Showing 1–7 of 7 results for author: Kharman, A M

Vulnerabilities that arise from poor governance in Distributed Ledger Technologies

Authors: Aida Manzano Kharman, William Sanders

Abstract: Distributed Ledger Technologies (DLTs) promise decentralization, transparency, and security, yet the reality often falls short due to fundamental governance flaws. Poorly designed governance frameworks leave these systems vulnerable to coercion, vote-buying, centralization of power, and malicious protocol exploits: threats that undermine the very principles of fairness and equity these technologie… ▽ More Distributed Ledger Technologies (DLTs) promise decentralization, transparency, and security, yet the reality often falls short due to fundamental governance flaws. Poorly designed governance frameworks leave these systems vulnerable to coercion, vote-buying, centralization of power, and malicious protocol exploits: threats that undermine the very principles of fairness and equity these technologies seek to uphold. This paper surveys the state of DLT governance, identifies critical vulnerabilities, and highlights the absence of universally accepted best practices for good governance. By bridging insights from cryptography, social choice theory, and e-voting systems, we not only present a comprehensive taxonomy of governance properties essential for safeguarding DLTs but also point to technical solutions that can deliver these properties in practice. This work underscores the urgent need for robust, transparent, and enforceable governance mechanisms. Ensuring good governance is not merely a technical necessity but a societal imperative to protect the public interest, maintain trust, and realize the transformative potential of DLTs for social good. △ Less

Submitted 13 May, 2025; v1 submitted 24 September, 2024; originally announced September 2024.

Perils of current DAO governance

Authors: Aida Manzano Kharman, Ben Smyth

Abstract: DAO Governance is currently broken. We survey the state of the art and find worrying conclusions. Vote buying, vote selling and coercion are easy. The wealthy rule, decentralisation is a myth. Hostile take-overs are incentivised. Ballot secrecy is non-existent or short lived, despite being a human right. Verifiablity is achieved at the expense of privacy. These privacy concerns are highlighted wit… ▽ More DAO Governance is currently broken. We survey the state of the art and find worrying conclusions. Vote buying, vote selling and coercion are easy. The wealthy rule, decentralisation is a myth. Hostile take-overs are incentivised. Ballot secrecy is non-existent or short lived, despite being a human right. Verifiablity is achieved at the expense of privacy. These privacy concerns are highlighted with case study analyses of Vocdoni's governance protocol. This work presents two contributions: firstly a review of current DAO governance protocols, and secondly, an illustration of their vulnerabilities, showcasing the privacy and security threats these entail. △ Less

Submitted 12 June, 2024; originally announced June 2024.

Tree Proof-of-Position Algorithms

Authors: Aida Manzano Kharman, Pietro Ferraro, Homayoun Hamedmoghadam, Robert Shorten

Abstract: We present a novel class of proof-of-position algorithms: Tree-Proof-of-Position (T-PoP). This algorithm is decentralised, collaborative and can be computed in a privacy preserving manner, such that agents do not need to reveal their position publicly. We make no assumptions of honest behaviour in the system, and consider varying ways in which agents may misbehave. Our algorithm is therefore resil… ▽ More We present a novel class of proof-of-position algorithms: Tree-Proof-of-Position (T-PoP). This algorithm is decentralised, collaborative and can be computed in a privacy preserving manner, such that agents do not need to reveal their position publicly. We make no assumptions of honest behaviour in the system, and consider varying ways in which agents may misbehave. Our algorithm is therefore resilient to highly adversarial scenarios. This makes it suitable for a wide class of applications, namely those in which trust in a centralised infrastructure may not be assumed, or high security risk scenarios. Our algorithm has a worst case quadratic runtime, making it suitable for hardware constrained IoT applications. We also provide a mathematical model that summarises T-PoP's performance for varying operating conditions. We then simulate T-PoP's behaviour with a large number of agent-based simulations, which are in complete agreement with our mathematical model, thus demonstrating its validity. T-PoP can achieve high levels of reliability and security by tuning its operating conditions, both in high and low density environments. Finally, we also present a mathematical model to probabilistically detect platooning attacks. △ Less

Submitted 4 June, 2024; v1 submitted 10 May, 2024; originally announced May 2024.

Is your vote truly secret? Ballot Secrecy iff Ballot Independence: Proving necessary conditions and analysing case studies

Authors: Aida Manzano Kharman, Ben Smyth, Freddie Page

Abstract: We formalise definitions of ballot secrecy and ballot independence by Smyth, JCS'21 as indistinguishability games in the computational model of security. These definitions improve upon Smyth, draft '21 to consider a wider class of voting systems. Both Smyth, JCS'21 and Smyth, draft '21 improve on earlier works by considering a more realistic adversary model wherein they have access to the ballot c… ▽ More We formalise definitions of ballot secrecy and ballot independence by Smyth, JCS'21 as indistinguishability games in the computational model of security. These definitions improve upon Smyth, draft '21 to consider a wider class of voting systems. Both Smyth, JCS'21 and Smyth, draft '21 improve on earlier works by considering a more realistic adversary model wherein they have access to the ballot collection. We prove that ballot secrecy implies ballot independence. We say ballot independence holds if a system has non-malleable ballots. We construct games for ballot secrecy and non-malleability and show that voting schemes with malleable ballots do not preserve ballot secrecy. We demonstrate that Helios does not satisfy our definition of ballot secrecy. Furthermore, the Python framework we constructed for our case study shows that if an attack exists against non-malleability, this attack can be used to break ballot secrecy. △ Less

Submitted 21 November, 2023; originally announced November 2023.

Robust decentralised proof-of-position algorithms for smart city applications

Authors: Aida Manzano Kharman, Pietro Ferraro, Anthony Quinn, Robert Shorten

Abstract: We present a decentralised class of algorithms called Tree-Proof-of-Position (T-PoP). T-PoP algorithms rely on the web of interconnected devices in a smart city to establish how likely it is that an agent is in the position they claim to be. T-PoP operates under adversarial assumptions, by which some agents are incentivised to be dishonest. We present a theoretical formulation for T-PoP and its se… ▽ More We present a decentralised class of algorithms called Tree-Proof-of-Position (T-PoP). T-PoP algorithms rely on the web of interconnected devices in a smart city to establish how likely it is that an agent is in the position they claim to be. T-PoP operates under adversarial assumptions, by which some agents are incentivised to be dishonest. We present a theoretical formulation for T-PoP and its security properties, and we validate this model through a large number of Monte-Carlo simulations. We specifically focus on two instances of T-PoP and analyse their security and reliability properties under a range of adversarial conditions. Use-cases and applications are discussed towards the end of this paper. △ Less

Submitted 31 March, 2023; originally announced April 2023.

Towards a Privacy-Preserving Dispute Resolution Protocol on Ethereum

Authors: Andrea Gangemi, Aida Manzano Kharman

Abstract: We present a new dispute resolution protocol that can be built on the Ethereum blockchain. Unlike existing applications like Kleros, privacy is ensured by design through the use of the zero-knowledge protocols Semaphore and MACI (Minimal Anti-Collusion Infrastructure), which provide, among other things, resistance to Sybil-like attacks and corruption. Differently from Kleros, dispute resolution is… ▽ More We present a new dispute resolution protocol that can be built on the Ethereum blockchain. Unlike existing applications like Kleros, privacy is ensured by design through the use of the zero-knowledge protocols Semaphore and MACI (Minimal Anti-Collusion Infrastructure), which provide, among other things, resistance to Sybil-like attacks and corruption. Differently from Kleros, dispute resolution is guaranteed despite the users having the final say. Moreover, the proposed model does not use a native token on the platform, but aims to reward stakeholders through a social incentive mechanism based on soulbound tokens, introduced by Weyl, Ohlhaver, and Buterin in 2022. Users with these tokens will be considered trustworthy and will have the ability to govern the platform. As far as we know, this is one of the first blockchain projects that seeks to introduce social governance rather than one based on economic incentives. △ Less

Submitted 24 November, 2023; v1 submitted 1 March, 2023; originally announced March 2023.

An adversarially robust data-market for spatial, crowd-sourced data

Authors: Aida Manzano Kharman, Christian Jursitzky, Quan Zhou, Pietro Ferraro, Jakub Marecek, Pierre Pinson, Robert Shorten

Abstract: We describe an architecture for a decentralised data market for applications in which agents are incentivised to collaborate to crowd-source their data. The architecture is designed to reward data that furthers the market's collective goal, and distributes reward fairly to all those that contribute with their data. We show that the architecture is resilient to Sybil, wormhole, and data poisoning a… ▽ More We describe an architecture for a decentralised data market for applications in which agents are incentivised to collaborate to crowd-source their data. The architecture is designed to reward data that furthers the market's collective goal, and distributes reward fairly to all those that contribute with their data. We show that the architecture is resilient to Sybil, wormhole, and data poisoning attacks. In order to evaluate the resilience of the architecture, we characterise its breakdown points for various adversarial threat models in an automotive use case. △ Less

Submitted 17 October, 2023; v1 submitted 13 June, 2022; originally announced June 2022.

Comments: 13 pages, 7 figures

Journal ref: Distributed Ledger Technologies: Research and Practice, 2025