André Augusto, Rafael Belchior, Jonas Pfannschmidt, André Vasconcelos, Miguel Correia

Conference arXiv, 2024

Cross-chain bridges are widely used blockchain interoperability mechanisms. However, several of these bridges have vulnerabilities that have caused 3.2 billion dollars in losses since May 2021. Some studies have revealed the existence of these vulnerabilities, but little quantitative research is available, and there are no safeguard mechanisms to protect bridges from such attacks. We propose XChainWatcher, the first mechanism for monitoring bridges and detecting attacks against them. XChainWatcher relies on a cross-chain model powered by a Datalog engine, designed to be pluggable into any cross-chain bridge. Analyzing data from the Ronin and Nomad bridges, we successfully identified the transactions that led to losses of $611M and $190M USD, respectively. XChainWatcher not only uncovers successful attacks but also reveals unintended behavior, such as 37 cross-chain transactions (cctx) that these bridges should not have accepted, failed attempts to exploit Nomad, over $7.8M locked on one chain but never released on Ethereum, and $200K lost due to inadequate interaction with bridges. We provide the first open-source dataset of 81,000 cctxs across three blockchains, capturing $585M and $3.7B in token transfers in Nomad and Ronin, respectively.

Shankar Subramanian, André Augusto, Rafael Belchior, André Vasconcelos, Miguel Correia

Conference 2024 IEEE International Conference on Blockchain (Blockchain), 2024

Blockchain aggregators play an instrumental role in the evolution of blockchain technology, serving as pivotal enablers of interoperability, efficiency, and user accessibility in an increasingly decentralized digital world. However, the literature on this emerging technology is scarce and is not systematized, making it harder for practitioners and researchers to understand the field. In this paper, we systematize bridge aggregators, a type of blockchain aggregators. We present an exhaustive analysis of a diverse array of token and message aggregators, each distinguished by its unique architecture. Our research delves into critical aspects of these aggregators, encompassing their functionality, security measures, pricing models, and latency. This research aims to provide readers, users, and developers with insightful and actionable information, facilitating informed navigation through the complex landscape of blockchain aggregators. We explore our findings and compare them with our intuitive expectations. We show that there is a value in centralizing token aggregators. Message aggregators are found to be more powerful but less efficient in transaction cost and latency. Finally, we propose a set of future research directions for practitioners.

Sebastião Mayor, Rafael Belchior, Miguel Correia, André Vasconcelos

Conference International Conference on Enterprise Information Systems (ICEIS) 2024

Blockchain technology has revolutionized the way data is stored and accessed in a decentralized manner. However, the lack of interoperability between such systems is an ongoing challenge hindering their wider adoption. This document proposes a two-part solution composed of activities that aim to enhance semantic interoperability between homogeneous and heterogeneous blockchain systems. The first part are the design-time activities that consist of constructing an Archimate model, extracting its Resource Description Framework (RDF) ontology, and assessing its correctness utilizing a semantic reasoner. The second part are the runtime activities that involve leveraging the resulting ontology in a supply chain management application to validate transactions among participants in a network of systems. The evaluation results are promising, demonstrating that a shared ontology can support a transparent and accurate transaction validation approach. Thus, this work is a significant step in proving that distributed ledger technologies can benefit from enterprise architecture techniques to improve their interoperability.

André Augusto, Rafael Belchior, Miguel Correia, André Vasconcelos, Luyao Zhang, Thomas Hardjono

Conference IEEE Symposium on Security and Privacy 2024

This paper presents a systematic overview of the security and privacy aspects of blockchain interoperability. As blockchain technology continues to evolve and diversify, the need for secure and private cross-chain communication becomes increasingly critical. The authors conduct a comprehensive analysis of existing blockchain interoperability solutions, identifying key security vulnerabilities and privacy concerns. They propose a taxonomy of blockchain interoperability approaches, categorizing them based on their architectural designs and security models. Furthermore, the paper discusses various attack vectors specific to cross-chain interactions and evaluates the effectiveness of current mitigation strategies. By synthesizing insights from both academic research and industry implementations, this work provides a valuable resource for researchers, developers, and policymakers working on secure and privacy-preserving blockchain interoperability solutions.

Rafael Belchior, Dimo Dimov, Zahary Karadjov, Jonas Pfannschmidt, André Vasconcelos, Miguel Correia

Journal Submitted

(click me!)

We propose Harmonia, a framework to build robust, secure, efficient, and decentralized cross-chain decentralized applications. As one of its main components, Harmonia utilizes a decentralized and efficient zero-knowledge proof based light client called DendrETH. DendrETH mitigates the security problem by lowering the attack surface and relying on the properties of zero-knowledge proofs.

In this instantiation of Harmonia, DendrETH implements an improved version of Ethereum's light client sync protocol that fixes previously known critical security flaws. This light client protocol is implemented as a smart contract, allowing blockchains to read a source blockchain's state in a trust-minimized way. This enables the creation of several cross-chain use cases, such as secure cross-blockchain bridges (asset transfers) or smart contract migrations (data transfers) that do not require a trusted operator.

Our implementations are compatible with the Ethereum Virtual Machine (EVM) based chains and some non-EVM chains. We provide an open-source implementation and reproducible environment for researchers and practitioners to replicate our results.

Rafael Belchior, Jan Süßenguth, Qi Feng, Thomas Hardjono, André Vasconcelos, Miguel Correia

Academic Magazine Communications of the ACM, 2024

A deep dive into blockchain interoperability: why it is needed, progress that has been made, how it is currently deployed and used, and likely paths of future development.

André Augusto, Rafael Belchior, André Vasconcelos, Imre Kocsis, Gönczy László, Miguel Correia

Workshop IEEE International Conference on Blockchain and Cryptocurrency Cross-Chain Workshop, 2023

In this paper, we leverage an asset transfer protocol, ODAP/SATP, to define an extendable and dependable blockchain interoperability middleware that can bridge CBDC from Hyperledger Fabric to EVM-based permissioned blockchains.

André Augusto, Rafael Belchior, André Vasconcelos, Miguel Correia, Thomas Hardjono

Conference IEEE International Conference on Blockchain and Cryptocurrency 2024

With the growing interest in blockchain technology, researchers and developers in different industries are shifting their attention to creating interoperability mechanisms. Existing mechanisms usually encompass asset exchanges, asset transfers, and general data transfers. However, most of the solutions based on these mechanisms only work for two permissionless blockchains falling short in use cases requiring more complex business relationships. Also, contrary to existing legacy systems, there is little standardization for cross-chain communication. Here we present MP-SATP, a resilient multi-party asset transfer protocol built on top of the Secure Asset Transfer Protocol (SATP). Furthermore, we enhance SATP's crash recovery mechanism that directly influences the reliability and performance of our solution. Using MP-SATP, we show how to perform N-to-N resilient asset transfers in permissioned environments by decoupling them into multiple 1-to-1 asset transfers. Our results demonstrate that the latency of the protocol is driven by the latency of the slowest 1-to-1 session; and how the usage of backup gateways avoid the overhead caused by rollbacks. Enterprise-grade environments such as supply-chain management systems can immediately leverage our solution to perform atomic multi-party asset transfers as shown by our use case.

Rafael Belchior, Peter Somogyvari, Jonas Pfannschmidt, André Vasconcelos, Miguel Correia

Journal IEEE Transactions on Reliability, 2024

Bridge security in a cross-chain world is paramount. Some estimates talk about over $2 billion in damages only this year. Why is it so hard to secure bridges? Is there a way we could formalize bridge security and therefore alleviate the likelihood of attacks? Meet Hephaestus (the Greek god that links the chains), our most recent paper that describes our method to generate a cross-chain model from a bridging use case, to provide a basis for dependable bridging. Note that this is a primer initial effort to understand and relate the concepts of cross-chain logic, cross-chain transactions, cross-chain state, and cross-chain model.

Our implementation is open-source and available here, implemented with Hyperledger Cactus (thanks for the support Hyperledger Foundation).

Rafael Belchior, Limaris Torres, Jonas Pfannschmidt, André Vasconcelos, Miguel Correia

Journal ACM Distributed Ledger Technologies: Research and Practice, 2024

In this paper, we present a foundational concept that helps understand the concept of cross-chain state. A view represents the states of a blockchain available to a particular stakeholder. The combination of views forms an integrated view that represents a consistent global state shared by all participants. This paper introduces BUNGEE (Blockchain UNifier view GEnErator), the first DLT view generator, to allow capturing DLT snapshots, constructing views, and performing arbitrary operations on those, such as integrating views. Creating and integrating views allows interesting applications, such as stakeholder-centric snapshots for audits, cross-chain analysis, blockchain migration, and data analytics.

Rafael Belchior, Sabrina Scuri, Nuno Nunes, Thomas Hardjono, André Vasconcelos

Workshop IEEE International Conference on Blockchain and Cryptocurrency Cross-Chain Workshop, 2023

In this paper, we focus on the problem of managing cross-chain state in an integrated manner. First, we introduce the concept of cross-chain logic/cross-chain rules. After that, we present and discuss the results of our blockchain interoperability survey. In this survey we analyzed the needs of experts to systematically model and analyze cross-chain state.

Catarina Pedreira, Rafael Belchior, Miguel Matos, André Vasconcelos

Workshop BlockTEE'22, 2022

This paper explores a trustless solution built on top of ODAP, a protocol to conduct asset transfers between gateways. T-ODAP enhances the decentralization of ODAP by leveraging a decentralized view storage, envisioned to be implemented in Polkadot.

Rafael Belchior, Luke Riley, Thomas Hardjono, André Vasconcelos, Miguel Correia

Journal ACM Distributed Ledger Technologies: Research and Practice, 2023

This paper was the output of a long collaboration within the IETF forming group ODAP and Quant Network. In this paper, we systematically study the research area of DLT interoperability by dissecting and analyzing previous work. We study the logical separation of interoperability layers, how a DLT can connect to others (connection mode), the object of interoperation (interoperation mode), and propose a new categorization for IMs. Second, we propose the first interoperability assessment for DLTs that systematically evaluates the interoperability degree of an IM. This framework allows comparing the potentiality, compatibility, and performance among solutions. Finally, we propose two decision models to assist in choosing an IM, considering different requirements. The first decision model assists in choosing the infrastructure of an IM, while the second decision model assists in choosing its functionality.

Rafael Belchior, André Vasconcelos, Miguel Correia, Thomas Hardjono

Conference IEEE International Conference on Services Computing (SCC), 2021

Enabling blockchain-based digital asset exchanges requires blockchain interoperability capabilities. Although some solutions have been proposed in recent years, asset and crypto-currency transfers across legal jurisdictions are still an unsolved problem. To realize this vision, we propose Hermes, a fault-tolerant middleware that connects blockchain networks, enabling the transfer of data and value across legal jurisdictions. Hermes is based on the Open Digital Asset Protocol (ODAP), an asset transfer protocol. Hermes utilizes a novel mechanism called ODAP-2PC and decentralized logging that can solve disputes regarding asset exchange. We find Hermes to fill an existing gap: the technical infrastructure that can constitute the basis for legislating and regulating cross-chain transfers, enabling the future of finance.

Martin Hargreaves, Thomas Hardjono, Rafael Belchior, Venkatraman Ramakrishna

Technical Specification IETF, 2023

This memo describes the Secure Asset Transfer (SAT) Protocol for digital assets. SAT is a protocol operating between two gateways that conducts the transfer of a digital asset from one gateway to another, each representing their corresponding digital asset networks. The protocol establishes a secure channel between the endpoints and implements a 2-phase commit (2PC) to ensure the properties of transfer atomicity, consistency, isolation and durability.

Note: As of October 2024, the latest version is 06, available at https://datatracker.ietf.org/doc/draft-ietf-satp-core/06/

Rafael Belchior, André Vasconcelos, Miguel Correia, Thomas Hardjono

Journal Future Generation Computer Systems, 2022

Hermes is a blockchain interoperability middleware based on the Open Digital Asset Protocol (ODAP). Hermes extends ODAP gateways with crash recovery mechanisms to increase resiliency. ODAP-2PC comes with a rollback protocol, guaranteeing the ACID properties of cross-chain transactions. ODAP and ODAP-2PC can be used for (regulated) digital assets exchange across jurisdictions.

Sara Ghaemi, Sara Rouhani, Rafael Belchior, Rui S. Cruz, Hamzeh Khazaei, Petr Musilek

Technical Report arXiv, 2021

The maturing of blockchain technology leads to heterogeneity, where multiple solutions specialize in a particular use case. While the development of different blockchain networks shows great potential for blockchains, the isolated networks have led to data and asset silos, limiting the applications of this technology. Blockchain interoperability solutions are essential to enable distributed ledgers to reach their full potential. Such solutions allow blockchains to support asset and data transfer, resulting in the development of innovative applications. This paper proposes a novel blockchain interoperability solution for permissioned blockchains based on the publish/subscribe architecture. We implemented a prototype of this platform to show the feasibility of our design. We evaluate our solution by implementing examples of the different publisher and subscriber networks, such as Hyperledger Besu, which is an Ethereum client, and two different versions of Hyperledger Fabric. We present a performance analysis of the whole network that indicates its limits and bottlenecks. Finally, we discuss the extensibility and scalability of the platform in different scenarios. Our evaluation shows that our system can handle a throughput in the order of the hundreds of transactions per second.

Rafael Belchior, Miguel Correia, Thomas Hardjono

Technical Specification IETF, 2021

This memo describes the crash recovery mechanism for the Secure Asset Transfer Protocol (SATP). The goal of this draft is to specify the message flow that implements a crash recovery mechanism. The mechanism assures that gateways running SATP are able to recover faults, enforcing ACID properties for asset transfers across ledgers (i.e., double spend does not occur).

Rafael Belchior, Sérgio Guerreiro, André Vasconcelos, Miguel Correia

Journal Business Process Management Journal, 2022

This study gives an overview of the business process view integration research area. Rooted in database schema integration, business process view integration is needed to consolidate different versions of the same business process. It turns out that lessons from this area are directly applicable to blockchain, because blockchain supports different views on the same data, contrary to common knowledge.

Rafael Belchior, Benedikt Putz, Guenther Pernul, Miguel Correia, André Vasconcelos, Sérgio Guerreiro

Workshop IEEE 19th International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom), 2020

This paper implements efforts with a colleague and friend from Germany, Benedikt and his advisor, Guenther. We are both fascinated on how one can use the self-sovereign identity paradigm to achieve privacy-preserving access control processes. This was then our first effort understanding decentralized identifiers, verifiable credentials, and identity-centric blockchains. We design an integration between blockchains and centralized access control mechanisms encoding access control policies into verifiable presentations. This paves the way for more privacy-preserving access control enterprise scenarios.

Rafael Belchior, André Vasconcelos, Sérgio Guerreiro, Miguel Correia

Journal ACM Computing Surveys, 2021

This survey depicts the past and current state of blockchain interoperability, presenting and categorizing existing solutions. It discusses in detail what is blockchain interoperability, the proposed architectures, use cases, challenges, and future research directions. What I consider special about this survey is that we contacted dozens of people asking feedback on their solutions. It ensured us to have updated information, in a research area set up by obsolete whitepapers. This is the first paper I wrote that I consider a very good paper - It took around 6 months to write, and was reviewed by several colleagues.

An online appendix is available at: https://web.ist.utl.pt/~ist180970/papers/2021/interop-survey-appendix_acm-csur_2021.pdf

Sara Rouhani, Rafael Belchior, Rui S. Cruz, Ralph Deters

Journal World Wide Web, 2021

This paper was the result of a collaboration with Prof. Rui Cruz, an Assistant Professor from Técnico, and Sara Rouhani, a PhD candidate at the University of Saskatchewan. On the context of a Hyperledger Summer Internship, we implemented a blockchain-based access control system based on Hyperledger Fabric, and explored its capabilities and limitations. It turns out that decentralized access control is quite feasible, we believe even in cross-organizational settings. Looking back, I'm glad to work with such I took the courage to challenge Prof. Rui to go forward with this project.

Rafael Belchior, Miguel Correia, André Vasconcelos

Conference ECIS '20: European Conference on Information Systems, 2020

I consider the second paper I wrote to be a very notorious improvement compared to the first. In this paper, we extended JusticeChain to support audit processes - by encoding dummy audit rules into smart contracts. This technique caught the interest of the reviewers, as it could be easily integrated with real audits, given that the audit rules satisfy the GDPR.

Rafael Belchior, Miguel Correia, André Vasconcelos

Conference CoopIS 2019: 27th International Conference on COOPERATIVE INFORMATION SYSTEMS, 2019

This was the first paper I wrote, in the context of my MSc degree - and my first direct contact with academia. Although very drafty, it exposes the long term effort collaborating with the Portuguese public sector. I learned how to ally the academic thinking with the practical effort of developing a system to be production ready. The experience on the academic conference was very motivating as well.