BZPEERReading, trust and collaboration for research
Menu

Discover

GraphFollow connections around a paper, topic or saved view.

Workspaces

HomePick up where your research flow left off.InboxHandle requests, replies and notifications from one place.CollectionsCurate reading lists, evidence sets and shareable dossiers.ResearchSee your private provenance graph, trail and imports.CollaborationMove from discovery into focused discussion rooms.PublishDraft, preview and publish full-text research articles.

Network

ExpertsFind specialists worth following or asking for help.CommunitiesJoin research circles organized around shared work.PartnersSee external organizations active around the same topics.

Opportunities

ListingsBrowse roles, calls and collaborations with clearer fit signals.

Account

Log inReturn to your reading and collaboration workspace.Create accountStart saving work, following people and joining teams.
Log inCreate account

Researcher profile

Rujia Li

Rujia Li contributes to research discovery and scholarly infrastructure.

ResearcherAffiliation not importedOpen to collaborate
Cryptography and SecurityDistributed, Parallel, and Cluster Computing

Trust snapshot

Quick read

Trust 21 - EmergingVerification L1Unclaimed author
7works
0followers
2topics
4close collaborators

Actions

Decide how to stay connected

Follow researcher0

Identity and collaboration

How to connect with this researcher

Claiming links this public author record to a researcher profile and unlocks direct collaboration workflows.

Log in to claim

Direct collaboration

Open a focused conversation when the fit is right

Claim this author entity first to unlock direct invitations.

Research graph

See the researcher in context

Open full explorer

Inspect adjacent work, topics, institutions and collaborators without jumping out to a separate graph page.

Building this graph slice

BZPEER is loading the nearby papers, people, topics and institutions for this page.

Published work

7 published item(s)

preprint2022arXiv

A Weak Consensus Algorithm and Its Application to High-Performance Blockchain

A large number of consensus algorithms have been proposed. However, the requirement of strict consistency limits their wide adoption, especially in high-performance required systems. In this paper, we propose a weak consensus algorithm that only maintains the consistency of relative positions between the messages. We apply this consensus algorithm to construct a high-performance blockchain system, called \textit{Sphinx}. We implement the system with 32k+ lines of code including all components like consensus/P2P/ledger/etc. The evaluations show that Sphinx can reach a peak throughput of 43k TPS (with 8 full nodes), which is significantly faster than current blockchain systems such as Ethereum given the same experimental environment. To the best of our knowledge, we present the first weak consensus algorithm with a fully implemented blockchain system.

0 citations0 reviewsNo code linkedOpen access
preprint2022arXiv

Exploring Unfairness on Proof of Authority: Order Manipulation Attacks and Remedies

Proof of Authority (PoA) is a type of permissioned consensus algorithm with a fixed committee. PoA has been widely adopted by communities and industries due to its better performance and faster finality. In this paper, we explore the \textit{unfairness} issue existing in the current PoA implementations. We have investigated 2,500+ \textit{in the wild} projects and selected 10+ as our main focus (covering Ethereum, Binance smart chain, etc.). We have identified two types of order manipulation attacks to separately break the transaction-level (a.k.a. transaction ordering) and the block-level (sealer position ordering) fairness. Both of them merely rely on honest-but-\textit{profitable} sealer assumption without modifying original settings. We launch these attacks on the forked branches under an isolated environment and carefully evaluate the attacking scope towards different implementations. To date (as of Nov 2021), the potentially affected PoA market cap can reach up to $681,087$ million USD. Besides, we further dive into the source code of selected projects, and accordingly, propose our recommendation for the fix. To the best of knowledge, this work provides the first exploration of the \textit{unfairness} issue in PoA algorithms.

0 citations0 reviewsNo code linkedOpen access
preprint2022arXiv

Exploring Web3 From the View of Blockchain

Web3 is the most hyped concept from 2020 to date, greatly motivating the prosperity of the Internet of Value and Metaverse. However, no solid evidence stipulates the exact definition, criterion, or standard in the sense of such a buzzword. To fill the gap, we aim to clarify the term in this work. We narrow down the connotation of Web3 by separating it from high-level controversy argues and, instead, focusing on its protocol, architecture, and evaluation from the perspective of blockchain fields. Specifically, we have identified all potential architectural design types and evaluated each of them by employing the scenario-based architecture evaluation method. The evaluation shows that existing applications are neither secure nor adoptable as claimed. Meanwhile, we also discuss opportunities and challenges surrounding the Web3 space and answer several prevailing questions from communities. A primary result is that Web3 still relies on traditional internet infrastructure, not as independent as advocated. This report, as of June 2022, provides the first strict research on Web3 in the view of blockchain. We hope that this work would provide a guide for the development of future Web3 services.

0 citations0 reviewsNo code linkedOpen access
preprint2022arXiv

Formal Security Analysis on dBFT Protocol of NEO

NEO is one of the top public chains worldwide. We focus on its backbone consensus protocol, called delegated Byzantine Fault Tolerance (dBFT). The dBFT protocol has been adopted by a variety of blockchain systems such as ONT. dBFT claims to guarantee the security when no more than $f = \lfloor \frac{n}{3} \rfloor$ nodes are Byzantine, where $n$ is the total number of consensus participants. However, we identify attacks to break the claimed security. In this paper, we show our results by providing a security analysis on its dBFT protocol. First, we evaluate NEO's source code and formally present the procedures of dBFT via the state machine replication (SMR) model. Next, we provide a theoretical analysis with two example attacks. These attacks break the security of dBFT with no more than $f$ nodes. Then, we provide recommendations on how to fix the system against the identified attacks. The suggested fixes have been accepted by the NEO official team. Finally, we further discuss the reasons causing such issues, the relationship with current permissioned blockchain systems, and the scope of potential influence.

0 citations0 reviewsNo code linkedOpen access
preprint2022arXiv

Frontrunning Block Attack in PoA Clique: A Case Study

As a fundamental technology of decentralized finance (DeFi), blockchain's ability to maintain a distributed fair ledger is threatened by manipulation of block/transaction order. In this paper, we propose a frontrunning block attack against the Clique-based Proof of Authority (PoA) algorithms. Our attack can frontrun blocks from honest in-turn sealers by breaking the proper order of leader selection. By falsifying the priority parameters (both \textit{difficulty} and \textit{delay time}), a malicious out-of-turn sealer can always successfully occupy the leader position and produce advantageous blocks that may contain profitable transactions. As a typical instance, we apply our attack to a mature Clique-engined project, HPB (\$3,058,901, as of April 2022). Experimental results demonstrate the effectiveness and feasibility. Then, we further recommend fixes that make identity checks effective. Our investigation and suggestion have been submitted to its official team and got their approval. We believe this work can act as, at least, a warning case for Clique variants to avoid repeating these design mistakes.

0 citations0 reviewsNo code linkedOpen access
preprint2022arXiv

How Do Smart Contracts Benefit Security Protocols?

Smart contracts have recently been adopted by many security protocols. However, existing studies lack satisfactory theoretical support on how contracts benefit security protocols. This paper aims to give a systematic analysis of smart contract (SC)-based security protocols to fulfill the gap of unclear arguments and statements. We firstly investigate \textit{state of the art studies} and establish a formalized model of smart contract protocols with well-defined syntax and assumptions. Then, we apply our formal framework to two concrete instructions to explore corresponding advantages and desirable properties. Through our analysis, we abstract three generic properties (\textit{non-repudiation, non-equivocation, and non-frameability}) and accordingly identify two patterns. (1) a smart contract can be as an autonomous subscriber to assist the trusted third party (TTP); (2) a smart contract can replace traditional TTP. To the best of our knowledge, this is the first study to provide in-depth discussions of SC-based security protocols from a strictly theoretical perspective.

0 citations0 reviewsNo code linkedOpen access
preprint2022arXiv

SoK: TEE-assisted Confidential Smart Contract

The blockchain-based smart contract lacks privacy since the contract state and instruction code are exposed to the public. Combining smart-contract execution with Trusted Execution Environments (TEEs) provides an efficient solution, called TEE-assisted smart contracts, for protecting the confidentiality of contract states. However, the combination approaches are varied, and a systematic study is absent. Newly released systems may fail to draw upon the experience learned from existing protocols, such as repeating known design mistakes or applying TEE technology in insecure ways. In this paper, we first investigate and categorize the existing systems into two types: the layer-one solution and layer-two solution. Then, we establish an analysis framework to capture their common lights, covering the desired properties (for contract services), threat models, and security considerations (for underlying systems). Based on our taxonomy, we identify their ideal functionalities and uncover the fundamental flaws and reasons for the challenges in each specification design. We believe that this work would provide a guide for the development of TEE-assisted smart contracts, as well as a framework to evaluate future TEE-assisted confidential contract systems.

0 citations0 reviewsNo code linkedOpen access