Subhra Mazumdar

Subhra Mazumdar, Prabal Banerjee, Sushmita Ruj

Lightning Network can execute unlimited number of off-chain payments, without incurring the cost of recording each of them in the blockchain. However, conditional payments in such networks is susceptible to Griefing Attack. In this attack, an adversary doesn't resolve the payment with the intention of blocking channel capacity of the network. We propose an efficient countermeasure for the attack, known as Griefing-Penalty. If any party in the network mounts a griefing attack, it needs to pay a penalty proportional to the collateral cost of executing a payment. The penalty is used for compensating affected parties in the network. We propose a new payment protocol HTLC-GP or Hashed Timelock Contract with Griefing-Penalty to demonstrate the utility of the countermeasure. Upon comparing our protocol with existing payment protocol Hashed Timelock Contract, we observe that the average revenue earned by the attacker decreases substantially for HTLC-GP as compared to HTLC. We also study the impact of path length for routing a transaction and rate of griefing-penalty on the budget invested by an adversary for mounting the attack. The budget needed for mounting griefing attack in HTLC-GP is 12 times more than the budget needed by attacker in HTLC, given that each payment instance being routed via path length of hop count 20.

Subhra Mazumdar, Sushmita Ruj

Payment protocols developed to realize off-chain transactions in Payment channel network (PCN) assumes the underlying routing algorithm transfers the payment via a single path. However, a path may not have sufficient capacity to route a transaction. It is inevitable to split the payment across multiple paths. If we run independent instances of the protocol on each path, the execution may fail in some of the paths, leading to partial transfer of funds. A payer has to reattempt the entire process for the residual amount. We propose a secure and privacy-preserving payment protocol, CryptoMaze. Instead of independent paths, the funds are transferred from sender to receiver across several payment channels responsible for routing, in a breadth-first fashion. Payments are resolved faster at reduced setup cost, compared to existing state-of-the-art. Correlation among the partial payments is captured, guaranteeing atomicity. Further, two party ECDSA signature is used for establishing scriptless locks among parties involved in the payment. It reduces space overhead by leveraging on core Bitcoin scripts. We provide a formal model in the Universal Composability framework and state the privacy goals achieved by CryptoMaze. We compare the performance of our protocol with the existing single path based payment protocol, Multi-hop HTLC, applied iteratively on one path at a time on several instances. It is observed that CryptoMaze requires less communication overhead and low execution time, demonstrating efficiency and scalability.

Subhra Mazumdar, Arindam Pal, Francesco Parisi et al.

Past work on evacuation planning assumes that evacuees will follow instructions -- however, there is ample evidence that this is not the case. While some people will follow instructions, others will follow their own desires. In this paper, we present a formal definition of a behavior-based evacuation problem (BBEP) in which a human behavior model is taken into account when planning an evacuation. We show that a specific form of constraints can be used to express such behaviors. We show that BBEPs can be solved exactly via an integer program called BB_IP, and inexactly by a much faster algorithm that we call BB_Evac. We conducted a detailed experimental evaluation of both algorithms applied to buildings (though in principle the algorithms can be applied to any graphs) and show that the latter is an order of magnitude faster than BB_IP while producing results that are almost as good on one real-world building graph and as well as on several synthetically generated graphs.

Subhra Mazumdar, Sushmita Ruj, Ram Govind Singh et al.

Payment channel networks (PCN) are used in cryptocurrencies to enhance the performance and scalability of off-chain transactions. Except for opening and closing of a payment channel, no other transaction requests accepted by a PCN are recorded in the Blockchain. Only the parties which have opened the channel will know the exact amount of fund left at a given instant. In real scenarios, there might not exist a single path which can enable transfer of high value payments. For such cases, splitting up the transaction value across multiple paths is a better approach. While there exists several approaches which route transactions via several paths, such techniques are quite inefficient, as the decision on the number of splits must be taken at the initial phase of the routing algorithm (e.g., SpeedyMurmur [42]). Algorithms which do not consider the residual capacity of each channel in the network are susceptible to failure. Other approaches leak sensitive information, and are quite computationally expensive [28]. To the best of our knowledge, our proposed scheme HushRelay is an efficient privacy preserving routing algorithm, taking into account the funds left in each channel, while splitting the transaction value across several paths. Comparing the performance of our algorithm with existing routing schemes on real instances (e.g., Ripple Network), we observed that HushRelay attains a success ratio of 1, with an execution time of 2.4 sec. However, SpeedyMurmur [42] attains a success ratio of 0.98 and takes 4.74 sec when the number of landmarks is 6. On testing our proposed routing algorithm on the Lightning Network, a success ratio of 0.99 is observed, having an execution time of 0.15 sec, which is 12 times smaller than the time taken by SpeedyMurmur.

Prabal Banerjee, Nishant Nikam, Subhra Mazumdar et al.

Data owners upload large files to cloud storage servers, but malicious servers may potentially tamper data. To check integrity of remote data, Proof of Retrievability (PoR) schemes were introduced. Existing PoR protocols assume that data owners and third-party auditors are honest and audit only the potentially malicious cloud server to check integrity of stored data. In this paper we consider a system where any party may attempt to cheat others and consider collusion cases. We design a protocol that is secure under such adversarial assumptions and use blockchain smart contracts to act as mediator in case of dispute and payment settlement. We use state channels to reduce blockchain interactions in order to build a practical audit solution. We implement and evaluate a prototype using Ethereum as the blockchain platform and show that our scheme has comparable performance.

Subhra Mazumdar, Sushmita Ruj

Permissioned Blockchain has become quite popular with enterprises forming consortium since it prioritizes trust over privacy. One of the popular platforms for distributed ledger solution, Hyperledger Fabric, requires a transaction to be endorsed or approved by a group of special members known as endorsers before undergoing validation. To endorse a transaction, an endorser mentions its identity along with the signature so that it can be verified later. However, for certain transactions, difference in opinion may exist among endorsers. Disclosing the identity of an endorser may lead to conflict within the consortium. In such cases, an endorsement policy which not only allows an endorser to support a transaction discreetly, but at the same time takes into account the decision of the majority is preferred. Thus we propose an Anonymous Endorsement System which uses a threshold endorsement policy in order to address the issue. All these factors motivated us to design a new ring signature scheme, called Fabric' Constant-Sized Linkable Ring Signature (FCsLRS) with Transaction-Oriented linkability for hiding identity of the endorsers. We have implemented the signature scheme in Golang and analyzed its security and performance by varying the RSA (Rivest-Shamir-Adleman) modulus size. Feasibility of implementation is supported by experimental analysis. Signature and tag generation time is quite fast and remains constant irrespective of change in message length or endorsement set size for a given RSA modulus value, assuming all the endorsers generates their signature in parallel. Lastly, we also discuss the integration of the scheme on v1.2 Hyperledger Fabric.