-
ESSPI: ECDSA/Schnorr Signed Program Input for BitVMX
Authors:
Sergio Demian Lerner,
Martin Jonas,
Ariel Futoransky
Abstract:
The BitVM and BitVMX protocols have long relied on inefficient one-time signature (OTS) schemes like Lamport and Winternitz for signing program inputs. These schemes exhibit significant storage overheads, hindering their practical application. This paper introduces ESSPI, an optimized method leveraging ECDSA/Schnorr signatures to sign the BitVMX program input. With Schnorr signatures we achieve an…
▽ More
The BitVM and BitVMX protocols have long relied on inefficient one-time signature (OTS) schemes like Lamport and Winternitz for signing program inputs. These schemes exhibit significant storage overheads, hindering their practical application. This paper introduces ESSPI, an optimized method leveraging ECDSA/Schnorr signatures to sign the BitVMX program input. With Schnorr signatures we achieve an optimal 1:1 data expansion, compared to the current known best ratio of 1:200 based on Winternitz signatures. To accomplish this we introduce 4 innovations to BitVMX: (1) a modification of the BitVMX CPU, adding a challengeable hashing core to it, (2) a new partition-based search to detect fraud during hashing, (3) a new enhanced transaction DAG with added data-carrying transactions with a fraud-verifying smart-contract and (4) a novel timelock-based method for proving data availability to Bitcoin smart contracts. The enhanced BitVMX protocol enables the verification of uncompressed inputs such as SPV proofs, NiPoPoWs, or longer computation integrity proofs, such as STARKs.
△ Less
Submitted 6 March, 2025; v1 submitted 4 March, 2025;
originally announced March 2025.
-
Fair and Decentralized Exchange of Digital Goods
Authors:
Ariel Futoransky,
Carlos Sarraute,
Daniel Fernandez,
Matias Travizano,
Ariel Waissbein
Abstract:
We construct a privacy-preserving, distributed and decentralized marketplace where parties can exchange data for tokens. In this market, buyers and sellers make transactions in a blockchain and interact with a third party, called notary, who has the ability to vouch for the authenticity and integrity of the data.
We introduce a protocol for the data-token exchange where neither party gains more…
▽ More
We construct a privacy-preserving, distributed and decentralized marketplace where parties can exchange data for tokens. In this market, buyers and sellers make transactions in a blockchain and interact with a third party, called notary, who has the ability to vouch for the authenticity and integrity of the data.
We introduce a protocol for the data-token exchange where neither party gains more information than what it is paying for, and the exchange is fair: either both parties gets the other's item or neither does. No third party involvement is required after setup, and no dispute resolution is needed.
△ Less
Submitted 22 February, 2020;
originally announced February 2020.
-
WibsonTree: Efficiently Preserving Seller's Privacy in a Decentralized Data Marketplace
Authors:
Ariel Futoransky,
Carlos Sarraute,
Ariel Waissbein,
Matias Travizano,
Daniel Fernandez
Abstract:
We present a cryptographic primitive called WibsonTree designed to preserve users' privacy by allowing them to demonstrate predicates on their personal attributes, without revealing the values of those attributes. We suppose that there are three types of agents --buyers, sellers and notaries-- who interact in a decentralized privacy-preserving data marketplace (dPDM) such as the Wibson marketplace…
▽ More
We present a cryptographic primitive called WibsonTree designed to preserve users' privacy by allowing them to demonstrate predicates on their personal attributes, without revealing the values of those attributes. We suppose that there are three types of agents --buyers, sellers and notaries-- who interact in a decentralized privacy-preserving data marketplace (dPDM) such as the Wibson marketplace. We introduce the WibsonTree protocol as an efficient cryptographic primitive that enables the exchange of private information while preserving the seller's privacy. Using our primitive, a data seller can efficiently prove that he/she belongs to the target audience of a buyer's data request, without revealing any additional information.
△ Less
Submitted 10 February, 2020;
originally announced February 2020.
-
BatPay: a gas efficient protocol for the recurrent micropayment of ERC20 tokens
Authors:
Hartwig Mayer,
Ismael Bejarano,
Daniel Fernandez,
Gustavo Ajzenman,
Nicolas Ayala,
Nahuel Santoalla,
Carlos Sarraute,
Ariel Futoransky
Abstract:
BatPay is a proxy scaling solution for the transfer of ERC20 tokens. It is suitable for micropayments in one-to-many and few-to-many scenarios, including digital markets and the distribution of rewards and dividends. In BatPay, many similar operations are bundled together into a single transaction in order to optimize gas consumption on the Ethereum blockchain. In addition, some costly verificatio…
▽ More
BatPay is a proxy scaling solution for the transfer of ERC20 tokens. It is suitable for micropayments in one-to-many and few-to-many scenarios, including digital markets and the distribution of rewards and dividends. In BatPay, many similar operations are bundled together into a single transaction in order to optimize gas consumption on the Ethereum blockchain. In addition, some costly verifications are replaced by a challenge game, pushing most of the computing cost off-chain. This results in a gas reduction of the transfer costs of three orders of magnitude, achieving around 1700 transactions per second on the Ethereum blockchain. Furthermore, it includes many relevant features, like meta-transactions for end-user operation without ether, and key-locked payments for atomic exchange of digital goods.
△ Less
Submitted 6 February, 2020;
originally announced February 2020.
-
Wibson Protocol for Secure Data Exchange and Batch Payments
Authors:
Daniel Fernandez,
Ariel Futoransky,
Gustavo Ajzenman,
Matias Travizano,
Carlos Sarraute
Abstract:
Wibson is a blockchain-based, decentralized data marketplace that provides individuals a way to securely and anonymously sell information in a trusted environment. The combination of the Wibson token and blockchain-enabled smart contracts hopes to allow Data Sellers and Data Buyers to transact with each other directly while providing individuals the ability to maintain anonymity as desired.
The…
▽ More
Wibson is a blockchain-based, decentralized data marketplace that provides individuals a way to securely and anonymously sell information in a trusted environment. The combination of the Wibson token and blockchain-enabled smart contracts hopes to allow Data Sellers and Data Buyers to transact with each other directly while providing individuals the ability to maintain anonymity as desired.
The Wibson marketplace will provide infrastructure and financial incentives for individuals to securely sell personal information without sacrificing personal privacy. Data Buyers receive information from willing and actively participating individuals with the benefit of knowing that the personal information should be accurate and current.
We present here two different components working together to achieve an efficient decentralized marketplace. The first is a smart contract called Data Exchange, which stores references to Data Orders that different Buyers open in order to show to the market that they are interested in buying certain types of data, and provides secure mechanisms to perform the transactions. The second is used to process payments from Buyers to Sellers and intermediaries, and is called Batch Payments.
△ Less
Submitted 31 January, 2020; v1 submitted 23 January, 2020;
originally announced January 2020.
-
Secure Exchange of Digital Goods in a Decentralized Data Marketplace
Authors:
Ariel Futoransky,
Carlos Sarraute,
Ariel Waissbein,
Daniel Fernandez,
Matias Travizano,
Martin Minnoni
Abstract:
We are tackling the problem of trading real-world private information using only cryptographic protocols and a public blockchain to guarantee honest transactions. In this project, we consider three types of agents --buyers, sellers and notaries-- interacting in a decentralized privacy-preserving data marketplace (dPDM) such as the Wibson data marketplace. This framework offers infrastructure and f…
▽ More
We are tackling the problem of trading real-world private information using only cryptographic protocols and a public blockchain to guarantee honest transactions. In this project, we consider three types of agents --buyers, sellers and notaries-- interacting in a decentralized privacy-preserving data marketplace (dPDM) such as the Wibson data marketplace. This framework offers infrastructure and financial incentives for individuals to securely sell personal information while preserving personal privacy. Here we provide an efficient cryptographic primitive for the secure exchange of data in a dPDM, which occurs as an atomic operation wherein the data buyer gets access to the data and the data seller gets paid simultaneously.
△ Less
Submitted 29 July, 2019;
originally announced July 2019.
-
An Oblivious Password Cracking Server
Authors:
Aureliano Calvo,
Ariel Futoransky,
Carlos Sarraute
Abstract:
Building a password cracking server that preserves the privacy of the queries made to the server is a problem that has not yet been solved. Such a server could acquire practical relevance in the future: for instance, the tables used to crack the passwords could be calculated, stored and hosted in cloud-computing services, and could be queried from devices with limited computing power.
In this pa…
▽ More
Building a password cracking server that preserves the privacy of the queries made to the server is a problem that has not yet been solved. Such a server could acquire practical relevance in the future: for instance, the tables used to crack the passwords could be calculated, stored and hosted in cloud-computing services, and could be queried from devices with limited computing power.
In this paper we present a method to preserve the confidentiality of a password cracker---wherein the tables used to crack the passwords are stored by a third party---by combining Hellman tables and Private Information Retrieval (PIR) protocols. We provide the technical details of this method, analyze its complexity, and show the experimental results obtained with our implementation.
△ Less
Submitted 30 July, 2013;
originally announced July 2013.
-
Advanced Software Protection Now
Authors:
Diego Bendersky,
Ariel Futoransky,
Luciano Notarfrancesco,
Carlos Sarraute,
Ariel Waissbein
Abstract:
Software digital rights management is a pressing need for the software development industry which remains, as no practical solutions have been acclamaimed succesful by the industry. We introduce a novel software-protection method, fully implemented with today's technologies, that provides traitor tracing and license enforcement and requires no additional hardware nor inter-connectivity.
Our work…
▽ More
Software digital rights management is a pressing need for the software development industry which remains, as no practical solutions have been acclamaimed succesful by the industry. We introduce a novel software-protection method, fully implemented with today's technologies, that provides traitor tracing and license enforcement and requires no additional hardware nor inter-connectivity.
Our work benefits from the use of secure triggers, a cryptographic primitive that is secure assuming the existence of an ind-cpa secure block cipher. Using our framework, developers may insert license checks and fingerprints, and obfuscate the code using secure triggers. As a result, this rises the cost that software analysis tools have detect and modify protection mechanisms. Thus rising the complexity of cracking this system.
△ Less
Submitted 11 June, 2010;
originally announced June 2010.
-
Simulating Cyber-Attacks for Fun and Profit
Authors:
Ariel Futoransky,
Fernando Miranda,
Jose Orlicki,
Carlos Sarraute
Abstract:
We introduce a new simulation platform called Insight, created to design and simulate cyber-attacks against large arbitrary target scenarios. Insight has surprisingly low hardware and configuration requirements, while making the simulation a realistic experience from the attacker's standpoint. The scenarios include a crowd of simulated actors: network devices, hardware devices, software applicatio…
▽ More
We introduce a new simulation platform called Insight, created to design and simulate cyber-attacks against large arbitrary target scenarios. Insight has surprisingly low hardware and configuration requirements, while making the simulation a realistic experience from the attacker's standpoint. The scenarios include a crowd of simulated actors: network devices, hardware devices, software applications, protocols, users, etc. A novel characteristic of this tool is to simulate vulnerabilities (including 0-days) and exploits, allowing an attacker to compromise machines and use them as pivoting stones to continue the attack. A user can test and modify complex scenarios, with several interconnected networks, where the attacker has no initial connectivity with the objective of the attack. We give a concise description of this new technology, and its possible uses in the security research field, such as pentesting training, study of the impact of 0-days vulnerabilities, evaluation of security countermeasures, and risk assessment tool.
△ Less
Submitted 9 June, 2010;
originally announced June 2010.
-
Building Computer Network Attacks
Authors:
Ariel Futoransky,
Luciano Notarfrancesco,
Gerardo Richarte,
Carlos Sarraute
Abstract:
In this work we start walking the path to a new perspective for viewing cyberwarfare scenarios, by introducing conceptual tools (a formal model) to evaluate the costs of an attack, to describe the theater of operations, targets, missions, actions, plans and assets involved in cyberwarfare attacks. We also describe two applications of this model: autonomous planning leading to automated penetration…
▽ More
In this work we start walking the path to a new perspective for viewing cyberwarfare scenarios, by introducing conceptual tools (a formal model) to evaluate the costs of an attack, to describe the theater of operations, targets, missions, actions, plans and assets involved in cyberwarfare attacks. We also describe two applications of this model: autonomous planning leading to automated penetration tests, and attack simulations, allowing a system administrator to evaluate the vulnerabilities of his network.
△ Less
Submitted 9 June, 2010;
originally announced June 2010.
