skip to main content

Attention:

The NSF Public Access Repository (PAR) system and access will be unavailable from 11:00 PM ET on Friday, December 13 until 2:00 AM ET on Saturday, December 14 due to maintenance. We apologize for the inconvenience.


Search for: All records

Award ID contains: 1922410

Note: When clicking on a Digital Object Identifier (DOI) number, you will be taken to an external site maintained by the publisher. Some full text articles may not yet be available without a charge during the embargo (administrative interval).
What is a DOI Number?

Some links on this page may take you to non-federal websites. Their policies may differ from this site.

  1. Free, publicly-accessible full text available July 29, 2025
  2. Domain Name System Security Extensions (DNSSEC) uses public-key digital signatures to provide integrity and authentication for DNS query responses. The current standardized DNS for reliable UDP delivery limits DNS response (including the message, signature, and public key) to a maximum of 1232 bytes. Incorporating NIST’s post-quantum digital signatures into the DNS protocol results in a response size that exceeds the limit set by the Ethernet standardization, making PQC incompatible with the current standardized DNS. To address the incompatibility and enable PQC to protect the authenticity against the quantum-equipped adversaries, previous research proposed fragmenting the DNSSEC messages. Fragmentation however exposes DNSSEC to Fragmentation Mis-Association threat, traditionally studied in the broader IP fragmentation contexts and not applicable in the current DNSSEC with classical/pre-quantum cipher (no fragmentation needed). We distinguish our work from the previous research incorporating PQC to DNSSEC to defend against the Fragmentation Mis- Association Threat by chaining the fragments and applying cryptographic commit-and-reveal. We also advance the previous research and further reduce the number of packet fragments, which can be particularly useful as the DNSSEC based on UDP is prone to packet transmission failure increasing the chance of the DNS response failure when sent in multiple fragments, by using blockchain to offload and enable the offline delivery of the public key. Our scheme thus even allows the Falcon-512 PQC cipher incorporation to forgo the fragmentation, in contrast to the previous research requiring fragmentation for Falcon-512; the other PQC ciphers, i.e., Dilithium ciphers and Falcon-1024, still require fragmentation in our scheme due to the standardized signature sizes. We implement our scheme and analyze the effectiveness and performances through experimentation. 
    more » « less
    Free, publicly-accessible full text available June 9, 2025
  3. Cryptocurrency is designed for anonymous financial transactions to avoid centralized control, censorship, and regulations. To protect anonymity in the underlying P2P networking, Bitcoin adopts and supports anonymous routing of Tor, I2P, and CJDNS. We analyze the networking performances of these anonymous routing with the focus on their impacts on the blockchain consensus protocol. Compared to non-anonymous routing, anonymous routing adds inherent-by-design latency performance costs due to the additions of the artificial P2P relays. However, we discover that the lack of ecosystem plays an even bigger factor in the performances of the anonymous routing for cryptocurrency blockchain. I2P and CJDNS, both advancing the anonymous routing beyond Tor, in particular lack the ecosystem of sizable networking-peer participation. I2P and CJDNS thus result in the Bitcoin experiencing networking partitioning, which has traditionally been researched and studied in cryptocurrency/blockchain security. We focus on I2P and Tor and compare them with the non-anonymous routing because CJDNS has no active public peers resulting in no connectivity. Tor results in slow propagation while I2P yields soft partition, which is a partition effect long enough to have a substantial impact in the PoW mining. To better study and identify the latency and the ecosystem factors of the cryptocurrency networking and consensus costs, we study the behaviors both in the connection manager (directly involved in the P2P networking) and the address manager (informing the connection manager of the peer selections on the backend). This paper presents our analyses results to inform the state of cryptocurrency blockchain with anonymous routing and discusses future work directions and recommendations to resolve the performance and partition issues. 
    more » « less
    Free, publicly-accessible full text available May 27, 2025
  4. Free, publicly-accessible full text available February 1, 2025
  5. Cryptocurrency software implements the cryptocurrency operations, including the distributed consensus protocol and the peer-to-peer networking. We design a software assurance scheme for cryptocurrency and advance the cryptocurrency handshaking protocol. Since we focus on Bitcoin (the most popular cryptocurrency) for implementation and integration, we call our scheme Version++, built on and advancing the current Bitcoin handshaking protocol based on the Version message. Our Version++ protocol providing software assurance is distinguishable from the previous research because it is permissionless, distributed, and lightweight to fit its cryptocurrency application. Our scheme is permissionless since it does not require a centralized trusted authority (unlike the remote software attestation techniques from trusted computing); it is distributed since the peer checks the software assurances of its own peer connections; and it is designed for efficiency/lightweight due to the dynamic nature of the peer connections and the large-scale broadcasting in cryptocurrency networking. Utilizing Merkle Tree for the efficiency of the proof verification, we implement and test Version++ on Bitcoin software and conduct experiments in an active Bitcoin node prototype connected to the Bitcoin Mainnet. Our prototype-based performance analyses demonstrate the lightweight design of Version++. The peer-specific verification grows logarithmically with the number of software files in processing time and in storage. In addition, the Version++ verification overhead is small compared to the overall handshaking process; our measured overhead of 2.22% with minimal networking latency between the virtual machines provides an upper bound in the real-world networking with greater handshaking duration, i.e., the relative Version++ overhead in the real world with physically separate machines will be smaller. 
    more » « less
  6. Cryptocurrency software implements the cryptocurrency operations. We design a software assurance scheme for cryptocurrency and advance the cryptocurrency handshaking protocol. More specifically, we focus on Bitcoin for implementation and integration and advance its Version-message based hand-shaking and thus call our scheme Version++, The Version++ protocol provides software assurance, which is distinguishable from the previous research because it is permissionless, distributed, and lightweight to fit its cryptocurrency application. Utilizing Merkle Tree for the verification efficiency, we implement and test Version++ on Bitcoin software and conduct experiments in an active Bitcoin node prototype connected to the Bitcoin Mainnet. This paper for the conference demonstration supplements our technical paper at CCNC 2023 for synergy but highlights the prototyping and demonstration components of our research. 
    more » « less