Today, we’re doing something a little different: we’re going academic. 

We’ll summarise recent academic papers (published within the last month) touching on the following topics:

1. How stablecoin issuance affects the cryptocurrency market,
2. New research papers pinpoint weaknesses in Bitcoin’s Lightning Network,
3. A survey on the state of blockchain privacy, and
4. The impact of COVID-19 on financial market dynamics.

How Stablecoin Issuances Impact Cryptocurrency Markets

Read the full research paper, ‘Influence of Stablecoin Issuance on Cryptocurrency Markets’ here.

Since stablecoins are transparent public blockchains similar to Bitcoin, the study of stablecoin issuance can be considered as a subsection of blockchain analysis, similar to that detailed in the previous edition of The Crypto Scholar.

It is claimed that Tether (USDT) propped up price of bitcoin and the cryptocurrency market during the 2016–2017 bull run. The reasoning is as follows: when fresh stablecoins are issued, this should represent new demand for cryptocurrencies. Issuances are driven by the conversion of fiat into USDT to buy bitcoin or altcoins, supply to exchanges for trading and so on. Therefore, an increase in the issuance of USDT should be supportive of the price of the major cryptocurrencies.

Another theory is that the supply of Tether is not fully backed up by USD reserves and that new Tethers were created to inflate the price of bitcoin to highs near $20,000 in 2017.

Putting the controversy surrounding Tether aside, the researchers look at how have the issuances of different stablecoins have affected cryptocurrency prices between April 2019 and March 2020. Specifically, they investigated the influence of stablecoin issuances on the returns of major cryptocurrencies across 565 issuance events of $1 million or more for seven different stablecoins:

To examine the impact of stablecoin issuances on cryptocurrency returns, the study looked at the period before issuancce and when they actually occur. The results show that returns are significantly negative in the periods before stablecoin issuances, while they stabilize with the issuance events.

Also, by using different event windows, the researchers found positive abnormal returns in the 24 hours prior to and after issuances (shown above) which implies that the demand for stablecoins is driven by short-term investor demand for cryptocurrencies and freshly issued stablecoins are used to buy cryptocurrencies. Despite issuances influencing returns, they found the size of the stablecoin issuances to have no effect.

The study also looks at the effect stablecoin issuances only on BTC. For the 24-hour period after issuances, they find significantly positive abnormal returns for four of the seven stablecoins: with HUSD and BUSD showing highly significant abnormal returns for both 0 to 12 hours (HUSD: 1.1% and BUSD: 0.68%) and 0 to 24 hours (HUSD:1.48% and BUSD: 0.97%).

If you’re trading bitcoin, then stablecoin issuances might be something worth tracking via their block explorer. In the 24 hours prior to and following issuances, positive abnormal returns are present. Bitcoin has the highest abnormal returns for the 12 and 24 hours after issuances of HUSD and BUSD.

Trade BTC perpetuals with up to 100x leverage on Interdax. Register here and join the referral program to earn BTC commissions. You can use stablecoin block explorers to monitor stablecoin issuances.

New Research Papers Pinpoint Weaknesses in Bitcoin’s Lightning Network

Lots of recent studies were released in the past fortnight or so that assessed Bitcoin’s Lightning Network and detailed weaknesses in the Layer 2 scaling solution:

1. ‘HTLC is Crazy Cheap to Attack’

Read the full paper here.

On June 23rd, researchers from Israel’s Technion University posted the following message to the bitcoin-dev mailing list:

“…We’d like to bring to your attention our recent result concerning HTLC… Essentially, we find that HTLC security relies on miners being altruistic, or at least myopic. This might be enough for some time, but it took us 150 lines of code to make bitcoind non-myopic.

On the positive side, we discovered an alternative to HTLC that we call MAD-HTLC, which is provably secure — everyone’s best interest is to behave as desired. We’ve notified relevant teams in advance.”

They claim that rational miners should want to run a modified Bitcoin node that allows a user to bribe it with a transaction that is timelocked and cannot be confirmed until some point in the future.

As a result of this bribe, the miner will not confirm any transaction that could be mined immediately but which conflicts with the bribe (as long as the bribe pays a sufficiently higher fee rate than any transactions it blocks).

If this theory is accurate, it affects Hash TimeLock Contracts (HTLCs). Usually how HTLCs work is that they can be settled immediately by one party (Alice) using a preimage, or which can be settled later by a second party (Bob) after a timeout.

Bob can send a conflicting timeout settlement transaction to miners if he sees Alice using the preimage to spend the HTLC. By including a sufficiently higher fee than Alice’s preimage settlement, Bob is in effect bribing the miner to ignore Alice’s transaction in favour of waiting to confirm his alternative transaction. As a result, Bob can steal the money Alice should receive.

The paper’s authors propose a solution they call Mutually Assured Destruction HTLCs (MAD-HTLCs). With this solution, Bob is required to provide a hashlocked bond that reveals his own preimage when sending his timeout settlement. When both parties reveal their respective preimages, miners can claim both the payment/refund amount and the bond collateral. Consequently, the incentive to bribe miners and steal from another party is eroded.

The disadvantage of this approach is that Bob is required to use more collateral, which raises the cost and barries to using HTLCs. Another drawback is that MAD-HTCLs use more block chain space when settled onchain compared to traditional HTLCs, which also raises costs.

In the short-term, it’s not thought to be a serious issue and a reply from pseudonymous Bitcoin developer ZmnSCPxj on the bitcoin-dev mailing list argues that the research uneccesarily makes the assumption that miners are “short-sighted”. Nevertheless, in the longer-term this research is important for ensuring the economic incentives and security of the Lightning protocol are aligned.

2. Flood and Loot: A Systemic Attack on the Lightning Network

Researchers from the Hebrew University of Jerusalem published a paper on June 15th that details a systemic attack on the Lightning Network, allowing an adversary to steal funds that were locked in payment channels. Read the full paper here.

The attack exploits the mechanism that is used to forward payments across multiple lightning channels — Hash Time Locked Contracts (HTLC). In brief, HTLCs allow participants to route payments through untrusted intermediate nodes, supposedly guaranteeing that funds won’t be stolen by any of them.

If such a node attempts to steal funds, its peer can claim them by publishing transactions to the blockchain, but only within a limited time frame. As we show in our work, it is relatively easy to cause innocent lightning nodes to flood the blockchain, and steal funds by exploiting this time limit.

There are four stages involved in this sort of attack:

1. Establishing Channels

The attacker establishes channels between two nodes they control: a source node and a target node. The source node opens many channels with potential victims and these channels are funded by the attacker’s source node.

2. Loading Channels with HTLC Payments

The source node starts making many HTLC payments destined to the target node after all channels are set up, which are routed through each of the source node’s channels. The source node sends the maximum amount it is allowed to relay and to reach as many victoms as possible, spreads it over as many payments.

The target node is supposed to accept the payments by sending back a set of HTLC secrets as part of the HTLC mechanism. It avoids doing so until the source node completes forwarding all the payments.

3) Resolving Payments on the Last Hop

Once all payments were successfully routed and the HTLCs were added to the target node’s channels, the target node resolves all payments by returning the required secrets and claims these funds for himself.

The attacker can claim the funds for themselves. Once all payments were successfully routed and the HTLCs were added to the target node’s channels, the target node resolves all payments by returning the required secrets.

The target node can then close all channels and leave with the funds sent by the source node. Once each victim acquires the secrets, they are sent back to the source node, requesting the resolution of the HTLCs and move their amount to the victim’s side of the channel. However, the source node can refuse and ignore any messages from the victims.

4) Waiting for expiration and collecting unspent HTLCs

At this stage, each attacked channel is filled with unresolved HTLCs, where the secrets are known to the victims. The only avenue through which victims can receive payments is by closing their channels and claiming the HTLCs on the blockchain, since the attacker’s source node is uncooperative.

There is only a limited time period in which victims can claim the payments. Once the time period expires, the HTLC outputs become spendable by the attack. Despite the fact victims can still claim HTLCs after expiration, there are protocol-level details that favour the attacker:

• The victims are unable to set the fee for their transactions when they publish them. That fee was determined when the channel was opened.
• The attacker can set the fee for their own transactions and replace any victims’ transactions that remained unconfirmed after expiration (using the Replace-By-Fee policy).

By forcing many channels to close at the same time, some of the victims’ HTLC-claiming transactions will not be confirmed in time and the attacker will steal these funds that were meant for the victim.

Through a simulation, the researcher show that ‘attacking 85 channels guarantees a successful attack, even if victims’ transactions are allocated all of the space available in blocks’.

The paper notes there are different mitigations that can reduce the risk of a flood and loot attack, but eliminating it entirely is a complex task. Some mitigations for Flood and Loot include:

• Reduce the maximum number of unresolved HTLCs: If the value of the channel parameter “max_accepted_htlcs” is kept low, an attacker will have to attack more channels in order to successfully steal funds.
• Earlier closure of channels: The time (blocks) victims have to claim their funds is determined by an implementation-specific parameter. Therefore, the attack could be mitigated by increasing this parameter by a constant factor or even be set dynamically, based on the current state of the channel, e.g., the number of unresolved HTLCs.
• Immediate release of HTLC claiming transactions: Node should release these transactions immediately along with the commitment, to allow more potential blocks to which its transactions can get into.
• Reputation-based Behaviour: Nodes could assign reputation to other nodes part of their channels. If node agree to route a greater number of high value HTLCs together with peers it considers “reputable”, this lowers the node’s risk and the potential loss it may suffer in case of an attack.

The authors suggest that the uncovered vulnerabilities are a consequence of the workings of HTLCs, and these sorts of attack cannot be avoided without making significant changes to the HTLC mechanism.

3. Lightning Network: a second path towards centralisation of the Bitcoin economy

You can read the full paper here.

This article examined whether the Lightning Network is fulfilling its promise to scale Bitcoin without having to sacrifice the all-important property of decentralisation.

By looking at data over a period of 18 months, they unveiled that the Lightning Network has an unequal distribution of wealth (few addresses control most of the BTC) and a higher than expected centrality of nodes — suggesting the Layer 2 scaling solution does not yet deliver on its promise.

The study notes:

“…only about 10% of the nodes hold 80% of the bitcoins at stake in Lightning (on average, across the entire period); moreover, the average Gini coefficient of the nodes strengths is ~0.88. These results seem to confirm the tendency for the Lightning Network architecture to become ‘less distributed’, a process having the undesirable consequence of making the Bitcoin Lightning Network increasingly fragile towards attacks and failure.”

As shown by the visualisation below, Lightning is characterised by a core-periphery structure, with less important nodes in the periphery accounting for an insignificant amount of the total BTC held in Lightning, while core nodes account for most of the BTC at stake:

What’s the Current State of Privacy in Cryptocurrency & Smart Contracts?

The full survey ‘Privacy preservation in permissionless blockchain: A survey’ provides some answers and can be found here.

One of the weakest aspects of most permissionless blockchains is transactional privacy. This means I can see your transactions and maybe even infer your level of wealth from them. Existing smart contract systems also lack real privacy, which may be a problem for certain applications, e.g. auctions.

This survey is an excellent overview of the privacy issues associated with permissionless blockchains. By detailing various privacy-enhancing techniques that have been proposed and currently in use today, the article gives a great overview of the current state of privacy for cryptocurrencies and smart contracts.

The first attempts at improving the anoymity guarantees of blockchain networks involved the mxing of coins to break the trail of tranasctions. There are both centralised and decentralised mixing, and the researchers compiled a table providing an overview of mixing services available (shown below):

Similar to Mixcoin, Dash only supports a fixed denomination of payment and may be vulnerable due to inner attacks by malicious masternodes. Coinswap, which was proposed by Maxwell in 2013, was the first technique that solved the coin theft problem by utilising escrow transactions and fair exchange protocols to provide a coin mixing service through an intermediary.

The schemes mentioned above either failed to achieve payment fairness or could not support anonymity. Motivated by these challenges, Heilman and others proposed the hybrid system Tumblebit.

The anonymity of Tumblebit guaranteed no one could deduce the transaction linkability. However, if tumble colluded with the beneficiaries, it was easy to learn the actual identity of the payer. Besides, Tumberbit supported neither payment values hiding nor bi-directional payment channels, which affected its availability in practice.

CoinJoin, again proposed by Maxwell in 2013, was one of the first decentralised mixing services and is currently gaining traction with Bitcoin users. This technique allows users to mix their coins in a self-organised way instead of relying on a third party. However, users participating in the coin mixing might discover the information of other clients. In addition, CoinJoin was vulnerable to the Denial of Service (DoS) attack. Specifically, any user in the mixing set was unavailable or abnormal, the whole mixing process would fail and therefore suffers from low availability.

CoinShuffle++ is a decentralised mixing protocol compatible with Bitcoin, which significantly reduced the communication bandwidth consumption and improved performance compared with original CoinShuffle. However, the anonymity set was still relatively limited.

While lots of work on mixing was done for Bitcoin, altcoins such as Monero have employed ring signatures and zero knowledge proofs. The first application of Zero Knowledge Proof of Knowledge in a blockchain was zerocoin, intended to be implemented in Bitcoin to improve privacy.

Despite the excellent performance in privacy preservation and efficiency of Zerocash, its security requires a trusted setup process that determines the parameters of zk-SNARKs. If the adversary compromises this process, it can break the security and privacy guarantees of Zerocash. The shortcomings of Zerocash in performance and security motivated the emergence of more zero-knowledge proof-based privacy preservation schemes.

Bulletproofs improves upon the performance of zk-SNARKs, dramatically reduces the size of existing range proofs technologies and supports proof aggregation, which allows a user to prove multiple commitments with a single proof. Multiple parties can jointly generate a single proof without revealing inputs via secure multi-party computation (MPC). Bulletproofs are currently the most efficient range proof and the most notable implementation is in Monero (XMR).

Overview of crypto-based techniques:

While work on privacy for permissionless blockchains is promising and making progress, the privacy of smart contracts is an entirely different matter.

The researchers note that existing schemes either need to assume the security and trust of SGX or utilise heavy cryptographic tools with a high computation/storage overhead. As the table below notes, a technique based on SGX relies on the integrity of Intel, introducing the risk of a singe point of failure.

Overview of smart contract privacy proposals:

The protection of smart contract privacy remains as an open issue.

Diversifying with Cryptocurrencies During COVID-19

Read the full study here.

Because of the high impact and encompassing nature of COVID-19, the past few months have provided a perfect opportunity to re-evaluate aspects of financial market dynamics. As we saw in March 2020, most assets become more correlated during economic downturns.

To examine how the correlations of cryptocurrencies and traditional financial markets behaved, the authors of this paper used some advacned econometric techniques to assess the impact of COVID-19. The paper examines the paired co-movements of six cryptocurrencies (and bitcoin futures) with 14 equity indices and the VIX during COVID-19.

The main finding showed that co-movements between cryptocurrencies and equity indices became larger as COVID-19 progressed, and are economically meaningful. The matrix below shows the co-movements between the different assets, where darker purple squares show positive co-movement while dark red squares illustrate negative co-movement.

Generally, co-movements are positively correlated with equity indices, which suggests that cryptocurrencies are not acting as safe havens. However, there are some notable exceptions: the co-movements of bitcoin futures and Tether (USDT) are negatively correlated with equity indices.

By applying principal component analysis and neural networks techniques, the paper shows that, in contrast to most cryptocurrencies, bitcoin futures and tether move positively with the VIX under COVID-19, affirming their value as safe havens.

In contrast, cryptocurrencies like bitcoin and ether were found to negatively co-move with the VIX, suggesting this emerging asset class is not yet a diversifier against economic downturn.

The neural network map above shows that bitcoin futures and Tether are not bunched together with other cryptocurrencies. Tether also has a negative relationship with Bitcoin, acting as a diversifier for US equities and bitcoin investors.

Since Bitcoin futures have a negative co-movement with the S&P 500 and positive co-movement with the VIX, the map shows that this asset has acted as diversifier for US stock markets during COVID-19.

The authors interpret their findings that bitcoin futures and Tether act differently from cryptocurrencies in general, since the type of investors that use these instruments differ. While bitcoin itself is used to store and transact value, bitcoin futures may represent pure speculation. Also, investors are drawn to Tether because of its stability and connection with the US Dollar.

The map also displays other interesting relationships. For example, given that the main connection in the group of cryptocurrencies is between Bitcoin and Ethereum, and then other connections dispersing from there, this shows that bitcoin plays an important role in leading the movements of other cryptocurrencies. We also see a red connection between Ethereum and FTSE China, suggesting Ethereum may play a role in diversifying Asian portfolio investments.

I hope this foray into blockchain research was enlightening. See you next week.