Presentation is loading. Please wait.

Presentation is loading. Please wait.

Scalable and Privacy-preserving Design of On/Off-chain Smart Contracts

Published byAlannah Hensley Modified over 5 years ago

Similar presentations

Presentation on theme: "Scalable and Privacy-preserving Design of On/Off-chain Smart Contracts"— Presentation transcript:

1 Scalable and Privacy-preserving Design of On/Off-chain Smart Contracts
Chao Li, Balaji Palanisamy, Runhua Xu School of Computing and Information University of Pittsburgh

2 Introduction Background On/off-chain smart contracts Enforcing off-chain contracts Implementation Conclusion

3 1st generation - value transfer 2nd generation - smart contracts
Blockchains in Industry 1st generation - value transfer 2nd generation - smart contracts By 12/2018, there have been 2068 different cryptocurrencies listed in CoinMarketCap.com with a total market cap over 121 billion USD. Source:

4 blockchain Blockchains in Academia Functionality Scalability Privacy
Security Efficiency Source: Decentralization

5 Blockchains: the 1st generation
new package In the network, users can issue transactions to transfer cryptocurrency Blockchain users form a P2P network enabling broadcast of messages Through consensus protocols, users are randomly selected to pack transactions as blocks and append new blocks to the blockchain.

6 Ethereum: the 2nd generation
Alice wants her 1 Ether to be transferred to Bob after a specific time. Alice ′ s transaction Alice ′ s contract { from: Alice’s address to: N/A data: bytecode of new contract value: 1 ether } 𝑓𝑢𝑛𝑐𝑡𝑖𝑜𝑛 𝑤𝑖𝑡ℎ𝑑𝑟𝑎𝑤 𝑝𝑢𝑏𝑙𝑖𝑐 { require(msg.sender == Bob’s address); require(now > a specific time); msg.sender.transfer(1 ether); } Bob ′ s transaction { from: Bob’s address to: address of Alice’s contract data: bytecode of function call value: 0 } Bob ′ s function call 𝑏𝑦𝑡𝑒4(ℎ𝑎𝑠ℎ(𝑤𝑖𝑡ℎ𝑑𝑟𝑎𝑤()))

7 Ethereum: scalability
5,000,000 2,199,000 2,461,000 block 1,871,000 1,134,000 2,461,000 1,230,000 1,134,000 2,199,000 1,230,000 1,871,000 Transaction pool

8 12,290,000 390,000 reduce by 97% Ethereum: scalability
contract example { function A {} function C {} } contract example { function A {} function B {} function C {} function D {} function E {} } x3 50,000 x5 800,000 12,290,000 x8 30,000 x4 1,100,000 x5 390,000 700,000 reduce by 97% function B {} function D {} function E {}

9 Ethereum: privacy contract example { function A {} function B {} }
private function B {} private function C {} public function D {} private function E {} public function A {} function B {} function D {}

10 Our solution: On/off-chain smart contracts
We broadly classify functions of smart contracts into two categories based on the computing resources spent for executing them and the sensitive information carried by them: heavy/private functions involving high-cost calculation or sensitive information; light/public functions involving none of these features.

11 Our solution: On/off-chain smart contracts
f2: heavy/private f1: light/public f3: light/public f5: light/public miners participants a smart contract f4: heavy/private f6: heavy/private all-on-chain hybrid-on/off-chain state change example S1 S2 S3 S4 S5 f5 f3 f2 f4 participants miners all-on hybrid-on/off

12 Enforcing off-chain contracts
Split & generate Deploy & sign Submit & challenge Dispute & resolve Split & generate on-chain contract Before any on-chain activity, the original contract is first split to two parts that package light/public functions and heavy/private functions, respectively. We need to pad each group of functions with a few extra functions prepared for a dispute. After padding, we have already generated an on-chain contract as well as another off-chain contract from the whole contract. original contract light public light public extra heavy private heavy private extra off-chain contract

13 Enforcing off-chain contracts
Deploy & sign on-chain contract The on-chain contract can then be deployed by any participant to the blockchain. The off-chain contract needs to be converted into bytecode to be signed by all the participants. Each participant must obtain a copy of the off-chain contract with signatures from all the participants before any interaction with the deployed on-chain contract can take place. original contract light public light public extra heavy private heavy private bytecode extra signatures off-chain contract signed copy

14 Enforcing off-chain contracts
Submit & challenge on-chain contract There will be a challenge period after a representative of the participants have submitted the result. During the challenge period, all other participants can challenge the result with the signed copy of the off-chain contract. If the representative is honest, there will be no need to challenge the submitted result. original contract light public heavy private light public extra heavy private heavy private bytecode extra signatures off-chain contract signed copy

15 Enforcing off-chain contracts
Dispute & resolve on-chain contract verified instance To resolve a dispute, during the challenge period, any honest participant can submit the signed copy to the on-chain contract. An extra function padded to the on-chain contract during the split/generate stage will be called to verify the signed copy through signatures and create a verified on-chain instance. original contract light public heavy private create light public extra extra dispute heavy private heavy private bytecode extra signatures off-chain contract signed copy

16 Enforcing off-chain contracts
Dispute & resolve on-chain contract verified instance A participant can then invoke the heavy/private functions within the verified instance to make them be executed by the miners. Then, an extra function padded to the off-chain contract will be invoked to send the true result back to the on-chain contract. Another extra function padded to the on-chain contract will receive the true result, enforce the dispute resolution and penalize the dishonest participant. original contract light public heavy private create light public extra extra enforce dispute heavy private heavy private bytecode extra signatures off-chain contract signed copy

17 Implementation

18 Implementation

19 Conclusion In this paper, we propose a general hybrid-on/off-chain execution model of smart contracts, which separates the heavy/private functions of a smart contract from the light/public ones to form an off-chain contract and enables the off-chain contract to be executed only by the interested participants. To handle disputes caused by any dishonest participants, we propose a mechanism that allows any honest participant to reveal a signed copy of the off-chain contract so that a verified instance can be created to make miners enforce the true execution result. Our implementation and evaluation of the proposed approach using an example smart contract demonstrate the effectiveness of the proposed approach of using on/off-chain contracts in Ethereum.

20 Thanks, Q&A

Download ppt "Scalable and Privacy-preserving Design of On/Off-chain Smart Contracts"

Similar presentations

Secure Multiparty Computations on Bitcoin

Secure Multiparty Computations on Bitcoin
Digital Signatures and Hash Functions. Digital Signatures.

Digital Signatures and Hash Functions. Digital Signatures.
Recoverable and Untraceable E-Cash Dr. Joseph K. Liu The Chinese University of HongKong.

Recoverable and Untraceable E-Cash Dr. Joseph K. Liu The Chinese University of HongKong.
Lect. 18: Cryptographic Protocols. 2 1.Cryptographic Protocols 2.Special Signatures 3.Secret Sharing and Threshold Cryptography 4.Zero-knowledge Proofs.

Lect. 18: Cryptographic Protocols. 2 1.Cryptographic Protocols 2.Special Signatures 3.Secret Sharing and Threshold Cryptography 4.Zero-knowledge Proofs.
UN Economic Commission for Europe 23rd UN/CEFACT FORUM 7-11 April 2014 23rd UN/CEFACT FORUM – Geneva Tahseen A. Khan Project Proposal : Trusted Third Party.

UN Economic Commission for Europe 23rd UN/CEFACT FORUM 7-11 April rd UN/CEFACT FORUM – Geneva Tahseen A. Khan Project Proposal : Trusted Third Party.
Secure Electronic Transactions (SET). SET SET is an encryption and security specification designed to protect credit card transactions on the Internet.

Secure Electronic Transactions (SET). SET SET is an encryption and security specification designed to protect credit card transactions on the Internet.
Digital Cash By Gaurav Shetty. Agenda Introduction. Introduction. Working. Working. Desired Properties. Desired Properties. Protocols for Digital Cash.

Digital Cash By Gaurav Shetty. Agenda Introduction. Introduction. Working. Working. Desired Properties. Desired Properties. Protocols for Digital Cash.
Bitcoin (what, why and how?)

Bitcoin (what, why and how?)
4 th lecture.  Message to be encrypted: HELLO  Key: XMCKL H E L L O message 7 (H) 4 (E) 11 (L) 11 (L) 14 (O) message + 23 (X) 12 (M) 2 (C) 10 (K) 11.

4 th lecture.  Message to be encrypted: HELLO  Key: XMCKL H E L L O message 7 (H) 4 (E) 11 (L) 11 (L) 14 (O) message + 23 (X) 12 (M) 2 (C) 10 (K) 11.
1 Bitcoin A Digital Currency. Functions of Money.

1 Bitcoin A Digital Currency. Functions of Money.
Presented by: Suparita Parakarn 50-7038-103-2 Kinzang Wangdi 51-7018-007-8 Research Report Presentation Computer Network Security.

Presented by: Suparita Parakarn Kinzang Wangdi Research Report Presentation Computer Network Security.
Blockchain The Ethereum World Computer – Individual Empowerment or the first step to even more information control?

Blockchain The Ethereum World Computer – Individual Empowerment or the first step to even more information control?
Pairing Based Cryptography Standards Terence Spies VP Engineering Voltage Security

Pairing Based Cryptography Standards Terence Spies VP Engineering Voltage Security
SCP: A Computationally Scalable Byzantine Consensus Protocol for Blockchains Loi Luu, Viswesh Narayanan, Kunal Baweja, Chaodong Zheng, Seth Gilbert, Prateek.

SCP: A Computationally Scalable Byzantine Consensus Protocol for Blockchains Loi Luu, Viswesh Narayanan, Kunal Baweja, Chaodong Zheng, Seth Gilbert, Prateek.
IT 221: Introduction to Information Security Principles Lecture 5: Message Authentications, Hash Functions and Hash/Mac Algorithms For Educational Purposes.

IT 221: Introduction to Information Security Principles Lecture 5: Message Authentications, Hash Functions and Hash/Mac Algorithms For Educational Purposes.
 5.1 Zero-Knowledge Proofs  5.2 Zero-Knowledge Proofs of Identity  5.3 Identity-Based Public-Key Cryptography  5.4 Oblivious Transfer  5.5 Oblivious.

 5.1 Zero-Knowledge Proofs  5.2 Zero-Knowledge Proofs of Identity  5.3 Identity-Based Public-Key Cryptography  5.4 Oblivious Transfer  5.5 Oblivious.
1 SFS: Secure File Sharing For Dynamic Groups In Cloud Shruthi Suresh M-tech CSE RCET.

1 SFS: Secure File Sharing For Dynamic Groups In Cloud Shruthi Suresh M-tech CSE RCET.
© 2016 consensys.net Intro to The Blockchain. © 2016 consensys.net.

© 2016 consensys.net Intro to The Blockchain. © 2016 consensys.net.
When BPM meets Blockchain

When BPM meets Blockchain
Challenges in Designing a Blockchain Platform

Challenges in Designing a Blockchain Platform

Similar presentations

Ads by Google