research-article

Open access

Town Crier: An Authenticated Data Feed for Smart Contracts

Authors:

Ethan Cecchetti,

Elaine ShiAuthors Info & Claims

CCS '16: Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security

Pages 270 - 282

https://doi.org/10.1145/2976749.2978326

Published: 24 October 2016 Publication History

Abstract

Smart contracts are programs that execute autonomously on blockchains. Their key envisioned uses (e.g. financial instruments) require them to consume data from outside the blockchain (e.g. stock quotes). Trustworthy data feeds that support a broad range of data requests will thus be critical to smart contract ecosystems.

We present an authenticated data feed system called Town Crier (TC). TC acts as a bridge between smart contracts and existing web sites, which are already commonly trusted for non-blockchain applications. It combines a blockchain front end with a trusted hardware back end to scrape HTTPS-enabled websites and serve source-authenticated data to relying smart contracts.

TC also supports confidentiality. It enables private data requests with encrypted parameters. Additionally, in a generalization that executes smart-contract logic within TC, the system permits secure use of user credentials to scrape access-controlled online data sources.

We describe TC's design principles and architecture and report on an implementation that uses Intel's recently introduced Software Guard Extensions (SGX) to furnish data to the Ethereum smart contract system. We formally model TC and define and prove its basic security properties in the Universal Composibility (UC) framework. Our results include definitions and techniques of general interest relating to resource consumption (Ethereum's "gas" fee system) and TCB minimization. We also report on experiments with three example applications.

We plan to launch TC soon as an online public service.

References

[1]

http://coinmarketcap.com/currencies/ethereum.

[2]

Augur. http://www.augur.net/.

[3]

PriceFeed smart contract. Referenced Feb. 2016 at http://feed.ether.camp/.

[4]

Steam online gaming platform. http://store.steampowered.com/.

[5]

TLSnotary -- a mechanism for independently audited https sessions. https://tlsnotary.org/TLSNotary.pdf, 10 Sept. 2014.

[6]

Cornell researchers unveil a virtual notary. Slashdot, 20 June 2013.

[7]

Oraclize: "The provably honest oracle service". www.oraclize.it, Referenced Feb. 2016.

[8]

I. Anati, S. Gueron, and S. Johnson. Innovative technology for CPU based attestation and sealing. In Proceedings of the 2nd International Workshop on Hardware and Architectural Support for Security and Privacy, 2013.

[9]

ARM Limited. mbedTLS (formerly known as PolarSSL). https://tls.mbed.org/.

[10]

A. Baumann, M. Peinado, and G. Hunt. Shielding Applications from an Untrusted Cloud with Haven. In OSDI, 2014.

Digital Library

[11]

J. Bonneau, J. Clark, and S. Goldfeder. On bitcoin as a public randomness source. https://eprint.iacr.org/2015/1015.pdf, 2015.

[12]

E. Brickell and J. Li. Enhanced Privacy ID from Bilinear Pairing. IACR Cryptology ePrint Archive, 2009:95, 2009.

[13]

V. Buterin. Schellingcoin: A minimal-trust universal data feed. https://blog.ethereum.org/2014/03/28/schellingcoin-a-minimal-trust-universal-data-feed/.

[14]

V. Buterin. Ethereum: A next-generation smart contract and decentralized application platform. https://github.com/ethereum/wiki/wiki/White-Paper, 2014.

[15]

R. Canetti. Universally composable security: A new paradigm for cryptographic protocols. In FOCS, 2001.

Digital Library

[16]

R. Canetti, Y. Dodis, R. Pass, and S. Walfish. Universally composable security with global setup. In Theory of Cryptography, pages 61--85. Springer, 2007.

[17]

R. Canetti and T. Rabin. Universal composition with joint state. In CRYPTO, 2003.

[18]

V. Costan and S. Devadas. Intel sgx explained. Cryptology ePrint Archive, Report 2016/086, 2016. http://eprint.iacr.org/.

[19]

K. Croman, C. Decker, I. Eyal, A. E. Gencer, A. Juels, A. Kosba, A. Miller, P. Saxena, E. Shi, E. G. Sirer, D. Song, and R. Wattenhofer. On scaling decentralized blockchains (a position paper). In Bitcoin Workshop, 2016.

[20]

G. Greenspan. Why many smart contract use cases are simply impossible. http://www.coindesk.com/three-smart-contract-misconceptions/.

[21]

Intel Corporation. Intel® Software Guard Extensions Programming Reference, 329298-002us edition, 2014.

[22]

Intel Corporation. Intel® Software Guard Extensions Evaluation SDK User's Guide for Windows* OS. https://software.intel.com/sites/products/sgx-sdk-users-guide-windows, 2015.

[23]

Intel Corporation. Intel#174; Software Guard Extensions SDK. https://software.intel.com/en-us/sgx-sdk, 2015.

[24]

M. Jakobsson, K. Sako, and R. Impagliazzo. Designated verifier proofs and their applications. In Advances in Cryptology -- EUROCRYPT '96, pages 143--154. Springer, 2001.

Digital Library

[25]

A. Juels, A. Kosba, and E. Shi. The Ring of Gyges: Investigating the future of criminal smart contracts. Online manuscript, 2015.

[26]

A. Kelkar, J. Bernard, S. Joshi, S. Premkumar, and E. G. Sirer. Virtual Notary. http://virtual-notary.org/, 2016.

[27]

A. Kosba, A. Miller, E. Shi, Z. Wen, and C. Papamanthou. Hawk: The blockchain model of cryptography and privacy-preserving smart contracts. In IEEE Symposium on Security and Privacy, 2016.

[28]

F. McKeen, I. Alexandrovich, A. Berenzon, C. V. Rozas, H. Shafi, V. Shanbhogue, and U. R. Savagaonkar. Innovative instructions and software model for isolated execution. In Proceedings of the 2nd International Workshop on Hardware and Architectural Support for Security and Privacy, 2013.

Digital Library

[29]

S. Nakamoto. Bitcoin: A peer-to-peer electronic cash system. 2008.

[30]

V. Phegade and J. Del Cuvillo. Using innovative instructions to create trustworthy software solutions. In Proceedings of the 2nd International Workshop on Hardware and Architectural Support for Security and Privacy, pages 1--1, New York, New York, USA, 2013. ACM Press.

Digital Library

[31]

X. Ruan. Platform Embedded Security Technology Revealed: Safeguarding the Future of Computing with Intel Embedded Security and Management Engine. Apress, 2014.

Digital Library

[32]

F. Schuster, M. Costa, C. Fournet, C. Gkantsidis, M. Peinado, G. Mainar-Ruiz, and M. Russinovich. VC3: Trustworthy data analytics in the cloud. In IEEE S& P, 2015.

Digital Library

[33]

E. Shi. Trusted hardware: Life, the composable university, and everything. Talk at the DIMACS Workshop on Cryptography and Big Data, 2015.

[34]

E. Shi, F. Zhang, R. Pass, S. Devadas, D. Song, and C. Liu. Trusted hardware: Life, the composable universe, and everything. Manuscript, 2015.

[35]

N. Szabo. Smart contracts. http://szabo.best.vwh.net/smart.contracts.html, 1994.

[36]

K. Torpey. The conceptual godfather of augur thinks the project will fail. CoinGecko, 5 Aug. 2015.

[37]

G. Wood. Ethereum: A secure decentralised generalised transaction ledger. Ethereum Project Yellow Paper, 2014.

[38]

Y. Xu, W. Cui, and M. Peinado. Controlled-channel attacks: Deterministic side channels for untrusted operating systems. In Security and Privacy (SP), 2015 IEEE Symposium on, pages 640--656, May 2015.

Digital Library

[39]

F. Zhang, E. Cecchetti, K. Croman, A. Juels, and E. Shi. Town crier: An authenticated data feed for smart contracts. Cryptology ePrint Archive, Report 2016/168, 2016. http://eprint.iacr.org/2016/168.

Cited By

Gregory RBeck RHenfridsson OYaraghi N(2024)Cooperation Among Strangers: Algorithmic Enforcement of Reciprocal Exchange with Blockchain-Based Smart ContractsAcademy of Management Review10.5465/amr.2023.0023Online publication date: 2-Jul-2024
https://doi.org/10.5465/amr.2023.0023
Saad MSobhy DSaad A(2024)Veritas: Layer-2 Scaling Solution for Decentralized Oracles on Ethereum Blockchain with Reputation and Real-Time ConsiderationsJournal of Sensor and Actuator Networks10.3390/jsan1302002113:2(21)Online publication date: 7-Mar-2024
https://doi.org/10.3390/jsan13020021
Bhumichai DSmiliotopoulos CBenton RKambourakis GDamopoulos D(2024)The Convergence of Artificial Intelligence and Blockchain: The State of Play and the Road AheadInformation10.3390/info1505026815:5(268)Online publication date: 9-May-2024
https://doi.org/10.3390/info15050268
Show More Cited By

Index Terms

Town Crier: An Authenticated Data Feed for Smart Contracts
1. Security and privacy
  1. Security in hardware
    1. Hardware security implementation
      1. Hardware-based security protocols
  2. Security services
    1. Privacy-preserving protocols

Recommendations

Deconstructing Blockchains: Concepts, Systems, and Insights
DEBS '18: Proceedings of the 12th ACM International Conference on Distributed and Event-based Systems

Popularly known for powering cryptocurrencies such as Bitcoin and Ethereum, blockchains is seen as a disruptive technology capable of impacting a wide variety of domains, ranging from finance to governance, by offering superior security, reliability, ...
MUSCLE: authenticated external data retrieval from multiple sources for smart contracts
SAC '19: Proceedings of the 34th ACM/SIGAPP Symposium on Applied Computing

Smart contracts are applications that are deployed and executed on a blockchain's decentralised infrastructure. Many smart contract applications rely on data that resides outside the blockchain. However, while traditional web applications can ...
Empirical vulnerability analysis of automated smart contracts security testing on blockchains
CASCON '18: Proceedings of the 28th Annual International Conference on Computer Science and Software Engineering

The emerging blockchain technology supports decentralized computing paradigm shift and is a rapidly approaching phenomenon. While blockchain is thought primarily as the basis of Bitcoin, its application has grown far beyond cryptocurrencies due to the ...

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

CCS '16: Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security

October 2016

1924 pages

ISBN:9781450341394

DOI:10.1145/2976749

General Chairs:
Edgar Weippl
SBA Research, Austria
,
Stefan Katzenbeisser
TU Darmstadt, CYSEC, Germany
,
Program Chairs:
Christopher Kruegel
University of California, Santa Barbara, USA
,
Andrew Myers
Cornell University, USA
,
Shai Halevi
IBM Research, USA

Copyright © 2016 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

SIGSAC: ACM Special Interest Group on Security, Audit, and Control

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 24 October 2016

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Funding Sources

David and Lucile Packard Foundation
VMWare
National Science Foundation
Alfred P. Sloan Foundation
Google

Conference

CCS'16

Sponsor:

SIGSAC

CCS'16: 2016 ACM SIGSAC Conference on Computer and Communications Security

October 24 - 28, 2016

Vienna, Austria

Acceptance Rates

CCS '16 Paper Acceptance Rate 137 of 831 submissions, 16%;

Overall Acceptance Rate 1,261 of 6,999 submissions, 18%

Upcoming Conference

CCS '24

Sponsor:
sigsac

ACM SIGSAC Conference on Computer and Communications Security

October 14 - 18, 2024

Salt Lake City , UT , USA

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

380
Total Citations
View Citations
9,023
Total Downloads

Downloads (Last 12 months)696
Downloads (Last 6 weeks)67

Reflects downloads up to 23 Sep 2024

Other Metrics

View Author Metrics

Citations

Cited By

Gregory RBeck RHenfridsson OYaraghi N(2024)Cooperation Among Strangers: Algorithmic Enforcement of Reciprocal Exchange with Blockchain-Based Smart ContractsAcademy of Management Review10.5465/amr.2023.0023Online publication date: 2-Jul-2024
https://doi.org/10.5465/amr.2023.0023
Saad MSobhy DSaad A(2024)Veritas: Layer-2 Scaling Solution for Decentralized Oracles on Ethereum Blockchain with Reputation and Real-Time ConsiderationsJournal of Sensor and Actuator Networks10.3390/jsan1302002113:2(21)Online publication date: 7-Mar-2024
https://doi.org/10.3390/jsan13020021
Bhumichai DSmiliotopoulos CBenton RKambourakis GDamopoulos D(2024)The Convergence of Artificial Intelligence and Blockchain: The State of Play and the Road AheadInformation10.3390/info1505026815:5(268)Online publication date: 9-May-2024
https://doi.org/10.3390/info15050268
Chen XHe SSun LZheng YWu C(2024)A Survey of Consortium Blockchain and Its ApplicationsCryptography10.3390/cryptography80200128:2(12)Online publication date: 22-Mar-2024
https://doi.org/10.3390/cryptography8020012
Mustafa IMcGibney ARea S(2024)Smart contract life-cycle management: an engineering framework for the generation of robust and verifiable smart contractsFrontiers in Blockchain10.3389/fbloc.2023.12762336Online publication date: 8-Jan-2024
https://doi.org/10.3389/fbloc.2023.1276233
Xian YZhou LJiang JWang BHuo HLiu P(2024)A Distributed Efficient Blockchain Oracle Scheme for Internet of ThingsIEICE Transactions on Communications10.23919/transcom.2023EBP3156E107-B:9(573-582)Online publication date: Sep-2024
https://doi.org/10.23919/transcom.2023EBP3156
Liang WLiu YYang CXie SLi KSusilo W(2024)On Identity, Transaction, and Smart Contract Privacy on Permissioned and Permissionless Blockchain: A Comprehensive SurveyACM Computing Surveys10.1145/367616456:12(1-35)Online publication date: 29-Jun-2024
https://dl.acm.org/doi/10.1145/3676164
Zhang YWu YWang JLiu BLiu AChen X(2024)Blockchain Query Framework Based on Trusted Execution EnvironmentProceedings of the 2024 5th International Conference on Computing, Networks and Internet of Things10.1145/3670105.3670135(182-185)Online publication date: 24-May-2024
https://dl.acm.org/doi/10.1145/3670105.3670135
Zyskind GYanai APentland AQuek TGao DZhou JCardenas A(2024)Unstoppable Wallets: Chain-assisted Threshold ECDSA and its ApplicationsProceedings of the 19th ACM Asia Conference on Computer and Communications Security10.1145/3634737.3637657(1844-1860)Online publication date: 1-Jul-2024
https://dl.acm.org/doi/10.1145/3634737.3637657
Su YWang YLi JSu ZPedrycz WHu Q(2024)Oracle Based Privacy-Preserving Cross-Domain Authentication SchemeIEEE Transactions on Sustainable Computing10.1109/TSUSC.2024.33503439:4(602-614)Online publication date: Jul-2024
https://doi.org/10.1109/TSUSC.2024.3350343
Show More Cited By

View Options

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

Media

Figures

Other

Tables

View Table of Contents