Statistical model checking of randao’s resilience to pre-computed reveal strategies

Musab A. Alturki; Grigore Roşu

doi:10.1007/978-3-030-54994-7_25

Statistical model checking of randao’s resilience to pre-computed reveal strategies

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Abstract

RANDAO is a commit-reveal scheme for generating pseudo-random numbers in a decentralized fashion. The scheme is used in emerging blockchain systems as it is widely believed to provide randomness that is unpredictable and hard to manipulate by maliciously behaving nodes. However, RANDAO may still be susceptible to look-ahead attacks, in which an attacker (controlling a subset of nodes in the network) may attempt to pre-compute the outcomes of (possibly many) reveal strategies, and thus may bias the generated random number to his advantage. In this work, we formally evaluate resilience of RANDAO against such attacks. We first develop a probabilistic model in rewriting logic of RANDAO, and then apply statistical model checking and quantitative verification algorithms (using Maude and PVeStA) to analyze two different properties that provide different measures of bias that the attacker could potentially achieve using pre-computed strategies. We show through this analysis that unless the attacker is already controlling a sizable percentage of nodes while aggressively attempting to maximize control of the nodes selected to participate in the process, the expected achievable bias is quite limited.

Original language	English (US)
Title of host publication	Formal Methods- FM 2019 International Workshops - Revised Selected Papers
Editors	Emil Sekerinski, Nelma Moreira, José N. Oliveira, Daniel Ratiu, Riccardo Guidotti, Marie Farrell, Matt Luckcuck, Diego Marmsoler, José Campos, Troy Astarte, Laure Gonnord, Antonio Cerone, Luis Couto, Brijesh Dongol, Martin Kutrib, Pedro Monteiro, David Delmas
Publisher	Springer
Pages	337-349
Number of pages	13
ISBN (Print)	9783030549930
DOIs	https://doi.org/10.1007/978-3-030-54994-7_25
State	Published - 2020
Event	3rd World Congress on Formal Methods, FM 2019 - Porto, Portugal Duration: Oct 7 2019 → Oct 11 2019

Publication series

Name	Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume	12232 LNCS
ISSN (Print)	0302-9743
ISSN (Electronic)	1611-3349

Conference

Conference	3rd World Congress on Formal Methods, FM 2019
Country/Territory	Portugal
City	Porto
Period	10/7/19 → 10/11/19

Keywords

Blockchain
Maude
RANDAO
Rewriting logic
Statistical model checking

ASJC Scopus subject areas

Theoretical Computer Science
Computer Science(all)

Online availability

10.1007/978-3-030-54994-7_25

Library availability

Discover UIUC Full Text

Cite this

Alturki, M. A., & Roşu, G. (2020). Statistical model checking of randao’s resilience to pre-computed reveal strategies. In E. Sekerinski, N. Moreira, J. N. Oliveira, D. Ratiu, R. Guidotti, M. Farrell, M. Luckcuck, D. Marmsoler, J. Campos, T. Astarte, L. Gonnord, A. Cerone, L. Couto, B. Dongol, M. Kutrib, P. Monteiro, & D. Delmas (Eds.), Formal Methods- FM 2019 International Workshops - Revised Selected Papers (pp. 337-349). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 12232 LNCS). Springer. https://doi.org/10.1007/978-3-030-54994-7_25

Statistical model checking of randao’s resilience to pre-computed reveal strategies. / Alturki, Musab A.; Roşu, Grigore.

Formal Methods- FM 2019 International Workshops - Revised Selected Papers. ed. / Emil Sekerinski; Nelma Moreira; José N. Oliveira; Daniel Ratiu; Riccardo Guidotti; Marie Farrell; Matt Luckcuck; Diego Marmsoler; José Campos; Troy Astarte; Laure Gonnord; Antonio Cerone; Luis Couto; Brijesh Dongol; Martin Kutrib; Pedro Monteiro; David Delmas. Springer, 2020. p. 337-349 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 12232 LNCS).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Alturki, MA & Roşu, G 2020, Statistical model checking of randao’s resilience to pre-computed reveal strategies. in E Sekerinski, N Moreira, JN Oliveira, D Ratiu, R Guidotti, M Farrell, M Luckcuck, D Marmsoler, J Campos, T Astarte, L Gonnord, A Cerone, L Couto, B Dongol, M Kutrib, P Monteiro & D Delmas (eds), Formal Methods- FM 2019 International Workshops - Revised Selected Papers. Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), vol. 12232 LNCS, Springer, pp. 337-349, 3rd World Congress on Formal Methods, FM 2019, Porto, Portugal, 10/7/19. https://doi.org/10.1007/978-3-030-54994-7_25

Alturki MA, Roşu G. Statistical model checking of randao’s resilience to pre-computed reveal strategies. In Sekerinski E, Moreira N, Oliveira JN, Ratiu D, Guidotti R, Farrell M, Luckcuck M, Marmsoler D, Campos J, Astarte T, Gonnord L, Cerone A, Couto L, Dongol B, Kutrib M, Monteiro P, Delmas D, editors, Formal Methods- FM 2019 International Workshops - Revised Selected Papers. Springer. 2020. p. 337-349. (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)). doi: 10.1007/978-3-030-54994-7_25

Alturki, Musab A. ; Roşu, Grigore. / Statistical model checking of randao’s resilience to pre-computed reveal strategies. Formal Methods- FM 2019 International Workshops - Revised Selected Papers. editor / Emil Sekerinski ; Nelma Moreira ; José N. Oliveira ; Daniel Ratiu ; Riccardo Guidotti ; Marie Farrell ; Matt Luckcuck ; Diego Marmsoler ; José Campos ; Troy Astarte ; Laure Gonnord ; Antonio Cerone ; Luis Couto ; Brijesh Dongol ; Martin Kutrib ; Pedro Monteiro ; David Delmas. Springer, 2020. pp. 337-349 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)).

@inproceedings{1428f2c1706649189c4f8d6bf6f795f9,

title = "Statistical model checking of randao{\textquoteright}s resilience to pre-computed reveal strategies",

abstract = "RANDAO is a commit-reveal scheme for generating pseudo-random numbers in a decentralized fashion. The scheme is used in emerging blockchain systems as it is widely believed to provide randomness that is unpredictable and hard to manipulate by maliciously behaving nodes. However, RANDAO may still be susceptible to look-ahead attacks, in which an attacker (controlling a subset of nodes in the network) may attempt to pre-compute the outcomes of (possibly many) reveal strategies, and thus may bias the generated random number to his advantage. In this work, we formally evaluate resilience of RANDAO against such attacks. We first develop a probabilistic model in rewriting logic of RANDAO, and then apply statistical model checking and quantitative verification algorithms (using Maude and PVeStA) to analyze two different properties that provide different measures of bias that the attacker could potentially achieve using pre-computed strategies. We show through this analysis that unless the attacker is already controlling a sizable percentage of nodes while aggressively attempting to maximize control of the nodes selected to participate in the process, the expected achievable bias is quite limited.",

keywords = "Blockchain, Maude, RANDAO, Rewriting logic, Statistical model checking",

author = "Alturki, {Musab A.} and Grigore Ro{\c s}u",

note = "Funding Information: Acknowledgements. We thank Danny Ryan and Justin Drake from the Ethereum Foundation for their very helpful comments. This work was performed under the first Ethereum Foundation security grant “Casper formal verification” [10]. Publisher Copyright: {\textcopyright} Springer Nature Switzerland AG 2020.; 3rd World Congress on Formal Methods, FM 2019 ; Conference date: 07-10-2019 Through 11-10-2019",

year = "2020",

doi = "10.1007/978-3-030-54994-7_25",

language = "English (US)",

isbn = "9783030549930",

series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",

publisher = "Springer",

pages = "337--349",

editor = "Emil Sekerinski and Nelma Moreira and Oliveira, {Jos{\'e} N.} and Daniel Ratiu and Riccardo Guidotti and Marie Farrell and Matt Luckcuck and Diego Marmsoler and Jos{\'e} Campos and Troy Astarte and Laure Gonnord and Antonio Cerone and Luis Couto and Brijesh Dongol and Martin Kutrib and Pedro Monteiro and David Delmas",

booktitle = "Formal Methods- FM 2019 International Workshops - Revised Selected Papers",

address = "Germany",

}

TY - GEN

T1 - Statistical model checking of randao’s resilience to pre-computed reveal strategies

AU - Alturki, Musab A.

AU - Roşu, Grigore

N1 - Funding Information: Acknowledgements. We thank Danny Ryan and Justin Drake from the Ethereum Foundation for their very helpful comments. This work was performed under the first Ethereum Foundation security grant “Casper formal verification” [10]. Publisher Copyright: © Springer Nature Switzerland AG 2020.

PY - 2020

Y1 - 2020

N2 - RANDAO is a commit-reveal scheme for generating pseudo-random numbers in a decentralized fashion. The scheme is used in emerging blockchain systems as it is widely believed to provide randomness that is unpredictable and hard to manipulate by maliciously behaving nodes. However, RANDAO may still be susceptible to look-ahead attacks, in which an attacker (controlling a subset of nodes in the network) may attempt to pre-compute the outcomes of (possibly many) reveal strategies, and thus may bias the generated random number to his advantage. In this work, we formally evaluate resilience of RANDAO against such attacks. We first develop a probabilistic model in rewriting logic of RANDAO, and then apply statistical model checking and quantitative verification algorithms (using Maude and PVeStA) to analyze two different properties that provide different measures of bias that the attacker could potentially achieve using pre-computed strategies. We show through this analysis that unless the attacker is already controlling a sizable percentage of nodes while aggressively attempting to maximize control of the nodes selected to participate in the process, the expected achievable bias is quite limited.

AB - RANDAO is a commit-reveal scheme for generating pseudo-random numbers in a decentralized fashion. The scheme is used in emerging blockchain systems as it is widely believed to provide randomness that is unpredictable and hard to manipulate by maliciously behaving nodes. However, RANDAO may still be susceptible to look-ahead attacks, in which an attacker (controlling a subset of nodes in the network) may attempt to pre-compute the outcomes of (possibly many) reveal strategies, and thus may bias the generated random number to his advantage. In this work, we formally evaluate resilience of RANDAO against such attacks. We first develop a probabilistic model in rewriting logic of RANDAO, and then apply statistical model checking and quantitative verification algorithms (using Maude and PVeStA) to analyze two different properties that provide different measures of bias that the attacker could potentially achieve using pre-computed strategies. We show through this analysis that unless the attacker is already controlling a sizable percentage of nodes while aggressively attempting to maximize control of the nodes selected to participate in the process, the expected achievable bias is quite limited.

KW - Blockchain

KW - Maude

KW - RANDAO

KW - Rewriting logic

KW - Statistical model checking

UR - http://www.scopus.com/inward/record.url?scp=85089719457&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85089719457&partnerID=8YFLogxK

U2 - 10.1007/978-3-030-54994-7_25

DO - 10.1007/978-3-030-54994-7_25

M3 - Conference contribution

AN - SCOPUS:85089719457

SN - 9783030549930

T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

SP - 337

EP - 349

BT - Formal Methods- FM 2019 International Workshops - Revised Selected Papers

A2 - Sekerinski, Emil

A2 - Moreira, Nelma

A2 - Oliveira, José N.

A2 - Ratiu, Daniel

A2 - Guidotti, Riccardo

A2 - Farrell, Marie

A2 - Luckcuck, Matt

A2 - Marmsoler, Diego

A2 - Campos, José

A2 - Astarte, Troy

A2 - Gonnord, Laure

A2 - Cerone, Antonio

A2 - Couto, Luis

A2 - Dongol, Brijesh

A2 - Kutrib, Martin

A2 - Monteiro, Pedro

A2 - Delmas, David

PB - Springer

T2 - 3rd World Congress on Formal Methods, FM 2019

Y2 - 7 October 2019 through 11 October 2019

ER -

Statistical model checking of randao’s resilience to pre-computed reveal strategies

Abstract

Publication series

Conference

Keywords

ASJC Scopus subject areas

Online availability

Library availability

Related links

Fingerprint

Cite this