Tesseract: Real-Time Cryptocurrency Exchange Using Trusted Hardware

Authors:
Iddo Bentov

Cornell Tech, New York, NY, USA

Cornell Tech, New York, NY, USA
View Profile

,
Yan Ji

Cornell Tech, New York, NY, USA

Cornell Tech, New York, NY, USA
View Profile

,
Fan Zhang

Cornell Tech, New York, NY, USA

Cornell Tech, New York, NY, USA
View Profile

,
Lorenz Breidenbach

ETH Zürich & Cornell Tech, Zurich, Swaziland

ETH Zürich & Cornell Tech, Zurich, Swaziland
View Profile

,
Philip Daian

Cornell Tech, New York, NY, USA

Cornell Tech, New York, NY, USA
View Profile

,
Ari Juels

Cornell Tech, New York, NY, USA

Cornell Tech, New York, NY, USA
View Profile

CCS '19: Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications SecurityNovember 2019Pages 1521–1538https://doi.org/10.1145/3319535.3363221

Published:06 November 2019Publication History

CCS '19: Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security

Pages 1521–1538

ABSTRACT

We propose Tesseract, a secure real-time cryptocurrency exchange service. Existing centralized exchange designs are vulnerable to theft of funds, while decentralized exchanges cannot offer real-time cross-chain trades. All currently deployed exchanges are also vulnerable to frontrunning attacks. Tesseract overcomes these flaws and achieves a best-of-both-worlds design by using a trusted execution environment. The task of committing the recent trade data to independent cryptocurrency systems presents an all-or-nothing fairness problem, to which we present ideal theoretical solutions, as well as practical solutions. Tesseract supports not only real-time cross-chain cryptocurrency trades, but also secure tokenization of assets pegged to cryptocurrencies. For instance, Tesseract-tokenized bitcoins can circulate on the Ethereum blockchain for use in smart contracts. We provide a demo implementation of Tesseract that supports Bitcoin, Ethereum, and similar cryptocurrencies.

Supplemental Material

p1521-ji.webm

webm

115.1 MB

Download

References

Hamza Abusalah, Joël Alwen, Bram Cohen, Danylo Khilko, Krzysztof Pietrzak, and Leonid Reyzin. 2017. Beyond Hellman's Time-Memory Trade-Offs with Applications to Proofs of Space. In 23rd ASIACRYPT.Google Scholar
Alexey Akhunov. [n.d.]. https://github.com/ledgerwatch/eth_state/.Google Scholar
Ittai Anati, Shay Gueron, Simon Johnson, and Vincent Scarlata. 2013. Innovative Technology for CPU Based Attestation and Sealing. In HASP'13. 1--7. https://doi.org/10.1.1.405.8266Google Scholar
Gavin Andresen. [n.d.]. P2SH. https://github.com/bitcoin/bips/blob/master/bip-0016.mediawiki.Google Scholar
M. Andrychowicz, S. Dziembowski, D. Malinowski, and L. Mazurek. 2014a. Fair Two-Party Computations via Bitcoin Deposits. In FC.Google Scholar
M. Andrychowicz, S. Dziembowski, D. Malinowski, and L. Mazurek. 2014b. Secure Multiparty Computations on Bitcoin. In IEEE S&P.Google Scholar
Sarah Azouvi, Patrick McCorry, and Sarah Meiklejohn. [n.d.]. Betting on Blockchain Consensus with Fantomette. https://arxiv.org/abs/1805.06786.Google Scholar
Moshe Babaioff, Shahar Dobzinski, Sigal Oren, and Aviv Zohar. 2012. On Bitcoin and red balloons. In ACM Conference on Electronic Commerce. 56--73.Google ScholarDigital Library
Adam Back. 2013. $O(2^80)$ theoretical attack on P2SH. https://bitcointalk.org/index.php?topic=323443.0.Google Scholar
Clare Baldwin. [n.d.]. http://www.reuters.com/article/us-bitfinex-hacked-hongkong-idUSKCN10E0KP.Google Scholar
Andrew Barisser. 2015. https://medium.com/on-banking/high-frequency-trading-on-the-coinbase-exchange-f804c80f507b.Google Scholar
Massimo Bartoletti and Livio Pompianu. 2017. An analysis of Bitcoin OP_RETURN metadata. In FC. https://arxiv.org/abs/1702.01024.Google Scholar
Jethro Beekman. 2014. A Denial of Service Attack against Fair Computations using Bitcoin Deposits. https://eprint.iacr.org/2014/911.Google Scholar
Juan Benet. [n.d.]. https://ipfs.io/.Google Scholar
Iddo Bentov, Ariel Gabizon, and Alex Mizrahi. 2016. Cryptocurrencies without Proof of Work. In Financial Cryptography Bitcoin Workshop.Google ScholarCross Ref
Iddo Bentov, Yan Ji, Fan Zhang, Lorenz Breidenbach, Philip Daian, and Ari Juels. 2017a. Full Technical Report, Tesseract: Real-Time Cryptocurrency Exchange Using Trusted Hardware. https://eprint.iacr.org/2017/1153.Google Scholar
Iddo Bentov, Ranjit Kumaresan, and Andrew Miller. [n.d.] a. Instantaneous Decentralized Poker. In Asiacrypt 2017.Google ScholarCross Ref
Iddo Bentov, Charles Lee, Alex Mizrahi, and Meni Rosenfeld. [n.d.] b. Proof of activity: extending Bitcoin's proof of work via proof of stake. In NetEcon 2014.Google Scholar
Iddo Bentov, Alex Mizrahi, and Meni Rosenfeld. 2017b. Decentralized Prediction Market without Arbiters. In Financial Cryptography 4th Bitcoin Workshop.Google ScholarCross Ref
Iddo Bentov, TierNolan, et al. 2013. Atomic transfers. https://bitcointalk.org/index.php?topic=193281.msg2224949#msg2224949.Google Scholar
Daniel J. Bernstein, Tanja Lange, and Peter Schwabe. [n.d.]. The Security Impact of a New Cryptographic Library. In LATINCRYPT 2012.Google ScholarDigital Library
Bitcoin developers. 2019. Segregated Witness. https://en.bitcoin.it/wiki/Segregated_Witness.Google Scholar
Daniel G Brown. 2011. How I wasted too long finding a concentration inequality for sums of geometric variables. https://cs. uwaterloo. ca/browndg/negbin. pdf.Google Scholar
Benedikt Bünz, Lucianna Kiffer, Loi Luu, and Mahdi Zamani. [n.d.]. Flyclient: Super-Light Clients for Cryptocurrencies. https://eprint.iacr.org/2019/226.Google Scholar
CryptoAsset Market Capitalizations. [n.d.]. https://coinmarketcap.com/assets/.Google Scholar
Clark, Bonneau, Felten, Kroll, Andrew Miller, and Narayanan. 2014. On Decentralizing Prediction Markets and Order Books. In WEIS.Google Scholar
K. Croman, C. Decker, I. Eyal, A. Gencer, A. Juels, A. Kosba, A. Miller, P. Saxena, E. Shi, E. Sirer, D. Song, and R. Wattenhofer. 2016. On Scaling Decentralized Blockchains. In FC Bitcoin Workshop.Google Scholar
Leslie Culbertson. [n.d.]. https://newsroom.intel.com/editorials/protecting-our-customers-through-lifecycle-security-threats.Google Scholar
Philip Daian, Steven Goldfeder, Tyler Kell, Yunqi Li, Xueyuan Zhao, Iddo Bentov, Lorenz Breidenbach, and Ari Juels. [n.d.]. Flash Boys 2.0: Frontrunning, Transaction Reordering, and Consensus Instability in Decentralized Exchanges.Google Scholar
Phil Daian, Rafael Pass, and Elaine Shi. 2019. Snow White: Robustly Reconfigurable Consensus and Applications to Provably Secure Proofs of Stake. FC.Google Scholar
Allen Day and Colin Bookman. 2018. Bitcoin in BigQuery: blockchain analytics on public data. https://cloud.google.com/blog/products/gcp/bitcoin-in-bigquery-blockchain-analytics-on-public-data.Google Scholar
Christian Decker and Roger Wattenhofer. 2015. A Fast and Scalable Payment Network with Bitcoin Duplex Micropayment Channels. In 17th SSS.Google Scholar
Desmedt and Frankel. 1989. Threshold Cryptosystems. In CRYPTO.Google Scholar
Roger Dingledine, Nick Mathewson, and Paul F. Syverson. 2004. Tor: The Second-Generation Onion Router. In 13th Usenix Security.Google Scholar
dree12 (pseudonym). [n.d.]. List of Major Bitcoin Heists, Thefts, Hacks, Scams, and Losses. https://bitcointalk.org/index.php?topic=576337.Google Scholar
Devdatt P. Dubhashi and Alessandro Panconesi. 2009. Concentration of Measure for the Analysis of Randomized Algorithms. Cambridge Uni. Press.Google Scholar
Tuyet Duong, Lei Fan, Thomas Veale, and Hong-Sheng Zhou. [n.d.]. Securing Bitcoin-like Backbone Protocols against a Malicious Majority of Computing Power., Vol. 2016 ( [n.,d.]). http://eprint.iacr.org/2016/716Google Scholar
Stefan Dziembowski, Sebastian Faust, Vladimir Kolmogorov, and Krzysztof Pietrzak. 2015. Proofs of Space. In CRYPTO.Google Scholar
Ben A. Fisch, Dhinakaran Vinayagamurthy, Dan Boneh, and Sergey Gorbunov. 2017. Iron: Functional Encryption using Intel SGX.Google Scholar
Juan Garay, Aggelos Kiayias, and Nikos Leonardos. 2015. The Bitcoin Backbone Protocol: Analysis and Applications. In Eurocrypt.Google Scholar
Rosario Gennaro, Steven Goldfeder, and Arvind Narayanan. 2016. Threshold-Optimal DSA/ECDSA Signatures. In 14th ACNS.Google Scholar
Arthur Gervais and Rami Khalil. 2018. The Liquidity Network. https://liquidity.network/whitepaper_Liquidity_Network.pdf.Google Scholar
Yossi Gilad, Rotem Hemo, Silvio Micali, Georgios Vlachos, and Nickolai Zeldovich. 2017. Algorand: Scaling Byzantine Agreements for Cryptocurrencies. In 26th Symposium on Operating Systems Principles.Google ScholarDigital Library
Sharon Goldberg, Ethan Heilman, and other. 2018. Arwen. https://www.arwen.io/.Google Scholar
BitFury Group. 2015. http://bitfury.com/content/5-white-papers-research/pos-vs-pow-1.0.2.pdf.Google Scholar
Ethan Heilman, Leen Alshenibr, Foteini Baldimtsi, Alessandra Scafuro, and Sharon Goldberg. 2017. TumbleBit. In NDSS. https://eprint.iacr.org/2016/575.Google Scholar
Ethan Heilman, Alison Kendler, Aviv Zohar, and Sharon Goldberg. 2015. Eclipse Attacks on Bitcoin's Peer-to-Peer Network. In 24th Usenix Security.Google Scholar
Maurice Herlihy. 2018. Atomic Cross-Chain Swaps. In PODC.Google Scholar
Matthew Hoekstra, Reshma Lal, Pradeep Pappachan, Vinay Phegade, and Juan Del Cuvillo. 2013. Hasp, http://dl.acm.org/citation.cfm?doid=2487726.2488370.Google Scholar
SP Johnson, VR Scarlata, C Rozas, E Brickell, and F Mckeen. 2016. https://software.intel.com/en-us/blogs/2016/03/09/intel-sgx-epid-provisioning-and-attestation-services.Google Scholar
Keystone. [n.d.]. https://keystone-enclave.org/.Google Scholar
Rami Khalil, Arthur Gervais, and Guillaume Felley. [n.d.]. TEX - A Securely Scalable Trustless Exchange. https://eprint.iacr.org/2019/265.Google Scholar
Aggelos Kiayias, Ioannis Konstantinou, Alexander Russell, Bernardo David, and Roman Oliynykov. 2017a. Ouroboros: A Provably Secure Proof-of-Stake Blockchain Protocol. In CRYPTO.Google Scholar
Aggelos Kiayias, Andrew Miller, and Dionysis Zindros. 2017b. Non-interactive proofs of proof-of-work. https://eprint.iacr.org/2017/963.Google Scholar
Aggelos Kiayias, Hong-Sheng Zhou, and Vassilis Zikas. 2015. Fair and Robust Multi-Party Computation using a Global Transaction Ledger. In Eurocrypt.Google Scholar
Sophie Knight. [n.d.]. http://www.reuters.com/article/us-bitcoin-mtgox-wallet-idUSBREA2K05N20140321.Google Scholar
Johnson Lau. [n.d.]. https://github.com/jl2012/bips/blob/vault/bip-0VVV.mediawiki.Google Scholar
Joshua Lind, Ittay Eyal, Florian Kelbert, Oded Naor, Peter R. Pietzuch, and Emin Gü n Sirer. 2018. Teechain. In 11th SYSTOR.Google Scholar
Loi Luu and Yaron Velner. 2017. KyberNetwork White Paper. https://kyber.network/assets/KyberNetworkWhitepaper.pdf.Google Scholar
mappum (pseudonym). 2015. Mercury -- Fully trustless cryptocurrency exchange. https://bitcointalk.org/index.php?topic=946174.0.Google Scholar
Sinisa Matetic, Mansoor Ahmed, Kari Kostiainen, Aritra Dhar, David Sommer, Arthur Gervais, Ari Juels, and Srdjan Capkun. 2017. ROTE. http://eprint.iacr.org/2017/048.Google Scholar
McCorry, Heilman, and Miller. [n.d.]. Atomically Trading with Roger: Gambling on the success of a hardfork. http://eprint.iacr.org/2017/694.Google Scholar
Patrick McCorry, Malte Möser, Siamak Fayyaz Shahandashti, and Feng Hao. 2016. Towards Bitcoin Payment Networks. In ACISP.Google Scholar
McKeen, Alexandrovich, Berenzon, Rozas, Shafi, Shanbhogue, and Savagaonkar. 2013. Innovative instructions and software model for isolated execution. In HASP.Google Scholar
Robert McMillan. 2013. $1.2M Hack Shows Why You Should Never Store Bitcoins on the Internet. https://www.wired.com/2013/11/inputs/.Google Scholar
Danielle Meegan. [n.d.]. https://www.ethnews.com/relay-attack-leads-to-etc-loss-on-ethereum-exchange.Google Scholar
Andrew Miller. 2016. Provable Security for Cryptocurrencies. Ph.D. Dissertation. University of Maryland, College Park.Google Scholar
Tal Moran and Ilan Orlov. 2019. Rational Proofs of Space-Time. Crypto (2019).Google Scholar
Sebastian Muller, Franziska Brecht, Benjamin Fabian, Steffen Kunz, and Dominik Kunze. 2012. Distributed performance measurement and usability assessment of the tor anonymization network. In Future Internet, Vol. 4(2). 488--513.Google ScholarCross Ref
Satoshi Nakamoto. 2008. Bitcoin: A peer-to-peer electronic cash system. (2008).Google Scholar
Satoshi Nakamoto. 2010. https://bitcointalk.org/index.php?topic=1786.msg22119#msg22119.Google Scholar
Chia Network. 2018. https://chia.network/.Google Scholar
NIST. 2018. https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800--90B.pdf.Google Scholar
Sunoo Park, Krzysztof Pietrzak, Albert Kwon, Joël Alwen, Georg Fuchsbauer, and Peter Gazi. 2015. Spacemint: A Cryptocurrency Based on Proofs of Space. IACR Cryptology ePrint Archive, Vol. 2015 (2015), 528. http://eprint.iacr.org/2015/528Google Scholar
Rafael Pass, Lior Seeman, and abhi shelat. 2017a. Analysis of the Blockchain Protocol in Asynchronous Networks. In Eurocrypt.Google Scholar
Rafael Pass, Elaine Shi, and Florian Tramer. 2017b. Formal Abstractions for Attested Execution Secure Processors. In Eurocrypt.Google Scholar
Andrew Poelstra, Adam Back, Mark Friedenbach, Gregory Maxwell, and Pieter Wuille. 2017. Confidential Assets. In FC Bitcoin Workshop.Google Scholar
Poon and Dryja. [n.d.]. https://lightning.network/lightning-network-paper.pdf.Google Scholar
Portela, Barbosa, Scerri, Warinschi, Bahmani, Brasser, and Sadeghi. 2017. Secure Multiparty Computation from SGX. In FC.Google Scholar
Portnoy and Eckersley. [n.d.]. https://www.eff.org/deeplinks/2017/05/intels-management-engine-security-hazard-and-users-need-way-disable-it.Google Scholar
profitgenerator. 2017. EtherDelta. https://steemit.com/ethereum/@profitgenerator/etherdelta-decentralized-token-exchange.Google Scholar
Meni Rosenfeld. 2012. Colored Coins. https://bitcoil.co.il/files/Colored%20Coins.pdf and https://bitcoil.co.il/BitcoinX.pdf.Google Scholar
Meni Rosenfeld. 2014. http://arxiv.org/abs/1402.2009.Google Scholar
Tim Ruffing, Pedro Moreno-Sanchez, and Aniket Kate. 2017. P2P Mixing and Unlinkable Bitcoin Transactions. In NDSS 2017.Google ScholarCross Ref
Fabian Schuh and Daniel Larimer. [n.d.]. BitShares. https://bravenewcoin.com/assets/Whitepapers/bitshares-financial-platform.pdf.Google Scholar
Felix Schuster, Manuel Costa, Cédric Fournet, Christos Gkantsidis, Marcus Peinado, Gloria Mainar-Ruiz, and Mark Russinovich. 2015. VC3. In IEEE S&P.Google Scholar
ShapeShift. [n.d.]. https://shapeshift.io/.Google Scholar
Spacemesh. [n.d.]. https://spacemesh.io/.Google Scholar
Tony Spilotro. 2018. Only 4 Crypto Exchanges Have 100,000Google Scholar
Active Users. https://www.newsbtc.com/2018/12/12/crypto-exchanges-active-users/.Google Scholar
Raoul Strackx and Frank Piessens. 2016. Ariadne: A Minimal Approach to State Continuity. In 25th USENIX Security.Google Scholar
Paul Sztorc. 2015. http://www.truthcoin.info/blog/bitusd/.Google Scholar
Todd. [n.d.]. https://github.com/bitcoin/bips/blob/master/bip-0065.mediawiki.Google Scholar
Florian Tramer, Fan Zhang, Huang Lin, Jean-Pierre Hubaux, Ari Juels, and Elaine Shi. 2017. Sealed-Glass Proofs. In Euro S&P.Google Scholar
Muoi Tran, Loi Luu, Min Suk Kang, Iddo Bentov, and Prateek Saxena. 2018. Obscuro: A Secure and Anonymous Bitcoin Mixer using SGX. In ACSAC.Google Scholar
Jo Van Bulck, Marina Minkin, Ofir Weisse, Daniel Genkin, Baris Kasikci, Frank Piessens, Mark Silberstein, Thomas F. Wenisch, Yuval Yarom, and Raoul Strackx. 2018. Foreshadow: Extracting the Keys to the Intel SGX Kingdom with Transient Out-of-order Execution. In USENIX.Google Scholar
Warren and Bandeali. [n.d.]. https://0xproject.com/pdfs/0x_white_paper.pdf.Google Scholar
Pieter Wuille et al. [n.d.] a. https://bitcoincore.org/en/2017/03/23/schnorr-signature-aggregation/.Google Scholar
Pieter Wuille, Gregory Maxwell, et al. [n.d.] b. https://github.com/bitcoin-core/secp256k1.Google Scholar
Xu, Cui, and Peinado. 2015. Controlled-channel attacks: Deterministic side channels for untrusted operating systems. In IEEE S&P.Google Scholar
Joseph Young. [n.d.]. https://www.newsbtc.com/2017/11/10/54991/.Google Scholar
Joseph Young. 2016. https://cointelegraph.com/news/china-imposes-new-capital-controls-bitcoin-price-optimistic.Google Scholar
Alexei Zamyatin, Dominik Harz, Joshua Lind, Panayiotis Panayiotou, Arthur Gervais, and William J. Knottenbelt. [n.d.]. XCLAIM: Trustless, Interoperable Cryptocurrency-Backed Assets. https://eprint.iacr.org/2018/643.Google Scholar
Fan Zhang, Ethan Cecchetti, Kyle Croman, Ari Juels, and Elaine Shi. 2016. Town Crier: An Authenticated Data Feed for Smart Contracts. In CCS.Google ScholarDigital Library
Fengwei Zhang and Hongwei Zhang. 2016. SoK: A Study of Using Hardware-assisted Isolated Execution Environments for Security (HASP).Google Scholar
ZIP143. [n.d.]. https://github.com/zcash/zips/blob/master/zip-0143.rst.Google Scholar

Index Terms

Tesseract: Real-Time Cryptocurrency Exchange Using Trusted Hardware
1. Security and privacy

Recommendations

Town Crier: An Authenticated Data Feed for Smart Contracts
CCS '16: Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security

Smart contracts are programs that execute autonomously on blockchains. Their key envisioned uses (e.g. financial instruments) require them to consume data from outside the blockchain (e.g. stock quotes). Trustworthy data feeds that support a broad range ...
Read More
Determinants of Cryptocurrency Exchange Adoption: A Conceptual Model

Cryptocurrencies have become a global phenomenon, and the number of registered users of cryptocurrency exchange platforms has grown worldwide. However, only a small number of the registered users are active users that engage in actual transactions. In ...
Read More
Adapting Tesseract for Complex Scripts: An Example for Urdu Nastalique
SBES '13: Proceedings of the 2013 27th Brazilian Symposium on Software Engineering

Tesseract engine supports multilingual text recognition. However, the recognition of cursive scripts using Tesseract is a challenging task. In this paper, Tesseract engine is analyzed and modified for the recognition of Nastalique writing style for Urdu ...
Read More

Comments

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

Published in
CCS '19: Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security
November 2019
2755 pages
ISBN:9781450367479
DOI:10.1145/3319535
General Chairs:
Lorenzo Cavallaro
King's College London, UK
,
Johannes Kinder
Bundeswehr University Munich, Germany
,
Program Chairs:
XiaoFeng Wang
Indiana University, USA
,
Jonathan Katz
George Mason University, USA
Copyright © 2019 ACM
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]
Sponsors
In-Cooperation
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
- Published: 6 November 2019
Permissions
Request permissions about this article.
Request Permissions

Check for updates
Author Tags
cryptocurrency exchanges
frontrunning
trusted hardware
Qualifiers
- research-article
Conference

Acceptance Rates
CCS '19 Paper Acceptance Rate149of934submissions,16%Overall Acceptance Rate1,261of6,999submissions,18%
More
Upcoming Conference
CCS '24

Sponsor:

sigsac

ACM SIGSAC Conference on Computer and Communications Security

October 14 - 18, 2024

Salt Lake City , UT , USA
Funding Sources
Other Metrics
View Article Metrics

Article Metrics
- 69
  Total Citations
  View Citations
- 3,012
  Total Downloads
- Downloads (Last 12 months)515
- Downloads (Last 6 weeks)52
Other Metrics
View Author Metrics
Cited By
View all

PDF Format

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Tesseract: Real-Time Cryptocurrency Exchange Using Trusted Hardware

CCS '19: Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security

ABSTRACT

Supplemental Material

References

Cited By

Index Terms

Recommendations

Town Crier: An Authenticated Data Feed for Smart Contracts

Determinants of Cryptocurrency Exchange Adoption: A Conceptual Model

Adapting Tesseract for Complex Scripts: An Example for Urdu Nastalique