ERCIM NEWSNumber 110 July 2017

www.ercim.eu

Special theme

Blockchain

Engineering

Also in this issue:

Research and Innovation:

Machine Learning in IoT

for Autonomous, Adaptive Sensing

ERCIM News is the magazine of ERCIM. Published quar-

terly, it reports on joint actions of the ERCIM partners, and

aims to reflect the contribution made by ERCIM to the

European Community in Information Technology and Applied

Mathematics. Through short articles and news items, it pro-

vides a forum for the exchange of information between the

institutes and also with the wider scientific community. This

issue has a circulation of about 6,000 printed copies and is

also available online.

ERCIM News is published by ERCIM EEIG

BP 93, F-06902 Sophia Antipolis Cedex, France

Tel: +33 4 9238 5010, E-mail: contact@ercim.eu

Director: Philipp Hoschka, ISSN 0926-4981

Contributions

Contributions should be submitted to the local editor of your

country

Copyright�notice

All authors, as identified in each article, retain copyright of their

work. ERCIM News is licensed under a Creative Commons

Attribution 4.0 International License (CC-BY).

Advertising

For current advertising rates and conditions, see

http://ercim-news.ercim.eu/ or contact peter.kunz@ercim.eu

ERCIM�News�online�edition���

http://ercim-news.ercim.eu/

Next�issue

October 2017, Special theme: Digital Humanities

Subscription

Subscribe to ERCIM News by sending an email to

en-subscriptions@ercim.eu or by filling out the form at the

ERCIM News website: http://ercim-news.ercim.eu/

Editorial�Board:

Central editor:

Peter Kunz, ERCIM office (peter.kunz@ercim.eu)

Local Editors:

Austria: Erwin Schoitsch (erwin.schoitsch@ait.ac.at)

Belgium:Benoît Michel (benoit.michel@uclouvain.be)

Cyprus: Ioannis Krikidis (krikidis.ioannis@ucy.ac.cy)

France: Steve Kremer (steve.kremer@inria.fr)

Germany: Michael Krapp (michael.krapp@scai.fraunhofer.de)

Greece: Eleni Orphanoudakis (eleni@ics.forth.gr),

Artemios Voyiatzis (bogart@isi.gr)

Hungary: Andras Benczur (benczur@info.ilab.sztaki.hu)

Italy: Maurice ter Beek (maurice.terbeek@isti.cnr.it)

Luxembourg: Thomas Tamisier (thomas.tamisier@list.lu)

Norway: Poul Heegaard (poul.heegaard@item.ntnu.no)

Poland: Hung Son Nguyen (son@mimuw.edu.pl)

Portugal: José Borbinha, Technical University of Lisbon

(jlb@ist.utl.pt)

Spain: Silvia Abrahão (sabrahao@dsic.upv.es)

Sweden: Kersti Hedman (kersti@sics.se)

Switzerland: Harry Rudin (hrudin@smile.ch)

The Netherlands: Annette Kik (Annette.Kik@cwi.nl)

W3C: Marie-Claire Forgue (mcf@w3.org)

Editorial Information Contents

ERCIM NEWS 110 July 2017

JoINT ERCIM ACTIoNS

4 ERCIM Membership

5 First ERCIM Workshop on

Blockchain Technology

5 ERCIM “Alain Bensoussan”

Fellowship Programme

5 HORIZON 2020 Project

Management

SPECIAL THEME

The special theme section“Blockchain Engineering” has beencoordinated by Elli Andoulaki (IBMResearch – Zurich), Matthias Jarke(RWTH Aachen University & FraunhoferFIT) and Jean-Jacques Quisquater(Université catholique de Louvain,Belgium, and research affiliate at MIT)

6 Blockchain Engineering -

Introduction to the Special

Theme

by Elli Andoulaki (IBM Research –Zurich), Matthias Jarke (RWTHAachen University & FraunhoferFIT) and Jean-Jacques Quisquater(Université catholique de Louvain,Belgium, and research affiliate atMIT)

Invited articles8 Blockchains for Everybody:

Individuals, Companies, States

and Democracy

by Jean-Jacques Quisquater(Université catholique de Louvain,Belgium, and research affiliate atMIT)

9 Permissioned Blockchains and

Hyperledger Fabric

by Elli Androulaki, ChristianCachin, Angelo De Caro,Alessandro Sorniotti and MarkoVukolic (IBM Research, Zurich)

Cryptocurrencies10 Bitcoin – Cryptocurrencies and

Alternative Applications

by Aljosha Judmayer, AlexeiZamyatin, Nicholas Stifter andEdgar Weippl (SBA Research)

12 Identity Managenent on the

Bitcoin Blockchain

by Daniel Augot (Inria, Écolepolytechnique, and UniversitéParis-Saclay), Hervé Chabanne(OT-Morpho and TelecomParistech) and William George(École polytechnique andUniversité Paris-Saclay)

13 SpaceMint: A Cryptocurrency

Based on Proofs of Space

by Georg Fuchsbauer (Inria)

ERCIM NEWS 110 July 2017 3

14 Coinblesk – A Real-time, Bitcoin-

based Payment Approach and

App

by Thomas Bocek, Sina Rafati,Bruno Rodrigues and BurkhardStiller (University of Zürich)

15 Bitcoin Unchained

by Christopher Carr, Colin Boyd(NTNU), Xavier Boyen andThomas Haines (QUT)

Contracts and workflows17 A Holistic Approach to Smart

Contract Security

by Nicholas Stifter, AljoshaJudmayer, and Edgar Weippl (SBAResearch)

18 Correctness of Smart Contracts

for Consistency Enforcement

by Thomas Osterland and ThomasRose (Fraunhofer FIT)

19 Implementation of a Blockchain

Workflow Management

Prototype

by Gilbert Fridgen (FraunhoferFIT), Bernd Sablowsky(Norddeutsche Landesbank) andNils Urbach (Fraunhofer FIT)

21 Proofs of Work - the Engines of

Trust

by Alex Biryukov (University ofLuxembourg)

22 Design Requirements for a

Branched Blockchain Merging

Algorithm

by Arthur Melissen (Storro B.V.)

Public sector applications24 Blockchain – Attack on and

Chance for the Public Sector

by Christian Welzel (FraunhoferFOKUS)

25 How Distributed Ledgers Can

Transform Healthcare

Applications

by Angelica Lo Duca, Clara Bacciu,Andrea Marchetti (IIT-CNR)

RESEARCH ANd INNovATIoN

This section features news aboutresearch activities and innovativedevelopments from Europeanresearch institutes

38 Machine Learning in IoT for

Autonomous, Adaptive Sensing

by Frank Alexander Kraemer,Nattachart Tamkittikhun andAnders Eivind Braten (NTNU)

40 Cache-aware Roofline Model in

Intel® Advisor

by Leonel Sousa and AleksandarIlic (INESC-ID)

41 Lightweight Random Indexing

for Polylingual Text Classification

by Alejandro Moreo Fernandez,Andrea Esuli and FabrizioSebastiani (ISTI-CNR)

42 Real Flight Demonstration of

Monocular Image-Based Aircraft

Sense and Avoid

by Péter Bauer, Antal Hiba, BálintDaróczy, Márk Melczer, BálintVanek (MTA SZTAKI)

43 Use-cases Covered by an

Enhanced Virtual Research

Environment

by Valerie Brasse (IS4RI)

EvENTS, IN BRIEf

New Project45 ElasTest: A Cloud-based Platform

for Testing Large Complex

Distributed Software Systems

Call for Proposals46 Dagstuhl Seminars and

Perspectives Workshops

Call for Participation46 ACM NanoCom 2017

Report46 IFIP TC6’s Open Digital Library

and Conferences

by Harry Rudin

In Brief47 New 3D FleX-ray Lab at CWI

47 18.8 Million Euro for Quantum

Software Research

47 New ERCIM Board Members

27 Blockchain-enabled Intelligent

Asset Exchange for a Circular

Economy

by Ioannis Askoxylakis (FORTH),George Alexandris (BournemouthUniversity) and Giorgos Demetriou(Ecole de Ponts Business School)

28 Blockchain and Autonomous

Institutions

by Mariusz Nowostawski (NTNU)

29 Self-Sovereign Identity

Framework and Blockchain

by Rieks Joosten (TNO)

Security and privacy31 Distributed Access Control

Through Blockchain Technology

by Damiano Di Francesco Maesa,Laura Ricci (Università di Pisa) andPaolo Mori (IIT-CNR)

32 Blockchain Ensures

Transparency in Personal Data

Usage: Being Ready for the New

EU General Data Protection

Regulation

by Uwe Roth (LuxembourgInstitute of Science andTechnology, LIST)

34 Flexible Transparency: A Privacy

Enabler in Blockchain

Technologies

by Maria Christofi (Trusted Labs)and Aline Gouget (Gemalto)

Blockchain labs35 CWI Joins the Dutch National

Blockchain Coalition as a

Founding Member

by Eric Pauwels (CWI)

36 Blockchain Lab – Design,

Implementation and Evaluation

of Innovative Business and

Process Models

by Gilbert Fridgen, Wolfgang Prinz,Thomas Rose and Nils Urbach(Fraunhofer FIT)

ERCIM NEWS 110 July 20174

ERCIM

Membership

After having successfully grown tobecome one of the most recognized ICTSocieties in Europe, ERCIM has openedmembership to multiple member institutesper country. By joining ERCIM, yourresearch institution or university candirectly participate in ERCIM’s activitiesand contribute to the ERCIM members’common objectives playing a leading rolein Information and CommunicationTechnology in Europe:• Building a Europe-wide, open network

of centres of excellence in ICT andApplied Mathematics;

• Excelling in research and acting as abridge for ICT applications;

• Being internationally recognised both asa major representative organisation in itsfield and as a portal giving access to allrelevant ICT research groups in Europe;

• Liaising with other international organi-sations in its field;

• Promoting cooperation in research,technology transfer, innovation andtraining.

About ERCIM

ERCIM – the European ResearchConsortium for Informatics andMathematics – aims to foster collaborativework within the European research com-munity and to increase cooperation withEuropean industry. Founded in 1989,ERCIM currently includes 15 leadingresearch establishments from 14 Europeancountries. ERCIM is able to undertake con-sultancy, development and educationalprojects on any subject related to its field ofactivity.

ERCIM members are centres of excellenceacross Europe. ERCIM is internationallyrecognized as a major representativeorganization in its field. ERCIM providesaccess to all major InformationCommunication Technology researchgroups in Europe and has established anextensive program in the fields of science,strategy, human capital and outreach.ERCIM publishes ERCIM News, a quar-terly high quality magazine and deliversannually the Cor Baayen Award to out-standing young researchers in computerscience or applied mathematics. ERCIMalso hosts the European branch of theWorld Wide Web Consortium (W3C).

Benefits of Membership

As members of ERCIM AISBL, institutions benefit from: • International recognition as a leading centre for ICT R&D, as member of the

ERCIM European-wide network of centres of excellence;• More influence on European and national government R&D strategy in ICT.

ERCIM members team up to speak with a common voice and produce strategicreports to shape the European research agenda;

• Privileged access to standardisation bodies, such as the W3C which is hosted byERCIM, and to other bodies with which ERCIM has also established strategiccooperation. These include ETSI, the European Mathematical Society and Infor-matics Europe;

• Invitations to join projects of strategic importance;• Establishing personal contacts with executives of leading European research insti-

tutes during the bi-annual ERCIM meetings; • Invitations to join committees and boards developing ICT strategy nationally and

internationally;• Excellent networking possibilities with more than 10,000 research colleagues

across Europe. ERCIM’s mobility activities, such as the fellowship programme,leverage scientific cooperation and excellence;

• Professional development of staff including international recognition;• Publicity through the ERCIM website and ERCIM News, the widely read quarter-

ly magazine.

How to Become a Member

• Prospective members must be outstanding research institutions (including univer-sities) within their country;

• Applicants should address a request to the ERCIM Office. The application shouldinlcude:

• Name and address of the institution;• Short description of the institution’s activities;• Staff (full time equivalent) relevant to ERCIM’s fields of activity;• Number of European projects in which the institution is currently involved;• Name of the representative and a deputy.

• Membership applications will be reviewed by an internal board and may includean on-site visit;

• The decision on admission of new members is made by the General Assembly ofthe Association, in accordance with the procedure defined in the Bylaws(http://kwz.me/U7), and notified in writing by the Secretary to the applicant;

• Admission becomes effective upon payment of the appropriate membership fee ineach year of membership;

• Membership is renewable as long as the criteria for excellence in research and anactive participation in the ERCIM community, cooperating for excellence, are met.

Please contact the ERCIM Office: contact@ercim.eu

“Through a long history of successful research collaborations

in projects and working groups and a highly-selective mobility

programme, ERCIM has managed to become the premier net-

work of ICT research institutions in Europe. ERCIM has a consis-

tent presence in EU funded research programmes conducting

and promoting high-end research with European and global

impact. It has a strong position in advising at the research pol-

icy level and contributes significantly to the shaping of EC

framework programmes. ERCIM provides a unique pool of

research resources within Europe fostering both the career

development of young researchers and the synergies among

established groups. Membership is a privilege.”Dimitris Plexousakis, ICS-FORTH, ERCIM AISBL Board

ERCIM NEWS 110 July 2017 5

Joint ERCIM Actions

ERCIM “Alain Bensoussan”

fellowship Programme

ERCIM offers fellowships for PhD holders from all overthe world. Topics cover most disciplines in ComputerScience, Information Technology, and AppliedMathematics. Fellowships are of 12 months duration,spent in one ERCIM member institute. Fellowships areproposed according to the needs of the member institutesand the available funding.

Application deadlines for the next round: 30 April and

30 September 2017

More information: http://fellowship.ercim.eu/

HoRIZoN 2020

Project Management

A European project can be a richly rewarding tool forpushing your research or innovation activities to the state-of-the-art and beyond. Through ERCIM, our member instituteshave participated in more than 80 projects funded by theEuropean Commission in the ICT domain, by carrying outjoint research activities while the ERCIM Office success-fully manages the complexity of the project administration,finances and outreach.

The ERCIM Office has recognized expertise in a full rangeof services, including identification of funding opportunities,recruitment of project partners, proposal writing and projectnegotiation, contractual and consortium management, com-munications and systems support, organization of attractiveevents, from team meetings to large-scale workshops andconferences, support for the dissemination of results.

How does it work in practice?

Contact the ERCIM Office to present your project idea and apanel of experts will review your idea and provide recom-mendations. If the ERCIM Office expresses its interest toparticipate, it will assist the project consortium as describedabove, either as project coordinator or project partner.

Please contact:

Philippe Rohou, ERCIM Project Group Managerphilippe.rohou@ercim.eu

first ERCIM Workshop

on Blockchain Technology

As part of the 2017 ERCIM spring meetings in Paris, ERCIMheld a half-day workshop on blockchain technology on May 232017. Co-chaired by Georges Gonthier (Inria) and WolfgangPrinz (Fraunhofer FIT), the workshop provided a high-leveloverview of blockchain technology and its opportunities forcomputer science research to the senior-level workshop atten-dees. The attendees included executives of ERCIM memberinstitutes as well as a number of researchers.

Wolfgang Prinz (Vice-Chair of Fraunhofer FIT Institute) startedout the morning by giving a comprehensive introduction toblockchain technology, its application areas, and related com-puter science research questions. In particular, he outlined thevarious areas of computer science research that blockchaintechnology is touching and using, which include:• P2P networks• Distributed systems (in particular scalability)• Cryptography (with a focus on crypto-agility)• Consensus-building and validation • Software lifecycle of smart contracts.

The presentation also provided a classification of the designspace which different blockchain technologies are using (unper-missioned versus permissioned, logic-oriented versus transac-tion oriented). Finally, Wolfgang outlined a number of potentialareas of collaboration between ERCIM members, including thecreation of an ERCIM blockchain infrastructure.

In the second talk of the day, Georges Gonthier (InriaSPECFUN Unit) talked about the application of formal methodsto smart contracts. He outlined the pitfalls of languages cur-rently used for programming smart contracts and their conse-quences, including the bug in the Ethereum blockchain networkthat led to the highly visible loss of 53 million dollars (whichwere later recovered). He argued for the use of formal proof andanalysis of smart contracts to prevent this type of issue in thefuture. The second part of the presentation focussed on newchallenges and ideas in the area of name services.

In the final talk of the morning, Arnaud Le Hors (IBM, Memberof the Hyperledger Technical Steering Committee) presentedthe Hyperledger open source project and its quickly growingsuccess in terms of participants and applications. In particular,Arnaud reported that Hyperledger is the fastest growing projectin the history of the Linux Foundation, with 300% growth in thefirst year. He further described the workings of the project,including working groups that are open and free for anyone toparticipate in, as well as regular hackathons, hackfests and mee-tups. Then, Arnaud provided a detailed description of theHyperledger 1.0 “fabric” architecture, covering the orderingservice, single and multi channel networks, chaincode andendorsement policies. Arnaud concluded his talk explaininghow to get started using Hyperledger, and how to get involvedin the community.

Please contact:

Philipp Hoschka, ERCIM Managerphilipp.hoschka@ercim.eu

ERCIM NEWS 110 July 20176

Special Theme: Blockchain Engineering

Introduction to the Special Theme

Blockchain Engineering

by Elli Andoulaki (IBM Research – Zurich), Matthias Jarke (RWTH AachenUniversity & Fraunhofer FIT) and Jean-Jacques Quisquater (Universitécatholique de Louvain, Belgium, and research affiliate at MIT)

In the last decade, the world of datamanagement has been revolutionised bythe influence of universally availabledistributed and mobile informationtechnology. The jump from desktop andlaptop to the smartphone has been amajor driver, and the current explosivegrowth of the internet of things isanother. Big data analytics is no longeronly a buzzword in computer science,but transcends all levels of business,politics, and society.

In contrast to the explosion of the queryprocessing and data mining side of thisdevelopment, its equally importantimpact on transaction management hasreceived much less attention. The prob-lems of misleading information inputs(fake news, chatbots), broken or fraudu-lent transactions are discussed in public,but scalable solutions around these dis-tributed transaction challenges, mostprominently the blockchain technology,has only recent begun to capture moreattention, fostered by speculation aboutcrypto-currencies such as Bitcoin.

Conceptually, blockchains can beunderstood as distributed ledgers,aiming like traditional ledgers at trans-parent and falsification-proof documen-tation, while assuming a model wheredistribution of trust is required. That is,in blockchain systems, operational trustis distributed to two or more mutuallydistrusting entities. Technically, scala-bility, anonymity, security and dura-bility are ensured by distributed storagecombined with suitable cryptographicprimitives and protocols, but manyproblems remain to be investigated.

In the last couple of years, Europeanindustries (e.g., the B3i Blockchaininsurance industry initiative) as well asthe European Union (e.g., EUblockchain observatory, Blockchain forIndustrial Transformation, blockchain

architecture call) have started orannounced a significant number engi-neering and policy initiatives. In thisspecial issue of the ERCIM News, weprovide an overview of some of theactive European research in the field ofblockchain engineering.

In the first paper, Jean-JacquesQuisquater – a pioneer of blockchainresearch since the late 1990s – providesan overview of the concepts, history,and current challenges. In innovativebusinesses and research, the engi-neering of blockchain-based solutionsis subject to quite a number of commer-cial and open source initiatives. As acurrent major open source example,Andoulaki et al. (IBM Research,Zurich)) provide a glimpse on the justreleased Fabric for permissionedblockchains within the internationalHyperledger initiative. This is followedby three sections on differentblockchain application engineeringdomains (finance, public sector, con-tract and workflow management) and aspecial focus on security and privacyissues in the context of blockchains.The special theme ends with a couple ofblockchain labs and strategic initiatives.

Among the blockchain applications infinance, bitcoin is surely the best-known. Complementing an overview ofBitcoin applications (Judmayer,Zamyatin, Nicholas, SBA ResearchVienna), a team from the INRIA andpartners (Augot, Chabanne, andGeorge) is specifically studying thequestion of Identity Management on theBitcoin blockchain, while a Norwegian-Australian collaboration (Carr, Boyd,Boyen (NTNU Trondheim) and Haines(QUT, Brisbane)) aims to release somerestrictions of the current technologies.To strengthen the theoretical founda-tions, a different space-oriented prooftechnique for crypto-currencies, called

ERCIM NEWS 110 July 2017 7

SpaceMint, is presented in a paper fromInria (Fuchsbauer), whereas the integra-tion of cryptocurrencies such as bitcoinin efficient real-time payment processesis one of the practical challenges(Bocek, Rafati, and Mori, University ofZurich).

The seemingly paradoxical combina-tion of transparency and privacy offeredby blockchains make them suitable formany applications beyond crypto-cur-rencies. Generalising from crypto-cur-rencies to general asset exchange, ateam around FORTH-ICS(Askoxylakis, Alexandris andDemetriou) discuss this aspect in a cir-cular economy, and an Italian teamaround CNR-IIT looks at healthcareapplications (Lo Duca, Bacciu, andMarchetti) whereas Christian Welzel(Fraunhofer FOKUS, Berlin) weighsthe threats and opportunities ofblockchains from the viewpoint of thepublic sector in general. This sectionends with a discussion (Nowostawski,NTNU Trondheim) how blockchainscan be used to make institutions moreautonomous.

The concepts of smart contracts andassociated workflows is ubiquitous inalmost all blockchain applicationdomains. Linking back to the financialapplication domain, Fridgen, Urbachand Sablowsky (Fraunhofer FITBayreuth) present the blockchain-basedworkflow management system at aGerman bank. Three other papers inves-tigate the important proof of work(Biryukov, University of Luxembourg),consistency enforcement (Osterlandand Rose, Fraunhofer FIT SanktAugustin), and smart contract security(Stifter, Judmayer, and Weippl, SBAResearch Vienna). Another importantchallenge is the merger of multipleworkflows or blockchains (Mellissen,Storro B.V.).

Despite full transparency of the transac-tions, blockchains also need to protectthe privacy of their users and of theperson-related data within them.Indeed, blockchains can even supportthe implementation of the newEuropean Data Privacy Regulation with

respect to transparency of person datausage (Roth), and a flexible trans-parency approach can be employed tocontrol the degree of user privacy aswell (Christofi and Gouget, TrustedLabs Versailles). At the corporate andthe individual level alike, data sover-eignty has recently become an impor-tant goal in European policy makingand system engineering; a suitableIdentity Framework can be combinedwith blockchains to get closer to thischallenging goal (Joosten). Also at thecorporate level, the paper by DiFrancesco Maesa, Ricci, and Mori(CNR-IIT and Pisa University) demon-strates the usefulness of blockchaintechnologies for data access control inlarge systems.

A number of blockchain research labs,national initiatives, have sprung uprecently in several European countries.The special issue ends with a descrip-tion of two examples from theNetherlands (CWI Amsterdam) andGermany (Fraunhofer).

This special theme shows that there arestill many challenges to overcome fromthe perspective of engineering as wellas business models and public policyregulations. Nevertheless, a growingnumber of applications already indi-cates the enormous potential ofblockchain technologies.

Please contact:

Elli Andoulaki IBM Research – Zurich, SwitzerlandLLI@zurich.ibm.com

Matthias JarkeInformation Systems Group, RWTHAachen University & Fraunhofer FIT,Germanyjarke@dbis.rwth-aachen.de

Jean-Jacques QuisquaterCrypto Group, Université catholiquede Louvain, Belgium, and researchaffiliate at MITjjq@uclouvain.be

ERCIM NEWS 110 July 20178

Special Theme: Blockchain Engineering

Blockchains for Everybody: Individuals,

Companies, States and democracy

by Jean-Jacques Quisquater

Trust, transparency and traceability (ornontraceability) are important in onlinetransactions, which may involve banks,notaries, public administrations, trusted-third-parties, witnesses and others. Evenlong before the internet, people in ancientcivilizations used tools to create a perma-nent trace, such as a public (or private)ledger: Assyrian people used tablets andIncas used khipus, for instance.

In the 19th century, people dealt with theproblems of synchronisation of clocksand being able to know the correct time indifferent locations, which was necessaryto schedule trains. Telegraphy largelysolved these issues - but only afterlengthy negotiations (in France, it wasnot until 1891 that the time was unified).Synchronisation of clocks in practical sit-uations was a research subject for AlbertEinstein and others, with the eventualwinner being the theory of special rela-tivity, which is applied today in GPS.

Timestamping was an important subjectfor the authentication of actions. But itoften needed trust in a particularauthority, such as a notary, which leftopen the possibility of errors orcheating. Coordinated timestampingwas also required for patents, music,contracts, auctions and other purposes.

In the late 1980s I was working forPhilips Research in Belgium. At thattime I was the head of the crypto group,which was making great inroads into thesecurity of smart cards. In 1989, myboss asked the team to imagine newapplications that might be enabled bythe transition from binary flow(Shannon) to multimedia streams(sound, images, videos, etc). The ideawas to translate every action (very oftenanalogue) into the digital world. So webegan considering how cryptographymight be used for watermarking, time-stamping and geolocalisation. We thencommunicated with Belgian notariesand they were very interested in ourideas. Alas, it was too early because theresearch into cryptographic hash func-tions was not yet mature enough, and thestandardisation process (ISO, IETF) wasthen being lobbied for by banking

sector, which did not understand thechallenges (can you imagine today thatpeople did not approve proposals takeninto the anniversary’s paradox becauseit was paranoid …). Practical functionswere finally proposed by Ron Rivest(MIT): the MD4 and MD5 crypto-graphic hash functions in 1990 and1991 respectively. Curiously, with theexception of Raph Merkle, nobody atthat time was really interested inworking with these functions. However,hash functions were to become thefuture of digital signature, as well asblockchains and bitcoins.

The first public secure timestampingscheme, based on cryptography, was setby Stuart Haber and Scott Stornetta(1990) [1] and, even at this time, theirproposals were very mature: the first oneproposed chaining using cryptographichash functions, the second one distrib-uted the chain with a random positioningof the actors, that is, blockchain oftoday! They also added blocks using anidea of Raph Merkle’s (tree): then theblockchain as we know it today wasready – except for the mining and thesolutions for possible forks. Mining wasinvented several times including the“Chinese Lotto” (1987-1991) [2]. Acompany, “surety.com”, acted as atrusted-third-party for a chain with onlyone trusted point, and a journal (NYT)as the public ledger, which didn’trequire the use of internet.

A second early use of cryptographicchaining in the context of secure time-stamping with broadcast was describedfor voting protocols by Josh Benalohand Michael de Mare (1991) taking intoaccount Haber-Stornetta. It is ironic thatpeople are trying to solve voting prob-lems using bitcoin, for instance,including the internal blockchain, whendirect solutions have existed for a longtime [3].

In 1996 an important timestampingproject was initiated in Belgium:TIMESEC [4]. Its goals included: toimprove the network time protocol forinternet; to push trusted timestampingusing chains; to integrate blocks as we

know today, and redundant hash func-tions; to use several servers in a distrib-uted and decentralized way; to examinethe possible uses of cryptographic accu-mulators. This work took us one stepcloser to blockchains. A completeworking demo was put on online for twoyears. But it was also too early for awidespread adoption.

In 2001 an important report for theBank of Japan was written by MasashiUne under the direction of ProfessorMatsumoto [5]. A comparison of theseven systems of digital timestampingwas described and some classificationwas done by including the solutions byHaber-Stornetta and TIMESEC . Thechallenge of a really distributed time-stamping was clearly set and the solu-tion ended up being the one by SatoshiNakamoto inside bitcoin [6]! In fact, theintroduction, together with other experi-ments of peer-to-peer networks oninternet provided the missing link forthe success of timestamping.

New ideas are continually emerging:smart contract is a promising one, withcomplex internal verifications in orderto avoid problems (it is possible to writea “nearly” undetectable virus in pow-erful Turing languages like Solidity[L1]: see also openzeppelin [L2]).Current challenges are scalability, timeto register (latency is too big), how toput together several blockchains (Idon’t want to have hundreds ofblockchains on my smartphone in thefuture), how to renew a blockchain if asystematic error is found, how to handlethe right of forgotten (oblivion). Andwhat about the possible power ofquantum computers against the crypto-graphic primitives (not a complete sci-ence-fiction because NIST and NSA arethinking of soon replacing the primi-tives in use for bitcoin)? What are therelationships – if any - of blockchains tostates and governments? How can wehandle conflicts, errors, cheated con-tracts (a new area for lawyers?). Whenis consensus enough?

There are enough questions and prob-lems to occupy many scientists and fuel

numerous new projects, and I’m sure afuture issue of ERCIM News is alreadyon the cards to keep us up to date withtheir results. Industry-proved applica-tions are on the way, which is verygood, but we need to be very careful notto fix everything too early (standardisa-tion): we are still at the stage of experi-ments, not of fully ready products. IsAlgorand from Silvio Micali (MIT) [7],the next step?

Links:

[L1] http://www.ethereum.org[L2] https://openzeppelin.org/

References:

[1] S. Haber, W. S. Stornetta: “How totime-stamp a digital document”,

ERCIM NEWS 110 July 2017 9

Permissioned Blockchains and Hyperledger fabric

by Elli Androulaki, Christian Cachin, Angelo De Caro, Alessandro Sorniotti and Marko Vukolic (IBM Research, Zurich)

Journal of Cryptology, January1991, Vol. 3, Issue 2, pp 99–111(first presented at CRYPTO ‘90).(see also patent US 5136647 A).

[2] J-J. Quisquater, Y. Desmedt: “TheChinese Lotto As An ExhaustiveCode-breaking Machine”,Computer, IEEE, Vol. 24, no. 11, p.14-22 (1991). See also IETF RFC3607.

[3] J. Benaloh, M. de Mare: “EfficientBroadcast Time-Stamping”, TR fromClarkson University, 1991/1992.

[4] J-J. Quisquater, H. Massias, B.Preneel, B. Van Rompay:“TIMESEC final report”, 1999,https://kwz.me/Xb (Cited in [5]).

[5] M. Une: “The Security Evaluationof Time Stamping Schemes: The

Present Situation and Studies”,Discussion Paper No. 2001-E-18,Institute for Monetary andEconomic Studies, Bank of Japan,Tokyo.

[6] S. Nakamoto: “Bitcoin: A Peer-to-Peer Electronic Cash System,https://bitcoin.org/bitcoin.pdf

[7] J. Chen and S. Micali: “Algorand,The efficient and democraticledger”, eprint arXiv:1607.01341(23 May 2017).

Please contact:

Jean-Jacques QuisquaterCrypto Group, Université catholique deLouvain, Belgium, and researchaffiliate at MITjjq@uclouvain.be

Blockchains can be defined as immutabledecentralised ledgers for recordingtransactions that - depending on thesystem - are to various degrees resilientto malicious behaviour. Blockchain peersmaintain copies of the ledger that consistsof groups of transactions (blocks) linkedtogether into a hash-chain. This effectivelyestablishes total order among blocks and,consequently across transactions.Transactions have in recent years evolvedto allow the execution of arbitrary logic,also known as smart contracts. Inprinciple, a smart-contract is anapplication that operates on top ofblockchain, which uses the underlyingordering of transactions (i.e., consensus)to maintain consistency of smart contractexecution results across peers, now alsoreferred to as execution replicas.

Blockchain networks, with the promi-nent example of Ethereum [L1], aretypically public and open, i.e., anybodycan participate without having a spe-cific identity.

Permissioned blockchains have evolvedas an alternative to open blockchains toaddress the need for running blockchaintechnology among a set of known andidentifiable participants that arerequired to be explicitly admitted to theblockchain network. The conceptbehind permissioned blockchains isparticularly interesting in business

applications of blockchain technologyand distributed ledgers, in which theparticipants require some means ofidentifying each other while not neces-sarily fully trusting each other.

In the world of business, permissionedblockchain systems often come acrosscritical requirements (from a practicaland regulatory perspective) for transac-tional security and privacy of businesslogic that is put on a shared ledger. Inaddition, commonly enterprise-pur-posed permissioned ledgers need tomeet certain performance and scalabil-ity standards and/or comply with differ-ent cryptographic standards and prac-tices, ultimately calling for modularityof crypto components.

Fabric [L2] is an open source projectunder the umbrella of Hyperledger[L3], a consortium hosted by LinuxFoundation [L4] aiming to offer anenterprise-level permissioned block-chain platform. Fabric deals with all theaforementioned challenges, while offer-ing support for execution of distributedapplications (i.e., smart contracts orchaincodes in Fabric parlance) in gen-eral-purpose programming languages.

But, let’s take a closer look to Fabric.

Technically, Fabric is a framework forexecuting (potentially non-determinis-

tic) distributed applications in anuntrusted environment. Fabric intro-duces execute-order-validate distributedexecution paradigm, which effectivelysplits the traditional execution into pre-consensus (i.e., pre-ordering) executionand post-consensus validation. This sep-aration facilitates a flexible trust modelfor execution of its smart contracts, alsoknown as chaincodes, that is notimpacted by the trust model consideredby the underlying consensus mecha-nism. Beyond its novel replicationapproach, Fabric is best defined by thefollowing features, which are novel inthe blockchain context:

• A pluggable ordering service withmulti-channel enablement. That is,Fabric supports state partitions, witheach partition implementing totalorder semantics. Ordering servicenodes (called orderers) impose totalorder on state updates (produced inthe execution phase) using distributedconsensus. The operation of orderersis logically decoupled from peers whoexecute chaincode and maintain thedistributed ledger state. The consen-sus modularity goes beyond the possi-bility of plugging different orderingprotocols in the byzantine fault-toler-ant model [1], as, depending on theuse case, different failure models canbe assumed for orderers, such as sim-ple crash fault-tolerant model or, in

Bitcoin introduced a novel randomisedconsensus approach based on proof-of-work (PoW) which works with anunknown number of participants. Theunderlying concepts and techniques arecollectively referred to as “blockchain”.The first and still predominant use-casefor blockchain technologies are crypto-currencies.

In the context of the “AlternativeApplications for Bitcoin (A2Bit)”project, we research how the funda-mental principles and techniques ofcryptocurrencies can be successfullyapplied to other problem domains, wherereplacing the reliance on a trusted thirdparty can increase security, e.g., identitymanagement and public key exchange.

Sovereignty regarding secret key man-agement is the foundation of all securityconcepts based on blockchain technolo-gies. As a first step, we performed the

first large-scale empirical study toinvestigate how people perceive andexperience the Bitcoin ecosystem interms of security, privacy, andanonymity [1]. We surveyed 990 usersof Bitcoin to determine the managementstrategies to protect their bitcoins andassociated cryptographic keys. Abouthalf of the survey participants useexclusively web-based solutions. Also,many do not use all security capabilitiesoffered by the Bitcoin management toolof their choice. Furthermore, they havesignificant misconceptions about howto remain anonymous and protect theirprivacy in the Bitcoin network. Twenty-two percent of the participants hadalready experienced monetary loss (lostbitcoins) due to security breaches andself-induced errors.

Today, more than 650 different cryptocur-rencies are in circulation. The new cryp-tocurrencies provide additional features

(e.g., Namecoin and Ethereum), alterna-tive PoW algorithms (e.g., Litecoin andDash), and new distributed consensusapproaches [2]. The security of block-chains in a multi-PoW blockchain worldhas not yet been sufficiently studied.

A major challenge for introducing anew cryptocurrency is how to attract theinterest of a critical mass of participantsduring the bootstrapping period. If notenough honest miners or mining poolsjoin the new cryptocurrency at this cru-cial phase, the latter becomes vulner-able to dishonest miners and miningpools. Meanwhile, existing honestmining nodes do not have an incentiveto split their effort to secure multiplePoW-based blockchains.

Alternative cryptocurrencies (e.g.,Namecoin and Dogecoin) have optedfor “merged mining”, an approach thatallows concurrent mining for multiple

ERCIM NEWS 110 July 201710

Special Theme: Blockchain Engineering

Bitcoin – Cryptocurrencies

and Alternative Applications

by Aljosha Judmayer, Alexei Zamyatin, Nicholas Stifter and Edgar Weippl (SBA Research)

Exploring the real-world security of Bitcoin cryptocurrencies and alternative applications.

future, the recently proposed XFTfault model [2].

• A flexible trust model for chaincodeexecution. A chaincode’s deployerscan specify the entities (or combina-tion of entitites) that should be trustedto execute the deployed chaincode ona given channel. Chaincode deployersspecify these entities by means of apolicy, also referred to as endorse-ment policy, and can be completelyindependent from trust assumptionsgoverning the ordering of transactionsor the execution of other chaincodes.

• Parallelisation of chaincode execu-tion, as not all chaincodes need toexecute on all nodes.

• A modular and easily extensiblemembership framework. Thisconstitutes the foundation of thepermissioned nature of Fabric. Namely,as permissioned blockchains need tomanage node (i.e., client, peer, orderer)identities, and access rights,membership services are a criticalcomponent of permissioned block-chains. Fabric allows for the definition

and use of one or more membershipabstractions, called membership serviceproviders, each aiming to reflect anarchitecturally different membershipmanagement service, which isindependent and securely recon-figurable. The default type ofmembership module supported byFabric is compatible with X.509certificates which are widely used byexisting business membership systems.

• An access control enforcement mech-anism to govern channel creation,channel participation, and administra-tion, chaincode deployment, andchaincode execution.

• A highly efficient block disseminationmechanism from the ordering serviceto peers to ensure the system is able tosustain high volumes of peers, andtransactions.

• A novel, two-phase smart-contract (orchaincode) deployment mechanism,to ensure that a maximum of oneinstance of a certain chaincode runson each peer even if it is used to servemultiple channels.

Hyperledger Fabric V1 is due to becompleted in June 2017, and it will con-stitute the first highly scalable permis-sioned blockchain platform combiningthe features listed above.

Links:

[L1] www.ethereum.org[L2] www.hyperledger.org[L3] github.com/hyperledger/fabric [L4] www.linuxfoundation.org

References:

[1] C. Dwork, N. Lynch, L. Stockmeyer:“Consensus in the presence ofpartial synchrony”, J. ACM, 35(2):288–323, April 1988.

[2] S. Liu, et al.: “XFT: practical faulttolerance beyond crashes”, OSDI2016.

Please contact: Elli AndroulakiIBM Research - Zurich, SwitzerlandLLI@zurich.ibm.com

blockchains without requiring addi-tional PoW effort. That way, the miningpower of an established (parent) cryp-tocurrency (e.g., Bitcoin) can contributeto increase the security of a new (child)cryptocurrency (e.g., Namecoin). Inprinciple, this increases the security ofthe child cryptocurrency.

We performed a detailed analysis ontwo pairs of cryptocurrencies. Our find-ings indicate that through mergedmining the child difficulty increases(see Figure 1). However, only a portionof the parent mining pools join mergedmining. In Bitcoin, mining pools cannotcollect a significant share of the pro-cessing power i.e., mined blocks (seeFigure 2). In contrast, there are longperiods where in child blockchains,some mining pools enjoy shares waybeyond the theoretical limits forbuilding a true distributed consensus(cf. Figure 3). The actual effects andimplications for the mining ecosystemas well as appropriate defences are cur-rently a work in progress.

The project A2Bit is a collaborativeproject of SBA Research, nic.at (theDNS registrar for .at), and the AustrianState Printing House (ÖsterreichischeStaatsdruckerei GmbH) supported bythe Austrian Research PromotionAgency (FFG) under the BRIDGEEarly Phase programme.

Links:

[L1] https://www.sba-research.org/a2bit/[L2] https://kwz.me/Xt

References:

[1] K. Krombholz, A. Judmayer, M.Gusenbauer and E.R. Weippl: “TheOther Side of the Coin: UserExperiences with Bitcoin Securityand Privacy”, FC 2016.

[2] A. Judmayer, N. Stifter, K.Krombholz, and E.R. Weippl:“Blocks and Chains: Cryptographiccurrency technologies and theirconsensus systems”, Morgan &Claypool Publishers, 2017

[3] A. Judmayer and E.R. Weippl:“Condensed CryptographicCurrencies Crash Course (C5)”,ACM CCS 2016.

Please contact:

Aljosha JudmayerSBA Research, Austria+43 (1) 505 36 88ajudmayer@sba-research.org

ERCIM NEWS 110 July 2017 11

Figure�1:�Difficulty�development�of�Namecoin�(green)�and�Bitcoin�(blue)�over�time.�Difficulty

on�a�linear�(light�green/blue)�and�logarithmic�scale�(dark�green/blue).

Figure�2:�Distribution�of�Bitcoin�blocks�per�pool�over�time.�Each�data�point�resembles�the�share

among�2,016�blocks.

Figure�3:�Distribution�of�Namecoin�blocks�per�pool�over�time.�Each�data�point�resembles�the

share�among�2,016�blocks.

ERCIM NEWS 110 July 201712

Special Theme: Blockchain Engineering

We authenticate part of our identity withdocuments provided by third parties.These can be primary forms of identifi-cation like passports or driver licenses,issued by governments, but can beweaker, like bills provided by utilitycompanies (banking, energy, phone).Our joint ongoing research betweenÉcole polytechnique, Inria, and OT-Morpho (former Safran Identity andSecurity) consists in thinking of ablockchain as a platform for publishingsuch identity documents, taking advan-tage of the public availability, integrityand openness of the Bitcoin blockchain,while we also want to provide strong pri-vacy for users. A natural idea, alreadyproposed by MIT for academic diplomas[1], is to publish hashes of digitallysigned certificates, using the“OP_RETURN” facility of Bitcointransactions, which enables embedding80 bytes of arbitrary data in a transaction.Our research is building and improvingon this proposal, by considering digitalcertificates which do no reveal anythingabout their owner identity.

This can be achieved with Brands’ certifi-cates, and associated zero-knowledgeproofs [2], which are as follows. Supposean identity has n fields, (X1, …, Xn), withan auxiliary random X0, to prevent dic-tionary attacks. Let G be the group associ-ated to the elliptic curve underlyingBitcoin signatures, which has 256-bit size(32 bytes). Knowing the DLREP of agiven public h enables to make powerfulzero-knowledge proofs. (see Figure 1).

Being in possession of the DiscreteLogarithm Representation (DLREP) of h,the prover can authenticate by provingknowledge while revealing no fields, or,if required, may reveal one or several

fields to the verifier. Moreover, theprover can also prove more complicatedstatements about her identity. This pro-vides the user a tight control of divulgedinformation, in a “PIMS” way [3]. Proofverification can be done by serviceproviders, and by an intermediate serviceenabler (for single sign-on).

There are various ways for users tobuild h and convince identity providersof its validity, thanks again to Brands’proofs. The service enabler can thensign it, and h can be made publicwithout revealing anything about itsowner, except that a strong, validated,identity is blindly encoded in h. Also,the random X0 is not known to the iden-tity provider, which thus cannot makefraudulent proofs.

Bitcoin mechanisms make it easy toinsert such a h (32-bytes short) in the“OP_RETURN” field (80 bytes) of atransaction, by identity providers orutility services. Such a transactionbeing signed with the underlyingBitcoin mechanisms, this provides aproof that the issuer has accepted h fromthe user. Using the blockchain, the usercan point to the transaction which con-tains its h, and use it to authenticate to aservice provider. It is well known thatBitcoin has limited bandwidth and thisproblem can be alleviated by publishingroots of Merkle trees of users h’s.Updating identities can be also done,and revocation seems easier using apublic blockchain.

Using the Bitcoin blockchain offersseveral advantages. In particular, itsrobustness, openness, public avail-ability, and the cryptographic platformit provides, make it easy to deploy a

cryptographic solution, without heavysoftware engineering, and withoutrelying on a central body for providingservers, bandwidth and availability.These features could help weak orfailed states to issue identities.

We are also imagining ways to takeadvantage of the linkability of Bitcointransactions. A user’s proof may belinked to the certificate issuer’s transac-tion, and/or, when convinced by theproof, the service provider could alsopublish an “accept” transaction, linkedto the proof. A reputation can then bebuilt, under the user’s control. We arefurthermore investigating the semanticsof these linkability features.

References

[1] J. Nazaré, K. Hamilton, P. Schmidt:“Digital certificates project”, online,source code available onhttps://github.com/digital-certificates,Consulted 2016,http://certificates.media.mit.edu.[2] S. Brands: “Rethinking Public KeyInfrastructures and Digital Certificates(Building in Privacy)”, MIT Press,Cambridge, MA, USA, 2000.[3] S. Abiteboul, B. André, D. Kaplan:“Managing your digital life”, Commun.ACM, 58(5):32-35, April 2015.

Please contact:

Daniel AugotInria, Laboratoire LIX, ÉcolePolytechnique & CNRS UMR 7161,Université Paris-Saclay, Francedaniel.augot@inria.fr

Hervé ChabanneOT-Morpho, Télécom Paristech, Franceherve.chabanne@morpho.com

William GeorgeLaboratoire LIX, École Polytechnique& CNRS UMR 7161, Université Paris-Saclay, Francewilliam.george@inria.fr

Identity Managenent on the Bitcoin Blockchain

by Daniel Augot (Inria, École polytechnique, and Université Paris-Saclay), Hervé Chabanne (OT-Morphoand Telecom Paristech) and William George (École polytechnique and Université Paris-Saclay)

We propose a way for users to obtain assured identities based on face-to-face proofing that can then

be validated against a record on Bitcoin’s blockchain. We obtain anonymity for users by making use of

a scheme of Brands to store a commitment against which one can perform zero-knowledge proofs of

identity and also enforce the confidentiality of the underlying data by letting users control a secret of

their own. This way, users can gain access to services thanks to the identity records of our proposal.

Figure�1:�Discrete�Logarithm�Representation�of�h.

ERCIM NEWS 110 July 2017 13

How can we overcome Bitcoin’s wasteof electricity and tendency to concentra-tion of control in the hands of a few byusing a different commodity than com-putation? The idea of an electronic formof cash was first floated in the 1980s, butit has only seen wide-spread deploymentin recent years. While earlier proposalsrelied on trusted institutions, such asbanks, for the issuing of coins, Bitcoindrastically changed the economicmodel. Both creation and validation ofcoins are decentralised using ablockchain, which records all monetarytransactions. Anyone who adds a newblock to the chain is rewarded withfreshly minted coins, but to do so,“miners” must solve a puzzle, whichrequires computational effort; a solutioncan therefore be considered a “proof ofwork” (PoW). The chances of miningthe next block are proportional to aminer’s invested computation. This way,PoW ensures distributed consensus inBitcoin, and its security relies on noadversary gaining more computingpower than the honest miners.

Although a market capitalisation of cur-rently over 35 billion Euro has madeBitcoin the most successful electroniccurrency ever deployed, its expansionhas come at a price. Its limited blocksize, which impedes scalability, has beenwidely discussed, but there are also con-cerns about long-term stability and sus-tainability, both directly stemming fromthe use of proofs of work. Bitcoinmining today is only profitable on spe-cialised hardware, which implies highstart-up costs for new miners and hasresulted in a vast concentration of com-puting power in the hands of a few bigplayers. This goes against the initialintent of decentralising control by lettingsmall users benefit from spare CPUcycles to mine Bitcoin. From an envi-ronmental perspective, Bitcoin mininghas led to a questionable waste of elec-tricity in the order of hundreds ofmegawatts, most of it burnt in large-

scale mining farms powered by applica-tion-specific integrated circuits(ASICs), which have no other use.

The first proposed alternative to PoW inthe mining process was “proof of stake”,as used by Peercoin. There, a miner’schances to mine the next block are pro-portional to the amount of currency heldby the miner. Unfortunately, there areattacks against such schemes thatleverage precisely the fact that mining is“cheap”, in that it requires no computa-tional effort. Proof-of-stake-based cur-rencies also suffer from a lack of partici-pation, as for the system to function, suf-ficiently many currency holders must beonline and mine. In order to separatemining of a currency from just holdingit, an extrinsic commodity is needed,which for Bitcoin is computation.

SpaceMint [1] is a cryptocurrency pro-posal by researchers from MIT, ISTAustria and Inria/ENS, which replacesPoW by proof of space. Instead of com-puting power, miners must invest diskspace, and the amount of space dedi-cated to mining determines the chancesof adding a block. To start mining, onemust first initialise one’s space, whichfor one terabyte takes about a day. Oncethis is done, miners only spend a fractionof a second per block mined. Whileminers are incentivised to invest in hard-disk capacity, this is a one-time cost, incontrast to the perpetual electricityexpenditure for Bitcoin. SpaceMintmining does not use up resources, andhard disks can be repurposed, unlikeBitcoin mining equipment. Since almosteveryone has unused disk space andSpaceMint can be mined at very lowsetup and maintenance costs, this willlead to well-distributed mining power.

Many cryptocurrencies, such asLitecoin or Ethereum, use PoWschemes that are less “ASIC-friendly”than Bitcoin in order to counter concen-tration of computing power; yet they all

rely on consuming large amounts ofenergy. Permacoin is a currency thattries to claim back some utility via aconcept called “proof of retrievability”,which requires miners to store usefuldata while still solving PoW. Burstcoinis the only existing cryptocurrency thatuses disk space as its main miningresource. However, as shown in [1], itsuccumbs to time/memory trade-offs,meaning that with some extra computa-tion, miners can succeed using only afraction of the prescribed memory. Thesystem thus potentially degenerates to aPoW-based scheme with all the above-mentioned drawbacks.

SpaceMint creates a disincentive forany additional work via the concept of“proof of space”, first introduced in [2].It is an interactive protocol between aprover and a verifier, which needed tobe adapted for the cryptocurrency set-ting. Furthermore, since creating aproof is easy (which inherently is notthe case for PoW), miners can try tomine on many branches of theblockchain in parallel, which impedesfast consensus on the legitimate branch.Not using PoW also enables “grinding”attacks where deviating from the pro-tocol can be beneficial. SpaceMint pre-vents such behaviour by specific designchoices and a new blockchain format.Replacing work by space can thus makecryptocurrencies greener and moreegalitarian.

References:

[1] S. Park et al.: “SpaceMint: ACryptocurrency Based on Proofs ofSpace”, Cryptology ePrint Archivereport 2015/528http://eprint.iacr.org/2015/528

[2] S. Dziembowski et al.: “Proofs ofspace”, CRYPTO 2015

Please contact:

Georg Fuchsbauer, DI ENS, France+33 1 4432 2082georg.fuchsbauer@ens.fr

SpaceMint:

A Cryptocurrency Based on Proofs of Space

by Georg Fuchsbauer (Inria)

We introduce SpaceMint, a cryptocurrency that replaces energy-intensive computation underlying

most of today’s cryptocurrencies by “proof of space”. Once set up, SpaceMint consumes very little

energy, which will motivate regular users to participate in the mining process thereby truly

decentralizing control over the currency.

ERCIM NEWS 110 July 201714

Special Theme: Blockchain Engineering

Generally, blockchains pave the pathtowards secure data storage in a decen-tralised manner. They are applicable to awide range of application domains, suchas financial technologies, public reg-istries, and Internet-of-Things (IoT) [1].As one of the most prominent blockchainexamples, Bitcoin has attained largepublic and research interest, since it

offers the first solution for a secure andfully decentralised crypto-currency.Thus, the Communication SystemsGroup (CSG) of the University of Zürichdecided to focus research work on (a)real-time payments with Bitcoins [2, 3],which was trialled at the UZH Mensa[L1] and presented at public fairs [L2],(b) the use of blockchains within IoT,especially the supply chain in the phar-maceutical industry which is highly reg-ulated, and (c) blockchain-based coun-termeasures for Distributed Denial-of-Service (DDoS) attacks by utilisingSmart Contracts (SC).

Blockchain technology has become pop-ular for multiple use-cases, such as IoT,crypto-currency, and security, becauseblockchains are inherently backed bySmart Contracts. They are defined asformalised protocols to facilitate, verify,

or enforce the negotiation or perform-ance of a contract. In this sense, Bitcoin,considered as the pioneer implementa-tion of blockchains, and especially theBitcoin Script, serve as the first SC forthis crypto-currency. Besides theoret-ical work, the trial deployment ofblockchains and their application-spe-cific combination with SCs deliver

valuable insights for distributed sys-tems’ operations. Specific blockchainbenefits include a fully decentralisedsystem operation, transaction trans-parency, immutability, and securitycombined with selected areas of legallybinding interactions.

In this context the new Coinbleskapproach [2, 3, L1, L2] belongs to theuse-cases of crypto-currencies. It is aninstant payment wallet with Bitcoinsand minimal trust with the strategic goalto generalise and optimise its paymentprotocol to support other crypto-curren-cies, while maintaining security, pri-vacy, and convenience as key. TheCoinBlesk app for Android includes aBitcoin payment server, where the sellerand the buyer are able to handle Bitcoinpayments. This safe and fast mobile pay-ment method is contactless, using Near

Field Communications (NFC) tech-nology, without the need for swiping,signing, or PIN. To reach a transactiondelay below one second, a multisig(multi signature) mechanism wasdesigned such that the Coinblesk servercannot transfer funds without the signa-ture of the client. Since sending everytransaction immediately to the

blockchain reveals the current limita-tions of Bitcoins, and the current fee ofan average transaction is more than US$2, these transactions are batched andtransaction fees are reduced by per-forming the clearing operation at theserver, where the user can specify anamount stipulating when clearing shouldbe made. Only once that amount isreached, is a transaction sent to theBitcoin blockchain. Thus, if a transac-tion is cleared on the server (not yet sentto the Bitcoin blockchain) a virtual bal-ance is maintained in order to acknowl-edge the payment within this one secondlimit. This mechanism reduces the number oftransactions – termed “batching transac-tions” – sent to the Bitcoin blockchainand, thus, lowers the average transactionfees of these transactions. The systemhas been built in such a way that the user

Coinblesk – A Real-time, Bitcoin-based

Payment Approach and App

by Thomas Bocek, Sina Rafati, Bruno Rodrigues and Burkhard Stiller (University of Zürich)

The Communication Systems Group (CSG) of the University of Zürich has been exploring the use

of blockchains in several application areas. The work concluded that for practical use, Bitcoin

transactions should be gathered in a batch.

Figure�1:�Coinblesk’s�refund�transaction�time-line.

ERCIM NEWS 110 July 2017 15

Over eight years have gone by sinceBitcoin’s deployment, and it is stillgoing strong. While there are manyexplanations for its success, the innova-tive backbone structure – the blockchain-– which has inspired so many alterna-tive systems, undoubtedly plays aleading role in this story.

Blockchains store the state of the trans-actions in the system. Users compete toform new blocks, which confirm bothnew and all existing transactions in theprevious blocks. Those who createblocks first are rewarded with cash inthe system.

Despite the blockchain innovation,there are some fundamental problemsthat lie in its design, which stem fromthe blockchain itself, and affect all sim-ilar systems.

Two major problems which are inherentto almost all blockchain models are:

Bitcoin Unchained

by Christopher Carr, Colin Boyd (NTNU), Xavier Boyen and Thomas Haines (QUT)

Bitcoin’s distributed ledger is an innovative way of solving the double spending problem in a

decentralised system. However, it causes incompressible transaction delays and incentivises

consolidation of mining power. We ask, is it possible to eliminate these problems without

losing the decentralised principles that Bitcoin was built on?

can set that maximum amount, sinceonly the user can determine the trustlevel to be reached. In turn, the systemhas to broadcast these batched transac-tions to the Bitcoin blockchain, e.g., ifthe user sets the limit at €100 and if thevirtual balance reaches this value, allaccumulated transactions are broadcast.This approach was chosen over theLightning network’s approach [L4],since its technical complexity is lowerand more importantly it also works withtransaction malleability. The currentCoinblesk design can be optimised fur-ther, once transaction malleability issolved in the Bitcoin network or anyanother crypto-currency, such asLitecoin, which does not suffer frommalleability, is used. However, as men-tioned above, the Coinblesk app doesnot follow the fully trustless approach insuch cases, since the Coinblesk serverrequires this minimal trust up to theamount specified by the user.

All funds deposited in Coinblesk areheld at a 2-of-2 multisig address, whichmeans that even if the operator of theCoinblesk server is intentionally mali-cious, he will never be able to steal auser’s funds. In the case of a Coinbleskserver hacking and private keys beingstolen, the hacking could only be suc-cessful if hackers were able to gainaccess to the user’s private keys as wellin order to steal bitcoins. Also, if theCoinblesk server disappears, clients areno longer able to spend their bitcoins.This is a major problem, because Swisslaw requires customers of a paymentservice to be able to gain full access totheir funds in any situation, and espe-

cially if the operator of a paymentsystem should become bankrupt – or inthe case of the Coinblesk service, itmight be hacked. Additionally, allCoinblesk clients need to trust that thesystem will not disappear.

Thus, the effective solution to thisproblem is a “refund transaction” astime-lined in Figure 1. A refund transac-tion is a pre-signed, time-locked trans-action, which sends all client funds toan address, exclusively controlled bythat client. Therefore, a refund transac-tion is automatically created by theCoinblesk app as soon as a new unspentoutput appears in the wallet – in partic-ular, whenever bitcoins are received or atransaction is created. The app takes allthe unspent outputs and creates a singletransaction sending all bitcoins to anaddress of a private key that is derivedfrom the client’s private seed. The clientsigns this transaction and returns it tothe server. The server checks that thetransaction is in fact time-locked, signsit, and returns the transaction fullysigned back to the client. Now, theclient is in possession of a valid, fullysigned refund transaction that becomesvalid as soon as the time-lock expires.Thus, in case the Coinblesk server sud-denly disappears, a client can broadcastthe refund transaction and regain con-trol over all their bitcoins.

In conclusion, the experience with theCoinblesk design and implementationas well as experience from other appli-cations, such as the pharmaceuticalsupply chain [L3, L5], provides usefulinformation about scalability, energy

efficiency, ease-of-use, and someinsights into customer acceptance.These results should be widely appli-cable in the blockchain world.

Links:

[L1] http://www.csg.uzh.ch/csg/en/news/Bitcoins.html

[L2] http://www.csg.uzh.ch/csg/en/news/ coinbleskatCeBIT.html

[L3] http://www.csg.uzh.ch/csg/en/news/kickstart-accelerator.html

[L4] https://lightning.network/lightning-network-paper.pdf

[L5] https://modum.io/

References:

[1] T. Bocek, B. Stiller: “SmartContracts – Blockchains in theWings”, in: C. Linnhoff-Popien, R.Schneider, M. Zaddach (Edts.):“Digital Marketplaces Unleashed”,Springer, 2017.

[2] A. D. Carli: “ProtocolImprovements in CoinBlesk – AMobile Bitcoin Instant PaymentSolution”, Master Thesis, Univ.Zürich, Department of Informatics,Communication Systems Group,Zürich, Switzerland, April 2016.

[3] R. Voellmy: “CoinBlesk, a MobileNFC Bitcoin Payment System”,Bachelor Thesis, Univ.Zürich,Communication Systems Group,Department of Informatics, Zürich,Switzerland, August 2015.

Please contact:

Thomas Bocek, Sina Rafati, BrunoRodrigues, Burkhard StillerUniversity of Zürich, Switzerland[bocek¦rafati¦rodrigues¦stiller]@ifi.uzh.ch

ERCIM NEWS 110 July 201716

Special Theme: Blockchain Engineering

1. Consolidation of power: Users areincentivised to form into groups tomaximise their expected reward overtime. Cartels formed in this mannerare commonly referred to as miningpools.

2. Incompressible delays: All transac-tions have a delay before they can beconsidered confirmed within the sys-tem. In Bitcoin itself, this is exacer-bated by block size restrictions, asource of heated debate within thecommunity. Recently, almost allblocks have been full to capacity oftransactions, and as of the time ofwriting have fees for posting transac-tions over 10 USD.

Previously, there has been a line ofinquiry that looks at alternative ways ofdesigning proofs-of-work to avoidmining pools. Miller, Kosba, Katz andShi [1] create a proof-of-work systemthat allows for any pool member tocheat and reap all the rewards for them-selves. Importantly, they show that acheater can do this without any way ofbeing caught, thus removing the incen-tive for mining pool formation.Lewenberg, Somplinsky and Zohar [2]design a system that allows for collec-tions of transactions to be confirmed insuch a way that overlapping blocks canbe counted along with the transactionscontained within them.

Our motivation stems from simultane-ously addressing these two fundamentalproblems of consolidation of power andincompressible delays. In a jointresearch effort, which is a collaborationbetween the Norwegian University ofScience and Technology [L1] andQueensland University of Technology[L2], we ask: “What happens if weremove blocks altogether?” Instead ofcollecting multiple transactionstogether, whenever you wish to create atransaction you simply reference tworecent, existing transactions.

Once blocks are removed, we need away of securing transactions againstdouble spending. To achieve this, welook to the incentive mechanisms, anduse these to promote the desired charac-teristics. We incentivise the collectionof recent previous transactions byincreasing the reward for doing so. Thiscan also be thought of as a form of smallblocks, but removing the enforced con-firmation delay.

To highlight these aspects, Figure 1shows a standard blockchain model,where transactions are collectedtogether and formed into a block.Contrast this with Figure 2, whichshows the block-less model, wheretransactions confirm only two previoustransactions.

So far, we have developed a blockchainfree system [3], and demonstrated thesecurity of the system under theassumption of a majority of rationalusers. We show that the incentive mech-anisms we put in place encourage trans-actions to finally group together at thehead of the chain, where all previoustransactions are confirmed from theleading transaction - a property we callconvergence.

We believe this novel approach repre-sents a large step forwards in tacklingthese highlighted blockchain problems.Our focus now is on addressing imple-mentation decisions. The challenge is toselect appropriate parameters that donot undermine the theoretical underpin-nings. Our hope is that by designing andimplementing a system in this way, wecan get closer to the true ideal of adecentralised digital cash system.

Links:

[L1] http://www.ntnu.edu/iik/nacl-lab [L2] https://kwz.me/Xd

References:

[1] A. Miller, et al: “NonoutsourceableScratch-Off Puzzles to DiscourageBitcoin Mining Coalitions”, ACMConference on Computer andCommunications Security 2015:680-691.

[2] Y. Lewenberg, Y. Sompolinsky, A.Zohar: “Inclusive Block ChainProtocols”, Financial Cryptography2015: 528-547.

[3] X. Boyen, C. Carr, T. Haines:“Blockchain-FreeCryptocurrencies: A Framework forTruly Decentralised FastTransactions”, IACR CryptologyePrint Archive 2016: 871 (2016).

Please contact:

Christopher Carr, NTNU, Norwayccarr@ntnu.no

i

Figure�2:�Blockchain�free�model:�Transactions�(Tx)�are�collected�indivudually�over�a�flexible

time�period�and�confirm�previous�transactions.�

Figure�1:�Blockchain�model:�Transactions�(Tx)�are�collected�together�over�some�fixed�average

time�interval�and�grouped�into�blocks,�confirming�the�full�group�of�transactions.

ERCIM NEWS 110 July 2017 17

The advent of Bitcoin as a decentralisedcryptocurrency has a fundamentalimpact on both practical applicationsand scientific research, reaching wellbeyond its immediate use-case as aform of currency. Many concepts thatpreviously needed to rely on a trustedthird party now become feasible asdecentralised implementations, thanksto Bitcoin’s underlying blockchaintechnology.

One such application relates to smartcontracts i.e., “a computerised transac-tion protocol that executes the terms of acontract” [1]. Conceptually, smart con-tracts can be understood as programcode that is executed for transacting par-ties. A blockchain-based smart contractplatform serves as a decentralised arbiterto both verify and enforce the executionof these smart contracts based on theplatform’s defined rules. In practice,smart contract platforms may be moreclosely related to the field of trustedcomputing as they offer the ability toexecute code with relatively high trust ina decentralised environment.

Smart contract platforms generallyfollow an open, permissionless modelwhere anyone can deploy their ownsmart contract code and where bothpublishing and executing smart con-tracts incurs transaction fees. Theexpressiveness of the programming lan-guage and code used to define smartcontracts plays an important role insuch systems because it greatly influ-ences what can and cannot be achieved.As an example, Bitcoin provides lim-ited smart contract functionalitybecause its transactions are governed bythe execution of stateless scripts in asimple, non-Turing-complete stack-based language. Other platforms, suchas Ethereum support complex andstateful Turing-complete contracts cancover a much wider range of applicationscenarios. The correct and secure exe-cution of such smart contracts dependsnot only on the contract’s code and itsexecution environment itself, but alsoon the underlying properties of the dis-

tributed system that actually facilitatessuch a decentralised smart contract plat-form [2]. Therefore, a holistic approachtowards smart contract security whichintegrates all these aspects and their

interactions is not only prudent, but nec-essary.

The difficulties and obstacles encoun-tered when trying to ensure both thecorrectness and the security of morecomplex smart contract code are mani-fold, and it is not surprising that therecent history of decentralised smartcontract platforms contains a number ofserious security incidents [3]. Many ofthese incidents can, at least partially, beattributed to a lack of established para-digms and best-practices and in partic-ular the complex interaction patterns ofthe different components and aspectsthat arise in decentralised smart contractplatforms.

The “Secure Execution of SmartContracts (SESC)” project aims to sys-temise available technologies andexplore the emerging requirements forsafely and reliably creating and main-taining smart contracts and their gov-

erning (blockchain) infrastructures inthe long-term. This encases elementsand approaches such as formal verifica-tion and automated analysis; securityimpact analysis on smart contract infra-

structures on client side devices; and theapplicability of container technologies.These elements outline how propertiesof the underlying distributed systemmay adversely affect both smart con-tracts and the hosting platform itself.

One aspect of particular interest is whateffects later parts of the developmentlifecycle of smart contracts and theirgoverning infrastructures will have onsecurity. While this can have a signifi-cant impact on both security and main-tainability, the topic area has receivedlittle attention from developers andresearchers alike. It is largely unclearhow future approaches and solutionstowards sustainability and scalabilitymight influence smart contracts that arebeing deployed today. The current pre-dominant paradigms render smart con-tract code difficult, if not impossible, tochange once it has been deployed.Clearly, the topic of smart contractsecurity is of paramount importance if

Figure�1:�A�blockchain-based�smart�contract�according�to�[L2].�

A Holistic Approach to Smart Contract Security

by Nicholas Stifter, Aljosha Judmayer, and Edgar Weippl (SBA Research)

Secure Execution of Smart Contracts (SESC) aims to identify and analyse security aspects of smart

contracts and the platforms on which they execute from a holistic viewpoint. We focus on the long-

term sustainability and security of smart contract infrastructures.

Blockchain technology was initially

introduced as a transaction management

technology that transfers centralised

control to a distributed environment

with new means of consistency enforce-

ment [1]. Platforms with smart contracts

extend the original blockchain protocol

by a process automation to proactively

maintain consistency among data, and in

particular transactions, by enabling a

full automation of agreements and the

autonomous adherence of these agree-

ments [2].

An appealing use-case of smart contracts

is the documentation and clearing of

micro-payments between parties in smart

grid environments - for example, among

members of a community that share a

renewable energy network and e-

mobility-oriented consumers. A variety of

different small plants homogeneously dis-

tributed over the grid produces, controls

and invoices the energy flow, in contrast

to traditional electrical plants in large-

scale grids that operate in a centralised

fashion. All activities by entities in the

grid can be managed as well as safe-

guarded by a smart contract.

The major benefit of using blockchain-

enabled smart contracts for such grids

is that participation on the network is

permissionless and self-regulating.

Someone who erects a wind turbine in

their garden can directly participate in

the global energy supply, independent

from central trusted intermediaries.

Blockchain technology allows the

coequal participation of different par-

ties on the smart grid without the

requirement that they trust each other.

Small contributions from individuals

will be negotiated in the same way as

large contributions by industrial com-

panies. Smart contracts thus allow the

elimination of intermediaries both in

topological regard - for instance, large

suppliers of electricity are replaced by

individual smart contracts, and in

regard to function - for instance, tasks

like bookkeeping and payment are

handled by smart contracts. In addi-

tion, a blockchain provides 100% up-

time and its decentralised nature pro-

tects against catastrophes and acts of

terrorism.

ERCIM NEWS 110 July 201718

Special Theme: Blockchain Engineering

Correctness of Smart Contracts

for Consistency Enforcement

by Thomas Osterland and Thomas Rose (Fraunhofer FIT)

Smart contracts are a proposed mechanism to help maintain consistency among data and

transactions. They are automatically triggered by the conduct of a transaction and they also function

to safeguard transaction histories. A cascade of automatically initiated smart contracts could result

in data errors and smart contracts interfering with one another, but correctness can be assured by

means of model checking.

Figure 1: Chances and challenges of smart contracts.

such decentralised smart contract plat-

forms are to gain widespread adoption.

SESC will provide much needed

insights into this relatively new problem

domain. We will explore the funda-

mental requirements for long-term

maintenance and sustainability of smart

contract systems. Through SESC, we

aim to both identify and address new

application domain-specific problems,

thereby enabling the community to take

a more proactive stance towards smart

contract security.

SESC is a collaborative project of SBA

Research, Venionaire Capital, and hand-

cheque. It is supported by the Austrian

Research Promotion Agency (FFG)

under the BRIDGE 1 programme and

kicked off in January 2017.

Links:

[L1] https://kwz.me/Xc

[L2] http://eprint.iacr.org/2015/460.pdf

References:

[1] N. Szabo: “Smart Contracts”, 1994,

https://kwz.me/XS

[2] C. Natoli and V. Gramoli: “The

blockchain anomaly”, IEEE NCA

2016.

[3] N. Atzei and M. Bartoletti and T.

Cimoli: “A survey of attacks on

Ethereum smart contracts (SoK)”,

International Conference on

Principles of Security and Trust

2017.

Please contact:

Nicholas Stifter ,SBA Research

+43 (1) 505 36 88

nstifter@sba-research.org

While the protected execution of smart

contracts is ensured by the blockchain

protocol, there is no approach that

ensures the correctness of the rules

encoded in the smart contract.

As a consequence, the correctness of a

smart contract must be ensured in

advance, before formal instantiation in

a blockchain. This is certainly important

for developers, as well as suppliers and

consumers that rely on the soundness of

a smart contract. Moreover, it furnishes

a source of trust for users because trust

is maintained by algorithmic concepts.

When proving the correctness of smart

contracts, a model of the actual correct

behaviour of a contract is necessary in

first place. Determining whether a con-

tract reacts correctly is not always as

trivial as it seems, and proving it (auto-

matically) means that the behaviour

must be defined as conditions in a

formal notation, for instance (temporal)

first order logics.

The process of testing whether a given

system satisfies these formally intro-

duced conditions is called formal verifi-

cation. In the example of the limited

selling price a corresponding condition

ensures that the selling price depends on

the movements of the energy market

and that it is not limited to a certain

range.

One approach with a high degree of

industry acceptance is model checking

[3]. The idea is to analyse the state

space of a program. A program state is

the valuation of every variable of a pro-

gram for a given execution step.

Running a program means executing

the program instructions consecutively

and every instruction changes the

storage and thus alters the program

state. Certain (forbidden) states in the

graph represent situations that contra-

dict the desired behaviour of the con-

tract. For instance, in the smart grid

example, every state from which we

cannot reach a state in which the selling

price exceeds a specified limit. Model

checking can then confirm whether for-

bidden states are reachable. Besides the

checking of forbidden behavior, model

checking can also test liveness proper-

ties, that describe desired behavior that

must eventually occur.

To-reiterate, smart contracts certainly

provide a powerful functional surplus

for maintaining the consistency of

transactions in applications governed

by blockchain technology. However,

the intended level of automation might

cause cascading effects that have to be

checked by formal methods of algo-

rithmic proof. Model checking appears

as a favourite candidate because of its

balance among expressiveness of con-

ditions to be verified and computational

complexity for verification. In case of

erroneous contracts, it provides coun-

terexamples that support debugging and

its application does not require expert

knowledge.

References:

[1] J. McKeogh, R. Cheong.

“Consensus: Immutable agreement

for the internet of value,” in

KPMG, 2016

[2] S. Underwood. “Blockchain

beyond bitcoin,” in Commun.

ACM 59, 2016, pp 15-17.

[3] K. Havelund , T. Pressburger.

“Model Checking Java Programs

Using Java PathFinder,” in T.STTT

(2000) 2:366, 2000, pp 366-381.

Please contact:

Thomas Rose, Thomas Osterland

Fraunhofer FIT, Germany

+49 2241 14 2798, +49 2241 14 3618,

thomas.rose@fit.fraunhofer.de

thomas.osterland@fit.fraunhofer.de

ERCIM NEWS 110 July 2017 19

Norddeutsche Landesbank (NORD/LB)

regularly evaluates technology innova-

tions regarding their strategic implica-

tions. In this context, NORD/LB, in

cooperation with Fraunhofer FIT, started

a Blockchain project to identify poten-

tial application scenarios and the imple-

mentation of a prototype. The aim of the

project was to familiarise with

Blockchain technology to obtain trans-

ferable results for future activities with

Blockchain or Distributed Ledger

Technology.

A Specific Workflow Management

Use-case

Inter-company workflow management

is a promising application area for

Blockchain technology since require-

ments of transparency and traceability

often demand cumbersome manual

processes in today’s businesses. In addi-

tion, regulatory requirements can make

these processes even worse. Having set

the objective to gain as many insights

into this application field as possible,

the interdisciplinary project team con-

sisting of technology, business, and

innovation experts started to analyse

one specific use-case in this area. The

team identified a banking use-case that

is accompanied by plenty of paperwork,

which is currently literally sent around

Implementation of a Blockchain Workflow

Management Prototype

by Gilbert Fridgen (Fraunhofer FIT), Bernd Sablowsky (Norddeutsche Landesbank) and Nils Urbach

(Fraunhofer FIT)

Blockchain technology offers huge potential to various industries and application areas. In a joint

applied research project, Fraunhofer Institute for Applied Information Technology (FIT) together with

Norddeutsche Landesbank (NORD/LB) identified (inter-company) workflow management as a

promising application area and developed a Blockchain prototype for a documentary letter of credit

in the international shipping business. In addition to the project’s explicit outcome – a Blockchain

prototype and strategic support for Blockchain innovation management – the joint project revealed

important insights into the technology’s applicability in the field.

the world, e.g., to gather signatures

from all relevant process participants.

Specifically, the project team imple-

mented a Blockchain prototype of a

documentary letter of credit. Simply

speaking, a letter of credit is a payment

instrument that guarantees an exporter

the payment of its goods as long as it

fulfils certain conditions such as sub-

mitting the correct documents to the

corresponding banks. The simplified

process is depicted in Figure 1. These

documents make the process quite

lengthy as they must be sent paper-

based from one process participant to

the other.

Analysing the Disruptive Potential of

Blockchain

The project team first discussed the

conceptual and technological features

of prevailing Blockchain solutions and

how these might improve the current

state of the process. In particular,

Blockchain’s tamper-proof informa-

tion ‘storage’ ability, thus auditability,

could be a major advantage. For

example, storing process-related docu-

ments in a secure cloud, and hashing

their content can provide proof that the

original documents have been digi-

talised and made available to all

process participants. As a second step,

standardised documents for a letter of

credit could be treated fully digitally

and would thus completely avoid

paper-based documents. Avoiding

paper-based documents can reduce

costs associated with stationary,

postage, and long transportation times.

Transportation time alone (per courier)

from one process participant to another

can currently take more than two weeks.

Furthermore, digital, tamper-proof doc-

uments enable parallel processing

within single process steps, since the

second participant (e.g., bank 2) does

not need to wait for the first one (e.g.

bank 1) to finish their process step and

send the documents on.

Using smart contracts can result in even

more important process improvements.

A smart contract is a computer program

that executes a job if a predefined con-

dition is met. For example, if a stock

price drops below a certain level, the

share is sold. Within the entire docu-

ment process (Figure 1), diverse control

procedures are necessary as the pay-

ment is bound to predefined conditions.

Hence, currently bank employees must

manually check if these conditions are

met. A lot of this work is repetitive and

can possibly be implemented using

smart contracts with their aforemen-

tioned predefined conditions. For

example, if a particular shipping date is

crucial, this date might be implemented

within a smart contract and checked

against the date that the shipping is

actually accomplished, e.g., when the

exporter signs the shipping of goods in

the harbour. Then the smart contract is

automatically approved if this condition

is met - and the next process step is trig-

gered – or rejected if the condition is not

met. Hence, a manual process is no

longer necessary for such repetitive

tasks and the whole processing time can

be reduced significantly.

In line with these examples, the imple-

mented prototype puts emphasis on

process improvement and ease of use.

We make use of the decentral nature of

Blockchain systems and include partici-

pants of different companies, use smart

contracts for process automation, and

create a fully digitalised process.

The Project’s Insights

NORD/LB together with Fraunhofer

FIT identified a set of potential use-

cases for a prototypical implementation

that were purposefully different from

prevailing cash system use-cases like

Bitcoin. In particular, workflow man-

agement allows for insights into how to

make use of Blockchain properties.

Specifically, the tamper-proof ‘storage’

of information as well as process

automation using smart contracts were

discussed and implemented.

Furthermore, the decentralised nature of

Blockchain could allow the entire

process to be developed in a direction

that radically changes or even removes

the role of intermediaries (here the

banks in Figure 1). Of course, given the

early stage of the technology’s develop-

ment and the current lack of standardis-

ation and legislation this is a glimpse

into the future of Blockchain tech-

nology and digitalisation, but it is nei-

ther far-fetched nor improbable.

Links:

https://kwz.me/Xy

https://kwz.me/XH

Please contact:

Gilbert Fridgen, Nils Urbach

Fraunhofer FIT, Bayreuth, Germany

+49 921 554711, + 49 921 554712

gilbert.fridgen@fit.fraunhofer.de,

nils.urbach@fit.fraunhofer.de

Bernd Sablowsky

Norddeutsche Landesbank, Hannover,

Germany

+49 511 3615020

bernd.sablowsky@nordlb.de

ERCIM NEWS 110 July 201720

Special Theme: Blockchain Engineering

Figure. 1: Document flow in a documentary letter of credit.

ERCIM NEWS 110 July 2017 21

Proofs of Work - the Engines of Trust

by Alex Biryukov (University of Luxembourg)

Customisable proofs of work and memory hard functions are investigated by the

SnT&CSC/CryptoLUX team at University of Luxembourg.

Proofs-of-work (PoW) are at the core ofmost of the present day blockchains andcryptocurrencies. These are the toolsthat make large public distributedledgers possible, since they replace thedifficult to quantify and manage trust byhard to forge mathematical computa-tions.

Proofs-of-work have been first proposedas a way to mitigate the spam problemand were later used by Nakamoto in theBitcoin protocol. First blockchainproofs of work were often based on iter-ation of cryptographic functions (doubleSHA-256 in Bitcoin) until the resultshows a special lucky number. Due tocryptographic properties of the functionthis is similar to winning a lottery andthe lucky “miner” is rewarded withcryptocurrency. One of the smart deci-sions in Bitcoin was to make this win-ning chance adjustable depending on theavailable market of miners. Howeverafter the first cryptocurrencies started togain popularity and value, the miningprocess entered into an arms race ofmining hardware: from desktop com-puter mining, to GPU, FPGA and finallyto ASIC mining.

Today Bitcoin mining is concentrated inthe hands of about a dozen mining farmoperators, who have access to optimisedASICs, cheap electricity (for example inChina) and environments that facilitatecooling (in Scandinavia, for example).Bitcoin miners serve as validators of thetransactions in the Bitcoin public ledgerand it is miners who decide what will beincluded in the ledger. Thus mining cen-tralisation goes against the democraticprinciples declared in the originalBitcoin whitepaper. Moreover currentblocksize/SegWit debate demonstratesthat Bitcoin is hostage to its mining con-glomerates, who have made hugeinvestments into Bitcoin “printing”hardware.

This situation is due to high parallelisa-tion of the Bitcoin mining process: anASIC full of SHA-256 cores is morethan 30,000 times more energy efficientin Bitcoin mining than the general pur-pose CPU. In order to remedy thisproblem, memory-hard functions wereproposed. Our CryptoLUX team [L1]has been working on a project to designdemocratic proofs of work and we havecome up with two different designs.

One is based on our team’s memory-hard password hashing design calledArgon2, which won the 2015 interna-tional password hashing competition(PHC). In [1] we propose buildingmemory-hard, but easy to verify PoW,using Merkle hash tree on top of theArgon2 hash chain (Figure 1). Then wecompute the hash of the tree roottogether with a nonce and apply Fiat-Shamir’s method to produce queriesabout random locations in the Argon2hash chain.

If attackers try to cheat and store only afraction of the Argon2 chain, they arevery likely to be caught as they will notbe able to demonstrate the knowledgeof the proper Argon2 chain elementswith their correct paths in the Merkletree. This scheme is called MTP and canbe instantiated with any memory-hardhash function. In another work [2] wefollowed a completely different pass,using the well-studied generalisedbirthday problem. In this problem givenk lists of n-bit numbers one is asked tofind a set of elements, one per list, suchthat the XOR of all the numbers is zero.The best currently known algorithm

Figure�1:�Merkle-tree�based�Proof-of-Work�with�light�verification.� Proof-of-Work�puzzle

In order to support sparsely connectedclusters of machines working on inde-pendent branches of a blockchain, diver-gent branches must be able to be mergedwith each other by a merging algorithmthat carries the consensus of all partiesinvolved.

We discuss a set of requirements that ablockchain merging algorithm mustachieve, and show how such an algo-rithm can be used to facilitate paralleldisconnected operations in an alterna-tive blockchain.

Bitcoin’s blockchain model allows anunknown number of participants to useits chain without a central authority.Because any client may append data atany time, branching the chain is bothimplicit and inevitable. In order to avoidmerging branches or dealing with con-flicting transactions, Bitcoin lets itsusers choose a main branch based on anestimated amount of work done on com-peting branches. Because Bitcoin is a

system that registers financial transac-tions, it has a great need for consistencyby distributed consensus in a relativelyshort amount of time. The process ofdistributed branch selection is effectivein achieving this, but artificially limits

the network to a single branch andthereby introduces a scaling bottleneck.Alternative blockchains may bedesigned to perform other tasks, such aspublicly verifiable calculations, snap-shotting filesystems, anonymous and

ERCIM NEWS 110 July 201722

Special Theme: Blockchain Engineering

design Requirements for a Branched

Blockchain Merging Algorithm

by Arthur Melissen (Storro B.V.)

Current blockchain technology as used by Bitcoin [1] and others uses a consensus model to

determine the head of the chain and lets divergent branches starve, causing information loss.

Information loss can be problematic for alternative blockchains in which connectivity could be

reduced for longer periods of time and a consensus model is infeasible.

Team�at�Storro.

was developed by D. Wagner, and inorder to find the solution it needs to storethe numbers in the lists and to constantlysort the new resulting lists (which ismemory-hard). An improvement inWagner’s algorithm would be an impor-tant breakthrough for cryptography. Onthe other hand, once the solution isfound, its correctness is very easy toverify. We use this problem (with someimportant hardening modifications, e.g.,algorithm binding) to build a newmemory-hard proof of work functionthat we call Equihash. This function isnow being used in one of the popularcryptocurrencies - Zcash. So far it holdsthe ASIC resistance promise and ismined on CPUs and GPUs.

One of the main concerns with proof-of-work based cryptocurrencies is theirwaste of energy. Indeed the amount of

electricity being burned just for Bitcoinis approaching the energy consumptionof a country like Denmark. It is a validquestion whether this is a justified priceto pay for the running of a trustlesspublic ledger. While electricity can bevery cheap in some places (e.g., an oldhydroelectric power plant in the middleof a rural area) and green forms ofenergy might make electricity cheap inthe future, many researchers have beenwondering if it is possible to avoid theenergy waste. In our team we havestarted to explore “greener” alterna-tives, such as proofs-of-stake consensusprotocols, which involve economic andgame-theoretic reasoning or distributedledgers based on Byzantine fault toler-ance (BFT), which have highthroughput in terms of transactions butrequire permissioned blockchains dueto trust and scalability issues.

Link:

[L1] https://www.cryptolux.org

References:

[1] Alex Biryukov, DmitryKhovratovich: EgalitarianComputing. USENIX SecuritySymposium 2016: 315-326.

[2] Alex Biryukov, DmitryKhovratovich: Equihash:Asymmetric Proof-of-Work Basedon the Generalized BirthdayProblem. NDSS 2016.

Please contact:

Alex BiryukovUniversity of Luxembourg+352 46 66 44 6793alex.biryukov@uni.lu

auditable voting, distributed notary sys-tems to provide proof-of-possession ofdocuments, and other distributed andanonymous services.

Many such alternative blockchains maynot have a need for the same strongdemands on consistency that Bitcoindoes, and may require performance thatcannot be achieved by distributing asingle chain across all nodes in theentire network. For instance, a distrib-uted filesystem might register itsupdates in different branches for indi-vidual servers and only periodicallysynchronise the filesystem by mergingeach server’s branch with the otherbranches using a branch merging algo-rithm.

At Storro, we design and use blockchainmodels where it is not achievable tomaintain a hierarchy of branches oreven an ordering between differentbranches. It might be the case that aclient working on one branch is noteven aware of all other branches. Insuch an environment it is necessary forthe merging algorithm to functionbetween any pair of branches, inde-pendent of their lineage. Merging mightbe done opportunistically and asynchro-nously between intermittently con-nected clients and may fail due to net-work outages or power failures.

In effect, this means that the mergingoperations between semi-connected andunreliable clients is a chaotic process,but must still provide an eventually con-sistent state between all clientsinvolved.

The simplest merging scenario is that ofa branched blockchain consisting ofonly two branches. It should be clearthat merging two different branches Aand B should provide the same mergedresult state on both clients. This meansthat the merging operation must bedeterministic and commutative. Sincethe algorithm is deterministic, it is anintuitive notion that the merging algo-rithm should most likely be automated,and not require any human intervention.

For blockchain networks of more thantwo branches to reach consensus, wemust ensure that the result of themerging operation between branches Aand B merged with C yields the sameresult as the merge between branch Aand the result of a merge between B and

C. This requirement equates to the tradi-tional definition of an associative opera-tion.

Just like with Bitcoin’s double-spending attacks, inconsistencies mayoccur when one naively attempts tocombine the results of differentbranches by adding their individualstates together. However, unlikeBitcoin, which can select a main branchand simply ignore any others, a mergingalgorithm needs to provide a consistentsolution for all conflicts that may arisewhen merging branches. Because theresolution of such conflicts will be apart of the result of the merging opera-tion, the conflict resolver algorithm hasthe same requirements as its parentmerging algorithm: It must be determin-istic, commutative and associative.How this is expressed in a specificblockchain model is left to the designer.An online voting system for examplemay decide that for conflicting votesfrom the same voter id only the mostrecently timestamped is valid, a hashfunction is applied to select a winnerdeterministically, or conflicting votesare discarded altogether.

Given these requirements, what would asimple example merging algorithm looklike for an alternative blockchain? Inthe case of a distributed filesystem, wecan specify the result R of a mergingoperation between two branches A andB as follows:

Any files which are present in both Aand B and contain the same content willbe present in R.

Any newly created files which arepresent in only one branch will bepresent in R. Any files which are deletedin one or more branches and are notchanged in any other branch areremoved from R.

Conflict resolution: If a file is created orchanged in both branches, the file withthe larger content will be present in R. Ifthe content size is equal, the content iscompared and the higher value ischosen as the content in R.

This algorithm is deterministic, and byselecting the largest file in either ver-sion it is also commutative and associa-tive. Applying this algorithm to a set ofclients which share a blockchain repre-senting filesystem snapshots should

eventually provide a consistent stateacross all clients.

In contract, a merging algorithm thatfails to meet any of these criteria, forinstance by not being deterministic (byperforming a random action uponmerging), or not being commutative (byalways preferring the local changesover remote ones), or not being associa-tive (by not using methods that transi-tively lead to the same result over largersets of branches) will relinquish itspromise in providing consensus in thenetwork after any amount of mergingoperations.

Any blockchain that should lead toeventual deterministic consensusamong all nodes will need a mergingalgorithm that is deterministic, commu-tative and associative. At Storro we usethese findings to design many of ourmerging algorithms with these proper-ties in order to employ them in our pro-prietary decentralised blockchainmodels.

Reference:

[1] S. Nakamoto, “Bitcoin: A Peer-to-Peer Electronic Cash System”,http://www.Bitcoin.org, 2008

Please contact:

Arthur Melissen, Michel EppinkStorro B.V., The Netherlandsarthur@storro.com,michel@storro.com

ERCIM NEWS 110 July 2017 23

ERCIM NEWS 110 July 201724

Special Theme: Blockchain Engineering

There’s been much media hype recentlyaround Blockchain technology. Moreoften than not, the technology is talkedabout in terms of its potential to revolu-tionise industry or even the entireinternet. Whether or not this is pie in thesky remains to be seen, but there’s nodoubt that Blockchain technology hasunderpinned many disruptive ideas inrecent years.

The methods behind Blockchain - peer-to-peer networks, hashing, Merkle treesetc. - are not new; it’s their combinationthat results in innovation. Generallyspeaking, four types of blockchain canbe identified, which may be distributedbetween the two dimensions of readaccess and write access (see Figure 1).Public blockchains, which can be readby anyone, focus on external effects liketransparency or participation. Privateblockchains can only be read by arestricted user group and focus oninternal effects like process optimisationor collaboration.

Blockchain for the Public SectorBlockchain is particularly important forthe public sector, which is responsiblefor ensuring social coexistenceaccording to common rules. In manycases the state and the public administra-tion act as an intermediary to regulateand oversee transactions and processes.For this reason many states maintain sev-eral registers to manage ownerships: forproperties or cars, for instance. In addi-tion notaries guarantee transfer of own-ership. In other cases the state takes on arole as trusted third party, which con-firms the authenticity of a document oran identity. Thus, a technology that aimsto replace third parties by cryptographicfunctions has direct implications for thestate and the public sector in general.

It is therefore not surprising that somecountries have been dealing with thistechnology for many years. In 2007

Estonia established the KeylessSignature Infrastructure (KSI) [1], atechnology that uses many aspects oftoday’s Blockchain solutions to ensurethe integrity of medical documents. Andin 2015 Estonia started its eResidencyprogram that provides a Blockchain-based notary service, e.g., for businesscontracts or birth certificates.

Depending on the context, Blockchaintechnology can enable more effectiveprocesses, solve partial subproblemsor fundamentally change existingwork flows. In 2016, the UKGovernment Office for Science pub-lished a study on use-cases, which hasreceived much attention [L2]. A pilotproject to pay UK benefits was

Blockchain – Attack on and Chance

for the Public Sector

by Christian Welzel (Fraunhofer FOKUS)

Until recently, digitalisation in the public sector was characterised largely by making existing

processes faster or more efficient. Blockchain instead is challenging established public structures.

Currently publically controlled functions for interaction could be organised completely privately,

which requires a repositioning of the state. At the same time, Blockchain provides a technological

approach that can be used by the public sector itself to improve transparency and trust.

Figure�1:�Types�of�Blockchain�categorised�according�to�read�and�write�access�[L1].

Figure�2:�Common�discussed�and�tested�use-cases�for�Blockchain�technology�

in�the�public�sector�globally�[L1].

launched in the same year but alsosparked privacy concerns.

Many countries, including Switzerland,USA, Sweden, Ghana and Georgia, areexperimenting with Blockchain tech-nology. Dubai announced a Blockchainstrategy with the goal of processing allgovernment documents digitally via aBlockchain infrastructure by 2020. Themotivation to use Blockchain tech-nology ranges from the prevention ofcorruption or misuse, to improvedtransparency (see Figure 2).

The Role of the StateIt is important that governments take aninterest in Blockchain technology. Onthe one hand, the state acts as a regu-lator, e.g., for cryptocurrencies likeBitcoin. The specific challenge for reg-ulation lies in the decentralised natureof Blockchain. If responsibilities aremissing, traditional regulation mecha-nisms seem to reach their limits. Forthis reason, some argue that Blockchainis resistant to regulation.

Aside from the issue of regulation, themain question for states and policy

makers will be how to deal with thetechnology in practical terms. The rangeof possibilities extends from prohibi-tion, through to tolerance, acceptance,allocation of public funding for itsdevelopment or even application. Four Recommendations:1. Monitor Blockchain technology and

identify regulatory needs.

Since national regulation has only alimited impact here, a European orbetter an international debate on thetopic is necessary, as with other digi-tisation questions.

2. Apply Blockchain technology and

develop best practice examples.

Experience can only be gained bytesting. The public administrationshould therefore analyse its ownprocesses and consider howBlockchain technology might beimplemented within them.

3. Push standardisation forward.

Currently, the development ofBlockchain is characterised by pro-prietary interfaces. Standardisation,which is urgently needed, has justbegun.

4. Actively shape the further develop-

ment of Blockchain technology.

There are a number of open questionsabout the ethical and societal implica-tions of Blockchain technology. Gov-ernments should allocate funding toresearch in this area.

Links:

[L1] http://www.oeffentliche-it.de/publikationen

[L2] https://www.gov.uk/government/uploads/system/uploads/attachment_data/file/492972/gs-16-1-distributed-ledger-technology.pdf

Reference:

[1] Buldas A., et. al.: “KeylessSignatures Infrastructure: How toBuild Global Distributed Hash-Trees.” In: Riis Nielson H.,Gollmann D. (eds) Secure ITSystems. NordSec 2013.

Please contact:

Christian Welzel, Competence CenterPublic IT, Fraunhofer FOKUS,Germany+49 30 3463 7377christian.welzel@fokus.fraunhofer.deTwitter: @OeffentlicheIT

ERCIM NEWS 110 July 2017 25

Within the Institute of Informatics andTelematics of the National ResearchCouncil in Pisa, a new working group ondistributed ledgers (DL) is being set up.The main objective of the group is tostudy DL technology and implementDL-based solutions for different sce-narios, such as traceability of productsand health care applications (HCAs). Inthis paper we focus on HCAs and weillustrate how they can be transformedwith the introduction of DL.

For many years, electronic healthrecords (EHRs) about patients’ healthcare have been stored in different HCAs,which essentially are very heteroge-neous and are not designed to managemulti-institutional and lifetime medicalrecords (Figure 1). In fact, different

health institutions do not usually share acommon HCA, and EHRs associated tothe same patient and stored by differentinstitutions do not refer each other. Thismeans that it is not possible to extract apatient’s history simply from theirEHR. In some cases, even within thesame institution, two EHR associated tothe same patient are not connected.Thus, a patient moving from one institu-tion to another, must register each timeto the local HCA, provided by the cur-rent institution, in order to build his/herlocal EHR. In addition, the patientshould provide the current institutionwith the previous resignation sheet,which contains all the informationrelated to the patient’s previousrecovery. This process, which often istedious, could also introduce errors and

lose potentially useful informationabout the patient. As a consequence,medical professionals may end upworking with incomplete information.

DL can potentially transform HCAs asthey provide new opportunities forhealth IT systems, by guaranteeinginteroperability among heterogeneousapplications in a secure way [1]. In fact,an architecture based on DL does notrequire node homogeneity: the onlyrequirement is that a node of the systemcan be identified in a secure way, i.e., itis equipped with a pair public/privatekey. Security provided by DL throughauthentication, confidentiality andaccountability, allows patients’ infor-mation to be protected from unautho-rised access. Both doctors and patients

How distributed Ledgers Can Transform

Healthcare Applications

by Angelica Lo Duca, Clara Bacciu, Andrea Marchetti (IIT-CNR)

The use of distributed ledgers (DL) in healthcare applications presents the opportunity to create new

interoperable and secure environments, from which both medical professionals and patients can benefit.

could benefit from the use of DL inHCAs: on the one hand, doctors couldaccess more information about apatient, such as their health history, lab-oratory results, prescribed medications,and even information extracted frompersonal bio sensors. On the other hand,it would also allow patients to accesstheir full EHR, anywhere and anytimeand it would remove the need for indi-viduals to register to a new HCA foreach hospitalisation. Furthmore, thewhole health sector may benefit fromthe adoption of DL, through economicsavings and increased efficiency of thehealth IT system.

A variety of companies have alreadyentered the ecosystem, trying to capi-talise on opportunities created by DLapplied to HCAs [2, L1, L2, L3]. All theexisting models in this field separatedatabases where all EHRs are storedfrom the database which specifies howto access the data, i.e., the DL [3].Figure 2 illustrates how DLs can beused in HCAs: a data lake is used tostore all the patients’ information (labo-ratory results, doctors’ prescriptions andso on). The DL is exploited to store allthe pointers to the data lake in a secureway. Patients and providers (e.g., insti-tutions, doctors, laboratories) are

equipped with public/private keys,which allow them to authenticate eachother. Patients can give partial and time-limited view of their EHRs to one ormore providers through access controlpolicies, regulated, for example, bymeans of smart contracts. Once themedical exam is ready, the providersigns it with a digital signature andsends it back to the client. If the clientaccepts it, the exam is added to the DL.

DLs undoubtedly represent a realopportunity for HCAs because they donot require any changes to the existinghealth IT databases, which are stillmaintained separated. Only a new data-base, i.e., the DL, should be added to thenetwork, containing only the pointers tothe original health IT databases. The DLwould play two roles: to connect all theexisting health IT databases and to guar-antee privacy and integrity of EHRs.

Links:

[L1] https://deepmind.com/applied/deepmind-health/

[L2] https://gem.co/health/ [L3] https://blockchainhealth.co

References:

[1] M. Mettler: “Blockchaintechnology in healthcare: Therevolution starts here”, in e-HealthNetworking, Applications andServices, Healthcom 2016, pp. 1-3,IEEE, 2016.

[2] A. Ekblaw et al.: “A Case Studyfor Blockchain in Healthcare:‘MedRec’ prototype for electronichealth records and medicalresearch data”, Whitepaper, 2016.http://dci.mit.edu/assets/papers/eckblaw.pdf

[3] L. A. Linn, M. B. KOO:“Blockchain for Health Data andIts Potential Use in Health IT andHealth Care Related Research”https://www.healthit.gov/sites/default/files/11-74-ablockchainforhealthcare.pdf

Please contact:

Andrea MarchettiIIT-CNR, Italy+39 050 315 2649andrea.marchetti@iit.cnr.it

ERCIM NEWS 110 July 201726

Special Theme: Blockchain Engineering

Figure�1:�Traditional�management�of�EHRs.

Figure�2:�How�the�use�of�DL�can�transform�the�management�of�EHRs.

ERCIM NEWS 110 July 2017 27

Figure�1:�Interplay�of�value�drivers�(left-side�circular�economy�diagram�adopted�from�[2]).

Table�1:�Sample�sequence�of�actions�for�an�intelligent�asset�blockchain.

Blockchain-enabled Intelligent Asset Exchange

for a Circular Economy

by Ioannis Askoxylakis (FORTH), George Alexandris (Bournemouth University) and Giorgos Demetriou(Ecole des Ponts Business School)

As the notion of circular economy gains momentum, intelligent assets increasingly form the

backbone of sustainable ecosystems. Although these assets can supply the necessary knowledge for

fueling the value drivers of a circular economy, the generated value will be significantly amplified by

allowing third parties to manage them and profit from better asset utilisation. However, for an ever-

changing networked environment consisting of numerous assets, ownership needs to be dynamic,

granular and adaptable in order to maximise gains. Blockchain-based mechanisms can effectively

serve this need by enabling transfer of asset ownership directly between parties participating in the

circular economy while introducing trust, efficiency and automation in asset exchange contracts.

The term “circular economy” refers toan economy that is restorative andregenerative by design, aiming to keepresources at their highest utility andvalue at all times. Its value driversinclude extending the useful life of finiteresources, maximising the utilisation ofassets and creating new use cycles forend-of-life assets. Simultaneously,assets leverage advances in IoT, thuscreating an emerging class of “intelli-gent assets” [1] governed by threeunderlying attributes enabling circu-larity: location, condition and avail-ability. These properties sufficientlydescribe the state of the asset for oper-ating under a certain role in theecosystem, but at the same time raisetwo fundamental questions:• How do these properties affect the

value generated by the asset? • Who defines the role(s) of the asset?

Given that a value of an object is usuallytightly coupled with its role in a system,these questions cannot be answered inde-pendently. Furthermore, in a complexsystem like a smart city, it is unlikely thata single possible answer for every assetexists. We thus introduce the idea of anexchange, where different entities canacquire a stake in an asset and operate itfor their own profit. The entity operatingthe asset can define the asset’s role(within certain boundaries set by a globalsystem owner) according to what itjudges to be in its best interest. This leadsus to two crucial concepts: asset owner-ship and asset control.

Transitioning from “Intelligent Asset”to “Intelligent Property” Characterising an asset as a property,requires the owning party to (a) provide auniversally accepted testimony of theasset’s ownership and (b) to have exclu-

sive access to the asset itself. Bothrequirements can be achieved by regis-tering the asset as a digital asset on theblockchain. Furthermore, all historicallocation, condition and availability prop-erties which affect the asset’s value willbe visible on the blockchain and signed

by the respective asset owner at thatpoint in time, thus guaranteeing that thedata is trustworthy. Properties can be fur-ther augmented with asset data of partic-ular interest to prospective buyers suchas damages, alterations, repairs etc.Access to assets can be granted by com-

The main focus of Bitcoin is to providea global store of value, a state of accountand a medium of exchange. In otherwords, the primary objective of Bitcoin-like systems is to offer a currency. Incontrast, the main focus of Ethereum isto provide a global decentralised com-putational fabric that can facilitate inter-actions between humans, and algorithmsexpressed as non-mutable, verifiablecode.

Blockchain technology has inspired manysocial scientists and economists.Technology enthusiasts consider theunderlying mechanisms of social organi-sation, governance, finance and law.Researchers started investigating theimplications of global, decentralised andnon-FIAT monetary systems. For exam-

ple, some researchers argue that automa-tion and decentralisation may make theconcept of the state entirely obsolete.

Blockchain technology, or morebroadly, “distributed ledger technol-ogy”, enables many novel decentralisedapplications. Ranging from simple dig-ital tokens representing currency,through to digital assets management,and audit trails, to the ability to estab-lish decentralised institutions [1]. Theproperty of being decentralised meansthat a trusted third party is no longerrequired in many scenarios that wouldpreviously have required one. This hasfar-reaching social implications.

The Blockchain research group atNTNU explores the rich and evolving

space of digital currencies. There is cur-rently a lively marketplace for over2,000 digital currencies in addition toBitcoin, even though most people haveprobably never heard of any of them.Tracking, anonymization, and forensicreadiness of cryptocurrencies are themain collaboration points betweenNTNU and Norwegian and Europeanlaw enforcement agencies. The researchgroup in NTNU investigates severalissues related to the current state of thetechnology. Among them, theresearchers consider scalability andresilience of off-chain transactions inthe Lightning Network. LightningNetwork is the proposed decentralisedpayment solution that would enableunconstrained scaling of the transac-tions in the system. Other areas of inter-

ERCIM NEWS 110 July 201728

Special Theme: Blockchain Engineering

Blockchain and Autonomous Institutions

by Mariusz Nowostawski (NTNU)

Blockchain technology is relatively young, although the underlying cryptographic mechanisms have

been known in computer science for some time. At NTNU we are interested in questions such as

“Will blockchain and smart contracts make society better? Does this mean that we must have trust

in the code, and not in humans? Could Blockchain technology be used as a powerful cyber weapon?”

bining the blockchain with owner-signedaccess tokens as described in Table 1.

Blueprint for a blockchainimplementation for exchangingintelligent assets in smart citiesIn the case of a smart city, the globalsystem owner is the city’s municipalitywhich has ultimate authority over allassets and is also responsible for settingthe rules of the blockchain. The munici-pality, its intelligent assets and all poten-tial owners of assets form a blockchainnetwork. In this context, asset ownermeans the party which is responsible forand has a stake in operating the asset. Anasset can either be obtained for opera-tion/maintenance on behalf of themunicipality (i.e., the municipality paysthe owning party for services provided),or it can be leased from the municipality(i.e., the owning party pays the munici-pality a rent for the asset). An owningparty controls the asset and is entitled totransfer its ownership to another partyvia a contract. The parties can alsospecify rules governing the contractwhich will be enforced automatically bythe asset itself in the future under certainconditions. It should be noted that the

actual payment of funds between partiesis independent of the asset transfer, andmay or may not be part of the sameblockchain.

Figure 2 shows the resulting simplifiedblockchain resulting from the abovescenario.

The proposed design is part of ongoingresearch taking place in the context ofthe Horizon 2020 project CyberSure [3]that is coordinated by ComputerEmergency Response Team of theFoundation for Research andTechnology-Hellas, in collaborationwith the Cybersecurity Research Centre

of Bournemouth University and theCircular Economy Research Centre ofEcole de Ponts Business School.

References:

[1] Intelligent Assets: unlocking thecircular economy potential, EllenMacArthour Foundation, 2016

[2] https://kwz.me/Xx[3] http://www.cybersure.eu/

Please contact:

Ioannis Askoxylakis, FORTH, Greece +30 2810 391723asko@ics.forth.grwww.forthcert.gr

Figure�2:�Simplifed�blockchain.�

est are in the value chain and in supplychain management. The lead in this areabelongs to San Francisco-based startupSKUchain [2], which has provided afew research projects to collaborators inNTNU.

Research on ensuring consistency ofcomputations conducted by a distrib-uted network of nodes is important andoften considered the most urgent prob-lem in the field. Multi-party computa-tions, order-preserving hashing andautomated verifiable code generationsare all active research areas.

Advocates of private blockchains saythat a private blockchain is to a publicblockchain what the intranet is to theinternet. But this analogy is misleading:the internet is qualitatively, as well asquantitatively, different to an intranet,which serves a completely different pur-pose. Public blockchains are qualita-tively different to permission-basedblockchain deployments. Instagrams,

Facebooks and Googles cannot happenon intranets – they can only happen onthe Internet. Similarly, there are thingsthat can only happen through open pub-lic blockchains. Bitcoin does not makesense as a private blockchain experi-ment. However, state-owned currenciesmake perfect sense as privateblockchains. So, what’s the differencebetween a private and a publicblockchain?

Nobody truly understands yet what theconsequences of blockchain technologywill be. The blockchain innovation isbased on openness, different trust mod-els, and new ways of control.Independent, non-trusting parties caninteract with each other through anopen, trusted, and verifiable communi-cation and value-exchange fabric.

Private, permission-based blockchainsare about new ways of control; newways of doing old things, where onegroup extracts value out of another. A

state-issued digital currency will useprivate, state-owned blockchain, and itwill be possible to track who transactswith whom and when. Unlike cash, pri-vate blockchain technology will allowthe state to have full knowledge aboutthe way money and value flows in theeconomy, down to the single penny.With a flick of a switch, criminal wal-lets can be disabled, and funds ceasedand burned. This technology is like aweapon and can be used to restrict per-sonal freedom and to increase control -or to the contrary, it can be used toenhance personal freedom.

Blockchain technology has the potentialto have a significant impact on societyand it is of paramount important tounderstand how it can be used and mis-used. It is a matter of trust!

References:

[1] M. Nowostawski, C. K. Frantz:“Blockchain: The emergence ofautonomous decentralisedInstitutions”, SOTICS 2016.http://kwz.me/XB

[2] Skuchain Brackets - BlockchainTechnology for CollaborativeCommerce.https://www.skuchain.com/

[3] C. K. Frantz, M. Nowostawski:“From institutions to code:Towards automated generation ofsmart contracts”, FAS*W, 2016. DOI: 10.1109/FAS-W.2016.53

Please contact:

Mariusz NowostawskiNTNU, Norwaymariusz.nowostawski@ntnu.no

ERCIM NEWS 110 July 2017 29

Figure�1:�Next�generation�of�institutions�will�integrate�humans,�AI�subsystems,�Decentralized

Autonomous�Organisation�(DAO)�and�smart�contracts,�to�provide�automated,�verifiable�and

efficient�workflows.

The Techruption Blockchain Project is apublic-private partnership project in theNetherlands, within which large corpo-rates, small companies, startups and sci-

entific institutions collectively createdisruptive technological innovationsaround distributed ledger (blockchain)technologies (DLT). DLTs are particu-

larly useful in business and governancesituations that involve multiple partiesthat do not necessarily trust one anotherto negotiate and execute electronic busi-

Self-Sovereign Identity framework

and Blockchain

by Rieks Joosten (TNO)

The ability to use identities in many different digital contexts is vital for doing electronic business

transactions. Such identities are hard to come by, in particular when the transaction involves international

parties that do not necessarily trust each other (yet). The Dutch Techruption project has taken on the

challenge of specifying a self-sovereign identity framework (SSIF) that aims to solve this problem, and to

build demonstrators that show its practical use, for businesses, consumers and governments. Blockchain

technologies are used for critical parts, such as storing commitments to attestations and revocation events.

ness transactions. In many cases suchtransactions require the ability to estab-lish and validate identities and identityattributes, or to check whether or notthey have been revoked.

Seven participants of the project(Accenture, APG, Brightlands, Chamberof Commerce, De Volksbank,Rabobank, and TNO) are developing aself-sovereign identity framework

(SSIF) for the creation, validation andrevocation of such identities that can beused in conjunction with blockchaintechnologies and the (disruptive) appli-cations that are enabled by such tech-nologies. The goal is to specify, validateand ultimately build a trustworthy, opendigital infrastructure for self-sovereignidentities that is secure, decentralized,open source, supports privacy (e.g.,GDPR compliance) in multiple roles,and lacks a single point of failure orlarge information honey-pot. We aim tofollow well-established requirements foruser-centric identity systems [1], [L1].

The SSIF has a terminology and method(based on the DEMO models for (busi-ness) transactions [2] and theNetworked Risk Management model[L2]) that a business party can use tospecify all information it needs to con-struct a valid argument for decidingwhether or not it should commit to aproposed business transaction.

One prerequisite for an argument to bevalid is that the meaning (semantics) ofevery statement must be defined. Usingsemantic web models (e.g., RDF(S)) formapping statement-representations to

their corresponding meaning allows theuse of semantic business standards suchas UBL, open data, data from “things”(from IoT frameworks) as well as per-sonal data.

The other prerequisite for valid argu-ments is that the truth of all statementsmust be established. The SSIF assumesthat the “truth” of a statement is subjec-tive, i.e., a decision by the party that uses

the statement in an argument. One of themost important concepts in the SSIF isthe “attestation”, i.e., a statement (withwell-defined semantics) that is signedby some party (the “attestor”) that atteststo the truth of other statements.

The value of attestations is that partiesthat trust them (or the attestors) can sim-plify processes, such as the onboardingprocess of banks that are heavily bur-dened by KYC regulations. We believethere is new business to be found in theissuance of solid attestations, and thatsmart contracts can be designed thatfacilitate such businesses.

Another crucial role of DLTs is to reg-ister events by which attestations arerevoked. It is easy to envisage the bene-fits of knowing whether or not a personis still an employee of a company, if apassport or driving licence has beenrevoked, a father still has parentalauthority, or a certificate is still valid.The distributed nature of DLTs allowparties to query a single (but redundant)endpoint for revocations of attestationsby all parties, rather than having toquery a specific endpoint for individualparties.

Several ideas still need to be developed.One such idea is the SSIF wallet, whichis seen as an embodiment of the “self-sovereignty” aspect of the framework.It is envisaged as a container for state-ments and attestations that can act as aproxy of its owner in the negotiationand execution of electronic businesstransactions. This means that the prolif-eration of statements and attestations iscontrolled by the user, and their use issubject to the user’s consent. While theidea itself is not new (we have seenInfoCards, attribute-based credentials,etc.), the interfacing with and use ofBLTs is.

Ultimately, the project will provide asolid framework for self-sovereignidentity that can be used in combinationwith DLTs, with a firm conceptualunderpinning, that reuses existing tech-nologies, is easy to install and maintainfrom a business perspective, is anenabler for disruptive business ideas,and has at least one working prototypeto demonstrate its viability.

Links:

[L1] https://kwz.me/Xv[L2] https://kwz.me/Xw

References:

[1] K. Cameron, R. Posch, and K.Rannenberg: “Appendix d.proposal for a common identityframework: A user-centric identitymetasystem”, The Future ofIdentity in the Information Society(2009): 477.

[2] J. Dietz: “Understanding andModelling Business Processes withDEMO”, LNCS, vol 1728, 1999.

Please contact:

Rieks JoostenTNO, the Netherlands+31622901317rieks.joosten@tno.nl

ERCIM NEWS 110 July 201730

Special Theme: Blockchain Engineering

Figure�1:�Techruption�Blockchain�Project.

ERCIM NEWS 110 July 2017 31

A blockchain is a distributed, alwaysavailable, irreversible, and tamper-resistant public database where the con-trol over data and its evolution is distrib-uted among a variable set of peers.Blockchain technology does not requirethe existence of trust relationshipsamong the system’s users.Consequently, it employs a distributedconsensus algorithm to allow the usersto agree on immutable and auditableappend-only operation without requiringinteraction with a trusted third party. Weare interested in the auditability of thedata stored in the blockchain, since theblockchain can be used as a publiclyverifiable proof that the data existed atthe time it was saved in it.

Access control systems are meant to reg-ulate the access to critical or valuableresources. Several access controlmodels, i.e., ways of defining the poli-cies expressing the rights of subjects toaccess resources, have been defined, andhere we focus on attribute-based accesscontrol (ABAC) policies. An ABACpolicy combines a set of rulesexpressing conditions over a set ofattributes paired to the subject, to theresource or to the environment. Therules must be satisfied accordingly inorder for the access right to be granted.A well-known policy language toexpress ABAC policies is the eXtensibleAccess Control Markup Language(XACML), defined by the OASIS con-sortium.

Our proposal exploits blockchain tech-nology as the base framework on top ofwhich we build an ABAC system. Thefirst step for defining our distributedblockchain-based access control systemis to store the access control policies inthe blockchain. Depending on the under-lying blockchain, different technicalsolutions can be adopted. If theblockchain allows for arbitrary data

storage, then we can save the policydirectly on it. On the contrary, if theunderlying blockchain has strict spaceconstraints, e.g., Bitcoin [1], we shouldadopt more complex solutions, such asstoring links to the policies in the chainwhile the complete policies are storedelsewhere (e.g., in distributed hashtables (DHT)). This is possible as longas the storage system remains tamper-proof and guarantees data availability,

and the linking to the policies is uniqueand tamper-proof as well. Anotheroption is the one provided by theEthereum blockchain [2], which allowssmart contracts to be represented andrun. In this case, these smart contractscan be exploited to properly encode thepolicies themselves in executableformat.

The next step of our approach is todefine the policy enforcement architec-ture, i.e., to define the set of compo-

nents required to perform, at accessrequest time, the policy evaluationagainst the current access context. If thepolicy is not stored in the blockchain inexecutable format, the architecture ofthe enforcement system is similar to theXACML reference one [1].

As an example, in [3] we described apreliminary prototype of a blockchain-based access control system which

exploits the Bitcoin blockchain andXACML policies. In this case, sinceBitcoin was not designed to store arbi-trary data, we defined a customisedstrategy to compress the XACML poli-cies and we exploited the OP_RETURNscript op code and MULTISIG transac-tions to store them in the chain. Theattributes required at access requesttime to perform the policy evaluationcan be retrieved from traditionalattribute providers (e.g., LightweightDirectory Access Protocol (LDAP)

distributed Access Control Through Blockchain

Technology

by Damiano Di Francesco Maesa, Laura Ricci (Università di Pisa) and Paolo Mori (IIT-CNR)

We defined a distributed access control system on top of blockchain technology. The underlying idea

is to properly represent the access rights of the subjects in the blockchain in order to easily allow

their enforcement at access request time. By leveraging blockchain advantages we can add new

desired properties, such as auditability, to the access control system. To prove the feasibility and

validate the proposed approach we developed a proof of concept implementation and performed

some relevant experiments.

Figure�1:�Architecture�of�the�blockchain�based�access�control�framework.

legal, and may be sued if it fails to fulfilits legal obligations.

In the absence of a central loggingfacility that acts as a trusted third party,and without sophisticated access toappropriate management solutions, itcan be virtually impossible to tracewhich partner organisations haveaccessed individual data sets. It can,therefore, be extremely difficult to pro-vide relevant information to an indi-vidual who requests that their data bedeleted. As a consequence, the pro-cessing of personal data inside a consor-tium might, in the future, be crimi-nalised or result in a fine.

In 2016, The Luxembourg Institute ofScience and Technology, LIST [L2],filed a patent application that addresses

these new demands with a solutionbased on the latest file-distribution,blockchain and encryption technolo-gies. In a purely decentralised peer-to-peer environment of equal partners,without requiring any centralisedinstance or further authorisation steps,the solution empowers the provider ofdata to trace the access to the data bypartners in the distributed and shareddata pool. This trace of access iswithout any doubt and cannot bedenied.

The solution is based on a file distribu-tion network of encrypted files. It cre-ates redundancy to increase availabilityand to improve download speed (Figure1). The blockchain network is used tolog the access to the files which willallow every access of the data by any

Closed consortia who provide andexchange personal data between theirpartners need to understand the impactthat the new General Data ProtectionRegulation (GDPR) of the EuropeanUnion will have on their processes. Infact, it demands that the data controllermust provide to an individual, uponrequest, information about the transferof their personal data to third parties,third countries or international organisa-tions.

The legal counterpart and single point ofcontact for a person that provided theirpersonal data will not be the consortiumas a whole, but a single data controllerpartner who has collected the privatedata and published it in the data pool.This contractual partner needs to ensurethat the processing of personal data is

ERCIM NEWS 110 July 201732

Special Theme: Blockchain Engineering

Blockchain Ensures Transparency in Personal

data Usage: Being Ready for the New EU

General data Protection Regulation

by Uwe Roth (Luxembourg Institute of Science and Technology, LIST)

The new EU General Data Protection Regulation (GDPR) [1][L1], which will come into effect in 2018,

demands transparency as one of the main principles for the collection, processing, storing and

transfer of personal data. Transparency ensures that individuals can enforce their legal rights: to

withdraw consent for their personal data to be processed or to request that their data are erased. At

the Luxembourg Institute of Science and Technology we filed a patent, based on blockchain

technology, that guarantees transparency in the context of files that are exchanged in a shared data

pool. It guarantees that access by partners to specific files can be traced without a central entity.

services). However, we envisage thatattributes could be stored and managedexploiting the blockchain as well. If thepolicy is stored in the blockchain in exe-cutable format, i.e., through smart con-tracts, most of the policy enforcementarchitecture is embedded in theblockchain itself. Such smart contractsrepresent self-evaluating policies thatcan be queried directly and transpar-ently at access request time. The attrib-utes required for the evaluation of thepolicy are encoded in the blockchain assmart contract as well. We have devel-oped a proof-of-concept implementa-tion of this approach on the Ethereumblockchain, demonstrating the feasi-bility of our proposal.

The evaluation of a blockchain-basedaccess control policy could be performed

by a party which is not trusted by theresource owner or by subject of therequest who, instead, would like to beguaranteed against malicious or erroneouspolicy evaluations. For instance, the partythat evaluates the policy and enforces theresult could maliciously force the systemto deny an access although the policywould have granted it.

Blockchain technology can be exploitedto address this problem as well, In fact,having the policies and the attributespublicly available through theblockchain, allows any user to know atany time the policies that are applicableto its access request and the relatedaccess context. This allows distributedauditability, detecting parties that fraud-ulently alter the rights granted by theenforceable policies.

References:

[1] S. Nakamoto: “Bitcoin: A peer-to-peer electronic cash system”,http://bitcoin.org/bitcoin.pdf(2008).

[2] G. Wood: “Ethereum: A securedecentralised generalisedtransaction ledger”, EthereumProject Yellow Paper 151 (2014).

[3] D. Di Francesco Maesa, P. Mori, L.Ricci : “Blockchain Based AccessControl”, Proc. of the 17th IFIPInternational Conference onDistributed Applications andInteroperable Systems (2017).

Please contact:

Damiano Di Francesco Maesa,Dipartimento di Informatica,Università di Pisa, Italydamiano.difrancescomaesa@for.unipi.it

partner in the network to be traced. Inour solution, we abstract from the use ofthe underlying blockchain technology(Figure 2) in an ISO-OSI [2] layeredway: Starting from the lowestblockchain-network layer that is onlyused to broadcast a number of bytesamongst the network, each new layer ontop of this adds another level of com-plexity, e.g., adding point-to-point com-munication, adding end-to-end-encryp-tion, or adding messaging. This allowsus to make our approach independentfrom the specific blockchain implemen-tation that is finally used, and replace it

ERCIM NEWS 110 July 2017 33

without the need to re-implement theentire solution.

We are currently in the process of devel-oping a first proof-of-concept thatincludes all the elements described inthe patent, and, at the same time,searching for partners that can provideuse-cases that are relevant for specificmarkets. For example, an clinicalresearch consortium that exchangesgenomics data between their partners,which may be international. An alterna-tive use-case is the tracing of access, notonly to personal data inside a shared

data pool, but also to copyright protecteddata that triggers payment obligations.In addition to logging access to files, weare currently investigating an approachto log access to any type of service,including data inside a distributed data-base.

Links:

[L1] http://www.eugdpr.org[L2] http://www.list.lu

References:

[1] GDPR, Regulation (EU) 2016/679of the European Parliament and ofthe Council of 27 April 2016 on theprotection of natural persons withregard to the processing of personaldata and on the free movement ofsuch data, and repealing Directive95/46/EC (General Data ProtectionRegulation), online:http://data.europa.eu/eli/reg/2016/679/oj

[2] H. Zimmermann: “OSI ReferenceModel – The ISO Model ofArchitecture for Open SystemsInterconnection”, IEEETransactions on Communications,vol. 28, no. 4, April 1980, pp.425–432.

Please contact:

Uwe RothLuxembourg Institute of Science andTechnology, LISTuwe.roth@list.lu

!"#$%$&'() *+,-#.%/0.')1'$,(#)2

!"#$%$&'() 3.'44+.56'7+.!"#$%$&'() *+,$(-($

/8,.9$,9.+2

:'7"#';56'7+.!"#$%&'() .)*+,$(-($

/:'7"#';2

<.74,#56'7+./(0)123)$45+6127,528')'0,9,)6

/=+11'>+2

!"#$%$&'() 6'7+.8+); ?+$+(@+

!4#':$'*6

;#()6<6#<;#()6

=4')*+#462>'5,412?,6@#4%2>'5,412A'6'"()%2>'5,412;&5*($'"2>'5,4ABC

D

E

F

G8HH8G

I44"($',(#)56'7+.8,**'0,12>#012B;C

/J','2

Figure�2:�Usage�of�the�blockchain�in�a�layered�architecture,�in�relation�to�the�ISO-OSI�model.

!"#$%&'()*+$

,"-')"./'$0%1$'2()3%

&'()*+$

,"-')"./'$0%1

$'2()3%

&'()*+$

!"#$%&'()*+$

455$--%6#"$7'

!"#$%&'()*+$ 8(+

8(+ 8(+

,"-')"./'$0%1$'2()3%&'()*+$

9#(535:*"7

!"#$%,"-')"./'"(7Figure�1:�Clients�access�their�local

network�storage�that�acts�as�a�node�in�a

decentralised�peer-to-peer�network.

ERCIM NEWS 110 July 201734

Special Theme: Blockchain Engineering

An important property of blockchaintechnologies is that trust is distributedbetween all blockchain network mem-bers. When anyone can be a member ofthis network, it is about a permissionlessmodel, whereas when access to the net-work is allowed only to entities thatbelong to a defined consortium, it is apermissioned model. We focus here onone key topic for blockchain technolo-gies: the sharing of trust beyond thechoice of the consensus protocol.

One main characteristic of blockchaintechnology is that it enables mainte-nance of a continuously-growing list ofordered records, called blocks, on whichthere is a consensus. Each block is time-stamped, linked to previous blocks usingcryptography and contains one or sev-eral “transactions” that have been “veri-fied” by the blockchain members.“Transaction” should be understood in abroad sense to be adapted to many use-cases. For example, a Bitcoin transac-tion is related to the digital moneytransfer using pseudonyms, but a trans-action can also be a simple exchange ofassets, described into a smart contract,or it can be almost “everything”, e.g., ahash of data for internal logs or proof ofanteriority [1]. Then, depending on theuse-case, data fields have to be cate-gorised, i.e., data fields publicly shared,data fields shared only within theblockchain consortium, data fieldsshared only with identified entities and

data fields that have to be kept confi-dential (and not shared with anyone).The meaning of “verified” must also betaken in a very broad sense, as illus-trated by the three cases below.

Data protection can have differentmeanings depending on the use-case,e.g., authentication of the data source,authentication of people accessing it,securitisation of the data transport or ofthe storage. Moreover, different notionsof privacy properties may have to besupported depending on the use-caseand on the data fields’ classification.

Let’s have a look at three use-cases thatillustrate the shades of “transparency”that can be provided by blockchaintechnologies.

Case 1: Bitcoin transaction. Data is shared publicly in a permission-less ledger. This is an example withalmost maximal transparency by a fulldelegation of the verification steps tothe blockchain network. Indeed, all thesteps of the transaction verification (i.e.,amount/balance verification, signatureauthenticity verification, detection ofdouble-spending) as well as the inser-tion into the ledger are done by theblockchain network. Regarding privacyproperties, only the pseudonymity ofpayer/payee is claimed to be supported.However, this privacy property is quiteweak and it is possible to extract some

information by analysing the graph oftransactions, e.g., [2]. For Case 1, theledger is auditable with independently-verifiable proof-of-time, at any time byanybody.

Case 2: Smart contracts withconfidential formula based on zero-knowledge proof of knowledgetechniques, e.g., [3]. This use-case can be relevant for bothpermissionless and permissioned net-works. In both models, only the stake-holders involved in the smart contracthave access to the exact formula thatwill be used to compute the finalamount of the transaction. The rules ofthe smart contract are shared inside theblockchain network but the formula thatwill be used to compute the finalamount of the contract is kept confiden-tial; this formula is embedded into thesmart contract in an encrypted form.Then, when the smart contract is exe-cuted, the payer and/or the payee revealthe final amount of the transactionwhile proving that this amount is com-pliant with the encrypted formula con-tained within the smart contract,without disclosing the formula. Thisprivacy feature is important, especiallyfor business relationships where therules may change from one customer toanother. All these features could be for-mally verified to increase the assuranceand trust in transaction verification. ForCase 2, the ledger is also auditable at

flexible Transparency: A Privacy Enabler

in Blockchain Technologies

by Maria Christofi (Trusted Labs) and Aline Gouget (Gemalto)

Use blockchain technologies while keeping the control of the transparency you provide!

any time by any member of theblockchain network.

Case 3: Records of private financialtransactions by disclosing only hashof the transaction data. This use-case is more suitable for usewith a permissioned model where theblockchain network can take responsi-bility for authenticating the data source.Then, it is guaranteed that only dataprovided by authenticated sources havebeen added to the permissioned ledgerwhile transaction data remain confiden-tial (except for the stakeholdersinvolved in the transaction). However,financial data could be shared a poste-riori, e.g., to a judge to enable transac-tion verifications and anchoring into theledger.

These use-cases illustrate that it is notnecessary to choose between full world-wide transparency and transparencyonly within a consortium, but severallevels of transparency can be consid-ered depending on the use-cases needsand especially concerning the classifi-cation of data fields, possibly using ahierarchy of consortia. The aim of ourwork is to provide recommendations fordesigning customised transparencydepending on the use-case.

References:

[1] A. Buldas, A. Kroonmaa and R.Laanoja: “Keyless Signatures’Infrastructure: How to BuildGlobal Distributed Hash-Trees”,Cryptology ePrint Archive, Report2013/834, 2013.

[2] D. Ron et A. Shamir: “Quantitativeanalysis of the full Bitcointransaction graph”, FinancialCryptography, 2013.

[3] A. E. Kosba, et al.: “Hawk: TheBlockchain Model of Cryptographyand Privacy-Preserving SmartContracts”, IEEE Symposium onSecurity and Privacy 2016, 2016.

Please contact:

Maria Christofi, Trusted Labs, France maria.christofi@trusted-labs.com

Aline Gouget, Gemalto, Francealine.gouget@gemalto.com

ERCIM NEWS 110 July 2017 35

The founding partners of the NationalBlockchain Coalition (NBC) anticipatethat blockchain technologies will openup new and more efficient digital valuetransactions, including micro-payments,and will therefore have a huge impact onservices including administration,healthcare, finance, energy and logisticsnetworks [1]. As a consequence, thecoalition foresees positive effects on theautonomy of citizens, transparency ofoperations and cyber-security, as well asa significant reduction in administrativeoverheads.

The first action line in the agenda prima-rily focuses on the development of “dig-ital identities”, which would allow per-sons and legal entities, but also services,and even objects or devices toautonomously engage in efficient buttrusted digital transactions. To realisethis vision, various technological solu-tions need to be developed. In additionto the obvious need for technologicalsolutions, the coalition is also exploring

what is required to remove legal obsta-cles or perception-based objections thatwould hamper wider acceptance.

At CWI, researchers are interested invarious aspects of blockchain technolo-gies and applications. At the funda-mental level there are deep questionsabout the computational foundations oftrust and consensus in distributed peer-to-peer networks. Developing algo-rithms of provable performance thataddress the balance between decentrali-sation and permission-less access to thesystem on the one hand, and scalabilityand tamper-resistance on the other,remains an active area of research forcryptologists [2].

Another topic of interest concernsquantum-proof versions of blockchaintechnologies. The wider roll-out andadoption of these technologies willmost likely coincide with the emer-gence of functional and commerciallyviable quantum computers and sophisti-

cated quantum software. Failing to ade-quately address these technologicalinnovations might rapidly render large-scale investments in blockchain-basedinformation infrastructure worthlessand threaten to put broad swathes ofsociety and industry at risk of fraud andmalicious interference.

Research in formal methods at CWI isalso highly relevant, in particular, withrespect to the use of smart contracts.As smart contracts embedded inblockchain are immutable and automat-ically triggered by transactions, thereare new incentives to develop efficientmathematical methods that can be usedto formally prove their correctness.

On the application side there is stronginterest in using blockchain technolo-gies to enable micro-payments in peer-to-peer markets. As partners in theEuropean ERA-Net project GRID-FRIENDS, CWI researchers areinvolved in the design of a decen-

CWI Joins the dutch National Blockchain

Coalition as a founding Member

by Eric Pauwels (CWI)

Earlier this year, as part of the government’s Digital Agenda, the top-level ICT Team set up by the

Dutch Ministry of Economic Affairs instigated the formation of a National Blockchain Coalition. This

coalition is a joint initiative of over 20 organisations – including Centrum Wiskunde & Informatica

(CWI) – active in government and research, as well as the financial, health, logistics, and energy

sectors. With this NBC initiative, the Netherlands aims to become one of the international leaders in

blockchain development and applications.

ERCIM NEWS 110 July 201736

Special Theme: Blockchain Engineering

A blockchain is essentially an electronicledger for digital records, events ortransactions maintained by the partici-pants in a distributed computer network.This distribution of transaction manage-ment across a peer-to-peer network ofinterested parties plus new forms of con-sensus finding to preserve global consis-tency will allow significant changes towell-established service process andgovernance patterns. A blockchain maybe used not only to distribute transactionmanagement, but also to automate

processes, rules and organisational prin-ciples. Using smart contracts, consis-tency rules may be attached to eachtransaction. They specify what has to bechecked in a transaction and whichfollow-up activities have to be trig-gered.

This built-in automation will allow there-engineering of many processes andthe elimination of intermediaries andagencies, as long as information consis-tency is safeguarded by smart contracts

compliant to auditing requirements. It isincreasingly being used in a number ofcommercial and administrative fields,to distribute the management of transac-tions across an open network.

Blockchains also enable fundamentalorganisational changes in governance,so they may be characterised as a dis-ruptive innovation that breaks up estab-lished business models. For instance, ablockchain might be used to maintainestate property records in a peer-to-peer

tralised energy coordination infrastruc-ture at Schoonschip, a new housingdevelopment in Amsterdam. Theambitious goal of this innovativebuilding project is to create a commu-nity of about 40 floating familydwellings that together constitute aquasi-autarchic energy microgrid. Thehouses are furnished with solar panels,heat pumps as well as batteries to tem-porarily store electricity. The batteriescome equipped with planning and opti-misation algorithms developed at CWIthat coordinate the exchange of surplusenergy among neighbours in the micro-grid. As a result, there is a pressingneed for a decentralised but tamper-resistant platform to keep track of allthe ensuing micro-transactions. CWIresearchers are investigating howblockchains can be harnessed toaddress these and related issues, suchas automated negotiation and prefer-ence elicitation [3].

In summary, the instigation of a DutchNational Blockchain Coalition testifiesto the strategic importance and urgencyassigned to the development and roll-out

of blockchain technologies by top-levelICT team in the Netherlands.Researchers at CWI are actively investi-gating both fundamental and applica-tion-oriented aspects of variousblockchain technologies.

The National Blockchain Coalition part-ners include: ABN AMRO, ING,Volksbank, Nationale Nederlanden,Rotterdam Port Authority, Enexis,Alliander, the Dutch Royal NotarialAssociation, Brightlands and theMinistries of Economic Affairs,Infrastructure and the Environment,Security and Justice, and Interior andKingdom Relations. On the knowledgeside they are joined by TU Delft, TilburgUniversity, Radboud University,Centrum Wiskunde & Informatica(CWI), NWO and TNO. The social per-spective is contributed by ECP |Platform voor de InformatieSamenleving (Platform for theInformation Society). On 20 March2017, Minister of Economic Affairs ofthe Netherlands Henk Kamp receivedthe action agenda of the NationalBlockchain Coalition.

Links:

https://kwz.me/XEhttp://www.grid-friends.comhttps://kwz.me/XK

References:

[1] Distributed Ledger Technology:beyond block chain. Report UKGovernment Office for Science. 19Jan 2016(https://www.gov.uk/government/publications/distributed-ledger-technology-blackett-review)

[2] A. Narayanan et. al. “Bitcoin andCryptocurrency Technologies. AComprehensive Introduction”.Princeton University Press, 2016

[3] T. Baarslag and M. Kaisers: “TheValue of Information in AutomatedNegotiation. A Decision Model forEliciting User Preferences”, Proc.of 16th Int. Conf. On AutonomousAgents and Multi-Agent Systems(AAMAS 2017).

Please contact: Eric Pauwels, CWI, The Netherlands+31 (0)20 592 4225 eric.pauwels@cwi.nl

Blockchain Lab – design, Implementation

and Evaluation of Innovative Business

and Process Models

by Gilbert Fridgen, Wolfgang Prinz, Thomas Rose and Nils Urbach (Fraunhofer FIT)

Blockchain is considered to be enabling technology that is going beyond the Bitcoin crypto currency.

It replaces centralised transaction management by the distribution of transactions across a network

of nodes with different methods for consensus finding. This major change of governance may

change sectors of our societies far beyond digital currencies. Fraunhofer FIT established a

Blockchain Lab in 2016 in order to explore its impact. It will serve as an experience lab for technical

components, implementation platforms, application prototypes and blueprints for novel governance,

process, and business models.

ERCIM NEWS 110 July 2017 37

network eliminating institutional over-head. Generally speaking, several dif-ferent classes of use-cases have beenidentified, conceivably triggering novelservice processes and governance.Providing, auditing and preservingprovenance information is, for instance,an important service today that is vitalfor a broad range of industries.

Thus, blockchain technology may havemany different effects not just on theprocesses but also on the structures ofgovernance, which may significantlychange the distribution of tasks amongthe actors involved in a process. Thenew roles and governance changesdirectly raises the question of new busi-ness models for the new value chainestablished by re-engineering theprocess.

As a consequence, the different dimen-sions of blockchain technology require amulti-disciplinary approach to exploitthe potential capabilities of distributedtransaction management combined withnovel consensus methods. This will beimplemented in the Blockchain Labestablished at Fraunhofer FIT in 2016. Itwill serve as an experience lab for tech-nical components, implementation plat-forms, application prototypes as well asblueprints for novel governance andbusiness models. It is a multi-discipli-nary unit rooted in three of FIT’sresearch departments: CooperationSystems for consensus methods,Decision Support for new governance

and business models, and InformationSystems for innovative applications. Wewill also look at the legal aspects ofblockchain applications. Our aim is toshowcase the state of the art in thisfledgling research area using practical,integrative applications.

The work of the Blockchain Lab will bebased on three cornerstones: businessmodel, technology and legal / regulatoryenvironment (see Figure 1). Businessmodels will be developed together withindividual partners or industry groups,focusing on potential analysis, evalua-tion and the design of disruptive solu-tions. Technology will focus on pro-viding a development platform thatincludes different blockchain systems(P2P network, validation server etc.),implementation of blockchain solutionsand evaluation of blockchain concepts.The relevant legal aspects and regula-tions are taken into account in our evalu-ation of business models and blockchainsystems.

We will focus on short developmentcycles, which are quick to implement, inclose cooperation with our developmentpartners. We aim to develop functionalapplications quickly and to build mar-ketable products through iterativeimprovements. To build these bespokesystems we will organise workshops,bring together consortia of industrialpartners and conduct R&D projectscovering all necessary developmentsteps.

Link:

https://www.fit.fraunhofer.de/de/fb/cscw/blockchain.html

References:

[1] A. Narayanan, et al.: “Bitcoin andCryptocurrency Technologies – AComprehensive Introduction”,Princeton University Press, 2016.

[2] V. Schlatt, A. Schweizer, N.Urbach, G. Fridgen: “Blockchain:Grundlagen, Anwendungen undPotenziale, ProjektgruppeWirtschaftsinformatik desFraunhofer-Instituts fürAngewandte Informationstechnik,2016.

Please contact:

Gilbert Fridgen, Fraunhofer FIT,Bayreuth Germany, +49 921 55 4711,gilbert.fridgen@fit.fraunhofer.de

Wolfgang Prinz, Fraunhofer FIT, Sankt Augustin, Germany, +49 2241 14 2730,wolfgang.prinz@fit.fraunhofer.de

Thomas Rose, Fraunhofer FIT, SanktAugustin, Germany, +49 2241 14 2798,thomas.rose@fit.fraunhofer.de

Nils Urbach, Fraunhofer FIT, Bayreuth,Germany, +49 921 554-712,nils.urbach@fit.fraunhofer.de

Figure�1:�The�multi-disciplinary�approach�of�the�Blockchain�Lab.

Eu

rop

ea

n R

ese

arc

h a

nd

In

no

va

tio

n

Research and Innovation

ERCIM NEWS 110 July 201738

Machine Learning in IoT

for Autonomous, Adaptive

Sensing

by Frank Alexander Kraemer, Nattachart Tamkittikhun andAnders Eivind Braten (NTNU)

Inevitably, there will be a huge number of sensor devices

within the internet of things (IoT) - but how can we possibly

manage to optimise each and every one of them? Our

answer is to treat them as autonomous units, much like

robots. To this end we have been experimenting with

different approaches to find out how constrained devices

can benefit from machine learning, so that they can

operate optimally.

Sensor devices are often situated in heterogeneous environ-ments that change over time, for instance by changing locationor variations in the weather. This is critical for their operation:Many sensor devices use energy harvesting, like solar energy, tosustain their operations, and their energy budget is critical toachieving their goals. This requires a high degree of optimisa-tion. One of the characteristics of the internet of things (IoT),however, is its expected scale in terms of the number of devices.Therefore, the task of optimising IoT sensors or individuallyoversee their operation, cannot be performed manually. Thisleaves us with two options: Either over-dimensioning thesystem, for instance by investing in larger solar panels or bat-teries, or reducing the duty cycle of sensor devices to saveenergy, which effectively means to sense less frequently andsend less data. In either case, systems do not operate optimally.This was also our experience within a smart city sensing project[1], where we used a static sensing approach. Sensing the emis-sion data every six minutes worked adequately during thesummer, but the solar panels could not provide enough energyduring the dark winter in the Nordic areas, which eventuallycaused the sensor devices to shut down.

The experiences within this smart city project motivated ourapproach of autonomous and adaptive sensing in the ARTproject: Instead of looking at sensor devices as simple and con-strained sources of data, we see them as autonomous agents,much like robots. Throughout their operation, they have to con-stantly plan ahead and make decisions based on the changingenvironment and what they have observed so far. Possiblemechanisms for this include different machine learning tech-niques, applied in combination with each other.

To verify such an approach, we established a lab forautonomous sensors, which consists of an array of sensor nodescalled Waspmotes, an off-the-shelf sensing system fromLibelium driven by an 8-bit microcontroller. They communicatevia LoRaWAN to a backend. Since the sensor nodes as well asthe network are fairly constrained, the question is how machinelearning can be applied in such a scenario. One solution is a cen-tralised approach, in which machine learning is applied as partof the device management. Instead of just collecting data andmonitoring key performance parameters such as sending fre-quency and battery level, the backend also learns from thereceived metadata and calculates optimised sensing strategies.

ERCIM NEWS 110 July 2017

how sensor nodes can start their operation even if little or noprevious data exists for the prediction.

Another important question is how the system can performits task in a less centralised way, i.e., considering autonomyon sensor level. To avoid single points-of-failure, sensorsmust be able to learn from insights gained at a global level,i.e., in the cloud, but still be able to act locally. For IoT appli-cations, this implies a paradigm shift: machine learningmethods should not only help analyse data collected by IoTnodes, but also help them to make optimal decisions abouttheir own operation so that they can act autonomously.

Links:

SINet Project: https://sinet.item.ntnu.noART Project: https://ntnu.edu/iik/aas

Reference:

[1] Ahlers, D., Driscoll, P., Kraemer, F. A., Anthonisen, F.,& Krogstie, J. (2016). A Measurement-Driven Approach toUnderstand Urban Greenhouse Gas Emissions in NordicCities. Norsk Informatikkonferanse NIK.

Please contact:

Frank Alexander Kraemer, Norwegian University of Sci-ence and Technology, NTNU, Norwaykraemer@ntnu.no

39

Figure�1:�Sensor�devices�need�to

constantly�adapt�and�plan�ahead�to

maintain�optimal�operation�in

variable�environmental�conditions.

These sensing strategies are sent to the sensors every hour,and provide a guideline for how often data should beacquired to achieve a good balance between energy con-sumption and the required data rate.

This extended form of device management learns over timehow the harvested solar energy depends on the currentweather conditions. It also learns how the energy consump-tion changes with different sensing modes by considering thedevelopment of the battery level over time. Using weatherforecasts, a planning algorithm predicts the resulting batteryprofile for different sensing strategies. The goal is both tokeep the battery from being drained, and utilise the harvestedenergy to maximise the quality of data that is sensed anddelivered. The SINet project follows a similar approach, butfocuses on managing intermittent network connectivity.

The preliminary results are very encouraging. Already fewfeatures about the solar position (azimuth, zenith) and acouple of weather characteristics (cloudiness, precipitation,symbolic weather) are good indicators for the expected solarintake for the next day. We are experimenting with differentmachine learning techniques, including k-nearest neighboursand neural networks. In the given setting, the currentlyselected algorithms are less significant than the availabilityof sufficient training data. We are therefore investigatinghow autonomous sensing systems can be bootstrapped, i.e.,

Research and Innovation

Cache-aware Roofline

Model in Intel® Advisor

by Leonel Sousa and Aleksandar Ilic (INESC-ID)

Researchers from INESC-ID, Instituto Superior Técnico,

University of Lisbon proposed a set of fundamental

Cache-aware Roofline models, which provide a simple

and intuitive way of visually representing the limits of

parallel processing on multi-core processors.

As computing systems evolve towards complex multi-coredesigns with deep and diverse memory hierarchies,improving the performance and optimising the execution ofreal-world applications become of fundamental importance.In high-performance computing environments, it is crucial todetermine which hardware resources represent the main exe-cution bottlenecks that limit the application performance,especially when deciding on the most adequate software opti-misation technique to be applied.In this process, simple butinsightful models are particularly useful, since they providethe means to quickly and easily assess the main characteris-tics of the architectures and the features of the applications.

To support this decision process, researchers from INESC-ID, Instituto Superior Técnico (IST), University of Lisbon,Aleksandar Ilic, and Leonel Sousa, together with Frederico

Pratas, PhD from IST, now with Imagination Technologies,proposed a set of fundamental Cache-aware Roofline models[1,2], which provide a simple and intuitive way of visuallyrepresenting the limits of parallel processing on contempo-rary multi-core processors. These Cache-aware Rooflinemodels evaluate how key micro-architectural aspects, suchas accessing different functional units or different memoryhierarchy levels, affect realistically achievable upper-boundsfor performance, power consumption and energy-efficiencyon a given multi-core architecture.

In 2017, a team of Intel software developers (led by ZakharMatveev, Roman Belenov and Philippe Thierry) successfullyintegrated the performance Cache-aware Roofline model asan official feature of Intel® Advisor, which is part of theParallel Studio XE suite (Intel’s main application develop-ment framework) [3,4]. Within Intel® Advisor, the process ofbuilding the roofline plots and in-depth application charac-

terisation are fully automated with respect to the hardwareplatform where the applications are executed. The supportfor a wide range of Intel devices is also provided, whichcovers all contemporary Intel CPU micro-architectures(from Nehalem to Skylake) up to massively parallelcoprocessors (e.g., Intel Xeon Phi Knights Landing).

A brief overview of the Cache-aware Roofline in Intel®AdvisorThe performance Cache-aware Roofline is plotted with the Xaxis as arithmetic intensity (measured in FLOPs/Byte) andthe Y axis as the performance in GFLOPs/Second, both inlogarithmic scale. Before collecting data from a specificapplication, the Intel® Advisor automatically runs a set ofquick benchmarks to measure the hardware limitations of theused processor, which it then plots as lines on the chart,called roofs (see Figure 1). The horizontal lines represent thenumber of floating point computations (of a given type) thatthe underlying hardware can perform in a given span of time.The diagonal lines are representative of how many bytes ofdata a given memory hierarchy level can deliver per second.

Each dot represents a loop or function in the program, and itsposition in the Roofline plot indicates performance and arith-metic intensity. The size and colour of the dots in Intel®Advisor’s Roofline chart indicate how much of the total pro-gram time a loop or function takes: small, green dots take uprelatively little time, so are likely not worth optimising; large,red dots take up the most time, so they are the best candidates

for optimisation, especially those with a large gap tothe topmost attainable roofs. In general, the further adot is from the topmost roofs, the more room forimprovement there is. For example, the Scalar AddPeak represents the maximum possible performancewithout taking advantage of vectorisation, as indi-cated by the next roof up being the Vector Add Peak.

Where can I get Intel® Advisor with Cache-aware Roofline?As stated in the Intel early access program: TheIntel Advisor offers a great step forward inmemory performance optimization with a newvivid Advisor “Roofline” bounds and bottlenecksanalysis. Cache-aware Roofline is currently a fea-ture of Intel® Advisor beginning officially with

version 2017 Update 2, which is part of the Parallel StudioXE suite (Cluster Edition and Professional Edition) [3].

References:

[1] A. Ilic, F. Pratas, and L. Sousa: “Cache-aware Rooflinemodel: Upgrading the loft,” IEEE Computer Architec-ture Letters, vol. 13, n. 1, pp. 21-24, 2014.

[2] A. Ilic, F. Pratas, and L. Sousa: “Beyond the Roofline:Cache-aware Power and Energy-Efficiency Modelingfor Multi-cores,” IEEE Transactions on Computers, vol.66, n. 1, pp. 52-58, 2017.

[3] Intel. (2017) Intel® Advisor Roofline.http://tiny.cc/1i82ly

Please contact:

Leonel Sousa and Aleksandar Ilic, INESC-ID, Portugalleonel.sousa@tecnico.ulisboa.pt,aleksandar.ilic@tecnico.ulisboa.pt

ERCIM NEWS 110 July 201740

Figure�1:�Cache-aware�Roofline�in�Intel®�Advisor.

ERCIM NEWS 110 July 2017

Lightweight Random

Indexing for Polylingual

Text Classification

by Alejandro Moreo Fernandez, Andrea Esuli and FabrizioSebastiani (ISTI-CNR)

Researchers from ISTI-CNR, Pisa (in a joint effort with

the Qatar Computing Research Institute), have

undertaken an effort aimed at producing more accurate

and more efficient means of performing poly-lingual

text classification, i.e., automatic text classification in

which classifying text in one language can also leverage

training data expressed in a different language.

Multilingual Text Classification (MLTC) is a text classifica-tion task in which documents are written each in one amonga set L of natural languages, and in which all documents mustbe classified under the same classification scheme, irrespec-tive of language. This scenario is moreand more frequent, given the large quan-tity of multilingual platforms and com-munities emerging on the Internet.

There are two main variants of MLTC,namely Cross-Lingual TextClassification (CLTC) and PolylingualText Classification (PLTC). In CLTC weassume that for one or more of the lan-guages in L there are no training docu-ments; the task thus consists of classi-fying the test documents expressed inthese languages by leveraging thetraining documents expressed in theother languages. In PLTC, which is thefocus of this work, we assume (differ-ently from CLTC) that for each lan-guage in L there is a representative set oftraining documents; PLTC consists ofimproving the accuracy of each of the|L| monolingual classifiers by also lever-aging the training documents written inthe other (|L|-1) languages. This task isreceiving increased attention in the text classification com-munity also due the new challenge it poses, i.e., how to effec-tively leverage polylingual resources in order to infer a mul-tilingual classifier and to improve the performance of amonolingual one.

The obvious solution, consisting of generating a singlepolylingual classifier from the juxtaposed monolingualvector spaces, is usually infeasible, since the dimensionalityof the resulting vector space is roughly |L| times that of amonolingual one, and is thus often unmanageable. As aresponse, the use of machine translation tools or multilingualdictionaries has been proposed. However, these resources arenot always available, or are not always free to use.

One machine-translation-free and dictionary-free methodthat had never been applied to PLTC before, is Random

Indexing (RI). RI is a context-counting model belonging tothe family of random projection methods, which produceslinear projections into a nearly-orthogonal reduced spacewhere the original distances between vectors are approxi-mately preserved. RI thus delivers semantically meaningfulrepresentations in a reduced space, and can be viewed as acheaper approximation of Latent Semantic Analysis. Wehave analysed RI in terms of space and time efficiency, andhave proposed as a result a particular configuration of it (thatwe have dubbed Lightweight Random Indexing -- LRI). LRIis designed so that the orthogonality of the projection base ismaximized, which causes sparsity to be preserved after theprojection (see Figure 1). The orthogonality of random indexvectors plays an important role for features that are sharedacross languages: if their corresponding random index vec-tors are orthogonal with respect to all the other vectors, theinformation they contribute to the process is maximized,instead of being diluted by other less informative features.

We have run experiments on two well-known public bench-marks, Reuters RCV1/RCV2 (a comparable corpus -- i.e.,documents are not direct translations of each other, but are

simply about similar topics) and JRC-Acquis (a parallel one -- i.e., each text is available in all languages thanks to theintervention of human translators); for both benchmarks, weaddressed five languages (English, Italian, Spanish, French,German). These experiments have shown LRI to outperform(both in terms of effectiveness and efficiency) a number ofpreviously proposed machine-translation-free and dic-tionary-free PLTC methods that we used as baselines,including other more classical instantiations of randomindexing.

Link:

http://http://jair.org/papers/paper5194.html

Please contact:

Fabrizio Sebastiani, ISTI-CNR, Italy +39 050 6212892, fabrizio.sebastiani@isti.cnr.it

41

Figure�1:�Variation�in�the�probability�of�orthogonality�of�two�random�index�vectors�as�a

function�the�number�of�non-zero�values�in�the�random�index�vector�and�its�dimensionality.

Real flight demonstration

of Monocular Image-Based

Aircraft Sense and Avoid

by Péter Bauer, Antal Hiba, Bálint Daróczy, Márk Melczer,Bálint Vanek (MTA SZTAKI)

The Institute for Computer Science and Control (SZTAKI)

of the Hungarian Academy of Sciences (MTA) continues

active research in the field of aircraft sense and avoid

since six years. The sense (see) and avoid capability is a

crucial ability in integrating unmanned aerial vehicles

(UAVs) into the national airspace. SZTAKI focuses on the

development of a monocular camera based on-board

system, which processes image data in real-time and

initiates collision avoidance if required. Capabilities of

the system are continuously tested in real flight

applying small UAVs testbeds.

Sense and avoid (S&A) capability is a crucial ability forfuture unmanned aerial vehicles (UAVs). It is vital to inte-grate civilian and governmental UAVs into the common air-space. At the highest level of integration, Airborne Sense andAvoid (ABSAA) systems are required to guarantee airspacesafety. In this field, the most critical question is the case ofnon-cooperative S&A for which usually complicated multi-sensor systems are developed. However, in case of smallUAVs the size, weight and power consumption of the

Research and Innovation

ERCIM NEWS 110 July 201742

onboard S&A system should be minimal. Monocular visionbased solutions can be cost and weight effective thereforeespecially good for small UAVs. These systems basicallymeasure the position (bearing) and size of intruder aircraft(A/C) from the camera image without range and intruder sizeinformation. This scale ambiguity makes the decision aboutthe possibility of mid-air collision (MAC) or near mid-aircollision (NMAC) complicated. However, [1] points out thatthe relative distance of an intruder from an own A/C (when itcrosses the camera focal plane), called closest point ofapproach (CPA), well characterizes the possibility of colli-sion.

The starting point of our research was to develop a relativelysmall onboard camera system, which can make all calcula-tions onboard and in real-time to decide about the possibilityof collision. The decision information can be sent to theautopilot of the aircraft to make an evasive maneuver ifrequired. The developed system equipped with two HD cam-eras and a Tegra TK1 GPU board can be seen in Figure 1. After constructing the hardware system, the goal of theoret-ical developments was to estimate the time to the closestpoint of approach (TTCPA – the time remaining until aircraftreach the closest point), closest point of approach (CPA), andthe direction of the intruder aircraft at CPA from a series ofmeasured parameters of the intruder image in the camera,such as size and position. CPA is understood as the ratio ofthe smallest intruder distance relative to the own aircraft andthe characteristic size of the intruder. As the absolute dis-tance cannot be estimated from monocular images becauseof the scale ambiguity of perspective projection, this relative

Figure�2:�Aircraft�photos�and

trajectories�plotted�over�the�airfield.

Figure�1:�The�onboard

vision�system.

ERCIM NEWS 110 July 2017 43

Use-cases Covered

by an Enhanced virtual

Research Environment

by Valerie Brasse (IS4RI and euroCRIS)

The purpose of virtual research environments (VREs) is

to support research stakeholders throughout the

research life-cycle. In order to describe the expectations

and requirements at each stage of the life-cycle, high-

level use-cases have been developed in the VRE4EIC

project, which has developed a Europe-wide

interoperable VRE to facilitate innovation and

collaboration between multidisciplinary research

communities.

The goal of a virtual research environment (VRE) system isto provide support at each stage of the research life-cycle.The computing requirements will vary depending on theexpected support, but commonalities can be identified.

Based on the first requirements collection in the VRE4EICproject, use-cases have been elaborated to express the pos-sible ways in which users interact with the system. Use-casesare useful as they provide:• Context to the requirements, expressing the requirements in

terms of a concrete objective that the user wants to realise,

ratio should be used to decide about the possibility of colli-sion. In practice, this relative CPA value is enough to decidebecause one can avoid any intruder coming closer than agiven multiple of its characteristic size. The details of thetheoretical developments can be found in [2].

After the theoretical developments and hardware-in-the-looptest runs, real flight demonstrations are done in a criticalUAV to UAV situation where the intruder aircraft (aircraft 2in Figure 2.) is a small (about 1m wingspan) one. This makesdetection and identification extremely difficult and decreasesthe time available to make a decision. The current state ofreal flight-testing is to make collision encounters with par-allel aircraft trajectories. In this case there is definitely apoint when the aircrafts are closest to each other. Several realflight tests have been conducted for these cases setting 15mor 30m distance between the trajectories. The 15m case is theNMAC where avoidance is required (and is shown by theblue trajectory in Figure 2.), the 30m is the clear case.Decision thresholds for TTCPA and CPA are set to distin-guish NMAC and clear situations. About 25 NMAC and 25clear flight runs have been done. Currently the system workswith homogeneous sky background with a success rate of 80-100% regarding avoidance in NMAC and a false alarm rateof 40-50% in the clear case. This latter means unrequiredavoidance when the intruder is far from us and that the tuningwas done focusing on safety. Ground-based and onboardvideo recordings of the flight tests can be seen on ourYoutube channel [L1].

The case of non-parallel trajectories requires a special designalgorithm, which guides the aircraft along the required tra-jectories to meet at the same point at the same time. This taskhas two challenges: first, the starting points of the aircraft areuncertain as they take-off under manual control, and theautopilot is started only later. Second the wind disturbanceshould be measured and the designed tracks correctedaccordingly. Currently successful hardware-in-the-loop(HIL) simulations are carried out resulting in collision trackswith and without wind. Video recordings of these experi-ences are shown on our Youtube channel [L1]. Illustrativenon-parallel trajectories are plotted in Figure 3 showingmanual take-off, wind measuring circles, designed trajecto-ries and the avoidance also based-on HIL simulation.

The future goal is to test the non-parallel collision trajecto-ries in real flight, which first requires the implementation ofsafe and guaranteed communication between the aircraft asthey have to exchange data (for example the autopilotstarting points and trajectory parameters).

Link:

[L1] http://yt.vu/c/UCQMpnOuOMCiodDKQw8_hf5A

References:

[1] S. D. B: “Reactive Image-based Collision AvoidanceSystem for Unmanned Aircraft Systems”, Master’s the-sis, Australian Research Centre for Aerospace Automa-tion, May 2011.

[2] P. Bauer, A. Hiba, J. Bokor: “Monocular Image-basedIntruder Direction Estimation at Closest Point ofApproach”, in Proc. of ICUAS’17, Miami, FL, USA,June 2017.

Please contact:

Peter Bauer, Senior Research Fellow, Project CoordinatorMTA SZTAKI, bauer.peter@sztaki.mta.hu

Figure�3:�Non-

parallel�collision

trajectory�design.�

Research and Innovation

ERCIM NEWS 110 July 201744

• Test scenarios for acceptance testing, i.e. a ‘black-box’view of the system, what the user inputs and requires asoutput, unaware of the system’s internal behaviour,

• Advocacy material to demonstrate to potential VRE usersand developers what the e-VRE is expected to do.

In our approach, use-cases have been expressed at two levelsof granularity:• Low level use-cases, which assemble requirements in a

coherent sequence,• High-level use-cases are expressed as an orchestration of

low level use-cases.

In the first wave of use-case elicitation (a second wave isexpected by the end of the project), 59 low level use-casesand 19 high-level use-cases have been identified anddescribed. For example, at the beginning of the research life-cycle, the first stages are ‘Ideas, Partners, Proposal writing’,where ideas come up and partners get together and write pro-posals to get funding on research projects. On their side,funding agencies set up work programmes and funding calls,and allocate funding to the selected proposals submitted bythe researchers.

The unique high-level use-case defined at this stage of theresearch lifecycle is named ‘Manage funding calls’. Theassociated actor is a ‘funding agency’, and the sequence ofsteps includes the suggestion to have the funding agenciespublish information about themselves and their fundingcalls, then the agencies should retrieve the submitted pro-posals. Finally, the use-case provides generic requirementsrelated to the e-VRE user interface.

The Research process part of the research lifecycle is itselfdivided into four stages:

The first stage called ‘Simulate, experiment, observe’ is cov-ered by four high-level use-cases, namely: ‘Create a dataset’,‘Create a dataset from an instrument’, ‘Manage an instru-ment’, and ‘Communicate’. These use-cases are related to thedata acquisition and the collaborative work done at this stage.

Still in the research process, the second stage deals with‘Managing data’. It is covered by five use-cases related to theuse and transformation of data, namely ‘Access services anddata from e-VRE’, ‘Manage data’, ‘Manage research proj-ects’, ‘Transform data’, and ‘Query data’.

The third step in the research process is called ‘Analysedata’. Five use-cases also cover it. They are ‘Access servicesand data from e-VRE’, ‘Annotate data’, ‘Compare datasets’,‘Process data’, and ‘Communicate’. They are related to theanalysis of data in context, and in a collaborative way.

The last step in the research process, and the last step in theresearch lifecycle, are about ‘Sharing data’ and the researchresults obtained from it, generally in the form of a scientific‘Publication’. Three use-cases cover this part: ‘Access serv-ices and data from e-VRE’, ‘Publish dataset’, and‘Communicate’.

Some of the use-cases, such as ‘Access services and datafrom e-VRE’ and ‘Communicate’, are recurrent, being used

at several stages. This highlights the main characteristics of aVRE as an enabler of services and data access, and commu-nication or collaboration amongst the research stakeholders.

As the project now goes into development, some of theseuse-cases will be implemented and available for acceptancetesting in a further phase, in the context of enhancing currentinfrastructures for them to become VREs.

The following documents are available on demand: • Y. Yin (ed.): “State-of-the-art and user requirements analy-

sis. Deliverable D2.1 of the VRE4EIC Project.• V. Brasse (ed.): “Use case report - First version. Deliver-

able D2.3 of the VRE4EIC Project. Both available on demand by the project coordinator (seehttp://www.vre4eic.eu).

The project is currently carrying out a use-cases survey,which is targeted at anyone interacting with research data. Itspurpose is to find out what researchers require in order tohelp them share and use data from multiple disciplines.Anyone involved in academic research activities can partici-pate in this survey, since they might (potentially) shareand/or use (open) research data. The results of this surveywill be used to develop and further specify the requirementsof the VRE developed in the VRE4EIC project, and will ben-efit future scientific research activities.

Links:

http://www.vre4eic.eu/Survey: https://www.vre4eic.eu/publications/news/113-vre4eic-online-survey-to-evaluate-use-cases-for-a-virtual-research-environment

Please contact:

Valerie Brasse, euroCRIS Executive for Projects, IS4RI Managing Partnervbrasse@is4ri.com

Figure�1:�The�use-cases�that�were�developed�for�the�target�e-VRE

platform�cover�the�full�research�lifecycle.

ElasTest: A Cloud-

based Platform for

Testing Large

Complex Distributed

Software Systems

The ElasTest project, with an € 5M of

EU funding under the Research and

Innovation Action from the Horizon

2020 program, kicked-off in January

2017. The goal of ElasTest is to increase

software quality by reducing the com-

plexity of testing large distributed soft-

ware systems in the Cloud. The project

is led by the Spanish University Rey

Juan Carlos (Prof. Francisco Gortázar)

and involves the Technische Universität

Berlin, the Consiglio Nazionale delle

ERCIM NEWS 110 July 2017 45

Events

Ricerche, the Zurich University of

Applied Sciences, the Fraunhofer

FOKUS, the IMDEA Software Institute

and the following industrial partners

Atos Spain, IBM, Naevatec, and

Relational.

The demand for larger and more inter-

connected software systems is con-

stantly increasing, but the ability of

developers to satisfy it is not evolving

accordingly. The most limiting factor is

the software validation, which typically

requires very costly and complex testing

processes to ensure the software is free

of errors and complies with require-

ments. The ElasTest project aims at

offering a flexible open source testing

platform for rapid and accurate end-to-

end testing that can significantly

improve the efficiency and effectiveness

of the testing process and the overall

quality of modern applications,

including web, mobile, real-time video

communications, and Internet-of-

Things.

The ElasTest cloud platform will be

released as Free Open Source Software

and has already started creating a

Community of users and contributors

who will help us in our endeavor for

transforming ElasTest into a worldwide

reference in the area of large software

systems testing and guaranteeing the

long term platform sustainability. To

join us visit our community website

http://elastest.io/

The CNR group, led by Antonia

Bertolino (ISTI-CNR, Pisa), will con-

tribute to the project with two important

missions: leading the continuous

research scouting in cloud testing and

coordinating the experimental valida-

tion. The quantitative project objectives

include reducing the time-to-market,

increasing the quality of the software

product, reducing the possibility of fail-

ures and improving the confidence and

satisfaction of both end users and devel-

opers.

More information:

http://elastest.eu/

http://www.isti.cnr.it/events/2017/ELA

STEST-Pressrelease.pdf

ERCIM NEWS 110 July 201746

Events

Call for Proposals

dagstuhl Seminars

and Perspectives

Workshops

Schloss Dagstuhl – Leibniz-Zentrum

für Informatik (LZI) is accepting

proposals for scientific seminars/

workshops in all areas of computer

science, in particular also in

connection with other fields.

If accepted the event will be hosted inthe seclusion of Dagstuhl’s well known,own, dedicated facilities in Wadern onthe western fringe of Germany.Moreover, the Dagstuhl office willassume most of the organisational/administrative work and the Dagstuhlscientific staff will support the organ-izers in preparing, running, and docu-menting the event. Due to subsidies thecosts are very low for participants.

Dagstuhl events are typically proposedby a group of three to four outstandingresearchers of different affiliations. Thisorganizer team should represent a rangeof research communities and reflectDagstuhl’s international orientation.More information, in particular detailsabout event form and setup as well as theproposal form and the proposing processcan be found on

http://www.dagstuhl.de/dsproposal.

Schloss Dagstuhl – Leibniz-Zentrum fürInformatik is funded by the German fed-eral and state government. It pursues amission of furthering world classresearch in computer science by facili-tating communication and interactionbetween researchers.

Important Dates• Proposal submission: October 15 to

November 1, 2017• Notification: End of January 2018• Seminar dates: Between mid 2018

and mid 2019.

IfIP TC6’s open

digital Library

and Conferences

by Harry Rudin

IFIP Networking 2017 took place inStockholm at KTH, the Swedish RoyalInstitute of Technology, from 12-17June. The conference’s aim was “Thefuture of networking: Defined by soft-ware, driven by data and designed forall” and consisted of workshops, regularlectures and poster sessions. As is ouraim in the IFIP Technical Committee 6(Communication Systems), the papersare published in our open DigitalLibrary, http://dl.ifip.org. There is noprinted version of the conference papers;the Digital Library serves as the confer-ence record and papers were made avail-able several days before the conferenceopening. Access is free to everyone.

The best paper award was made for apaper on achieving low latency and highthroughput for networks using a modi-fied Explicit Congestion Notification(ECN) scheme through the use of activequeue management (AQM). The title ofthe paper is “Alternative Backoff:Achieving Low Latency and HighThroughput with ECN and AQM” and iswritten by Naeem Khademi, GrenvilleArmitage, Michael Welzl, SebastianZander, Gorry Fairhurst and David Ros.

Nearly all of IFIP TC6’s conferences arepublished in the Digital Library; thereare nine of these at the moment. OtherIFIP conferences are also available viathe Digital Library; there are over 150 ofthese. Do have a look!

IFIP TC6’s Committee had their meetingalongside the conference. A change inthe chairmanship took place: Aiko Prasfrom the University of Twente, in TheNetherlands is followed by BurkhardStiller from the University of Zurich inSwitzerland.

Please contact:

Harry Rudinhrudin@sunrise.ch

Call for Participation

ACM NanoCom 2017

Washington DC, USA, September 27-29, 2017

The main goals of the 4th ACMInternational Conference on NanoscaleComputing and Communication (ACMNanoCom 2017), are to increase the vis-ibilty of this growing research area tothe wider computing and communica-tion research communities as well asbring together researchers from diversedisciplines that can foster and developnew paradigms for nanoscale devices.Due to the highly inter-disciplinarynature of this field of research, the con-ference aims to attract researchers andacademics from various areas of studysuch as electrical and electronic engi-neering, computer science, biology,chemistry, physics, mathematics, bio-engineering, biotechnology, materialsscience, nanotechnology, who have aninterest in computing and communica-tions at the nanoscale.

KeynotesThe following keynotes are presented: • “The Living Computing Project -

How Can I Make A Cell Compute?”by Douglas Densmore, Associate Pro-fessor of Electrical and ComputerEngineering, Director of Cross-disci-plinary Integration of DesignAutomation Research (CIDAR)Group, Boston University.

• “Redox: A Modality to Bridge Bio-logical and Electronic Communica-tion”by Gregory F. Payne, Professor ofBioengineering, Fischell Departmentof Bioengineering, University ofMaryland.

• “Graphene and Related Materials forPhotonics and Optoelectronics”by Andrea Ferrari, Professor of Nan-otechnology, Director of the Cam-bridge Graphene Centre; Director ofEPSRC Centre for Doctoral Trainingin Graphene Technology; Head of theNanomaterials and SpectroscopyGroup, University of Cambridge, UK:

More information: https://nanocom.acm.org/

In Brief

47ERCIM NEWS 110 July 2017

New ERCIM Board Members

Dieter Fellner, Director of the Fraunhofer Institute forComputer Graphics Research IGD and Professor ofComputer Science at TU Darmstadt replaces Matthias Jarke

on the ERCIMAISBL Board andthe ERCIM EEIGBoard of Directorsas representative ofFraunhofer-Institut.

Before DieterFellner took officein Darmstadt in2006, he has heldacademic positions

at the Graz University of Technology, the University ofTechnology in Braunschweig, the University of Bonn, theMemorial University of Newfoundland, and the Universityof Denver, Colorado. He is still affiliated with the GrazUniversity of Technology where he chairs the Institute ofComputer Graphics and Knowledge Visualization hefounded in 2005. Dieter Fellner is also CEO of theFraunhofer Austria Research GmbH since November 2008.Since January 2016, Dieter W. Fellner serves as chairman ofthe Fraunhofer ICT Group and as member of the FraunhoferPresidential Council.

Dimitris Plexousakis, Director of FORTH - ICS andProfessor of Computer Science, University of Crete,succeeds ConstantineStehpanidis on the ERCIMEEIG Board of Directors.

Dimitris Plexousakis is aProfessor and former Chair ofthe Department of ComputerScience, University of Creteand a Researcher at theInstitute of ComputerScience, FORTH in Greece.He is heading the InformationSystems Laboratory ofFORTH-ICS. In 2017 he tookoffice as Director of FORTH-ICS. Dimitris has served asrepresentative of FORTH-ICS on the ERCIM AISBL aschair of the ERCIM Science Task Group since 2012.

We would like to express the warmest thanks to MatthiasJarke and Constantine Stephanidis for their leadership, andtheir enthusiastic participation and active contributions overmany years.

New 3d fleX-ray Lab at CWI

In May, demissionary Secretary of State of the NetherlandsSander Dekker opened the ‘FleX-ray Lab’ at CWI. With thenew state-of-the-art CT scanner of this lab, it will be for thefirst time possible to look inside objects in 3D during thescanning process, and to adjust or zoom in while scanning.Thanks to realtime data processing and adjustment thescanner is able to retrieve more useful information from thescans – faster, with less harmful X-ray dose and in colour –than with current technologies. The new techniques can beused for medical imaging, quality control in the foodindustry and, for instance, for the restauration of antiquemasterpieces. The scanner has been developed in collabora-tion with X Ray Engineering (a spin-off of Ghent

University), research institute Nikhef and its spin-off ASI.The lab is supervised by Joost Batenburg, group leader of theComputational Imaging group at CWI, internationallyleading in the area of new mathematical image reconstruc-tion techniques. CWI will make the research data and real-time software available as open source. See:https://www.cwi.nl/research/groups/computational-imaging

The�opening�of�the�FleX-ray�Lab.�F.l.t.r:�Denis�van�Loo�(XRE),

Sophia�Coban�(CWI),�Hans�Roeland�Poolman�(ASI),�Secretary�of

State�Sander�Dekker,�Joost�Batenburg�(CWI),�Els�Koffeman

(Nikhef),�Jos�Baeten�(CWI),�and�Peter�van�Laarhoven�(CWI).�

18.8 Million Euro

for Quantum Software Research

The Ministry for Education, Culture and Science in theNetherlands has awarded a Gravitation grant for large-scaleresearch on quantum software in May. The grant of 18.8 mil-lion euro unites researchers from QuSoft, CWI, LeidenUniversity, QuTech, TU Delft, UvA and the VU in pursuingstate of the art research programmes in this new field. Itallows the consortium to pioneer quantum software for, forinstance, small quantum computers and a quantum internet.It will develop protocols for quantum communication, andfor a new type of quantum-secure cryptography. Thesemethods can be tested on quantum hardware that is devel-oped in parallel in Delft and Leiden, and a quantum networkbetween Amsterdam, Delft, Leiden and The Hague.

ERCIM is the European Host of the World Wide Web Consortium.

Institut National de Recherche en Informatique et en AutomatiqueB.P. 105, F-78153 Le Chesnay, Francehttp://www.inria.fr/

VTT Technical Research Centre of Finland LtdPO Box 1000FIN-02044 VTT, Finlandhttp://www.vttresearch.com

SBA Research gGmbHFavoritenstraße 16, 1040 Wienhttp://www.sba-research.org/

Norwegian University of Science and Technology Faculty of Information Technology, Mathematics and Electri-cal Engineering, N 7491 Trondheim, Norwayhttp://www.ntnu.no/

Universty of WarsawFaculty of Mathematics, Informatics and MechanicsBanacha 2, 02-097 Warsaw, Polandhttp://www.mimuw.edu.pl/

Consiglio Nazionale delle RicercheArea della Ricerca CNR di PisaVia G. Moruzzi 1, 56124 Pisa, Italyhttp://www.iit.cnr.it/

Centrum Wiskunde & InformaticaScience Park 123, NL-1098 XG Amsterdam, The Netherlandshttp://www.cwi.nl/

Foundation for Research and Technology – HellasInstitute of Computer ScienceP.O. Box 1385, GR-71110 Heraklion, Crete, Greecehttp://www.ics.forth.gr/FORTH

Fonds National de la Recherche6, rue Antoine de Saint-Exupéry, B.P. 1777L-1017 Luxembourg-Kirchberghttp://www.fnr.lu/

Fraunhofer ICT GroupAnna-Louisa-Karsch-Str. 210178 Berlin, Germanyhttp://www.iuk.fraunhofer.de/

SICS Swedish ICTBox 1263, SE-164 29 Kista, Swedenhttp://www.sics.se/

Magyar Tudományos AkadémiaSzámítástechnikai és Automatizálási Kutató IntézetP.O. Box 63, H-1518 Budapest, Hungaryhttp://www.sztaki.hu/

University of CyprusP.O. Box 205371678 Nicosia, Cyprushttp://www.cs.ucy.ac.cy/

Subscribe to ERCIM News and order back copies at http://ercim-news.ercim.eu/

ERCIM – the European Research Consortium for Informatics and Mathematics is an organisa-

tion dedicated to the advancement of European research and development in information tech-

nology and applied mathematics. Its member institutions aim to foster collaborative work with-

in the European research community and to increase co-operation with European industry.

INESCc/o INESC Porto, Campus da FEUP, Rua Dr. Roberto Frias, nº 378,4200-465 Porto, Portugal

I.S.I. – Industrial Systems InstitutePatras Science Park buildingPlatani, Patras, Greece, GR-26504 http://www.isi.gr/

Special Theme: Blockchain Engineering