Investigating the future of criminal smart contracts. Cryptology ePrint Archive, Report 2016/358, 2016. http://eprint.iacr.org/2016/358.Google Scholar
- A. Kosba, A. Miller, E. Shi, Z. Wen, and C. Papamanthou. Hawk: The blockchain model of cryptography and privacy-preserving smart contracts. In S & P. IEEE, 2016.Google Scholar
- V. Kotov and M. Rajpal. Understanding crypto-ransomware. Bromium whitepaper, 2014.Google Scholar
- A. Krellenstein, R. Dermody, and O. Slama. Counterparty announcement. https://bitcointalk.org/index.php?topic=395761.0, January 2014.Google Scholar
- R. Kumaresan and I. Bentov. How to Use Bitcoin to Incentivize Correct Computations. In CCS, 2014. Google ScholarDigital Library
- D. Mark, V. Zamfir, and E. G. Sirer. A call for a temporary moratorium on "The DAO" (v0.3.2). Referenced Aug. 2016 at http://bit.ly/2aWDhyY, 30 May 2016.Google Scholar
- J. Matonis. Why Bitcoin fungibility is essential. CoinDesk, 1 Dec. 2013.Google Scholar
- S. Meiklejohn, M. Pomarole, G. Jordan, K. Levchenko, D. McCoy, G. M. Voelker, and S. Savage. A fistful of bitcoins: characterizing payments among men with no names. In IMC, 2013. Google ScholarDigital Library
- I. Miers, C. Garman, M. Green, and A. D. Rubin. Zerocoin: Anonymous Distributed E-Cash from Bitcoin. In S & P, 2013. Google ScholarDigital Library
- M. Moser, R. Bohme, and D. Breuker. An inquiry into money laundering tools in the bitcoin ecosystem. In eCRS, 2013.Google Scholar
- S. Nakamoto. Bitcoin: A Peer-to-Peer Electronic Cash System. http://bitcoin.org/bitcoin.pdf, 2009.Google Scholar
- R. Pass and a. shelat. Micropayments for peer-to-peer currencies. Manuscript.Google Scholar
- M. Peck. Ethereum developer explores the dark side of Bitcoin-inspired technology. IEEE Spectrum, 19 May 2016.Google Scholar
- K. Poulsen. Cybercrime supersite 'DarkMarket' was FBI sting, documents confirm. Wired, 13 Oct. 2008.Google Scholar
- D. Ron and A. Shamir. How did Dread Pirate Roberts acquire and protect his bitcoin wealth? In FC. 2014.Google Scholar
- S. V. Solms and D. Naccache. On blind signatures and perfect crimes. Computers Security, 11(6):581--583, 1992. Google ScholarDigital Library
- M. Stadler, J.-M. Piveteau, and J. Camenisch. Fair blind signatures. In Eurocrypt, pages 209--219, 1995. Google ScholarDigital Library
- G. Wood. Ethereum: A secure decentralized transaction ledger. http://gavwood.com/paper.pdf, 2014.Google Scholar
- A. Young and M. Yung. Cryptovirology: Extortion-based security threats and countermeasures. In S & P, 1996. Google ScholarDigital Library
- F. Zhang, E. Cecchetti, K. Croman, A. Juels, and E. Shi. Town Crier: An authenticated data feed for smart contracts. In ACM CCS, 2016. (To appear.). Google ScholarDigital Library
Index Terms
- The Ring of Gyges: Investigating the Future of Criminal Smart Contracts
Recommendations
Proxy Ring Signature: Formal Definitions, Efficient Construction and New Variant
Computational Intelligence and SecurityProxy ring signatures allows proxy signer to sign messages on behalf of the original signer while providing anonymity. In this paper, we give the first formal security definitions and notions of proxy ring signatures. Subsequently, we propose a short ...
Empirical vulnerability analysis of automated smart contracts security testing on blockchains
CASCON '18: Proceedings of the 28th Annual International Conference on Computer Science and Software EngineeringThe emerging blockchain technology supports decentralized computing paradigm shift and is a rapidly approaching phenomenon. While blockchain is thought primarily as the basis of Bitcoin, its application has grown far beyond cryptocurrencies due to the ...
Unconditionally secure ring authentication
ASIACCS '07: Proceedings of the 2nd ACM symposium on Information, computer and communications securityWe propose ring authentication in unconditionally secure setting. In a ring authentication system a sender can choose a set of users and construct an authenticated message for a receiver such that the receiver can verify authenticity of the message with ...
Comments