Document Open Access Logo

F3B: A Low-Overhead Blockchain Architecture with Per-Transaction Front-Running Protection

Authors Haoqian Zhang, Louis-Henri Merino, Ziyan Qu, Mahsa Bastankhah, Vero Estrada-Galiñanes, Bryan Ford



PDF
Thumbnail PDF

File

LIPIcs.AFT.2023.3.pdf
  • Filesize: 0.92 MB
  • 23 pages

Document Identifiers

Author Details

Haoqian Zhang
  • École Polytechnique Fédérale de Lausanne, Switzerland
Louis-Henri Merino
  • École Polytechnique Fédérale de Lausanne, Switzerland
Ziyan Qu
  • École Polytechnique Fédérale de Lausanne, Switzerland
Mahsa Bastankhah
  • École Polytechnique Fédérale de Lausanne, Switzerland
Vero Estrada-Galiñanes
  • École Polytechnique Fédérale de Lausanne, Switzerland
Bryan Ford
  • École Polytechnique Fédérale de Lausanne, Switzerland

Acknowledgements

The authors wish to thank Cristina Basescu, Pasindu Nivanthaka Tennage, Pierluca Borsò-Tan, and Simone Colombo for their extremely helpful comments and suggestions and especially thank Shufan Wang for prototyping F3B on the Ethereum blockchain.

Cite AsGet BibTex

Haoqian Zhang, Louis-Henri Merino, Ziyan Qu, Mahsa Bastankhah, Vero Estrada-Galiñanes, and Bryan Ford. F3B: A Low-Overhead Blockchain Architecture with Per-Transaction Front-Running Protection. In 5th Conference on Advances in Financial Technologies (AFT 2023). Leibniz International Proceedings in Informatics (LIPIcs), Volume 282, pp. 3:1-3:23, Schloss Dagstuhl - Leibniz-Zentrum für Informatik (2023)
https://doi.org/10.4230/LIPIcs.AFT.2023.3

Abstract

Front-running attacks, which benefit from advanced knowledge of pending transactions, have proliferated in the blockchain space since the emergence of decentralized finance. Front-running causes devastating losses to honest participants and continues to endanger the fairness of the ecosystem. We present Flash Freezing Flash Boys (F3B), a blockchain architecture that addresses front-running attacks by using threshold cryptography. In F3B, a user generates a symmetric key to encrypt their transaction, and once the underlying consensus layer has finalized the transaction, a decentralized secret-management committee reveals this key. F3B mitigates front-running attacks because, before the consensus group finalizes it, an adversary can no longer read the content of a transaction, thus preventing the adversary from benefiting from advanced knowledge of pending transactions. Unlike other mitigation systems, F3B properly ensures that all unfinalized transactions, even with significant delays, remain private by adopting per-transaction protection. Furthermore, F3B addresses front-running at the execution layer; thus, our solution is agnostic to the underlying consensus algorithm and compatible with existing smart contracts. We evaluated F3B on Ethereum with a modified execution layer and found only a negligible (0.026%) increase in transaction latency, specifically due to running threshold decryption with a 128-member secret-management committee after a transaction is finalized; this indicates that F3B is both practical and low-cost.

Subject Classification

ACM Subject Classification
  • Security and privacy → Distributed systems security
Keywords
  • Blockchain
  • DeFi
  • Front-running Mitigation

Metrics

  • Access Statistics
  • Total Accesses (updated on a weekly basis)
    0
    PDF Downloads

References

  1. Nasdaq: Front running. https://www.nasdaq.com/glossary/f/front-running, 2018. Accessed: 2022-04-17.
  2. Prashant Ankalkoti and SG Santhosh. A relative study on bitcoin mining. Imperial Journal of Interdisciplinary Research (IJIR), 3(5):1757-1761, 2017. Google Scholar
  3. Avi Asayag, Gad Cohen, Ido Grayevsky, Maya Leshkowitz, Ori Rottenstreich, Ronen Tamari, and David Yakira. Helix: A scalable and fair consensus algorithm resistant to ordering manipulation. Cryptology ePrint Archive, 2018. Google Scholar
  4. Carsten Baum, James Hsin-yu Chiang, Bernardo David, Tore Kasper Frederiksen, and Lorenzo Gentile. Sok: Mitigation of front-running in decentralized finance. Cryptology ePrint Archive, 2021. Google Scholar
  5. Joseph Bebel and Dev Ojha. Ferveo: Threshold decryption for mempool privacy in bft networks. Cryptology ePrint Archive, 2022. Google Scholar
  6. Iddo Bentov, Yan Ji, Fan Zhang, Lorenz Breidenbach, Philip Daian, and Ari Juels. Tesseract: Real-time cryptocurrency exchange using trusted hardware. In Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security, pages 1521-1538, 2019. Google Scholar
  7. Dan Bernhardt and Bart Taub. Front-running dynamics. Journal of Economic Theory, 138(1):288-296, 2008. Google Scholar
  8. Daniel J Bernstein, Mike Hamburg, Anna Krasnova, and Tanja Lange. Elligator: elliptic-curve points indistinguishable from uniform random strings. In Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security, pages 967-980, 2013. Google Scholar
  9. Blocks, 2022. Accessed: 2022-10-03. URL: https://ethereum.org/en/developers/docs/blocks.
  10. Dan Boneh, Joseph Bonneau, Benedikt Bünz, and Ben Fisch. Verifiable delay functions. In Annual international cryptology conference, pages 757-788. Springer, 2018. Google Scholar
  11. Lorenz Breidenbach, Phil Daian, Florian Tramèr, and Ari Juels. Enter the hydra: Towards principled bug bounties and Exploit-Resistant smart contracts. In 27th USENIX Security Symposium (USENIX Security 18), pages 1335-1352, 2018. Google Scholar
  12. Eric Chen and Albert Chon. Injective protocol: A collision resistant decentralized exchange protocol [White paper], 2018. URL: https://coinpare.io/whitepaper/injective-protocol.pdf.
  13. Michele Ciampi, Muhammad Ishaq, Malik Magdon-Ismail, Rafail Ostrovsky, and Vassilis Zikas. Fairmm: A fast and frontrunning-resistant crypto market-maker. Cryptology ePrint Archive, 2021. Google Scholar
  14. Coinbase. Coinbase confirmations, 2022(?). Accessed: 2022-03-03. URL: https://help.coinbase.com/en/coinbase/getting-started/crypto-education/glossary/confirmations.
  15. Philip Daian, Steven Goldfeder, Tyler Kell, Yunqi Li, Xueyuan Zhao, Iddo Bentov, Lorenz Breidenbach, and Ari Juels. Flash boys 2.0: Frontrunning in decentralized exchanges, miner extractable value, and consensus instability. In 2020 IEEE Symposium on Security and Privacy (SP), pages 910-927. IEEE, 2020. Google Scholar
  16. N Neha Dalwadi and C Mamta Padole. Comparative study of clock synchronization algorithms in distributed systems. Advances in Computational Sciences and Technology, 10(6):1941-1952, 2017. Google Scholar
  17. dapp.org. Uniswap v2 audit report, 2020. Accessed: 2022-01-22. URL: https://dapp.org.uk/reports/uniswapv2.html.
  18. Defi pulse. URL: https://www.defipulse.com/?time=All.
  19. Dedis ledger architecture. URL: https://github.com/dedis/dela.
  20. Shayan Eskandari, Seyedehmahsa Moosavi, and Jeremy Clark. Sok: Transparent dishonesty: Front-running attacks on blockchain. In Financial Cryptography Workshops, volume 11599 of Lecture Notes in Computer Science, pages 170-189. Springer, 2019. Google Scholar
  21. Gas and fees, 2022. Accessed: 2022-10-03. URL: https://ethereum.org/en/developers/docs/gas/.
  22. Gasper, 2022. Accessed: 2022-10-03. URL: https://ethereum.org/en/developers/docs/consensus-mechanisms/pos/gasper/.
  23. The merge, 2022. Accessed: 2022-10-03. URL: https://ethereum.org/en/upgrades/merge/.
  24. Paul Feldman. A practical scheme for non-interactive verifiable secret sharing. In 28th Annual Symposium on Foundations of Computer Science (sfcs 1987), pages 427-438. IEEE, 1987. Google Scholar
  25. Flashbots protect. URL: https://docs.flashbots.net/flashbots-protect/overview.
  26. Chaya Ganesh, Claudio Orlandi, Daniel Tschudi, and Aviv Zohar. Virtual asics: generalized proof-of-stake mining in cryptocurrencies. In Data Privacy Management, Cryptocurrencies and Blockchain Technology, pages 173-191. Springer, 2021. Google Scholar
  27. Rosario Gennaro, Stanisław Jarecki, Hugo Krawczyk, and Tal Rabin. Secure distributed key generation for discrete-log based cryptosystems. In International Conference on the Theory and Applications of Cryptographic Techniques, pages 295-310. Springer, 1999. Google Scholar
  28. Go. The go programming language, 2009. URL: https://go.dev.
  29. Harry A Kalodner, Miles Carlsten, Paul Ellenbogen, Joseph Bonneau, and Arvind Narayanan. An empirical study of namecoin and lessons for decentralized namespace design. In WEIS. Citeseer, 2015. Google Scholar
  30. Mahimna Kelkar, Soubhik Deb, and Sreeram Kannan. Order-fair consensus in the permissionless setting. Cryptology ePrint Archive, 2021. Google Scholar
  31. Olga Kharif. Cryptokitties mania overwhelms ethereum network’s processing, 2017. URL: https://www.bloomberg.com/news/articles/2017-12-04/cryptokitties-quickly-becomes-most-widely-used-ethereum-app.
  32. Eleftherios Kokoris Kogias, Philipp Jovanovic, Nicolas Gailly, Ismail Khoffi, Linus Gasser, and Bryan Ford. Enhancing bitcoin security and performance with strong consistency via collective signing. In 25th usenix security symposium (usenix security 16), pages 279-296, 2016. Google Scholar
  33. Eleftherios Kokoris-Kogias, Enis Ceyhun Alp, Linus Gasser, Philipp Jovanovic, Ewa Syta, and Bryan Ford. Calypso: Private data management for decentralized ledgers. Cryptology ePrint Archive, 2018. Google Scholar
  34. Kraken. Cryptocurrency deposit processing times, 2022(?). Accessed: 2022-03-03. URL: https://support.kraken.com/hc/en-us/articles/203325283-.
  35. Klaus Kursawe. Wendy, the good little fairness widget: Achieving order fairness for blockchains. In Proceedings of the 2nd ACM Conference on Advances in Financial Technologies, pages 25-36, 2020. Google Scholar
  36. Klaus Kursawe. Wendy grows up: More order fairness. In International Conference on Financial Cryptography and Data Security, pages 191-196. Springer, 2021. Google Scholar
  37. https://github.com/dedis/kyber, 2010 - 2022. URL: https://github.com/dedis/kyber.
  38. Michael Lewis. Flash boys: a Wall Street revolt. WW Norton & Company, 2014. Google Scholar
  39. LibSubmarine. Defeat front-running on ethereum, 2017(?). Accessed: 2022-01-24. URL: https://libsubmarine.org.
  40. Dahlia Malkhi and Pawel Szalachowski. Maximal extractable value (mev) protection on a dag. arXiv preprint arXiv:2208.00940, 2022. Google Scholar
  41. Mev-sgx: A sealed bid mev auction design, 2021. URL: https://ethresear.ch/t/mev-sgx-a-sealed-bid-mev-auction-design/9677.
  42. Edvardas Mikalauskas. 280 million stolen per month from crypto transactions, 2021. Accessed: 2022-02-16. URL: https://cybernews.com/crypto/flash-boys-2-0-front-runners-draining-280-million-per-month-from-crypto-transactions.
  43. Peyman Momeni. Fairblock: Preventing blockchain front-running with minimal overheads. Master’s thesis, University of Waterloo, 2022. Google Scholar
  44. Satoshi Nakamoto. Bitcoin: A peer-to-peer electronic cash system. Decentralized Business Review, page 21260, 2008. Google Scholar
  45. Kirill Nikitin, Ludovic Barman, Wouter Lueks, Matthew Underwood, Jean-Pierre Hubaux, and Bryan Ford. Reducing metadata leakage from encrypted files and communication with purbs. Proceedings on Privacy Enhancing Technologies, 2019(4):6-33, 2019. Google Scholar
  46. Rafael Pass, Lior Seeman, and Abhi Shelat. Analysis of the blockchain protocol in asynchronous networks. In Annual International Conference on the Theory and Applications of Cryptographic Techniques, pages 643-673. Springer, 2017. Google Scholar
  47. Hany Ragab, Alyssa Milburn, Kaveh Razavi, Herbert Bos, and Cristiano Giuffrida. Crosstalk: Speculative data leaks across cores are real. In 2021 IEEE Symposium on Security and Privacy (SP), pages 1852-1867. IEEE, 2021. Google Scholar
  48. Ronald L Rivest, Adi Shamir, and David A Wagner. Time-lock puzzles and timed-release crypto. Technical report, Massachusetts Institute of Technology. Laboratory for Computer Science, 1996. Google Scholar
  49. Eli Ben Sasson, Alessandro Chiesa, Christina Garman, Matthew Green, Ian Miers, Eran Tromer, and Madars Virza. Zerocash: Decentralized anonymous payments from bitcoin. In 2014 IEEE symposium on security and privacy, pages 459-474. IEEE, 2014. Google Scholar
  50. Alexander Savelyev. Contract law 2.0:`smart'contracts as the beginning of the end of classic contract law. Information & communications technology law, 26(2):116-134, 2017. Google Scholar
  51. Markus Schäffer, Monika di Angelo, and Gernot Salzer. Performance and scalability of private ethereum blockchains. In International Conference on Business Process Management. Springer, 2019. Google Scholar
  52. Noah Schmid. Secure causal atomic broadcast, 2021. URL: https://crypto.unibe.ch/archive/theses/2021.bsc.noah.schmid.pdf.
  53. Berry Schoenmakers. A simple publicly verifiable secret sharing scheme and its application to electronic voting. In Annual International Cryptology Conference, pages 148-164. Springer, 1999. Google Scholar
  54. Secret markets: Front running prevention for automated market makers, 2020. URL: https://scrt.network/blog/secret-markets-front-running-prevention.
  55. Adi Shamir. Identity-based cryptosystems and signature schemes. In Workshop on the theory and application of cryptographic techniques, pages 47-53. Springer, 1984. Google Scholar
  56. Victor Shoup and Rosario Gennaro. Securing threshold cryptosystems against chosen ciphertext attack. In International Conference on the Theory and Applications of Cryptographic Techniques, pages 1-16. Springer, 1998. Google Scholar
  57. Combating front-running and malicious mev using threshold cryptography. URL: https://blog.shutter.network.
  58. Shutterized beacon chain. URL: https://ethresear.ch/t/shutterized-beacon-chain/12249.
  59. URL: https://sikka.tech.
  60. Chrysoula Stathakopoulou, Signe Rüsch, Marcus Brandenburger, and Marko Vukolić. Adding fairness to order: Preventing front-running attacks in bft protocols using tees. In 2021 40th International Symposium on Reliable Distributed Systems (SRDS), pages 34-45. IEEE, 2021. Google Scholar
  61. Jo Van Bulck, Marina Minkin, Ofir Weisse, Daniel Genkin, Baris Kasikci, Frank Piessens, Mark Silberstein, Thomas F Wenisch, Yuval Yarom, and Raoul Strackx. Foreshadow: Extracting the keys to the intel SGX kingdom with transient Out-of-Order execution. In 27th USENIX Security Symposium (USENIX Security 18), pages 991-1008, 2018. Google Scholar
  62. Theodore M Wong, Chenxi Wang, and Jeannette M Wing. Verifiable secret redistribution for archive systems. In First International IEEE Security in Storage Workshop, 2002. Proceedings., pages 94-105. IEEE, 2002. Google Scholar
  63. Gavin Wood et al. Ethereum: A secure decentralised generalised transaction ledger. Ethereum project yellow paper, 151(2014):1-32, 2014. Google Scholar
  64. Bin Cedric Xing, Mark Shanahan, and Rebekah Leslie-Hurd. Intelregistered software guard extensions (intelregistered SGX) software support for dynamic memory allocation inside an enclave. Proceedings of the Hardware and Architectural Support for Security and Privacy 2016, pages 1-9, 2016. Google Scholar
  65. Haoqian Zhang, Louis-Henri Merino, Vero Estrada-Galinanes, and Bryan Ford. F3b: A low-latency commit-and-reveal architecture to mitigate blockchain front-running. arXiv preprint arXiv:2205.08529, 2022. Google Scholar
  66. Jan Henrik Ziegeldorf, Roman Matzutt, Martin Henze, Fred Grossmann, and Klaus Wehrle. Secure and anonymous decentralized bitcoin mixing. Future Generation Computer Systems, 80:448-466, 2018. Google Scholar
Questions / Remarks / Feedback
X

Feedback for Dagstuhl Publishing


Thanks for your feedback!

Feedback submitted

Could not send message

Please try again later or send an E-mail