Smart contract-enabled blockchains allow building decentralized applications in which mutually-distrusted parties can work together. Recently, oracle services emerged to provide these applications with real-world data feeds. Unfortunately, these capabilities have been used for malicious purposes under what is called criminal smart contracts. A few works explored this dark side and showed a variety of such attacks. However, none of them considered collaborative attacks against targets that reside outside the blockchain ecosystem.In this paper, we bridge this gap and introduce a smart contract-based framework that allows a sponsor to orchestrate a collaborative attack among (pseudo)anonymous attackers and reward them for that. While all previous works required a technique to quantify an attacker's individual contribution, which could be infeasible with respect to real-world targets, our framework avoids that. This is done by developing a novel scheme for trustless collaboration through betting. That is, attackers bet on an event (i.e., the attack takes place) and then work on making that event happen (i.e., perform the attack). By taking DDoS as a usecase, we formulate attackers' interaction as a game, and formally prove that these attackers will collaborate in proportion to the amount of their bets in the game's unique equilibrium. We also model our framework and its reward function as an incentive mechanism and prove that it is a strategy proof and budget-balanced one. Finally, we conduct numerical simulations to demonstrate the equilibrium behavior of our framework.
翻译:智能合同化的链条可以建立分散化的应用,使互不信任的各方能够共同合作。最近,出现了神灵服务,为这些应用程序提供真实世界的数据信息。不幸的是,这些能力被用于犯罪智能合同下的恶意目的。少数作品探索了这一黑暗面,展示了各种此类袭击。然而,没有一件作品考虑对位于封闭链生态系统之外的目标进行协作攻击。在本文中,我们弥合了这一差距,并引入了一个智能合同框架,使赞助者能够在(假冒的)匿名攻击者之间策划合作攻击,并以此奖励他们。虽然以往的所有工作都需要一种技术来量化攻击者个人的贡献,而这种贡献可能无法用在现实世界目标上实现,但我们的框架避免了这一点。这是通过开发一个无信任合作的新计划来完成的。这就是,攻击者在某事件(即攻击发生)上打赌,然后进行一个智能基于合同的框架,使该事件发生(即进行攻击)的赞助者能够协调(即进行攻击),并以此来奖励他们。通过使用DDoS系统来量化攻击者的个人贡献,我们把攻击者的个人贡献当作一个游戏的游戏的游戏的游戏,并正式地证明他们的游戏的游戏的游戏的游戏的游戏的游戏的游戏的游戏的游戏, 的游戏的奖赏力,我们可以证明。