Martin Perešíni

Martin Perešíni, Federico Matteo Benčić, Kamil Malinka et al.

In response to the bottleneck of processing throughput inherent to single chain PoW blockchains, several proposals have substituted a single chain for Directed Acyclic Graphs (DAGs). In this work, we investigate two notable DAG-oriented designs. We focus on PHANTOM (and its optimization GHOSTDAG), which proposes a custom transaction selection strategy that enables to increase the throughput of the network. However, the related work lacks a thorough investigation of corner cases that deviate from the protocol in terms of transaction selection strategy. Therefore, we build a custom simulator that extends open source simulation tools to support multiple chains and enables us to investigate such corner cases. Our experiments show that malicious actors who diverge from the proposed transaction selection strategy make more profit as compared to honest miners. Moreover, they have a detrimental effect on the processing throughput of the PHANTOM (and GHOSTDAG) due to same transactions being included in more than one block of different chains. Finally, we show that multiple miners not following the transaction selection strategy are incentivized to create a shared mining pool instead of mining independently, which has a negative impact on decentralization.

Jakub Res, Ivan Homoliak, Martin Perešíni et al.

AI assistants for coding are on the rise. However one of the reasons developers and companies avoid harnessing their full potential is the questionable security of the generated code. This paper first reviews the current state-of-the-art and identifies areas for improvement on this issue. Then, we propose a systematic approach based on prompt-altering methods to achieve better code security of (even proprietary black-box) AI-based code generators such as GitHub Copilot, while minimizing the complexity of the application from the user point-of-view, the computational resources, and operational costs. In sum, we propose and evaluate three prompt altering methods: (1) scenario-specific, (2) iterative, and (3) general clause, while we discuss their combination. Contrary to the audit of code security, the latter two of the proposed methods require no expert knowledge from the user. We assess the effectiveness of the proposed methods on the GitHub Copilot using the OpenVPN project in realistic scenarios, and we demonstrate that the proposed methods reduce the number of insecure generated code samples by up to 16\% and increase the number of secure code by up to 8\%. Since our approach does not require access to the internals of the AI models, it can be in general applied to any AI-based code synthesizer, not only GitHub Copilot.