Nothing Special   »   [go: up one dir, main page]
Skip to main content
Springer Nature Link
Log in

FairBlock: Preventing Blockchain Front-Running with Minimal Overheads

  • Conference paper
  • First Online:
Security and Privacy in Communication Networks (SecureComm 2022)

  • 1960 Accesses

Abstract

While blockchain systems are quickly gaining popularity, front-running remains a major obstacle to fair exchange. In this paper, we show how to apply identity-based encryption (IBE) to prevent front-running with minimal bandwidth overheads. In our approach, to decrypt a block of N transactions, the number of messages sent across the network only grows linearly with the size of decrypting committees, S. That is, to decrypt a set of N transactions sequenced at a specific block, a committee only needs to exchange S decryption shares (independent of N). In comparison, previous solutions are based on threshold decryption schemes, where each transaction in a block must be decrypted separately by the committee, resulting in bandwidth overhead of \(N \times S\). Along the way, we present a model for fair block processing and build a prototype implementation. We show that on a sample of 1000 messages with 1000 validators our system saves 42.53 MB of bandwidth which is 99.6% less compared with the standard threshold decryption paradigm.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 99.00
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 129.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

Notes

  1. 1.

    https://github.com/pememoni/FairBlock-SC.

  2. 2.

    https://github.com/pememoni/FairBlock.

References

  1. Adams, H., Zinsmeister, N., Salem, M., Keefer, R., Robinson, D.: Uniswap v3 core. Technical report, Uniswap (2021)

    Google Scholar 

  2. Asayag, A., et al.: A fair consensus protocol for transaction ordering. In: 2018 IEEE 26th International Conference on Network Protocols (ICNP), pp. 55–65 (2018). https://doi.org/10.1109/ICNP.2018.00016

  3. Auer, R., Frost, J., Vidal Pastor, J.M.: Miners as intermediaries: extractable value and market manipulation in crypto and DeFi. https://www.bis.org/publ/bisbull58.htm. Accessed 07 July 2022

  4. Avalanche whitepaper. https://www.avalabs.org/whitepapers. Accessed 12 Mar 2021

  5. Bartoletti, M., Chiang, J.H.Y., Lluch-Lafuente, A.: Maximizing extractable value from automated market makers. arXiv preprint arXiv:2106.01870 (2021)

  6. Bojja Venkatakrishnan, S., Fanti, G., Viswanath, P.: Dandelion: redesigning the bitcoin network for anonymity. Proc. ACM Meas. Anal. Comput. Syst. 1(1) (2017). https://doi.org/10.1145/3084459

  7. Boneh, D., Bonneau, J., Bünz, B., Fisch, B.: Verifiable delay functions. In: Shacham, H., Boldyreva, A. (eds.) CRYPTO 2018. LNCS, vol. 10991, pp. 757–788. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-96884-1_25

    Chapter  Google Scholar 

  8. Boneh, D., Boyen, X.: Efficient selective-ID secure identity-based encryption without random oracles. In: Cachin, C., Camenisch, J.L. (eds.) EUROCRYPT 2004. LNCS, vol. 3027, pp. 223–238. Springer, Heidelberg (2004). https://doi.org/10.1007/978-3-540-24676-3_14

    Chapter  Google Scholar 

  9. Boneh, D., Franklin, M.: Identity-based encryption from the Weil pairing. In: Kilian, J. (ed.) CRYPTO 2001. LNCS, vol. 2139, pp. 213–229. Springer, Heidelberg (2001). https://doi.org/10.1007/3-540-44647-8_13

    Chapter  Google Scholar 

  10. Boyen, X.: A tapestry of identity-based encryption: practical frameworks compared. Int. J. Appl. Crypt. 1(1), 3–21 (2008)

    Article  MathSciNet  MATH  Google Scholar 

  11. Brassard, G., Chaum, D., Crépeau, C.: Minimum disclosure proofs of knowledge. J. Comput. Syst. Sci. 37(2), 156–189 (1988)

    Article  MathSciNet  MATH  Google Scholar 

  12. Breidenbach, L., Daian, P., Tramèr, F., Juels, A.: Enter the hydra: towards principled bug bounties and exploit-resistant smart contracts. Cryptology ePrint Archive, Report 2017/1090 (2017)

    Google Scholar 

  13. Buchman, E., Kwon, J., Milosevic, Z.: The latest gossip on BFT consensus. arXiv preprint arXiv:1807.04938 (2018)

  14. Bünz, B., Agrawal, S., Zamani, M., Boneh, D.: Zether: towards privacy in a smart contract world. In: Bonneau, J., Heninger, N. (eds.) FC 2020. LNCS, vol. 12059, pp. 423–443. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-51280-4_23

    Chapter  Google Scholar 

  15. Cachin, C., Kursawe, K., Petzold, F., Shoup, V.: Secure and efficient asynchronous broadcast protocols. In: Kilian, J. (ed.) CRYPTO 2001. LNCS, vol. 2139, pp. 524–541. Springer, Heidelberg (2001). https://doi.org/10.1007/3-540-44647-8_31

    Chapter  Google Scholar 

  16. ChaCha20 and Poly1305 for IETF protocols. https://www.rfc-editor.org/rfc/rfc7539.txt. Accessed 04 Mar 2022

  17. Chainlink 2.0 and the future of decentralized oracle networks | chainlink (2021). https://chain.link/whitepaper

  18. Cline, D., Dryja, T., Narula, N.: Clockwork: an exchange protocol for proofs of non front-running (2020)

    Google Scholar 

  19. Cocks, C.: An identity based encryption scheme based on quadratic residues. In: Honary, B. (ed.) Cryptography and Coding 2001. LNCS, vol. 2260, pp. 360–363. Springer, Heidelberg (2001). https://doi.org/10.1007/3-540-45325-3_32

    Chapter  Google Scholar 

  20. Cosmos: The internet of blockchains. https://cosmos.network/. Accessed 18 Mar 2022

  21. Abci++. https://github.com/tendermint/spec/blob/master/rfc/004-abci++.md. Accessed 04 Mar 2022

  22. Cosmos sdk - cosmos network. https://v1.cosmos.network/sdk. Accessed 26 Mar 2022

  23. CoW Swap - meta DEX aggregator. https://cowswap.exchange/. 12 Mar 2021

  24. Daian, P., et al.: Flash boys 2.0: frontrunning, transaction reordering, and consensus instability in decentralized exchanges. arXiv preprint arXiv:1904.05234 (2019)

  25. Dao | aragon. https://aragon.org/dao. Accessed 04 Jan 2022

  26. Dixit, P., Gupta, A.K., Trivedi, M.C., Yadav, V.K.: Traditional and hybrid encryption techniques: a survey. In: Perez, G.M., Mishra, K.K., Tiwari, S., Trivedi, M.C. (eds.) Networking Communication and Data Knowledge Engineering. LNDECT, vol. 4, pp. 239–248. Springer, Singapore (2018). https://doi.org/10.1007/978-981-10-4600-1_22

    Chapter  Google Scholar 

  27. Doweck, Y., Eyal, I.: Multi-party timed commitments (2020)

    Google Scholar 

  28. Duan, S., Reiter, M.K., Zhang, H.: Secure causal atomic broadcast, revisited. In: 2017 47th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN), pp. 61–72 (2017). https://doi.org/10.1109/DSN.2017.64

  29. Eskandari, S., Moosavi, S., Clark, J.: SoK: transparent dishonesty: front-running attacks on blockchain. In: Bracciali, A., Clark, J., Pintore, F., Rønne, P.B., Sala, M. (eds.) FC 2019. LNCS, vol. 11599, pp. 170–189. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-43725-1_13

    Chapter  Google Scholar 

  30. Ethereum upgrades. https://ethereum.org/en/upgrades/. Accessed 18 Mar 2022

  31. Feldman, P.: A practical scheme for non-interactive verifiable secret sharing. In: 28th Annual Symposium on Foundations of Computer Science (SFCS 1987), pp. 427–438 (1987). https://doi.org/10.1109/SFCS.1987.4

  32. Ferveo. https://anoma.network/blog/ferveo-a-distributed-key-generation-scheme-for-front-running-protection/. Accessed 12 Mar 2021

  33. Gennaro, R., Jarecki, S., Krawczyk, H., Rabin, T.: Secure distributed key generation for discrete-log based cryptosystems. J. Cryptol. 20(1), 51–83 (2007)

    Article  MathSciNet  MATH  Google Scholar 

  34. Groth, J.: Non-interactive distributed key generation and key resharing. Cryptology ePrint Archive, Report 2021/339 (2021)

    Google Scholar 

  35. Gurkan, K., Jovanovic, P., Maller, M., Meiklejohn, S., Stern, G., Tomescu, A.: Aggregatable distributed key generation. In: Canteaut, A., Standaert, F.-X. (eds.) EUROCRYPT 2021. LNCS, vol. 12696, pp. 147–176. Springer, Cham (2021). https://doi.org/10.1007/978-3-030-77870-5_6

    Chapter  Google Scholar 

  36. Halevi, S.: Efficient commitment schemes with bounded sender and unbounded receiver. In: Coppersmith, D. (ed.) CRYPTO 1995. LNCS, vol. 963, pp. 84–96. Springer, Heidelberg (1995). https://doi.org/10.1007/3-540-44750-4_7

    Chapter  Google Scholar 

  37. Halevi, S., Micali, S.: Practical and provably-secure commitment schemes from collision-free hashing. In: Koblitz, N. (ed.) CRYPTO 1996. LNCS, vol. 1109, pp. 201–215. Springer, Heidelberg (1996). https://doi.org/10.1007/3-540-68697-5_16

    Chapter  Google Scholar 

  38. Kate, A., Goldberg, I.: Distributed private-key generators for identity-based cryptography. In: Garay, J.A., De Prisco, R. (eds.) SCN 2010. LNCS, vol. 6280, pp. 436–453. Springer, Heidelberg (2010). https://doi.org/10.1007/978-3-642-15317-4_27

    Chapter  MATH  Google Scholar 

  39. Kelkar, M., Zhang, F., Goldfeder, S., Juels, A.: Order-fairness for byzantine consensus. In: Micciancio, D., Ristenpart, T. (eds.) CRYPTO 2020. LNCS, vol. 12172, pp. 451–480. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-56877-1_16

    Chapter  Google Scholar 

  40. Khalil, R., Gervais, A., Felley, G.: TEX - a securely scalable trustless exchange. IACR Cryptology ePrint Archive, p. 265 (2019)

    Google Scholar 

  41. Libert, B., Quisquater, J.-J.: Identity based encryption without redundancy. In: Ioannidis, J., Keromytis, A., Yung, M. (eds.) ACNS 2005. LNCS, vol. 3531, pp. 285–300. Springer, Heidelberg (2005). https://doi.org/10.1007/11496137_20

    Chapter  Google Scholar 

  42. Mev-Explore. https://explore.flashbots.net/. Accessed 12 Mar 2021

  43. Naor, M.: Bit commitment using pseudorandomness. J. Cryptol. 4(2), 151–158 (1991). https://doi.org/10.1007/BF00196774

    Article  MathSciNet  MATH  Google Scholar 

  44. Secret Network: Secret markets: front running prevention for automated market makers. https://scrt.network/blog/secret-markets-front-running-prevention. Accessed 22 June 2022

  45. Noether, S.: Ring signature confidential transactions for monero. IACR Cryptology ePrint Archive, p. 1098 (2015)

    Google Scholar 

  46. Obadia, A., Salles, A., Sankar, L., Chitra, T., Chellani, V., Daian, P.: Unity is strength: a formalization of cross-domain maximal extractable value (2021)

    Google Scholar 

  47. Pedersen, T.P.: Non-interactive and information-theoretic secure verifiable secret sharing. In: Feigenbaum, J. (ed.) CRYPTO 1991. LNCS, vol. 576, pp. 129–140. Springer, Heidelberg (1992). https://doi.org/10.1007/3-540-46766-1_9

    Chapter  Google Scholar 

  48. Pedersen, T.P.: A threshold cryptosystem without a trusted party. In: Davies, D.W. (ed.) EUROCRYPT 1991. LNCS, vol. 547, pp. 522–526. Springer, Heidelberg (1991). https://doi.org/10.1007/3-540-46416-6_47

    Chapter  Google Scholar 

  49. Protocol, V.: Blockchain derivatives. https://vega.xyz/. Accessed 22 June 2022

  50. Qin, K., Zhou, L., Gervais, A.: Quantifying blockchain extractable value: how dark is the forest? (2021)

    Google Scholar 

  51. Reiter, M.K., Birman, K.P.: How to securely replicate services. ACM Trans. Programm. Lang. Syst. (TOPLAS) 16(3), 986–1009 (1994)

    Article  Google Scholar 

  52. Robinson, D., Konstantopoulos, G.: Ethereum is a dark forest - paradigm. https://www.paradigm.xyz/2020/08/ethereum-is-a-dark-forest/. Accessed 3 Dec 2021

  53. van Schaik, S., Kwong, A., Genkin, D., Yarom, Y.: SGAxe: how SGX fails in practice (2020)

    Google Scholar 

  54. Schindler, P., Judmayer, A., Stifter, N., Weippl, E.: EthDKG: distributed key generation with ethereum smart contracts. Cryptology ePrint Archive, Report 2019/985 (2019)

    Google Scholar 

  55. Shamir, A.: How to share a secret. Commun. ACM 22(11), 612–613 (1979). https://doi.org/10.1145/359168.359176

  56. Shamir, A.: Identity-based cryptosystems and signature schemes. In: Blakley, G.R., Chaum, D. (eds.) CRYPTO 1984. LNCS, vol. 196, pp. 47–53. Springer, Heidelberg (1985). https://doi.org/10.1007/3-540-39568-7_5

    Chapter  Google Scholar 

  57. Shutter Network. https://shutter.ghost.io/. Accessed 3 Dec 2021

  58. Sikka. https://sikka.tech/projects/. Accessed 3 Dec 2021

  59. Solana. https://solana.com/. Accessed 18 Mar 2022

  60. Stathakopoulou, C., Rüsch, S., Brandenburger, M., Vukolic, M.: Adding fairness to order: Preventing front-running attacks in BFT protocols using tees (2021)

    Google Scholar 

  61. Sushiswap. https://sushi.com/. Accessed 3 Dec 2021

  62. Tomescu, A., et al.: Towards scalable threshold cryptosystems. In: 2020 IEEE Symposium on Security and Privacy (SP), pp. 877–893. IEEE (2020)

    Google Scholar 

  63. Tornado Cash. https://tornado.cash/. Accessed 5 Dec 2021

  64. Van Bulck, J., et al.: Foreshadow: extracting the keys to the Intel SGX kingdom with transient out-of-order execution. In: 27th USENIX Security Symposium (USENIX Security 18), pp. 991–1008 (2018)

    Google Scholar 

  65. Veedo. https://github.com/starkware-libs/veedo. Accessed 30 Mar 2022

  66. vuvuzela cryptography libraries. https://github.com/vuvuzela/crypto. Accessed 3 Apr 2022

  67. Wood, G.: Ethereum: a secure decentralized generalized transaction ledger (2014)

    Google Scholar 

  68. Xing, B.C., Shanahan, M., Leslie-Hurd, R.: Intel software guard extensions (Intel SGX) software support for dynamic memory allocation inside an enclave. In: Proceedings of the Hardware and Architectural Support for Security and Privacy 2016. Association for Computing Machinery, New York (2016). https://doi.org/10.1145/2948618.2954330

  69. Zhang, H., Merino, L.H., Estrada-Galinanes, V., Ford, B.: F3B: a low-latency commit-and-reveal architecture to mitigate blockchain front-running. arXiv preprint arXiv:2205.08529 (2022)

  70. Zhang, Y., Setty, S., Chen, Q., Zhou, L., Alvisi, L.: Byzantine ordered consensus without byzantine oligarchy. In: 14th USENIX Symposium on Operating Systems Design and Implementation (OSDI 20), pp. 633–649. USENIX Association, November 2020

    Google Scholar 

  71. Zhou, L., Qin, K., Torres, C.F., Le, D.V., Gervais, A.: High-frequency trading on decentralized on-chain exchanges. In: 2021 IEEE Symposium on Security and Privacy (SP), pp. 428–445 (2021)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. University of Waterloo, Waterloo, Canada

    Peyman Momeni, Sergey Gorbunov & Bohan Zhang

  2. Axelar Network, Waterloo, Canada

    Sergey Gorbunov

Authors
  1. Peyman Momeni
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Sergey Gorbunov
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Bohan Zhang
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Peyman Momeni .

Editor information

Editors and Affiliations

  1. University of Kansas, Lawrence, KS, USA

    Fengjun Li

  2. Delft University of Technology, Delft, The Netherlands

    Kaitai Liang

  3. The Ohio State University, Columbus, OH, USA

    Zhiqiang Lin

  4. Norwegian University of Science and Tech, Gjøvik, Norway

    Sokratis K. Katsikas

Appendices

A Front-Running Strategies

In this appendix, we discuss two families of the most common front-running strategies with the goal of familiarizing the reader with the MEV space and nature of the front-running attacks.

Sandwiching Attack. Sandwich attacks are the most notorious form of front-running attacks. Predatory parties observe profitable pending transactions in the public mempool or exploit their privileged access to plaintext orders in centralized exchanges or relayer services. At its core, they manipulate the transaction ordering in a block and ensure that their front-running transaction \(tx_{1}\) executes before the victim’s transaction \(tx_{org}\) and their back-running transaction \(tx_{2}\) executes immediately after the victim’s transaction. The profitability of this strategy is based on the assumption that demand for assets results in a higher price. In simple terms, when the attacker observes a pending buy order, it can buy the same asset before the original trade, and immediately sell after execution of the original trade to enjoy price increases thanks to a) its back-running transaction and b) the victim’s transaction. For a concrete example, assume the scenario that Alice broadcasts \(tx_{org}\) to trade 100 USDC for DAI with a standard 0.3% transaction fee and 1% slippage tolerance in a decentralized exchange (DEX) that has 1000 DAI and 1000 USDC reserve. Following the standard automatic market maker (AMM) model [1] in DEXes, Alice is expecting to receive 90.66 DAI in return. However, Bob observes this trade in the mempool and front-runs Alice by submitting \(t_1\) to trade 5.23 USDC for 5.19 DAI which increases the price of DAI to the maximum limit that Alice can tolerate due to 1% slippage. Consequently, Alice’s trade \(t_{org}\) returns 1% less DAI (89.75 DAI) and even further increases DAI price. Finally, Bob pockets 1.05 USDC (ignoring gas fees) in profit by submitting \(t_2\) and trading its 5.19 DAI for 6.28 USDC. To realize this strategy Bob should manipulate the ordering by offering gas prices (price for computing each unit of computation) to block proposers such that \(t_1\) and \(t_2\) sandwich \(t_{org}\). Block proposers normally sort transactions with respect to gas price; and for a successful attack, Bob has the challenge to strategically offer a gas price that overbids competitors and still be profitable which makes this strategy complex for Bob. However, Flashbots [24] allows front-runners to sandwich users with much less risk as they can offer a bundle of transactions containing \(t_1\), \(t_2\), \(t_{org}\), and a bid directly to the block proposer without submitting it to the mempool. Then the block proposer chooses the most profitable bundles and executes them in their profitable order. Consequently, Bob can almost guarantee his profit by only paying for the bid and fees only if the block proposer executes \(t_1\), \(t_2\), \(t_{org}\) in the specified order.

Generalized Front-Running. Blockchain networks such as Ethereum [67] and Avalanche [4] are modelled as a distributed state machine and their global state changes from block to block with respect to a pre-defined set of rules. This means that any party can observe a pending transaction \(tx_{org}\) and simulate its resulting state change. Consequently, generalized front-runners can simulate all pending transactions and determine the profitability of them by checking the balances of the transactions’ senders. In case of a net increase in the original sender’s balance, the generalized front-runner copies the same transaction fields and signs it with its private key. Next, it simulates the copied transaction locally to check that the transaction is indeed profitable e.g. not a trap smart contract. Finally, the generalized front-runner submits transaction \(tx_1\) to front-run \(tx_{org}\) and capture the profit. This strategy enables parties that have access to the mempool to extract profits by mimicking a pending transaction (even blindly) and outbidding competitors and the original sender. While the generalized front-runner may be able to simulate all pending transactions in order to find the most profitable ones, due to the high number of pending transactions and cost of simulating, the front-runner can also filter specific target addresses and markets which is expected to have more profitable opportunities including NFT markets, DEX and CEX liquidity pools, yield aggregators, or well-known traders.

B Correctness and Consistency

1.1 B.1 Consistency of IBE Encryption and Decryption

Let \(C = (R, U)\) be encryption of message m for block identifier h using the public key mpk. In encryption, m is bitwise XORed with the hash of \(\hat{e}(Q_{h}, mpk )^{r}\). Subsequently in decryption, U is bitwise XORed with the hash of \({\hat{e}(b_h,R)}\). These two masks are equal since:

$$\begin{aligned} \hat{e}(Q_{h}, mpk )^{r} = \hat{e}(Q_{h}, g)^{r.msk} = \hat{e}((Q_{h})^{msk}, g^r) = {\hat{e}(b_h,R)} \end{aligned}$$
(8)

1.2 B.2 Correctness Proof for Distributed Private Key Extraction

The following proof shows that \(b_h\) is indeed the IBE key that a trusted third party extracts for the identity h by raising the hash of the identity \(H_{1}(h)\) to its private key msk:

$$\begin{aligned} b_h = \prod _{ k = 1}^{t} ({b_h^k})^{L_{k}} = \prod _{ k = 1}^{t} ({{H_{1}(h)}^{w_k}})^{L_{k}} = \prod _{ k = 1}^{t}H_{1}(h)^{w_{k}L_{k}} = H_{1}(h)^{\sum _{ k = 1}^{t}{w_{k}L_{k}}} \end{aligned}$$
(9)

And by Lagrange interpolation formula we have:

$$\begin{aligned} H_{1}(h)^{\sum _{ k = 1}^{t}{w_{k}L_{k}}} = H_{1}(h) ^ {msk} \end{aligned}$$
(10)

Rights and permissions

Reprints and permissions

Copyright information

© 2023 ICST Institute for Computer Sciences, Social Informatics and Telecommunications Engineering

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Momeni, P., Gorbunov, S., Zhang, B. (2023). FairBlock: Preventing Blockchain Front-Running with Minimal Overheads. In: Li, F., Liang, K., Lin, Z., Katsikas, S.K. (eds) Security and Privacy in Communication Networks. SecureComm 2022. Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, vol 462. Springer, Cham. https://doi.org/10.1007/978-3-031-25538-0_14

Download citation

  • DOI: https://doi.org/10.1007/978-3-031-25538-0_14

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-031-25537-3

  • Online ISBN: 978-3-031-25538-0

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation