Award Abstract # 1801369
SaTC: CORE: Medium: Collaborative: Automated Support for Writing High-Assurance Smart Contracts

NSF Org: CNS
Division Of Computer and Network Systems
Recipient: CARNEGIE MELLON UNIVERSITY
Initial Amendment Date: July 29, 2018
Latest Amendment Date: July 1, 2021
Award Number: 1801369
Award Instrument: Continuing Grant
Program Manager: Sol Greenspan
sgreensp@nsf.gov  (703)292-7841
CNS  Division Of Computer and Network Systems
CSE  Direct For Computer & Info Scie & Enginr
Start Date: August 1, 2018
End Date: July 31, 2023 (Estimated)
Total Intended Award Amount: $800,000.00
Total Awarded Amount to Date: $816,000.00
Funds Obligated to Date: FY 2018 = $191,245.00
FY 2019 = $399,821.00
FY 2021 = $224,934.00
History of Investigator:
  • Bryan Parno (Principal Investigator)
     bparno@andrew.cmu.edu
  • Jan Hoffmann (Co-Principal Investigator)
Recipient Sponsored Research Office: Carnegie-Mellon University
 5000 FORBES AVE
 PITTSBURGH
 PA  US  15213-3815
(412)268-8746
Sponsor Congressional District: 12
Primary Place of Performance: Carnegie Mellon University
 5000 Forbes Avenue
 Pittsburgh
 PA  US  15213-3890
Primary Place of Performance
Congressional District:		 12
Unique Entity Identifier (UEI): U3NKNFLNQ613
Parent UEI: U3NKNFLNQ613
NSF Program(s): Special Projects - CNS,
Secure &Trustworthy Cyberspace
Primary Program Source: 01001819DB NSF RESEARCH & RELATED ACTIVIT
01001920DB NSF RESEARCH & RELATED ACTIVIT
01002122DB NSF RESEARCH & RELATED ACTIVIT
Program Reference Code(s): 025Z, 7434, 7924, 9178, 9251
Program Element Code(s): 171400, 806000
Award Agency Code: 4900
Fund Agency Code: 4900
Assistance Listing Number(s): 47.070

ABSTRACT

Smart contracts, popularized by cryptocurrencies like Bitcoin and Ethereum, are programs that run atop financial infrastructure and command the flow of money according to user-defined algorithms. Such contracts can implement new, decentralized financial instruments or even virtual corporations defined only by the bundle of smart contracts programmatically governing their behavior. For example, an eBay-like smart contract could directly connect buyers with sellers, support a variety of auction mechanisms, and manage necessary payments (including escrow), without the transaction charges currently imposed by eBay, PayPal, and the credit card companies. In general, moving business processes into smart contracts promises to lower costs, reduce friction, and unleash innovation by eliminating intermediaries and automating settlements. However, programming smart contracts requires a deep understanding of cryptographic techniques, a non-standard execution cost model, and economic mechanism design. Existing smart-contract programming languages provide little support for such reasoning; indeed, contract vulnerabilities (such as TheDAO) have already led to multi-million-dollar thefts. In contrast, this project will develop new techniques and tools to support the development of high-assurance smart contracts, with an emphasis on the challenges that make such contracts particularly difficult to write correctly.

This project will address the unique challenges of writing high-assurance smart contracts by designing a new high-level language, Solidified, that allows a programmer to express both the intent of the contract and its design constraints (e.g., bounds on resource usage, synchronicity or secrecy requirements, or economic expectations). We will develop tools to analyze and compile such contracts into executable code. At a high-level, Solidified will support high-assurance smart-contract writing across three dimensions. First, Solidified will mix automatic and annotation-driven compilation to a diverse set of underlying cryptographic primitives necessary to provide the security smart contracts require. The compilation process will be integrated with tools for automated resource analysis that will compute tight bounds on the amount of gas a smart contract uses. Resource analysis, in turn, will enable automated reasoning about higher-level properties, particularly those with an economic flavor. For example, given a contract, new analysis tools, using probabilistic resource analysis, will determine whether a player's expected payoff is maximized by following the protocol, indicating whether it is incentive compatible. Extending the analysis across contracts will evaluate whether systemic risks are understood and mitigated. This project's foundational work in high-assurance smart contracts will help realize the vision of blockchain technology. In addition, smart-contract programming also provides a unique pedagogical opportunity for teaching security. Hence, research results will be incorporated into graduate security courses, a smart-contract security MOOC, and an outreach program for K-12 teachers.

This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.

PUBLICATIONS PRODUCED AS A RESULT OF THIS RESEARCH

Note:  When clicking on a Digital Object Identifier (DOI) number, you will be taken to an external site maintained by the publisher. Some full text articles may not yet be available without a charge during the embargo (administrative interval).

Some links on this page may take you to non-federal websites. Their policies may differ from this site.

(Showing: 1 - 10 of 12)
Wang, Di and Hoffmann, Jan and Reps, Thomas "Central Moment Analysis for Cost Accumulators in Probabilistic Programs" PLDI '21: 42nd ACM SIGPLAN International Conference on Programming Language Design and Implementation , 2021 https://doi.org/10.1145/3453483.3454062 Citation Details
Das, Ankush and Balzer, Stephanie and Hoffmann, Jan and Pfenning, Frank and Santurkar, Ishani "Resource-Aware Session Types for Digital Contracts" 2021 IEEE 34th Computer Security Foundations Symposium (CSF) , v.1 , 2021 https://doi.org/10.1109/CSF51468.2021.00004 Citation Details
Goyal, Vipul and Masserova, Elisaweta and Parno, Bryan and Song, Yifan "Blockchains Enable Non-Interactive MPC" IACR Conference on the Theory of Cryptography (TCC) , 2021 https://doi.org/10.1007/978-3-030-90453-1_6 Citation Details
Zhou, Yi and Gibson, Sydney and Cai, Sarah and Winchell, Menucha and Parno, Bryan "Galápagos: Developing Verified Low-Level Cryptography on Heterogeneous Hardware" Proceedings of the ACM Conference on Computer and Communications Security (CCS) , 2023 Citation Details
Kothapalli, Abhiram and Parno, Bryan "Algebraic Reductions of Knowledge" Advances in Cryptology ? CRYPTO , 2023 Citation Details
Kothapalli, Abhiram and Setty, Srinath and Tzialla, Ioanna "Nova: Recursive Zero-Knowledge Arguments from Folding Schemes" IACR Advances in Cryptology , 2022 Citation Details
Tzialla, Ioanna and Kothapalli, Abhiram and Parno, Bryan and Setty, Srinath "Transparency Dictionaries with Succinct Proofs of Correct Operation" ISOC Conference on Network and Distributed System Security (NDSS) , 2022 Citation Details
Das, Ankush and Hoffmann, Jan and Pfenning, Frank "Parallel complexity analysis with temporal session types" Proceedings of the ACM on Programming Languages , v.2 , 2018 10.1145/3236786 Citation Details
Das, Ankush and Wang, Di and Hoffmann, Jan "Probabilistic Resource-Aware Session Types" Proceedings of the ACM on Programming Languages , v.7 , 2023 https://doi.org/10.1145/3571259 Citation Details
Goyal, Vipul and Kothapalli, Abhiram and Masserova, Elisaweta and Parno, Bryan and Song, Yifan "Storing and Retrieving Secrets on a Blockchain" IACR Conference on Practice and Theory of Public-Key Cryptography (PKC) , 2022 https://doi.org/10.1007/978-3-030-97121-2_10 Citation Details
Barbosa, Manuel and Barthe, Gilles and Bhargavan, Karthik and Blanchet, Bruno and Cremers, Cas and Liao, Kevin and Parno, Bryan "SoK: Computer-Aided Cryptography" Proceedings of the IEEE Symposium on Security and Privacy , 2021 https://doi.org/https://doi.ieeecomputersociety.org/10.1109/SP40001.2021.00008 Citation Details
(Showing: 1 - 10 of 12)

PROJECT OUTCOMES REPORT

Disclaimer

This Project Outcomes Report for the General Public is displayed verbatim as submitted by the Principal Investigator (PI) for this award. Any opinions, findings, and conclusions or recommendations expressed in this Report are those of the PI and do not necessarily reflect the views of the National Science Foundation; NSF has not approved or endorsed its content.

Smart contracts, popularized by cryptocurrencies like Bitcoin and Ethereum, are programs that run atop financial infrastructure and command the flow of money according to user-defined algorithms.  Such contracts can implement new, decentralized financial instruments or even virtual corporations defined only by the bundle of smart contracts programatically governing their behavior.  For example, an eBay-like smart contract could directly connect buyers with sellers, support a variety of auction mechanisms, and manage necessary payments (including escrow), without the transaction charges currently imposed by eBay, PayPal, and the credit card companies.  In general, moving business processes into smart contracts promises to lower costs, reduce friction, and unleash innovation by eliminating intermediaries and automating settlements.


However, programming smart contracts requires a deep understanding of cryptographic techniques, a non-standard execution cost model, and economic mechanism design.  Unfortunately, existing smart-contract programming languages are hazard prone and provide little support for such reasoning; indeed, contract vulnerabilities (such as TheDAO) have already led to multi-million-dollar thefts.  In contrast, this project has developed new techniques and tools to support the development of high-assurance smart contracts, with an emphasis on the challenges that make such contracts particularly difficult to write correctly.


In particular, in a collaboration between Carnegie Mellon University and the University of Illinois, the PIs have developed the Nomos programming language.  Nomos is based on a type system that guarantees the absence of the most critical domain-specific vulnerabilities of smart contracts. To express and enforce protocols, Nomos is based on shared binary session types. To control gas usage, Nomos' type system is resource aware and uses automatic amortized resource analysis to infer gas bounds. Since binary session types are a linear type system, digital assets cannot be duplicated or discarded in Nomos.


The PIs have also developed the Interactive Lambda Calculus (ILC). ILC is designed to be equivalent in expressiveness to the universal composition (UC) framework from cryptography theory. To achieve this, ILC uses linear types to ensure that a system of concurrent processes has a randomized (rather than arbitrary) execution order, hence the occurrence of events in such a system can be reduced to computationally hard problems just as in UC.
The PIs have also worked to enhance the provable security of cryptographic implementations that underlie blockchains, as well as the cryptographic functionality that smart contracts can natively leverage, including new designs for multi-party computation, extractable witness encryption, succinct zero-knowledge arguments, and incrementally verifiable computation.
The project had significant broader impact through the training of 10 PhD, 3 MS, and 5 undergraduate students.  This includes 5 women and 1 underrepresented minority students. 


Multiple components of the system have been released as open-source software and are used by various companies and open source projects.  Finally, the results of the research have been disseminated in 13 publications at top-tier venues.  The publications are freely available on the PIs’ websites.


Last Modified: 09/29/2023
Modified by: Bryan Parno

Please report errors in award information by writing to: awardsearch@nsf.gov.

Print this page

Back to Top of page

Top