A few weeks ago, Arbitrary Execution made the trip to California for San Francisco Blockchain Week 2022. We attended several events during the week, the first being the Crypto Economics Security Conference (CESC).
CESC
CESC is hosted by the Berkeley Center for Responsible Decentralized Intelligence (RDI). Papers presented at the conference spanned topics including Cryptography, Zero Knowledge Proofs, Scalability/Consensus, DeFi & DAOs, Security, Privacy, and Crypto-Economics. Here are some of our favorite talks from the event.
Ratel: MPC-Extensions for Smart Contracts
Yunqi Li (UIUC); Kyle Soska (UIUC); Sylvain Bellemare (IC3); Mikerah Quintyne-Collins (Hashcloak); Zhen Huang (SJTU); Lun Wang (UC Berkeley); Amit Agarwal (UIUC); Dawn Song (UC Berkeley); Andrew Miller (University of Illinois at Urbana-Champaign)
This talk unveiled the Ratel system, which is a platform for building privacy preserving applications that use Multi-Party Computation (MPC). Alongside the MPC committee for handling secret shared state, the Ratel system uses an EVM-compatible blockchain for orchestration and applications. Developers building on Ratel use a single language to write their smart contracts, and the Ratel compiler generates the Solidity and MPC code to run on the different system components.
History of ZK
Shafi Goldwasser (UC Berkeley)
We can’t think of a better speaker to recount the last ~40 years of research in the ZK space than the co-inventor herself! Shafi walked us through the history of ZK starting back at her time at Berkeley as a graduate student. The talk left us with a reading list of the papers that shaped ZK including Mental Poker, Probabilistic Encryption, Probabilistic Encryption & How to Play Mental Poker Keeping Secret All Partial Information, and The Knowledge Complexity of Interactive Proof Systems.
Real-world Proof Systems: a Revolution in Computing
Dan Boneh (Stanford University)
We’re huge fans of Dan Boneh’s ZK Whiteboard sessions, so it was exciting to see him speak in person. Dan discussed current and future applications of proof systems, with a focus on SNARKs. Blockchain-specific applications were covered such as zkRollups, zkBridges, and zkTaxes. For non-blockchain applications, he discussed using SNARKs with c2pa signatures to verify source photographs after they have been resized, cropped, or turned to grayscale. His talk left us wondering what sort of marketplaces will emerge for zero-knowledge provers as more and more projects adopt the technology, and users look to put their hardware to good use.
System of a DAO: Legal Entity Frameworks
David Kerr (DAO Research Collective)
David talked about US legal entity structuring for DAOs. He outlined different categories that DAOs fall into, and which legal entities make sense for those categories. We learned about an entity called a UNA, an unincorporated nonprofit association. While only 19 jurisdictions have adopted the UNA (compared to universal adoption of the LLC), it has properties that make it a potential pathway for DAOs that want to remain tax-compliant but keep their member list private.
A Study of Inline Assembly in Solidity Smart Contracts
Stefanos Chaliasos (Imperial College London); Arthur Gervais (University College London); Ben Livshits (Imperial College London)
This paper presented a quantitative study of inline assembly used in smart contracts deployed on the Ethereum blockchain. Of the 6.8 million contracts analyzed, the authors found that 23% contained inline assembly. Assembly use was further broken down into different categories to understand why developers are using it in the first place. What were some of the common use-cases?
- Using single assembly opcodes to obtain information unavailable in Solidity (assembly { size := extcodesize(account) })
- Deserialization of data
- String, bytes, and math libraries
- Proxy patterns
- Error handling (see OZ’s Address contract)
A Systematic Study of Recent Smart Contract Security Vulnerabilities
Zhuo Zhang (Purdue University); Brian Zhang (Harrison High School (Tippecanoe)); Wen Xu (PNM Labs); Zhiqiang Lin (Ohio State University)
The authors of this paper aimed to better understand the effectiveness of existing techniques to find real-world vulnerabilities, and what categories of bugs cannot be identified with existing tooling. To gather a dataset, they scraped Code4rena contest findings and real-world hacks that occurred from Jan 2022 - June 2022. Their paper is still in review, so we are very excited for this one to get published.
There were too many other great talks to list here, so we highly encourage you to check out the event livestreams yourself! The CESC website has the full schedule and livestream links.
All the new research in this space has us buzzing with excitement. We’re looking forward to doing more research of our own and helping protocols stay secure into the new year. If your team or protocol would like to work with us, don’t hesitate to reach out to us at info@arbitraryexecution.com.
