Conference:46th IEEE Symposium on Security and Privacy
CCF level:CCF A
Categories:network and information security
Year:2025
Conference time:MAY 12-15, 2025 AT THE HYATT REGENCY SAN FRANCISCO, SAN FRANCISCO, CA
1
Title:
Sailfish: Towards Improving the Latency of DAG-based BFT
Sailfish:改善基于 DAG 的 BFT 延迟
Authors:
Nibesh Shrestha, Supra Research
Rohan Shrothrium, Kuru Labs
Aniket Kate, Purdue University/Supra Research
Kartik Nayak, Duke University
Abstract:
Directed Acyclic Graph (DAG) based BFT protocols balance consensus efforts across different parties and maintain high throughput even when some designated parties fail. However, existing DAG-based BFT protocols exhibit long latency to commit decisions, primarily because they have a \emph{leader} every 2 or more rounds''. Recent works, such as Shoal (FC'23) and Mysticeti, have deemed supporting a leader vertex in each round particularly difficult, if not impossible. Consequently, even under honest leaders, these protocols require high latency (or communication complexity) to commit the proposal submitted by the leader (leader vertex) and additional latency to commit other proposals (non-leader vertices). In this work, we present \name, the first DAG-based BFT that supports a leader vertex in each round. Under honest leaders, \name maintains a commit latency of one reliable broadcast (RBC) round plus 1δ to commit the leader vertex (where δ is the actual transmission latency of a message) and only an additional RBC round to commit non-leader vertices. We also extend \name to \multiname, which facilitates multiple leaders within a single round and commits all leader vertices in a round with a latency of one RBC round plus 1δ. Our experimental evaluation demonstrates that our protocols introduce significantly lower latency overhead compared to existing DAG-based protocols, with similar throughput.
基于有向无环图 (DAG) 的 BFT 协议平衡了不同参与方之间的共识努力,即使某些指定参与方失败也能保持高吞吐量。然而,现有的基于 DAG 的 BFT 协议在提交决策时表现出较长的延迟,主要是因为它们每 2 轮或更多轮次都有一个 \emph{领导者}''。最近的研究,如 Shoal (FC'23) 和 Mysticeti,认为在每一轮中支持一个领导者顶点特别困难,甚至不可能。因此,即使在诚实的领导者下,这些协议也需要高延迟(或通信复杂性)来提交领导者(领导者顶点)提交的提案,并需要额外的延迟来提交其他提案(非领导者顶点)。在这项工作中,我们提出了 \name,这是第一个在每一轮中支持领导者顶点的基于 DAG 的 BFT。在诚实领导者的监督下,\name 维持一个可靠广播 (RBC) 轮次加 1δ 的提交延迟来提交领导者顶点(其中 δ 是消息的实际传输延迟),并且仅需一个额外的 RBC 轮次来提交非领导者顶点。我们还将 \name 扩展为 \multiname,这有利于在一轮内有多个领导者,并在一轮中提交所有领导者顶点,延迟为一个 RBC 轮次加 1δ。我们的实验评估表明,与现有的基于 DAG 的协议相比,我们的协议在吞吐量相似的情况下,延迟开销明显更低。
链接:
https://www.computer.org/csdl/proceedings-article/sp/2025/223600a021/21B7QcFAX6M
2
Title:
Preprocessing for Life: Dishonest-Majority MPC with a Trusted or Untrusted Dealer
终身预处理:具有可信或不可信经销商的不诚实多数 MPC
Authors:
Matan Hamilis, Reichman University
Elette Boyle, NTT Research and Reichman University
Niv Gilboa, Ben-Gurion University
Yuval Ishai, Technion
Ariel Nof, Bar-Ilan University
Abstract:
We put forth a new paradigm for secure multi-party computation (MPC) in the preprocessing model, where a feasible one-time setup can enable a lifetime of efficient online secure computations. Our protocols match the security guarantees and low costs of the cheapest category of MPC solutions, namely 3-party protocols (3PC) secure against a single malicious party, with the qualitative advantages that one party communicates data sublinear in the circuit size, and can go offline after its initial messages. This "2+1"-party structure can alternatively be instantiated between 2 parties with the aid of an (untrusted) dealer. Within such existing protocols, we provide comparable online performance while improving the storage and offline dealer-to-party communication requirements by more than 3 orders of magnitude. At the technical level, we build on the Fully Linear Interactive Oracle Proof (FLIOP)-based protocol design of Boyle et al. (CRYPTO 2021). We provide an extensive assortment of algorithmic and implementation-level optimizations, design efficient distributed proofs of well-formedness of complex FLIOP correlations, and make them circuit-independent. We implement and benchmark our end-to-end system against the state of the art in the 2+1 regime, a dealer-aided variant of SPDZ for Boolean circuits. We additionally extend our techniques to the (n+1) party setting, where a dealer aids general dishonest-majority MPC, and provide a variant of the protocol which further achieves security with "identifiable abort".
我们在预处理模型中提出了一种安全多方计算 (MPC) 的新范式,其中可行的一次性设置可以实现终身高效的在线安全计算。我们的协议与最便宜的 MPC 解决方案类别(即针对单个恶意方的 3 方协议 (3PC))的安全保证和低成本相匹配,具有定性优势,即一方在电路大小上以亚线性方式传输数据,并且可以在其初始消息之后离线。这种“2+1”方结构也可以在 (不受信任的) 经销商的帮助下在两方之间实例化。在现有的此类协议中,我们提供可比的在线性能,同时将存储和离线经销商对各方的通信要求提高 3 个数量级以上。在技术层面,我们以 Boyle 等人的完全线性交互式预言机证明 (FLIOP) 协议设计为基础 (CRYPTO 2021)。我们提供各种算法和实现级优化,设计高效分布式复杂 FLIOP 相关性良好性证明,并使它们独立于电路。我们实现端到端系统,并与 2+1 机制中的最新技术进行对比,这是用于布尔电路的 SPDZ 的经销商辅助变体。我们还将我们的技术扩展到 (n+1) 方设置,其中经销商协助一般不诚实多数 MPC,并提供一种协议变体,通过“可识别中止”进一步实现安全性。
链接:
https://www.computer.org/csdl/proceedings-article/sp/2025/223600a041/21B7QuzaWyY
3
Title:
Security Perceptions of Users in Stablecoins: Advantages and Risks within the Cryptocurrency Ecosystem
稳定币用户的安全认知:加密货币生态系统中的优势与风险
Authors:
Maggie Yongqi Guan, University of Macau, China
Yaman Yu, University of Illinois at Urbana Champaign, United States
Tanusree Sharma, Pennsylvania State University, United States
Molly Zhuangtong Huang, University of Macau, China
Kaihua Qin, Yale University, United States
Yang Wang, University of Illinois at Urbana Champaign, United States
Kanye Ye Wang, University of Macau, China
Abstract:
Stablecoins, a type of cryptocurrency pegged to another asset to maintain a stable price, have become an important part of the cryptocurrency ecosystem. Prior studies have primarily focused on examining the security of stablecoins from technical and theoretical perspectives, with limited investigation into users’ risk perceptions and security behaviors in stablecoin practices. To address this research gap, we conducted a mixed-method study that included constructing a stablecoin interaction framework based on the literature, which informed the design of our interview protocol, semi-structured interviews (n=21), and Reddit data analysis (9,326 posts). We found that participants see stable value and regulatory compliance as key security advantages of stablecoins over other cryptocurrencies. However, participants also raised concerns about centralization risks in fiat-backed stablecoins, perceived challenges in crypto-backed stablecoins due to limited reliance on fully automated execution, and confusion regarding the complex mechanisms of algorithmic stablecoins. We proposed improving user education and optimizing mechanisms to address these concerns and promote the safer use of stablecoins.
稳定币是一种与另一种资产挂钩以保持稳定价格的加密货币,已成为加密货币生态系统的重要组成部分。先前的研究主要集中在从技术和理论角度研究稳定币的安全性,对用户在稳定币实践中的风险认知和安全行为的研究有限。为了弥补这一研究空白,我们进行了一项混合方法研究,包括基于文献构建稳定币交互框架,这为我们的访谈方案设计、半结构化访谈(n=21)和 Reddit 数据分析(9,326 篇帖子)提供了参考。我们发现参与者认为稳定的价值和监管合规性是稳定币相对于其他加密货币的主要安全优势。然而,参与者也对法定支持的稳定币的中心化风险、由于对全自动执行的依赖有限而对加密支持的稳定币的挑战以及对算法稳定币复杂机制的困惑表示担忧。我们建议改进用户教育并优化机制以解决这些问题并促进更安全地使用稳定币。
链接:
https://www.computer.org/csdl/proceedings-article/sp/2025/223600a042/21B7QvjJ9Ty
4
Title:
P2C2T: Preserving the Privacy of Cross-Chain Transfer
P2C2T:保护跨链转移的隐私
Authors:
Panpan Han, Xidian University, China
Zheng Yan, Xidian University, China
Laurence T. Yang, Zhengzhou University, China
Elisa Bertino, Purdue University, USA
Abstract:
Blockchain-enabled digital currency systems have typically operated in isolation, lacking necessary mechanisms for seamless interconnection. Consequently, transferring assets across distinct currency systems remains a complex challenge, with existing schemes often falling short in ensuring security, privacy, and practicality. This paper proposes P2C2T -- a privacy-preserving cross-chain transfer scheme. It is the first scheme to address atomicity, unlinkability, indistinguishability, non-collateralization, and required functionalities across diverse currency systems. P2C2T is based on \textit{threshold anonymous atomic locks} (TA2L), also proposed by us, serving as the cornerstone for guaranteeing atomic cross-chain transfer while obscuring the payment relationships between users. By combining TA2L with \textit{verifiable timed discrete logarithm} schemes, P2C2T renders cross-chain transactions indistinguishable from regular intra-chain ones. Notably, P2C2T eliminates the collateralization of senders and imposes minimal requirements on underlying blockchains, specifically on the ability to verify signatures. We substantiate the security of TA2L based on a proposed cryptographic notion called \textit{threshold blind conditional signatures} and demonstrate the security of P2C2T through necessary proofs. Additionally, we compare the performance of P2C2T with an existing scheme that has properties closest to P2C2T. The comparison reveals that P2C2T reduces overhead by at least 85.488% in terms of running time, communication cost, and storage cost when completing a cross-chain transfer. We further conduct cross-chain transfers and intra-chain payments using the Bitcoin testnet and Litecoin testnet to illustrate the privacy and practicality of P2C2T.
基于区块链的数字货币系统通常孤立运行,缺乏无缝互连的必要机制。因此,跨不同货币系统转移资产仍然是一项复杂的挑战,现有方案往往无法确保安全性、隐私性和实用性。本文提出了 P2C2T——一种保护隐私的跨链转移方案。它是第一个解决原子性、不可链接性、不可区分性、非抵押性和跨不同货币系统所需功能的方案。P2C2T 基于我们提出的 \textit{阈值匿名原子锁} (TA2L),它是保证原子跨链转移的基石,同时模煳了用户之间的支付关系。通过将 TA2L 与 \textit{可验证时间离散对数} 方案相结合,P2C2T 使跨链交易与常规链内交易无法区分。值得注意的是,P2C2T 消除了发送者的抵押,并对底层区块链施加了最低要求,特别是对验证签名的能力。我们基于一个称为 \textit{阈值盲条件签名} 的拟议加密概念证实了 TA2L 的安全性,并通过必要的证明证明了 P2C2T 的安全性。此外,我们将 P2C2T 的性能与具有最接近 P2C2T 属性的现有方案进行了比较。比较表明,在完成跨链转移时,P2C2T 在运行时间、通信成本和存储成本方面至少减少了 85.488% 的开销。我们进一步使用比特币测试网和莱特币测试网进行跨链转移和链内支付,以说明 P2C2T 的隐私性和实用性。
链接:
https://www.computer.org/csdl/proceedings-article/sp/2025/223600a051/21B7QYE5x8Q