报告人：Ivan Homoliak

报告地点：淦昌苑D座413、腾讯会议99285637711

报告时间：2023-12-14 14:00-16:00

报告题目1：Crypto-wallets and SmartOTPs

报告简介：We begin by briefly introducing the security architecture for blockchains, focusing on the application layer category. We will look in more detail at the sub-category of crypto-wallets. For this sub-category we will summarize the state-of-the-art, present a proposed classification of crypto-wallets distinguishing authentication against the blockchain and against authentication factors, and show its application to approaches proposed in the literature but also to commercial crypto-wallet products. We then discuss our proposed SmartOTPs approach - a two-factor authentication scheme for crypto-wallets using one-time passwords (OTPs). We first define the problem and the attacker model and then analyze existing approaches and options for solving the defined problem, including their advantages and disadvantages in terms of the size of the data transferred and security properties. We then present the proposed SmartOTPs in their basic and extended versions - protocols for initialization and operation. Then, we introduce the SmartOTPs crypto-wallet extension, describe the full implementation and the results obtained in terms of cost and its optimization. We will also present the hardware implementation on the ESP8266 and its features and price. We then describe the formal security analysis of SmartOTPs and the different types of attackers with a resistance analysis. Finally, we describe the implications when using SmartOTPs on different types of consensus protocols, where we also mention our proposed StrongChain.

报告题目2：Electronic voting in blockchains, BBB-Voting, SB-Vote and Always-on-Voting

报告简介：We start by briefly introducing the security architecture for blockchains and the application layer categories. We will look in detail at the sub-category of electronic voting, where we discuss relevant properties in terms of security, privacy, and other voting properties. For this category, we summarize the state-of-the-art and extend the existing classification of electronic voting in blockchains. We then discuss our proposed BBB-Voting approach, representing conference voting in blockchains, which is based on two existing voting protocols and allows voting for 2 or more options. We start by defining the attacker model and assumptions. We then introduce the protocol and the basic BBB-Voting scheme, which we then extend to include robustness. We then present two full implementations and experiments including various proposed optimizations leading to on-chain cost savings as well as increased processing throughput. We compare the results to a competing Open Voting Network approach. We then perform a security analysis of the proposed solution as well as describe the satisfaction of various properties of electronic voting. We then discuss and outline the scalability in terms of the number of participants while maintaining the integrity of the on-chain smart contract data. We implement this variant in our next work, SB-Vote, where we test electronic voting on several different smart contract-enabled blockchains, including a second-level (L2) blockchain, and demonstrate that our approach can be used for millions of users. In the last part of the talk, we discuss our proposed approaches for repeated voting in Always-on-Voting (AoV) blockchains, which address the problems of peek-end-effect and granularity of the periods between votes. We will introduce the attacker model and the goals we want to achieve. We then introduce AoV and the techniques it uses. We then perform a security analysis and discussion in terms of incentive schemes, pluggable voting protocols, changing candidate lists, and the use of different types of blockchains.

个人简介：

Ivan is a Research Scientist at Brno University of Technology in Czech Republic and currently focuses on the research in various blockchain-based areas, such as 2nd layer ledgers, e-voting, CBDC, applied trusted comping, security & performance of consensus protocols, and system security in general. Before that, Ivan worked at SUTD on various projects focusing on the security of blockchains and insider threat detection. Ivan has a Ph.D. in the area of adversarial intrusion detection in network traffic from Brno University of Technology, Faculty of Information Technology (BUT FIT).

邀请人：李增鹏

审核人：魏普文