Conference:The Network and Distributed System Security (NDSS)
CCF level:CCF A
Categories:network and information security
Year:2025
Conference time: 24 to 28 February 2025 in San Diego, California.
9
Title:
Dissecting Payload-based Transaction Phishing on Ethereum
剖析以太坊上基于有效负载的交易钓鱼
Authors:
Zhuo Chen (Zhejiang University), Yufeng Hu (Zhejiang University), Bowen He (Zhejiang University), Dong Luo (Zhejiang University), Lei Wu (Zhejiang University), Yajin Zhou (Zhejiang University)
Abstract:
In recent years, a more advanced form of phishing has arisen on Ethereum, surpassing early-stage, simple transaction phishing. This new form, which we refer to as payload-based transaction phishing (PTXPHISH), manipulates smart contract interactions through the execution of malicious payloads to deceive users. PTXPHISH has rapidly emerged as a significant threat, leading to incidents that caused losses exceeding $70 million in 2023 reports. Despite its substantial impact, no previous studies have systematically explored PTXPHISH.
In this paper, we present the first comprehensive study of the PTXPHISH on Ethereum. Firstly, we conduct a long-term data collection and put considerable effort into establishing the first ground-truth PTXPHISH dataset, consisting of 5,000 phishing transactions. Based on the dataset, we dissect PTXPHISH, categorizing phishing tactics into four primary categories and eleven sub-categories. Secondly, we propose a rule-based multi-dimensional detection approach to identify PTXPHISH, achieving an F1-score of over 99% and processing each block in an average of 390 ms. Finally, we conduct a large-scale detection spanning 300 days and discover a total of 130,637 phishing transactions on Ethereum, resulting in losses exceeding $341.9 million. Our in-depth analysis of these phishing transactions yielded valuable and insightful findings. Scammers consume approximately 13.4 ETH daily, which accounts for 12.5% of the total Ethereum gas, to propagate address poisoning scams. Additionally, our analysis reveals patterns in the cash-out process employed by phishing scammers, and we find that the top five phishing organizations are responsible for 40.7% of all losses.
Furthermore, our work has made significant contributions to mitigating real-world threats. We have reported 1,726 phishing addresses to the community, accounting for 42.7% of total community contributions during the same period. Additionally, we have sent 2,539 on-chain alert messages, assisting 1,980 victims. This research serves as a valuable reference in combating the emerging PTXPHISH and safeguarding users’ assets.
近年来,以太坊上出现了一种更先进的网络钓鱼形式,超越了早期的简单交易网络钓鱼。这种新形式,我们称之为基于有效负载的交易网络钓鱼 (PTXPHISH),通过执行恶意有效负载来操纵智能合约交互以欺骗用户。PTXPHISH 迅速成为一种重大威胁,导致 2023 年报告的损失超过 7000 万美元的事件。尽管其影响巨大,但之前的研究尚未系统地探索过 PTXPHISH。
在本文中,我们首次全面研究了以太坊上的 PTXPHISH。首先,我们进行了长期数据收集,并付出了相当大的努力来建立第一个真实的 PTXPHISH 数据集,该数据集包含 5,000 笔网络钓鱼交易。基于数据集,我们剖析了 PTXPHISH,将网络钓鱼策略分为四个主要类别和十一个子类别。其次,我们提出了一种基于规则的多维检测方法来识别 PTXPHISH,F1 得分超过 99%,平均每个块处理时间为 390 毫秒。最后,我们进行了为期 300 天的大规模检测,发现以太坊上共有 130,637 笔钓鱼交易,损失超过 3.419 亿美元。我们对这些钓鱼交易的深入分析产生了有价值且富有洞察力的发现。诈骗者每天消耗大约 13.4 ETH,占以太坊总 gas 的 12.5%,用于传播地址投毒骗局。此外,我们的分析揭示了钓鱼诈骗者使用的套现流程中的模式,我们发现前五大钓鱼组织造成了 40.7% 的所有损失。
此外,我们的工作为减轻现实世界的威胁做出了重大贡献。我们向社区报告了 1726 个钓鱼地址,占同期社区贡献总量的 42.7%,并发送链上预警信息 2539 条,帮助受害者 1980 人次,这项研究对打击新兴 PTXPHISH 和保护用户资产具有重要的参考价值。
Pdf下载链接:
https://www.ndss-symposium.org/wp-content/uploads/2025-549-paper.pdf
10
Title:
MTZK: Testing and Exploring Bugs in Zero-Knowledge (ZK) Compilers
MTZK:测试和探索零知识 (ZK) 编译器中的错误
Authors:
Xuanji Meng (Tsinghua University), Xiao Sui (Shandong University), Zhaoxin Yang (Tsinghua University), Kang Rong (Blockchain Platform Division,Ant Group), Wenbo Xu (Blockchain Platform Division,Ant Group), Shenglong Chen (Blockchain Platform Division,Ant Group), Ying Yan (Blockchain Platform Division,Ant Group), Sisi Duan (Tsinghua University)
Abstract:
Zero-knowledge (ZK) proofs have been increasingly popular in privacy-preserving applications and blockchain systems. To facilitate handy and efficient ZK proof generation for normal users, the industry has designed domain-specific languages (DSLs) and ZK compilers. Given a program in ZK DSL, a ZK compiler compiles it into a circuit, which is then passed to the prover and verifier for ZK checking. However, the correctness of ZK compilers is not well studied, and recent works have shown that de facto ZK compilers are buggy, which can allow malicious users to generate invalid proofs that are accepted by the verifier, causing security breaches and financial losses in cryptocurrency.
In this paper, we propose MTZK, a metamorphic testing framework to test ZK compilers and uncover incorrect compilations. Our approach leverages deliberately designed metamorphic relations (MRs) to mutate ZK compiler inputs. This way, ZK compilers can be automatically tested for compilation correctness using inputs and mutated variants. We propose a set of design considerations and optimizations to deliver an efficient and effective testing framework. In the evaluation of four industrial ZK compilers, we successfully uncovered 21 bugs, out of which the developers have promptly patched 15. We also show possible exploitations of the uncovered bugs to demonstrate their severe security implications.
零知识 (ZK) 证明在隐私保护应用程序和区块链系统中越来越受欢迎。为了方便普通用户方便高效地生成 ZK 证明,业界设计了领域特定语言 (DSL) 和 ZK 编译器。给定一个 ZK DSL 中的程序,ZK 编译器会将其编译成电路,然后传递给证明者和验证者进行 ZK 检查。然而,ZK 编译器的正确性尚未得到很好的研究,最近的研究表明,事实上的 ZK 编译器存在缺陷,这可能允许恶意用户生成验证者接受的无效证明,从而导致加密货币的安全漏洞和财务损失。
在本文中,我们提出了 MTZK,这是一个变形测试框架,用于测试 ZK 编译器并发现不正确的编译。我们的方法利用精心设计的变形关系 (MR) 来变异 ZK 编译器输入。这样,就可以使用输入和变异变体自动测试 ZK 编译器的编译正确性。我们提出了一系列设计考虑和优化措施,以提供高效且有效的测试框架。在对四个工业 ZK 编译器的评估中,我们成功发现了 21 个错误,其中开发人员已及时修复了 15 个。我们还展示了对发现的错误可能利用的漏洞,以证明它们具有严重的安全隐患。
Pdf下载链接:
https://www.ndss-symposium.org/wp-content/uploads/2025-549-paper.pdf
11
Title:
Siniel: Distributed Privacy-Preserving zkSNARK
Siniel:分布式隐私保护 zkSNARK
Authors:
Yunbo Yang (The State Key Laboratory of Blockchain and Data Security, Zhejiang University), Yuejia Cheng (Shanghai DeCareer Consulting Co., Ltd), Kailun Wang (Beijing Jiaotong University), Xiaoguo Li (College of Computer Science, Chongqing University), Jianfei Sun (School of Computing and Information Systems, Singapore Management University), Jiachen Shen (Shanghai Key Laboratory of Trustworthy Computing, East China Normal University), Xiaolei Dong (Shanghai Key Laboratory of Trustworthy Computing, East China Normal University), Zhenfu Cao (Shanghai Key Laboratory of Trustworthy Computing, East China Normal University), Guomin Yang (School of Computing and Information Systems, Singapore Management University), Robert H. Deng (School of Computing and Information Systems, Singapore Management University)
Abstract:
Zero-knowledge Succinct Non-interactive Argument of Knowledge (zkSNARK) is a powerful cryptographic primitive, in which a prover convinces a verifier that a given statement is true without leaking any additional information. However, existing zkSNARKs suffer from high computation overhead in the proof generation. This limits the applications of zkSNARKs, such as private payments, private smart contracts, and anonymous credentials. Private delegation has become a prominent way to accelerate proof generation.
In this work, we propose Siniel, an efficient private delegation framework for zkSNARKs constructed from polynomial interactive oracle proof (PIOP) and polynomial commitment scheme (PCS). Our protocol allows a computationally limited prover (a.k.a. delegator) to delegate its expensive prover computation to several workers without leaking any information about the private witness. Most importantly, compared with the recent work EOS (USENIX'23), the state-of-the-art zkSNARK prover delegation framework, a prover in Siniel needs not to engage in the MPC protocol after sending its shares of private witness. This means that a Siniel prover can outsource the entire computation to the workers.
We compare Siniel with EOS and show significant performance advantages of the former. The experimental results show that, under low bandwidth conditions (10MBps), Siniel saves about 16% time for delegators than that of EOS, whereas under high bandwidth conditions (1000MBps), Siniel saves about 80% than EOS.
零知识简洁非交互式知识论证 (zkSNARK) 是一种强大的加密原语,其中证明者说服验证者给定的陈述是真实的,而不会泄露任何其他信息。然而,现有的 zkSNARK 在证明生成中存在高计算开销。这限制了 zkSNARK 的应用,例如私人支付、私人智能合约和匿名凭证。私人委托已成为加速证明生成的一种重要方式。
在这项工作中,我们提出了 Siniel,这是一种高效的 zkSNARK 私人委托框架,由多项式交互式预言机证明 (PIOP) 和多项式承诺方案 (PCS) 构建。我们的协议允许计算受限的证明者(又名委托人)将其昂贵的证明者计算委托给多个工作者,而不会泄露有关私人证人的任何信息。最重要的是,与最新的 zkSNARK 证明者委托框架 EOS (USENIX'23) 相比,Siniel 中的证明者在发送其私人见证份额后无需参与 MPC 协议。这意味着 Siniel 证明者可以将整个计算外包给工作者。
我们将 Siniel 与 EOS 进行了比较,并展示了前者的显著性能优势。实验结果表明,在低带宽条件下 (10MBps),Siniel 比 EOS 为委托人节省了约 16% 的时间,而在高带宽条件下 (1000MBps),Siniel 比 EOS 节省了约 80%。
Pdf下载链接:
https://www.ndss-symposium.org/wp-content/uploads/2025-152-paper.pdf
12
Title:
Rondo: Scalable and Reconfiguration-Friendly Randomness Beacon
Rondo:可扩展且易于重新配置的随机性信标
Authors:
Xuanji Meng (Tsinghua University), Xiao Sui (Shandong University), Zhaoxin Yang (Tsinghua University), Kang Rong (Blockchain Platform Division,Ant Group), Wenbo Xu (Blockchain Platform Division,Ant Group), Shenglong Chen (Blockchain Platform Division,Ant Group), Ying Yan (Blockchain Platform Division,Ant Group), Sisi Duan (Tsinghua University)
Abstract:
We present Rondo, a scalable and reconfiguration-friendly distributed randomness beacon (DRB) protocol in the partially synchronous model. Rondo is the first DRB protocol that is built from batched asynchronous verifiable secret sharing (bAVSS) and meanwhile avoids the high $O(n^3)$ message cost, where $n$ is the number of nodes. Our key contribution lies in the introduction of a new variant of bAVSS called batched asynchronous verifiable secret sharing with partial output (bAVSS-PO). bAVSS-PO is a weaker primitive than bAVSS but allows us to build a secure and more scalable DRB protocol. We propose a bAVSS-PO protocol Breeze. Breeze achieves the optimal $O(n)$ messages for the sharing stage and allows Rondo to offer better scalability than prior DRB protocols.
Additionally, to support the reconfiguration, we introduce Rondo-BFT, a dynamic and partially synchronous Byzantine fault-tolerant protocol inspired by Dyno (S&P 2022). Unlike Dyno, Rondo-BFT provides a communication pattern that generates randomness beacon output periodically, making it well-suited for DRB applications.
We implement our protocols and evaluate the performance on Amazon EC2 using up to 91 instances. Our evaluation results show that Rondo achieves higher throughput than existing works and meanwhile offers better scalability, where the performance does not degrade as significantly as $n$ grows.
我们提出了 Rondo,一种可扩展且易于重新配置的部分同步模型分布式随机信标 (DRB) 协议。Rondo 是第一个基于批量异步可验证秘密共享 (bAVSS) 构建的 DRB 协议,同时避免了高昂的 $O(n^3)$ 消息成本,其中 $n$ 是节点数。我们的主要贡献在于引入了一种新的 bAVSS 变体,称为具有部分输出的批量异步可验证秘密共享 (bAVSS-PO)。bAVSS-PO 比 bAVSS 更弱,但允许我们构建一个安全且更具可扩展性的 DRB 协议。我们提出了一种 bAVSS-PO 协议 Breeze。Breeze 为共享阶段实现了最佳的 $O(n)$ 消息,并使 Rondo 比以前的 DRB 协议提供更好的可扩展性。
此外,为了支持重新配置,我们引入了 Rondo-BFT,这是一种受 Dyno (S&P 2022) 启发的动态和部分同步拜占庭容错协议。与 Dyno 不同,Rondo-BFT 提供了一种定期生成随机信标输出的通信模式,使其非常适合 DRB 应用程序。
我们实施了我们的协议,并使用多达 91 个实例在 Amazon EC2 上评估性能。我们的评估结果表明,Rondo 实现了比现有方法更高的吞吐量,同时提供了更好的可扩展性,性能不会随着 $n$ 的增长而显著下降。
Pdf下载链接:
https://www.ndss-symposium.org/wp-content/uploads/2025-549-paper.pdf