Conference:22nd IEEE International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom)
CCF level:CCF C
Categories:Network and Information Security
Year:2023
Num:29
Conference time:1-3 November 2023
21
Title:
Efficient Covert Communication Scheme Based on Ethereum
基于以太坊的高效隐蔽通信方案
Authors:****
Key words:
blockchain, Ethereum,covert communication, information hiding , HMAC,security
区块链、以太坊、隐蔽通信、信息隐藏、HMAC、安全
Abstract:****
Due to the continuous improvement of traffic analysis technology, traditional covert channels have become insecure and vulnerable to human sabotage. Blockchain technology has the characteristics of immutability and anonymity, making covert communication more unmonitored and robust. However, it also brings about low communication efficiency. In this article, we adopt the idea of transaction rounds and propose for the first time the construction of HMAC values order (HVO) scheme. Furthermore, we further propose a HMAC values and transaction matrices (HV-TM) scheme to improve communication efficiency. This article is the first to use the gas field to embed data to improve the embedding rate. Use the random numbers generated by the Mersenne Twister algorithm to disrupt the order of addresses to improve the concealment of reused addresses. Experiments have shown that the two schemes have higher communication efficiency and better embedding rate than existing schemes.
由于流量分析技术的不断进步,传统的隐蔽渠道变得不安全,容易遭到人为破坏。区块链技术具有不可篡改性和匿名性的特点,使得隐蔽通信更加不受监控、更加稳健。然而,它也带来了通信效率低的问题。本文采用交易轮的思想,首次提出构建 HMAC 值顺序(HVO)方案。此外,我们还进一步提出了一种 HMAC 值和事务矩阵(HV-TM)方案,以提高通信效率。本文首次使用气场嵌入数据,以提高嵌入率。利用梅森捻子算法产生的随机数打乱地址顺序,提高重复使用地址的隐蔽性。实验表明,与现有方案相比,这两种方案具有更高的通信效率和更好的嵌入率。
Pdf link:
https://ieeexplore.ieee.org/document/10538942
22
Title:
HyperChain: A Dynamic State Sharding Protocol Supporting Smart Contracts to Achieve Low Cross-Shard and Scalability
超级链:支持智能合约的动态状态分片协议,实现低跨片性和可扩展性
Authors:****
Key words:
Blockchain, Sharding, Scalability, Hypergraph
区块链、分片、可扩展性、超图
Abstract:****
Blockchain, a widely utilized distributed ledger technology, faces the scalability challenge. State sharding has emerged as a promising solution for addressing this challenge. However, conventional state allocation solutions often face two major obstacles: a high ratio of cross-shard transactions and an unbalanced workload distribution, due to their reliance on a simple and fixed assignment of states to shards. The former increases the overall workload on the system, while the latter reduces resource utilization. Both factors significantly impact system performance. Moreover, our key observation is that the collection of smart contract transactions can be represented as a hypergraph network by analyzing their characteristics. Therefore, this study proposes HyperChain, a novel dynamic state sharding protocol that integrates a hypergraph partition algorithm. HyperChain aims to reduce the ratio of cross-shard transactions and balance workload distribution, thereby achieving improved throughput and reduced transaction latency in smart contract blockchain systems. Our experiments demonstrate that the proposed HyperChain exhibits superior performance than other solutions in terms of cross-shard transaction ratio, workload balance, throughput, and transaction latency.
区块链作为一种广泛使用的分布式账本技术,面临着可扩展性的挑战。状态分片已成为应对这一挑战的有前途的解决方案。然而,传统的状态分配解决方案往往面临两大障碍:一是跨分片交易比例高,二是工作负载分布不均衡,因为它们依赖于将状态简单、固定地分配给分片。前者会增加系统的总体工作量,后者则会降低资源利用率。这两个因素都会严重影响系统性能。此外,我们的重要发现是,通过分析智能合约交易的特征,可以将其集合表示为一个超图网络。因此,本研究提出了一种整合了超图分割算法的新型动态状态分片协议--HyperChain。HyperChain旨在降低跨分片交易的比例,平衡工作量分配,从而提高智能合约区块链系统的吞吐量,减少交易延迟。我们的实验证明,所提出的 HyperChain 在跨区交易比率、工作量平衡、吞吐量和交易延迟方面都比其他解决方案表现出更优越的性能。
Pdf link:
https://ieeexplore.ieee.org/document/10538738
23
Title:
Two-Stage Smart Contract Vulnerability Detection Combining Semantic Features and Graph Features
结合语义特征和图特征的两阶段智能合约漏洞检测
Authors:****
Key words:
Graph Neural Networks, Contract Graph, Vulnerability Detection, Semantic Feature
图神经网络、合同图、漏洞检测、语义特征
Abstract:****
Smart contract vulnerability detection is an important security practice aimed at identifying and fixing potential vulnerabilities. This detection technique involves using static and dynamic analysis methods to inspect and test contract code, in order to identify code patterns and logical errors that may lead to security vulnerabilities. However, summarizing previous research reveals limitations in terms of scalability and generalizability, which can result in higher rates of false positives and false negatives in detection results. Therefore, we propose a novel smart contract detection framework called TSCSG: Two-Stage Smart Contract Vulnerability Detection Combining Semantic Features and Graph Features. In the graph extraction stage, TSCSG utilizes the data flow graph and control flow graph of smart contracts to extract the required contract graph. After processing the graph data, TSCSG employs our proposed RTMP network to extract smart contract graph features. In the semantic extraction stage of contract vulnerabilities, TSCSG utilizes smart contract data propagation chains to extract semantic features of smart contract vulnerabilities, which are then combined with the graph features to obtain the final detection results. Our large-scale empirical study on the EtherScan dataset demonstrates that TSCSG achieves satisfactory results in detecting reentrancy and timestamp vulnerabilities, outperforming 9 state-of-the-art vulnerability detection methods.
智能合约漏洞检测是一项重要的安全实践,旨在识别和修复潜在漏洞。这种检测技术包括使用静态和动态分析方法检查和测试合约代码,以识别可能导致安全漏洞的代码模式和逻辑错误。然而,总结以往的研究发现,该技术在可扩展性和通用性方面存在局限性,可能导致检测结果中出现较高的假阳性和假阴性率。因此,我们提出了一种名为 TSCSG 的新型智能合约检测框架:结合语义特征和图特征的两阶段智能合约漏洞检测。在图提取阶段,TSCSG 利用智能合约的数据流图和控制流图提取所需的合约图。处理完图数据后,TSCSG 利用我们提出的 RTMP 网络提取智能合约图特征。在合约漏洞的语义提取阶段,TSCSG 利用智能合约数据传播链提取智能合约漏洞的语义特征,然后结合图特征得出最终检测结果。我们在 EtherScan 数据集上进行的大规模实证研究表明,TSCSG 在检测重入性和时间戳漏洞方面取得了令人满意的结果,优于 9 种最先进的漏洞检测方法。
Pdf link:
https://ieeexplore.ieee.org/document/10538921
24
Title:
Opcode Sequences-Based Smart Contract Vulnerabilities Detection Using Deep Learning
利用深度学习检测基于操作码序列的智能合约漏洞
Authors:****
Key words:
Smart Contracts, Vulnerabilities Detection, Opcode Sequences, Deep Learning, LSTM
智能合约、漏洞检测、操作码序列、深度学习、LSTM
Abstract:****
Ethereum is a blockchain platform that allows developers to create smart contracts. Smart contracts are programs that can automatically execute and handle cryptocurrency funds. However, over a hundred thousand new smart contracts are deployed every day and inevitably contain vulnerabilities due to programming errors. Once deployed, smart contracts cannot be fixed or changed, leaving funds at risk. To mitigate it, we use deep learning to detect vulnerabilities in smart contracts. First, we create our own dataset of labeled smart contracts based on opcode sequences, since few smart contract codes and labeled datasets are publicly available. We collect opcode sequences by replaying real-world transactions from the Ethereum Mainnet in our fully synchronized node while we leverage a plugin called "SODA" to label opcode sequences with vulnerability classes. Second, after data collection, we preprocess the data by removing duplicate opcode sequences, normalizing the sequences to the same length, and converting them into vectors. Finally, to detect vulnerabilities in smart contracts, we train a deep classification model using LSTM neural networks. Our model achieved an average accuracy of 82.63% and an F1-score of 79.74% across seven types of vulnerabilities, which is important for securing funds and logic in smart contracts.
以太坊是一个区块链平台,允许开发人员创建智能合约。智能合约是可以自动执行和处理加密货币资金的程序。然而,每天都有超过十万个新的智能合约被部署,其中不可避免地包含编程错误导致的漏洞。智能合约一旦部署,就无法修复或更改,从而使资金面临风险。为了缓解这一问题,我们使用深度学习来检测智能合约中的漏洞。首先,我们根据操作码序列创建了自己的智能合约标签数据集,因为公开的智能合约代码和标签数据集很少。我们通过在完全同步的节点中重播以太坊主网的真实交易来收集操作码序列,同时利用名为 "SODA "的插件为操作码序列贴上漏洞类别标签。其次,在收集数据后,我们会对数据进行预处理,删除重复的操作码序列,将序列归一化为相同长度,并将其转换为矢量。最后,为了检测智能合约中的漏洞,我们使用 LSTM 神经网络训练了一个深度分类模型。我们的模型在七种类型的漏洞中取得了 82.63% 的平均准确率和 79.74% 的 F1 分数,这对于确保智能合约中的资金和逻辑安全非常重要。
Pdf link:
https://ieeexplore.ieee.org/document/10538581
25
Title:
SmartLLM: A New Oracle System for Smart Contracts Calling Large Language Models
SmartLLM:用于调用大型语言模型的智能合约的新型 Oracle 系统
Authors:****
Key words:
oracle, large language model, smart contract, blockchain
预言机、大型语言模型、智能合约、区块链
Abstract:****
Trustworthy oracles are an essential component of blockchain technology, providing a mechanism for blockchain applications to access data from the real world and verify it on-chain. With the continuous development of blockchain technology, trustworthy oracles have become one of the hot research topics in the blockchain industry. This article reviews the current research status and challenges of trustworthy oracles, summarizing the major research progress in the oracle field in recent years from aspects such as architecture and key technologies. Based on this, we propose a system architecture called SmartLLM that allows smart contracts to call large language models based on a trustworthy oracle mechanism. There are two types of architectures: one is chain-native, and the other is a combination of on-chain and off-chain. This architecture provides technical support for smart contracts to use large language models, enriching the use cases of smart contracts.
可信预言机是区块链技术的重要组成部分,它为区块链应用提供了一种从现实世界获取数据并在链上进行验证的机制。随着区块链技术的不断发展,可信神谕已成为区块链行业的热点研究课题之一。本文回顾了可信预言机的研究现状与挑战,从体系结构、关键技术等方面总结了近年来预言机领域的主要研究进展。在此基础上,我们提出了一种名为 SmartLLM 的系统架构,允许智能合约基于可信预言机机制调用大型语言模型。架构有两种:一种是链上原生架构,另一种是链上和链下结合架构。这种架构为智能合约使用大型语言模型提供了技术支持,丰富了智能合约的使用案例。
Pdf link:
https://ieeexplore.ieee.org/document/10538566
篇幅有限,下篇文章将继续分享剩余论文
持续接收区块链最新论文
洞察区块链技术发展趋势
Follow us to keep receiving the latest blockchain papers
Insight into Blockchain Technology Trends