The Jekyll and Hyde of Smart Contracts · The Jekyll and Hyde of Smart Contracts Ari Juels Jacobs...
Transcript of The Jekyll and Hyde of Smart Contracts · The Jekyll and Hyde of Smart Contracts Ari Juels Jacobs...
![Page 1: The Jekyll and Hyde of Smart Contracts · The Jekyll and Hyde of Smart Contracts Ari Juels Jacobs Institute, Cornell Tech Co-Director, IC3 Guest lecture, CS 5112 20 Sept. 2018 Small_farm](https://reader033.fdocuments.in/reader033/viewer/2022050323/5f7c5411062f555e393648c2/html5/thumbnails/1.jpg)
The Jekyll and Hyde of Smart Contracts
Ari JuelsJacobs Institute, Cornell TechCo-Director, IC3
Guest lecture, CS 511220 Sept. 2018
Small_farm_microloan Deface_website
![Page 2: The Jekyll and Hyde of Smart Contracts · The Jekyll and Hyde of Smart Contracts Ari Juels Jacobs Institute, Cornell Tech Co-Director, IC3 Guest lecture, CS 5112 20 Sept. 2018 Small_farm](https://reader033.fdocuments.in/reader033/viewer/2022050323/5f7c5411062f555e393648c2/html5/thumbnails/2.jpg)
A QuickBlockchain + Bitcoin
Refresher
![Page 3: The Jekyll and Hyde of Smart Contracts · The Jekyll and Hyde of Smart Contracts Ari Juels Jacobs Institute, Cornell Tech Co-Director, IC3 Guest lecture, CS 5112 20 Sept. 2018 Small_farm](https://reader033.fdocuments.in/reader033/viewer/2022050323/5f7c5411062f555e393648c2/html5/thumbnails/3.jpg)
ReadPermission:
Blockchains: Abstraction
Block 1
Block 2
Block 3
Block 4WritePermission:
Any valid data
![Page 4: The Jekyll and Hyde of Smart Contracts · The Jekyll and Hyde of Smart Contracts Ari Juels Jacobs Institute, Cornell Tech Co-Director, IC3 Guest lecture, CS 5112 20 Sept. 2018 Small_farm](https://reader033.fdocuments.in/reader033/viewer/2022050323/5f7c5411062f555e393648c2/html5/thumbnails/4.jpg)
Bitcoin’s use of a blockchain
2 BTC
PKA PKB
![Page 5: The Jekyll and Hyde of Smart Contracts · The Jekyll and Hyde of Smart Contracts Ari Juels Jacobs Institute, Cornell Tech Co-Director, IC3 Guest lecture, CS 5112 20 Sept. 2018 Small_farm](https://reader033.fdocuments.in/reader033/viewer/2022050323/5f7c5411062f555e393648c2/html5/thumbnails/5.jpg)
Bitcoin’s use of a blockchain
Trans: 2 BTC: PKA ➜ PKBSig{SKA,Trans}
PKA PKB
Block
Block
Block
![Page 6: The Jekyll and Hyde of Smart Contracts · The Jekyll and Hyde of Smart Contracts Ari Juels Jacobs Institute, Cornell Tech Co-Director, IC3 Guest lecture, CS 5112 20 Sept. 2018 Small_farm](https://reader033.fdocuments.in/reader033/viewer/2022050323/5f7c5411062f555e393648c2/html5/thumbnails/6.jpg)
Blockchain = Trusted (universal) memory
Trans: 2 BTC: PKA ➜ PKBSig{SKA,Trans}
+2 BTC-2 BTC
PKA PKB
Block
Block
Block
![Page 7: The Jekyll and Hyde of Smart Contracts · The Jekyll and Hyde of Smart Contracts Ari Juels Jacobs Institute, Cornell Tech Co-Director, IC3 Guest lecture, CS 5112 20 Sept. 2018 Small_farm](https://reader033.fdocuments.in/reader033/viewer/2022050323/5f7c5411062f555e393648c2/html5/thumbnails/7.jpg)
Simple abstraction ➜ Powerful benefits
•Bitcoin offers:•Anonymous (pseudonymous) transactions•Unstoppable payments• Irrevocable•No interference by authorities
![Page 8: The Jekyll and Hyde of Smart Contracts · The Jekyll and Hyde of Smart Contracts Ari Juels Jacobs Institute, Cornell Tech Co-Director, IC3 Guest lecture, CS 5112 20 Sept. 2018 Small_farm](https://reader033.fdocuments.in/reader033/viewer/2022050323/5f7c5411062f555e393648c2/html5/thumbnails/8.jpg)
Bitcoin has many good uses!
•Low transaction fees + no middlemenØLow-cost payments
•Key-based bearer instrumentØHigh portability
•DecentralizedØFast cross-border remittances
![Page 9: The Jekyll and Hyde of Smart Contracts · The Jekyll and Hyde of Smart Contracts Ari Juels Jacobs Institute, Cornell Tech Co-Director, IC3 Guest lecture, CS 5112 20 Sept. 2018 Small_farm](https://reader033.fdocuments.in/reader033/viewer/2022050323/5f7c5411062f555e393648c2/html5/thumbnails/9.jpg)
But… anonymity + unstoppable payments =
Excellent tool for crime!
![Page 10: The Jekyll and Hyde of Smart Contracts · The Jekyll and Hyde of Smart Contracts Ari Juels Jacobs Institute, Cornell Tech Co-Director, IC3 Guest lecture, CS 5112 20 Sept. 2018 Small_farm](https://reader033.fdocuments.in/reader033/viewer/2022050323/5f7c5411062f555e393648c2/html5/thumbnails/10.jpg)
1989 PC Cyborg TrojanRansomware!
![Page 11: The Jekyll and Hyde of Smart Contracts · The Jekyll and Hyde of Smart Contracts Ari Juels Jacobs Institute, Cornell Tech Co-Director, IC3 Guest lecture, CS 5112 20 Sept. 2018 Small_farm](https://reader033.fdocuments.in/reader033/viewer/2022050323/5f7c5411062f555e393648c2/html5/thumbnails/11.jpg)
![Page 12: The Jekyll and Hyde of Smart Contracts · The Jekyll and Hyde of Smart Contracts Ari Juels Jacobs Institute, Cornell Tech Co-Director, IC3 Guest lecture, CS 5112 20 Sept. 2018 Small_farm](https://reader033.fdocuments.in/reader033/viewer/2022050323/5f7c5411062f555e393648c2/html5/thumbnails/12.jpg)
Other Bitcoin-fueled mischief
![Page 13: The Jekyll and Hyde of Smart Contracts · The Jekyll and Hyde of Smart Contracts Ari Juels Jacobs Institute, Cornell Tech Co-Director, IC3 Guest lecture, CS 5112 20 Sept. 2018 Small_farm](https://reader033.fdocuments.in/reader033/viewer/2022050323/5f7c5411062f555e393648c2/html5/thumbnails/13.jpg)
Decentralized smart contracts will amp it all up
![Page 14: The Jekyll and Hyde of Smart Contracts · The Jekyll and Hyde of Smart Contracts Ari Juels Jacobs Institute, Cornell Tech Co-Director, IC3 Guest lecture, CS 5112 20 Sept. 2018 Small_farm](https://reader033.fdocuments.in/reader033/viewer/2022050323/5f7c5411062f555e393648c2/html5/thumbnails/14.jpg)
What’s a Smart Contract?
![Page 15: The Jekyll and Hyde of Smart Contracts · The Jekyll and Hyde of Smart Contracts Ari Juels Jacobs Institute, Cornell Tech Co-Director, IC3 Guest lecture, CS 5112 20 Sept. 2018 Small_farm](https://reader033.fdocuments.in/reader033/viewer/2022050323/5f7c5411062f555e393648c2/html5/thumbnails/15.jpg)
Smart contracts
• Small programs that run on blockchains• Given trust in underlying blockchain, smart
contracts are• Transparent• Irreversible• Tamper-resistant
• ...plus they can act upon crypto tokens = $money
SmartContract
![Page 16: The Jekyll and Hyde of Smart Contracts · The Jekyll and Hyde of Smart Contracts Ari Juels Jacobs Institute, Cornell Tech Co-Director, IC3 Guest lecture, CS 5112 20 Sept. 2018 Small_farm](https://reader033.fdocuments.in/reader033/viewer/2022050323/5f7c5411062f555e393648c2/html5/thumbnails/16.jpg)
Lots of recent interest in ETH…
> $20 billion$7 billion
<
![Page 17: The Jekyll and Hyde of Smart Contracts · The Jekyll and Hyde of Smart Contracts Ari Juels Jacobs Institute, Cornell Tech Co-Director, IC3 Guest lecture, CS 5112 20 Sept. 2018 Small_farm](https://reader033.fdocuments.in/reader033/viewer/2022050323/5f7c5411062f555e393648c2/html5/thumbnails/17.jpg)
Why? Suppose Alice and Bob want to trade..
Problem of Fair Exchange!
10 Bob’s Bubble Tokens (BBT)
1 ETH
Bob’s Bubble Tokens (BBT)
![Page 18: The Jekyll and Hyde of Smart Contracts · The Jekyll and Hyde of Smart Contracts Ari Juels Jacobs Institute, Cornell Tech Co-Director, IC3 Guest lecture, CS 5112 20 Sept. 2018 Small_farm](https://reader033.fdocuments.in/reader033/viewer/2022050323/5f7c5411062f555e393648c2/html5/thumbnails/18.jpg)
1 ETH 10 BBT
1 ETH10 BBT
Trusted third-party (with public state)
![Page 19: The Jekyll and Hyde of Smart Contracts · The Jekyll and Hyde of Smart Contracts Ari Juels Jacobs Institute, Cornell Tech Co-Director, IC3 Guest lecture, CS 5112 20 Sept. 2018 Small_farm](https://reader033.fdocuments.in/reader033/viewer/2022050323/5f7c5411062f555e393648c2/html5/thumbnails/19.jpg)
Smartcontract
1 ETH10 BBT
Smart contract ≈Trusted third-party (with public state)
1 ETH 10 BBT
![Page 20: The Jekyll and Hyde of Smart Contracts · The Jekyll and Hyde of Smart Contracts Ari Juels Jacobs Institute, Cornell Tech Co-Director, IC3 Guest lecture, CS 5112 20 Sept. 2018 Small_farm](https://reader033.fdocuments.in/reader033/viewer/2022050323/5f7c5411062f555e393648c2/html5/thumbnails/20.jpg)
Smart Contract
Plus, they’ll have oracles…
Current events
Commodity+ equityprices
Weather
Webpagecontents
Sports Govt. documents
![Page 21: The Jekyll and Hyde of Smart Contracts · The Jekyll and Hyde of Smart Contracts Ari Juels Jacobs Institute, Cornell Tech Co-Director, IC3 Guest lecture, CS 5112 20 Sept. 2018 Small_farm](https://reader033.fdocuments.in/reader033/viewer/2022050323/5f7c5411062f555e393648c2/html5/thumbnails/21.jpg)
No, not Floyd Mayweather…
![Page 22: The Jekyll and Hyde of Smart Contracts · The Jekyll and Hyde of Smart Contracts Ari Juels Jacobs Institute, Cornell Tech Co-Director, IC3 Guest lecture, CS 5112 20 Sept. 2018 Small_farm](https://reader033.fdocuments.in/reader033/viewer/2022050323/5f7c5411062f555e393648c2/html5/thumbnails/22.jpg)
!
![Page 23: The Jekyll and Hyde of Smart Contracts · The Jekyll and Hyde of Smart Contracts Ari Juels Jacobs Institute, Cornell Tech Co-Director, IC3 Guest lecture, CS 5112 20 Sept. 2018 Small_farm](https://reader033.fdocuments.in/reader033/viewer/2022050323/5f7c5411062f555e393648c2/html5/thumbnails/23.jpg)
Crypto Tokens
•Application-specific cryptocurrency •Mainly ERC20 tokens•Managed in Ethereumsmart contracts
•$13+ billion token market cap
![Page 24: The Jekyll and Hyde of Smart Contracts · The Jekyll and Hyde of Smart Contracts Ari Juels Jacobs Institute, Cornell Tech Co-Director, IC3 Guest lecture, CS 5112 20 Sept. 2018 Small_farm](https://reader033.fdocuments.in/reader033/viewer/2022050323/5f7c5411062f555e393648c2/html5/thumbnails/24.jpg)
Crypto Tokens
• Sold in Initial Coin Offerings (ICOs) • a.k.a. Token Launch, Token
Generation Events (TGEs), etc.• Like unregulated VC• Token like a share (kind of…)
•Since mid-2017, ICO funding outstripping early-stage Internet VC (!)
![Page 25: The Jekyll and Hyde of Smart Contracts · The Jekyll and Hyde of Smart Contracts Ari Juels Jacobs Institute, Cornell Tech Co-Director, IC3 Guest lecture, CS 5112 20 Sept. 2018 Small_farm](https://reader033.fdocuments.in/reader033/viewer/2022050323/5f7c5411062f555e393648c2/html5/thumbnails/25.jpg)
Crypto Tokens: ERC721
• “Non-fungible tokens”: Represent unique objects
![Page 26: The Jekyll and Hyde of Smart Contracts · The Jekyll and Hyde of Smart Contracts Ari Juels Jacobs Institute, Cornell Tech Co-Director, IC3 Guest lecture, CS 5112 20 Sept. 2018 Small_farm](https://reader033.fdocuments.in/reader033/viewer/2022050323/5f7c5411062f555e393648c2/html5/thumbnails/26.jpg)
Simple smart contract: Lottery
Init: Tend := 30 Sept 2018, $ticket := 1, pool := {}, pot := 0
TicketPurchase: On receive $amt from party P:Assert $amt = $ticket, balance[P] ≥ $amtbalance[P] := balance[P] - $ticketpot := pot + $ticketpool := pool ⋃ P
Timer:If T > Tend thenW ∈R poolbalance[W] := balance[W] + pot
LotteryContract Lottery
![Page 27: The Jekyll and Hyde of Smart Contracts · The Jekyll and Hyde of Smart Contracts Ari Juels Jacobs Institute, Cornell Tech Co-Director, IC3 Guest lecture, CS 5112 20 Sept. 2018 Small_farm](https://reader033.fdocuments.in/reader033/viewer/2022050323/5f7c5411062f555e393648c2/html5/thumbnails/27.jpg)
Simple smart contract: Lottery
Init: Tend := 30 Sept 2016, $ticket := 1, pool := {}, pot := 0
TicketPurchase: On receive $amt from party P:Assert $amt = $ticket, balance[P] ≥ $amtbalance[P] := balance[P] - $ticketpot := pot + $ticketpool := pool ⋃ P
Timer:If T > Tend thenW ∈R poolbalance[W] := balance[W] + pot
LotteryContract Lottery
![Page 28: The Jekyll and Hyde of Smart Contracts · The Jekyll and Hyde of Smart Contracts Ari Juels Jacobs Institute, Cornell Tech Co-Director, IC3 Guest lecture, CS 5112 20 Sept. 2018 Small_farm](https://reader033.fdocuments.in/reader033/viewer/2022050323/5f7c5411062f555e393648c2/html5/thumbnails/28.jpg)
Criminal Smart Contracts
Ari Juels, Ahmed E. Kosba, Elaine Shi: The Ring of Gyges: Investigating the Future of Criminal Smart Contracts. ACM CCS 2016.
![Page 29: The Jekyll and Hyde of Smart Contracts · The Jekyll and Hyde of Smart Contracts Ari Juels Jacobs Institute, Cornell Tech Co-Director, IC3 Guest lecture, CS 5112 20 Sept. 2018 Small_farm](https://reader033.fdocuments.in/reader033/viewer/2022050323/5f7c5411062f555e393648c2/html5/thumbnails/29.jpg)
Criminal Smart Contracts (CSCs)
• Smart contracts address inefficiencies in business transactions.• E.g., make raising venture capital more efficient via tokens
•CSCs address inefficiencies in criminal business transactions.•CSCs reap anonymity and distributed trust to:• Solicit perpetration of crimes or• Sell criminal services.
![Page 30: The Jekyll and Hyde of Smart Contracts · The Jekyll and Hyde of Smart Contracts Ari Juels Jacobs Institute, Cornell Tech Co-Director, IC3 Guest lecture, CS 5112 20 Sept. 2018 Small_farm](https://reader033.fdocuments.in/reader033/viewer/2022050323/5f7c5411062f555e393648c2/html5/thumbnails/30.jpg)
CSCs solve two major (criminal) business problems1. Dangerous trust model / reliance on reputation!• Cybercrime supersite
DarkMarket.ws• Site admin Master Splyntr
= FBI agent K. Mularski!• Ross Ulbricht (DPR, Silk Road)
solicited six murders for hire• …including one from the FBI• FBI staged torture and murder to
entrap Ulbricht
![Page 31: The Jekyll and Hyde of Smart Contracts · The Jekyll and Hyde of Smart Contracts Ari Juels Jacobs Institute, Cornell Tech Co-Director, IC3 Guest lecture, CS 5112 20 Sept. 2018 Small_farm](https://reader033.fdocuments.in/reader033/viewer/2022050323/5f7c5411062f555e393648c2/html5/thumbnails/31.jpg)
CSCs solve two major (criminal) business problems
2. Law enforcement can shut you down.
![Page 32: The Jekyll and Hyde of Smart Contracts · The Jekyll and Hyde of Smart Contracts Ari Juels Jacobs Institute, Cornell Tech Co-Director, IC3 Guest lecture, CS 5112 20 Sept. 2018 Small_farm](https://reader033.fdocuments.in/reader033/viewer/2022050323/5f7c5411062f555e393648c2/html5/thumbnails/32.jpg)
CSCs solve both problems by enforcing trust
•Main mechanisms: anonymity and autonomous execution•CSCs can achieve commission fairness•Commission fairness: both commission of a crime and commensurate payment for perpetrator or neither
![Page 33: The Jekyll and Hyde of Smart Contracts · The Jekyll and Hyde of Smart Contracts Ari Juels Jacobs Institute, Cornell Tech Co-Director, IC3 Guest lecture, CS 5112 20 Sept. 2018 Small_farm](https://reader033.fdocuments.in/reader033/viewer/2022050323/5f7c5411062f555e393648c2/html5/thumbnails/33.jpg)
Contract: Assassination
• C offers $reward (e.g., $1,000,000) for assassination of CEO X•How to verify:
1. That assassination happened?2. That a claimed perpetrator P was
actually responsible?
• Solutions:1. Authenticated data feed / oracle
Assassination
![Page 34: The Jekyll and Hyde of Smart Contracts · The Jekyll and Hyde of Smart Contracts Ari Juels Jacobs Institute, Cornell Tech Co-Director, IC3 Guest lecture, CS 5112 20 Sept. 2018 Small_farm](https://reader033.fdocuments.in/reader033/viewer/2022050323/5f7c5411062f555e393648c2/html5/thumbnails/34.jpg)
Smart Contract
Assume…
Current events
Commodity+ equityprices
Weather
Webpagecontents
Sports Govt. documents
![Page 35: The Jekyll and Hyde of Smart Contracts · The Jekyll and Hyde of Smart Contracts Ari Juels Jacobs Institute, Cornell Tech Co-Director, IC3 Guest lecture, CS 5112 20 Sept. 2018 Small_farm](https://reader033.fdocuments.in/reader033/viewer/2022050323/5f7c5411062f555e393648c2/html5/thumbnails/35.jpg)
Contract: Assassination
• C offers $reward (e.g., $1,000,000) for assassination of CEO X•How to verify:
1. That assassination happened?2. That a claimed perpetrator P was actually
responsible?
• Solutions:1. Authenticated data feed / oracle2. Calling card
Assassination
![Page 36: The Jekyll and Hyde of Smart Contracts · The Jekyll and Hyde of Smart Contracts Ari Juels Jacobs Institute, Cornell Tech Co-Director, IC3 Guest lecture, CS 5112 20 Sept. 2018 Small_farm](https://reader033.fdocuments.in/reader033/viewer/2022050323/5f7c5411062f555e393648c2/html5/thumbnails/36.jpg)
Calling card
• Traditionally, exotic object left by a criminal• E.g., Beltway Sniper's tarot cards (2002)
• For CSC, calling card cc is set of details of crime that are:
1. Hard to guess in advance; and2. Reported (by media) in authenticated data
feed.• Example details:• Day, time, place• Unusual keywords captured in news
• E.g., Litvinenko poisoned with "Polonium-210" (2006)
Beltway Sniper
"The Phantom"
![Page 37: The Jekyll and Hyde of Smart Contracts · The Jekyll and Hyde of Smart Contracts Ari Juels Jacobs Institute, Cornell Tech Co-Director, IC3 Guest lecture, CS 5112 20 Sept. 2018 Small_farm](https://reader033.fdocuments.in/reader033/viewer/2022050323/5f7c5411062f555e393648c2/html5/thumbnails/37.jpg)
How does P (= assassin) use a calling card?
•P sends to contract encryption (commitment) e.cc to calling card cc before crime occurs•After crime occurs, P opens e.cc, revealing cc•Contract verifies that cc matches authenticated data feed•Then cc proves P committed crime!
P
![Page 38: The Jekyll and Hyde of Smart Contracts · The Jekyll and Hyde of Smart Contracts Ari Juels Jacobs Institute, Cornell Tech Co-Director, IC3 Guest lecture, CS 5112 20 Sept. 2018 Small_farm](https://reader033.fdocuments.in/reader033/viewer/2022050323/5f7c5411062f555e393648c2/html5/thumbnails/38.jpg)
PFull calling-card CSC
Assassination
$1,000,000 reward for CEO X
P sends cc:
Authenticatednews feed:
P opens:
P paid reward:
cce.cc
cce.cc
X
$1,000,000P
“CEO X murdered! Monogrammed ‘P’ glove
found on body!”
![Page 39: The Jekyll and Hyde of Smart Contracts · The Jekyll and Hyde of Smart Contracts Ari Juels Jacobs Institute, Cornell Tech Co-Director, IC3 Guest lecture, CS 5112 20 Sept. 2018 Small_farm](https://reader033.fdocuments.in/reader033/viewer/2022050323/5f7c5411062f555e393648c2/html5/thumbnails/39.jpg)
Commission fairness!
Contractor C
$$$
Perpetrator P
X
![Page 40: The Jekyll and Hyde of Smart Contracts · The Jekyll and Hyde of Smart Contracts Ari Juels Jacobs Institute, Cornell Tech Co-Director, IC3 Guest lecture, CS 5112 20 Sept. 2018 Small_farm](https://reader033.fdocuments.in/reader033/viewer/2022050323/5f7c5411062f555e393648c2/html5/thumbnails/40.jpg)
I’d like to say that decentralized assassination markets will never happen, but…
![Page 41: The Jekyll and Hyde of Smart Contracts · The Jekyll and Hyde of Smart Contracts Ari Juels Jacobs Institute, Cornell Tech Co-Director, IC3 Guest lecture, CS 5112 20 Sept. 2018 Small_farm](https://reader033.fdocuments.in/reader033/viewer/2022050323/5f7c5411062f555e393648c2/html5/thumbnails/41.jpg)
Assassination extreme, but CSCs for…
•Other physical crimes: arson, assault, etc.
•Cybercrimes: • leakage of data• theft of CA keys (in paper)•website defacement (in paper)
Note: For most CSCs, e.g., Assassination, C can just walk away!
![Page 42: The Jekyll and Hyde of Smart Contracts · The Jekyll and Hyde of Smart Contracts Ari Juels Jacobs Institute, Cornell Tech Co-Director, IC3 Guest lecture, CS 5112 20 Sept. 2018 Small_farm](https://reader033.fdocuments.in/reader033/viewer/2022050323/5f7c5411062f555e393648c2/html5/thumbnails/42.jpg)
Vote-buying
• Suppose Contract A is holding a vote• E.g., to decide whether to invest pools funds in Venture V
•Contract B(uyer) monitors Contract A and…
• If Address X sends “yes” vote to Contract A, then…
•Contract B sends $1 (in ETH) to X
![Page 43: The Jekyll and Hyde of Smart Contracts · The Jekyll and Hyde of Smart Contracts Ari Juels Jacobs Institute, Cornell Tech Co-Director, IC3 Guest lecture, CS 5112 20 Sept. 2018 Small_farm](https://reader033.fdocuments.in/reader033/viewer/2022050323/5f7c5411062f555e393648c2/html5/thumbnails/43.jpg)
Defenses?Hard problem!
We’re working on it...e.g., bribery-resistant voting
![Page 44: The Jekyll and Hyde of Smart Contracts · The Jekyll and Hyde of Smart Contracts Ari Juels Jacobs Institute, Cornell Tech Co-Director, IC3 Guest lecture, CS 5112 20 Sept. 2018 Small_farm](https://reader033.fdocuments.in/reader033/viewer/2022050323/5f7c5411062f555e393648c2/html5/thumbnails/44.jpg)
Town Crier
Fan Zhang, Kyle Croman, Ethan Cecchetti, Elaine Shi, and Ari Juels. Town Crier: An Authenticated Data Feed for Smart Contracts. ACM CCS, 2016.
![Page 45: The Jekyll and Hyde of Smart Contracts · The Jekyll and Hyde of Smart Contracts Ari Juels Jacobs Institute, Cornell Tech Co-Director, IC3 Guest lecture, CS 5112 20 Sept. 2018 Small_farm](https://reader033.fdocuments.in/reader033/viewer/2022050323/5f7c5411062f555e393648c2/html5/thumbnails/45.jpg)
Popular smart contract example
FlightInsurance
Gimme a $100 policy
(Flight #1215, 17 May, Policy price: $1)
$100
![Page 46: The Jekyll and Hyde of Smart Contracts · The Jekyll and Hyde of Smart Contracts Ari Juels Jacobs Institute, Cornell Tech Co-Director, IC3 Guest lecture, CS 5112 20 Sept. 2018 Small_farm](https://reader033.fdocuments.in/reader033/viewer/2022050323/5f7c5411062f555e393648c2/html5/thumbnails/46.jpg)
“Interesting” smart contracts are data hungry!
Smart Contract
Stock quotes
Commodityprices
Weatherdata
Current events
Sportsresults
Webpagecontents
![Page 47: The Jekyll and Hyde of Smart Contracts · The Jekyll and Hyde of Smart Contracts Ari Juels Jacobs Institute, Cornell Tech Co-Director, IC3 Guest lecture, CS 5112 20 Sept. 2018 Small_farm](https://reader033.fdocuments.in/reader033/viewer/2022050323/5f7c5411062f555e393648c2/html5/thumbnails/47.jpg)
But smart contracts lack internet connections…
FlightInsurance
Blockchain
![Page 48: The Jekyll and Hyde of Smart Contracts · The Jekyll and Hyde of Smart Contracts Ari Juels Jacobs Institute, Cornell Tech Co-Director, IC3 Guest lecture, CS 5112 20 Sept. 2018 Small_farm](https://reader033.fdocuments.in/reader033/viewer/2022050323/5f7c5411062f555e393648c2/html5/thumbnails/48.jpg)
Trusted Website XYZ.com
FlightInsurance
Blockchain Is DL 2777 delayed?
TownCrier
Authenticity property: Data delivered by TC is exactly as served on source site XYZ.com
Delayed
Town Crier (TC): Basic idea
![Page 49: The Jekyll and Hyde of Smart Contracts · The Jekyll and Hyde of Smart Contracts Ari Juels Jacobs Institute, Cornell Tech Co-Director, IC3 Guest lecture, CS 5112 20 Sept. 2018 Small_farm](https://reader033.fdocuments.in/reader033/viewer/2022050323/5f7c5411062f555e393648c2/html5/thumbnails/49.jpg)
Trusted Website XYZ.com
FlightInsurance
Blockchain
TownCrier
But would you really trust a CT faculty member and PhD students to do this?
Delayed
Town Crier (TC): Basic idea
![Page 50: The Jekyll and Hyde of Smart Contracts · The Jekyll and Hyde of Smart Contracts Ari Juels Jacobs Institute, Cornell Tech Co-Director, IC3 Guest lecture, CS 5112 20 Sept. 2018 Small_farm](https://reader033.fdocuments.in/reader033/viewer/2022050323/5f7c5411062f555e393648c2/html5/thumbnails/50.jpg)
Trusted Website XYZ.com
FlightInsurance
Blockchain
SGX
TownCrier
How to ensure TC authenticity property?
Delayed
Town Crier (TC): Basic idea
![Page 51: The Jekyll and Hyde of Smart Contracts · The Jekyll and Hyde of Smart Contracts Ari Juels Jacobs Institute, Cornell Tech Co-Director, IC3 Guest lecture, CS 5112 20 Sept. 2018 Small_farm](https://reader033.fdocuments.in/reader033/viewer/2022050323/5f7c5411062f555e393648c2/html5/thumbnails/51.jpg)
Intel SGX
Program X
SGX
Enclave
Integrity
Other processes—even OS—can’t tamper with control flow of X
Confidentiality
Other processes—even OS—learn nothing* about state of X
* Excepting side-channels like page faults, cache, branch-shadowing
![Page 52: The Jekyll and Hyde of Smart Contracts · The Jekyll and Hyde of Smart Contracts Ari Juels Jacobs Institute, Cornell Tech Co-Director, IC3 Guest lecture, CS 5112 20 Sept. 2018 Small_farm](https://reader033.fdocuments.in/reader033/viewer/2022050323/5f7c5411062f555e393648c2/html5/thumbnails/52.jpg)
FlightInsurance
Program X
SGX attestation att = !intel[Build(X) || User data]
Remote entity
*Signature ! (EPID) can be anonymous (group) or pseudonymous
PKXSKX
Intel SGX: Remote attestation
![Page 53: The Jekyll and Hyde of Smart Contracts · The Jekyll and Hyde of Smart Contracts Ari Juels Jacobs Institute, Cornell Tech Co-Director, IC3 Guest lecture, CS 5112 20 Sept. 2018 Small_farm](https://reader033.fdocuments.in/reader033/viewer/2022050323/5f7c5411062f555e393648c2/html5/thumbnails/53.jpg)
TC goal / adversarial model
• Relying contract sends query Q = (XYZ.com, params, T) to TC•Goal: TC authenticity property for answer A to query Q• Assumption: TC code trustworthy (publicly verified)• Adversary controls TC node OS and the network
Trusted Website XYZ.com
FlightInsurance
Blockchain
SGX
TownCrier
![Page 54: The Jekyll and Hyde of Smart Contracts · The Jekyll and Hyde of Smart Contracts Ari Juels Jacobs Institute, Cornell Tech Co-Director, IC3 Guest lecture, CS 5112 20 Sept. 2018 Small_farm](https://reader033.fdocuments.in/reader033/viewer/2022050323/5f7c5411062f555e393648c2/html5/thumbnails/54.jpg)
Our adversarial model…
Trusted Website XYZ.com
FlightInsurance
Blockchain
TownCrier
![Page 55: The Jekyll and Hyde of Smart Contracts · The Jekyll and Hyde of Smart Contracts Ari Juels Jacobs Institute, Cornell Tech Co-Director, IC3 Guest lecture, CS 5112 20 Sept. 2018 Small_farm](https://reader033.fdocuments.in/reader033/viewer/2022050323/5f7c5411062f555e393648c2/html5/thumbnails/55.jpg)
Trusted Website XYZ.com
FlightInsurance
Blockchain
SGX
TownCrier
• TC source code is published• Anyone can compute TC_code
• Attestation generated: att = !intel[Build(TC_code) || PKTC]
![Page 56: The Jekyll and Hyde of Smart Contracts · The Jekyll and Hyde of Smart Contracts Ari Juels Jacobs Institute, Cornell Tech Co-Director, IC3 Guest lecture, CS 5112 20 Sept. 2018 Small_farm](https://reader033.fdocuments.in/reader033/viewer/2022050323/5f7c5411062f555e393648c2/html5/thumbnails/56.jpg)
Trusted Website XYZ.com
FlightInsurance
Blockchain
SGX
TownCrier
(Simplified) steps for FlightInsurance:• Creator checks att against TC_code, gets PKTC• FlightInsurance hardwired with PKTC
• FlightInsurance checks signature !SKTC[flight data] on flight data
![Page 57: The Jekyll and Hyde of Smart Contracts · The Jekyll and Hyde of Smart Contracts Ari Juels Jacobs Institute, Cornell Tech Co-Director, IC3 Guest lecture, CS 5112 20 Sept. 2018 Small_farm](https://reader033.fdocuments.in/reader033/viewer/2022050323/5f7c5411062f555e393648c2/html5/thumbnails/57.jpg)
FlightInsurance
Gimme a $100 policy
(Flight #1215, 17 May, Policy price: $1)
$100
Another problem…
![Page 58: The Jekyll and Hyde of Smart Contracts · The Jekyll and Hyde of Smart Contracts Ari Juels Jacobs Institute, Cornell Tech Co-Director, IC3 Guest lecture, CS 5112 20 Sept. 2018 Small_farm](https://reader033.fdocuments.in/reader033/viewer/2022050323/5f7c5411062f555e393648c2/html5/thumbnails/58.jpg)
Town Crier offers data confidentiality
FlightInsurance
SGX
TownCrier
Blockchain
TCContract
Flight delayed /not delayed
…complex handling of private data possible
$$$
EncPK [flight info]TC
![Page 59: The Jekyll and Hyde of Smart Contracts · The Jekyll and Hyde of Smart Contracts Ari Juels Jacobs Institute, Cornell Tech Co-Director, IC3 Guest lecture, CS 5112 20 Sept. 2018 Small_farm](https://reader033.fdocuments.in/reader033/viewer/2022050323/5f7c5411062f555e393648c2/html5/thumbnails/59.jpg)
Application: New marketplaces for virtual goods
Steam-Trader
![Page 60: The Jekyll and Hyde of Smart Contracts · The Jekyll and Hyde of Smart Contracts Ari Juels Jacobs Institute, Cornell Tech Co-Director, IC3 Guest lecture, CS 5112 20 Sept. 2018 Small_farm](https://reader033.fdocuments.in/reader033/viewer/2022050323/5f7c5411062f555e393648c2/html5/thumbnails/60.jpg)
Other applications
•All manner of financial instruments•Many different types of insurance (flight, crop, etc.)•Supply-chain management•Etc., etc.
![Page 61: The Jekyll and Hyde of Smart Contracts · The Jekyll and Hyde of Smart Contracts Ari Juels Jacobs Institute, Cornell Tech Co-Director, IC3 Guest lecture, CS 5112 20 Sept. 2018 Small_farm](https://reader033.fdocuments.in/reader033/viewer/2022050323/5f7c5411062f555e393648c2/html5/thumbnails/61.jpg)
Fair marketplaces for bug-bounties
Bug-bounty
Florian Tramèr, Fan Zhang, Huang Lin, Jean-Pierre Hubaux, Ari Juels, Elaine Shi: Sealed-Glass Proofs: Using Transparent Enclaves to Prove and Sell Knowledge. IEEE Euro S&P 2017. To appear. (NSF-funded work)
![Page 62: The Jekyll and Hyde of Smart Contracts · The Jekyll and Hyde of Smart Contracts Ari Juels Jacobs Institute, Cornell Tech Co-Director, IC3 Guest lecture, CS 5112 20 Sept. 2018 Small_farm](https://reader033.fdocuments.in/reader033/viewer/2022050323/5f7c5411062f555e393648c2/html5/thumbnails/62.jpg)
Fair marketplaces for zero-days (sigh)
Zero-day
![Page 63: The Jekyll and Hyde of Smart Contracts · The Jekyll and Hyde of Smart Contracts Ari Juels Jacobs Institute, Cornell Tech Co-Director, IC3 Guest lecture, CS 5112 20 Sept. 2018 Small_farm](https://reader033.fdocuments.in/reader033/viewer/2022050323/5f7c5411062f555e393648c2/html5/thumbnails/63.jpg)
Special thanks to
Town Crier Public Ethereum Launched:15 May 2017
![Page 64: The Jekyll and Hyde of Smart Contracts · The Jekyll and Hyde of Smart Contracts Ari Juels Jacobs Institute, Cornell Tech Co-Director, IC3 Guest lecture, CS 5112 20 Sept. 2018 Small_farm](https://reader033.fdocuments.in/reader033/viewer/2022050323/5f7c5411062f555e393648c2/html5/thumbnails/64.jpg)
TC licensed to company this week…
![Page 65: The Jekyll and Hyde of Smart Contracts · The Jekyll and Hyde of Smart Contracts Ari Juels Jacobs Institute, Cornell Tech Co-Director, IC3 Guest lecture, CS 5112 20 Sept. 2018 Small_farm](https://reader033.fdocuments.in/reader033/viewer/2022050323/5f7c5411062f555e393648c2/html5/thumbnails/65.jpg)
Initiative for CryptoCurrencies and Contracts (IC3)
Tom Kalil visit, 13 April 2017
Ari Juels Jacobs Technion-Cornell Institute, Cornell TechCo-Director, IC3
www.initc3.org