摘要:Smart contracts on a blockchain behave exactly as specified by their code. To be sure that a smart contract behaves as expected, the end-user has to either analyze its code or trust a potentially anonymous developer or auditor to do so. This approach proposes a smart contract deployment and management platform that can execute development tools and code quality tools in a trusted way and uses this to reduce the trust required into the smart contract developer or auditor. Additionally, such a platform can provide new capabilities for developers aiding them in the creation of smart contracts.

摘要:Ethereum is still the most prominent platform for smart contracts. For the deployment of contracts on its blockchain, the so-called deployment code is executed by Ethereum’s virtual machine. As it turns out, deployment code can do a lot more than merely deploying a contract. This paper identifies less-anticipated uses of contract deployment in Ethereum by analyzing the available blockchain data. In particular, we analyze the specifics of deployment code used beyond actually deploying a contract in a quantitative and qualitative manner. To this end, we identify code patterns in deployment code by distilling recurring code skeletons from all external transactions and internal messages that contain deployment code. Tracking the use of these patterns reveals a set of vulnerabilities in contracts targeted by skillfully crafted deployment code. We summarize the encountered exploitative cases of collateral use of deployment code and report respective quantities. Example scenarios illustrate the recent usage. Collateral use of deployment code starts to appear in the middle of 2018 and becomes dominant among contract creations in autumn of 2018. We intend to raise awareness about the less obvious uses of deployment code and its potential security issues.

摘要:Hyperledger Fabric (HLF) is a modular and extensible permissioned blockchain platform. The platform’s design exhibits principles required by enterprise-grade business applications, such as supply chains, financial transactions, asset management, etc. For that end, HLF introduces several innovations, two of which are smart contracts in general-purpose languages (chaincode in HLF), and flexible endorsement policies, which govern whether a transaction is considered valid. Typical blockchain applications comprise two tiers: The “platform” tier defines the data schema and embedding of business rules by means of chaincode and endorsement policies; the “client-side” tier uses the HLF software development kit (SDK) to implement client application logic. The client side should be aware of the deployment address of chaincode and endorsement policies within the platform. In past releases, this was statically configured into the client side. As of HLF v1.2, a new feature called service discovery, presented in this paper, provides APIs that allow dynamic discovery of the configuration required for the client SDK to interact with the platform. This enables the client to rapidly adapt to changes in the platform, thus improving the reliability of the application layer and making the HLF platform more consumable.

摘要:区块链是一种全新的分布式基础架构与计算范式，利用有序的链式数据结构存储数据，利用 共识算法更新数据，利用密码学技术保障数据安全。区块链2． 0 的最大特性就是引入了智能合约， 可以基于其架构开发各种用途的区块链应用。智能合约是一种计算机协议，能够以信息化方式传 播、验证或执行合同，这些交易在没有可信第三方情况下执行、可追踪且不可逆转。但目前智能合 约存在各种各样的安全和隐私保护问题，为用户带来严重的经济损失和困扰。文中分析了智能合 约安全挑战与隐私威胁，整理了智能合约中安全与隐私保护关键技术，最后给出了智能合约未来的 研究方向。

摘要:区块链技术的核心特征是“去中心化”和“去信任化”，作为分布式总账技术、智能合约基础平台、 分布式新型计算范式，可以有效构建可编程货币、可编程金融和可编程社会，势必将对金融及其他领域 带来深远影响，并驱动新一轮技术变革和应用变革．但是区块链技术在提高效率、降低成本、提高数据安全性的同时，也面临严重的隐私泄露问题，得到研究者的广泛关注．将介绍区块链技术架构，定义区块链 技术中身份隐私和交易隐私的概念，分析区块链技术在隐私保护方面存在的优势和不足，并分类描述现 有研究中针对区块链隐私的攻击方法，例如交易溯源技术和账户聚类技术；然后详细介绍针对区块链网 络层、交易层和应用层的隐私保护机制，包括网络层恶意节点检测和限制接入技术、区块链交易层的混 币技术、加密技术和限制发布技术，以及针对区块链应用的防御机制；最后，分析了现有区块链隐私保护 技术存在的缺陷，展望了未来发展方向．此外，还讨论针对恶意使用区块链技术的监管方法．

摘要:In this paper, we consider the problem of fair scheduling of transactions of multiple types that are submitted to a permissioned blockchain system. Permissioned blockchains are being increasingly used for enterprise applications and by design are heterogeneous in nature, with different peer organizations performing different business functions. Transactions execute different smart contract operations that may have widely varying business importance. In such a setting, we argue that the typically adopted FirstIn-First-Out ordering mechanism for transactions in a blockchain system, which is a performance-limited resource, is inefficient and unfair. We propose a weighted fair queueing strategy for ordering transactions that can support differentiated quality of service for submitted transactions on the blockchain. The main challenge we address in this paper is to support fair allocation and differentiation in a decentralized manner, as there is no single authority that can facilitate this as in traditional systems. We demonstrate such a fair scheduling strategy and support multiple transaction types with different priorities on Hyperledger Fabric

摘要:Hyperledger Fabric is a “permissioned” blockchain architecture, providing a consistent distributed ledger, shared by a set of “peers.” As with every blockchain architecture, the core principle of Hyperledger Fabric is that all the peers must have the same view of the shared ledger, making it challenging to support private data for the different peers. Extending Hyperledger Fabric to support private data (that can influence transactions) would open the door to many exciting new applications, in areas from healthcare to commerce, insurance, finance, and more. In this work we explored adding private-data support to Hyperledger Fabric using secure multiparty computation (MPC). Specifically, in our solution the peers store on the chain encryption of their private data, and use secure MPC whenever such private data is needed in a transaction. This solution is very general, allowing in principle to base transactions on any combination of public and private data. We created a demo of our solution over Hyperledger Fabric v1.0, implementing a bidding system where sellers can list assets on the ledger with a secret reserve price, and bidders publish their bids on the ledger but keep secret the bidding price itself.We implemented a smart contract (aka “chaincode”) that runs the auction on this secret data, using a simple secure-MPC protocol that was built using the EMP-toolkit library. The chaincode itself was written in Go, and we used the SWIG library to make it possible to call our protocol implementation in C++. We identified two basic services that should be added to Hyperledger Fabric to support our solution, and are now working on implementing them.

摘要:Blockchain, as a decentralized and distributed public ledger technology in peer-to-peer network, has received considerable attention recently. It applies a linked block structure to verify and store data, and applies the trusted consensus mechanism to synchronize changes in data, which makes it possible to create a tamper-proof digital platform for storing and sharing data. It is believed that blockchain can be applied to diverse Internet interactive systems (e.g., Internet of Things, supply chain systems, identity management, and so on). However, there are some privacy challenges that may hinder the wide application of blockchain. The goal of this survey is to provide some insights into the privacy issues associated with blockchain. We analyze the privacy threats in blockchain and discuss existing cryptographic defense mechanisms, i.e., anonymity and transaction privacy preservation. Furthermore, we summarize some typical implementations in blockchain and explore future research challenges that still need to be addressed in order to preserve privacy when blockchain is used.

摘要:Were analyzed the deployment of a Smart Contract in a Public Organization in Ecuador, also were analyzed a current problem in the Ecuador´s Public Sector, like is the inefficient handling of resources. The objective of this research is to define a model Hyperledger based Blockchain solution. For this research the method selected to this analysis was the method deductive. As results we have a simplified model Hyperledger of the implementation of a Smart Contract, A mathematical model to prove the efficiency of the using Smart Contracts in the processes of hiring in the organizations publics and a Prototype of a generic algorithm for the deployment of a Smart Contract by means of based Blockchain solution. After the analysis it was concluded that the implementation of Smart Contracts both in the Ecuadorians sector public and in any other is a benefit to the organizations.

摘要:The blockchain is a radical innovation that has a considerable effect on payments, stock exchanges, cybersecurity, and computational law. However, its limitations in terms of the uncertainty involved in transaction confirmation are significant. In this paper, we describe the design of a decentralized voting protocol for the election of a block generator in a consortium blockchain and propose a new system framework that allows fast and exact confirmation of all transactions. In addition, to replace a transaction’s owner signature, a new interactive incontestable signature between the dealer and owner is used to confirm a transaction. By means of this signature, the dealer can assure the owner that a transaction will be permanently included in the blockchain in a non-repudiation manner. Moreover, the signatures of all transactions in a block share only one witness that provides membership proof between the block and these transactions. Finally, a security and performance analysis shows that the proposed schemes are provably secure and highly efficient.

摘要:智能合约被认为是第二代区块链的技术核心，它是区块链从虚拟货币、金融交易协议到 通用工具发展的必然结果。然而，目前智能合约技术尚不完善，对智能合约概念及内涵缺乏较 为系统的分析，对基于区块链的智能合约软件系统也缺少体系上的归纳与总结。有鉴于此，文 章从智能合约的基本定义入手，介绍了智能合约的发展历史、分类、规范等概念，进而从抽象 计算模型角度出发给出了智能合约的通用架构，并对智能合约语言与编译机制、合约部署机制 与合约运行过程予以详尽分析，上述结果将有利于把握智能合约未来研究方向。

摘要:Smart contract using Blockchain technology provides a mechanism to automatically exchange “cash” and “service” according to programmed conditions without requiring reliable third-party intervention. This results in reduction of time and cost for complex contract execution. Some contract execution require external information outside Blockchain as a trigger to execute the code specifying process for a certain contract. However, because Blockchain technology itself does not provide a function to directly access such external information, these applications require a proxy system called “oracle”. Oracle is in charge accessing external information, to verify it, and to write it on Blockchain. To avoid security incidents such as oracle writing malicious information on Blockchain, reliability of oracle must be required. This paper introduces a decentralized oracle equipping with verification and disputation mechanisms. To evaluate reliability of the proposed mechanisms, a simulation-based experiment was conducted. The experimental results showed that our solution could effectively suppress the interference of malicious participants and obtained reliable consensus results even if relatively many malicious participants joined in the consensus process on the proposed decentralized oracle.

摘要:Blockchain is an emerging technology that is increasingly supporting economic-ally-critical systems. The execution environment of blockchain is isolated from the external world and thus requires “blockchain oracles”: agents that fetch information from the external world. Blockchain is known to be highly reliable, but oracles are off-chain components that could be points of failure in whole blockchain-based systems. The reliability of blockchain oracles has yet to be investigated. In this paper, we propose a framework to compare and characterize existing blockchain oracles mechanisms from industry. Our approach for reliability modelling and architecture analysis of blockchain oracle systems uses Fault Tree Analysis. By calculating the reliability of oracles mechanisms, we can identify weak links that affect the overall reliability of a blockchain-based system.

摘要:Blockchain technology enables the operation of fully decentralized applications without the need for a central authority to manage the execution of the underlying process. However, a critical limitation in the technology today is the inability for such applications to query information external to the blockchain. Applications must make use of a decentralized oracle, i.e. a trusted source of external information. In this work we propose the paired-question decentralized oracle protocol, designed to extract true answers from the public. When querying the oracle, a user submits pairs of antithetic questions and voting users answer them for the chance to receive rewards. This new protocol lends itself to a simple formal analysis, and it is shown to strongly incentivize a Nash equilibrium of truthful reporting. This paper also discusses a number of extensions to the base protocol to improve its cost-effectiveness, security, and applicability.

摘要:Group data sharing enables information sharing between multiple parties for cooperative purposes. However, the existing schemes only consider scenarios in which all parties in the same organization want to share data. Achieving secure data sharing between users of different groups is also a relevant research issue. In this paper, we propose a blockchain-based data sharing scheme for multiple groups with anonymity and traceability. Owing to the consortium blockchain technique, any user in the system can easily verify the validity of the shared data without interacting with a third-party auditor. Additionally, the proposed scheme can not only enable data sharing between different groups with enhanced security anonymously but also achieve traceability and non-frameability.