research | Suhyeon Lee

2025

180 Days After EIP-4844: Will Blob Sharing Solve Dilemma for Small Rollups?

Suhyeon Lee

In ICDCS 2025 Workshop - The 5th International Workshop on Distributed Infrastructure for Common Good (DICG), Jul 2025

Abs HTML PDF

The introduction of blobs through EIP-4844 has significantly reduced the Data Availability (DA) costs for rollups on Ethereum. However, due to the fixed size of blobs at 128 KB, rollups with low data throughput face a dilemma: they either use blobs inefficiently or decrease the frequency of DA submissions. Blob sharing, where multiple rollups share a single blob, has been proposed as a solution to this problem. This paper examines the effectiveness of blob sharing based on real-world data collected approximately six months after the implementation of EIP-4844. By simulating cost changes using a simple blob sharing format, we demonstrate that blob sharing can substantially improve the costs and DA service quality for small rollups, effectively resolving their dilemma. Notably, we observed cost reductions in USD exceeding 85% for most of the rollups when they cooperate, attributable to the smoothing effect of the blob base fee achieved through blob sharing.
Commit-Reveal²: Randomized Reveal Order Mitigates Last-Revealer Attacks in Commit-Reveal

Suhyeon Lee, and Euisin Gee

In ICBC 2025 - IEEE International Conference on Blockchain and Cryptocurrency, Jun 2025

Abs HTML PDF

Randomness generation is a fundamental component in blockchain systems, essential for tasks such as validator selection, zero-knowledge proofs, and decentralized finance operations. Traditional Commit-Reveal mechanisms provide simplicity and security but are susceptible to last revealer attacks, where an adversary can manipulate the random outcome by withholding their reveal. To address this vulnerability, we propose the Commit-Reveal2 protocol, which employs a two-layer Commit-Reveal process to randomize the reveal order and mitigate the risk of such attacks. Additionally, we introduces a method to leverage off-chain networks to optimize communication costs and enhance efficiency. We implement a prototype of the proposed mechanism and publicly release the code to facilitate practical adoption and further research.
Hollow Victory: How Malicious Proposers Exploit Validator Incentives in Optimistic Rollup Dispute Games

Suhyeon Lee

In FC 2025 Workshop - The 9th Workshop on Trusted Smart Contracts (WTSC), Apr 2025

Abs HTML PDF

Blockchain systems, such as Ethereum, are increasingly adopting layer-2 scaling solutions to improve transaction throughput and reduce fees. One popular layer-2 approach is the Optimistic Rollup, which relies on a mechanism known as a dispute game for block proposals. In these systems, validators can challenge blocks that they believe contain errors, and a successful challenge results in the transfer of a portion of the proposer’s deposit as a reward. In this paper, we reveal a structural vulnerability in the mechanism: validators may not be awarded a proper profit despite winning a dispute challenge. We develop a formal game-theoretic model of the dispute game and analyze several scenarios, including cases where the proposer controls some validators and cases where a secondary auction mechanism is deployed to induce additional participation. Our analysis demonstrates that under current designs, the competitive pressure from validators may be insufficient to deter malicious behavior. We find that increased validator competition, paradoxically driven by higher rewards or participation, can allow a malicious proposer to significantly lower their net loss by capturing value through mechanisms like auctions. To address this, we propose countermeasures such as an escrowed reward mechanism and a commit-reveal protocol. Our findings provide critical insights into enhancing the economic security of layer-2 scaling solutions in blockchain networks.

2024

A Tip for IOTA Privacy: IOTA Light Node Deanonymization via Tip Selection

Hojung Lee, Suhyeon Lee, and Seungjoo Kim

In ICBC 2024 - IEEE International Conference on Blockchain and Cryptocurrency, Apr 2024

Abs HTML PDF

IOTA is a distributed ledger technology that uses a Directed Acyclic Graph (DAG) structure called the Tangle. It is known for its efficiency and is widely used in the Internet of Things (IoT) environment. Tangle can be configured by utilizing the tip selection process. Due to performance issues with light nodes, full nodes are being asked to perform the tip selections of light nodes. However, in this paper, we demonstrate that tip selection can be exploited to compromise users’ privacy. An adversary full node can associate a transaction with the identity of a light node by comparing the light node’s request with its ledger. We show that these types of attacks are not only viable in the current IOTA environment but also in IOTA 2.0 and the privacy improvement being studied. We also provide solutions to mitigate these attacks and propose ways to enhance anonymity in the IOTA network while maintaining efficiency and scalability.

2023

Shorting attack: Predatory, destructive short selling on Proof-of-Stake cryptocurrencies

Suhyeon Lee, and Seungjoo Kim

Concurrency and Computation: Practice and Experience, Apr 2023

Abs Bib PDF

Summary Bitcoin introduced blockchain which is the transparent and decentralized way of recording the lists of digital currency transactions. Bitcoin’s blockchain uses Proof-of-Work as a Sybil control mechanism. However, PoW wastes energy since it uses hash computing competitions to find a block. Hence, various alternative mechanisms have been proposed. Among them, Proof-of-Stake, which is based on the deposit, has been spotlighted. As opposed to Proof-of-Work, Proof-of-Stake requires nodes to have a certain amount of tokens (stake) in order to qualify to validate blocks. The “one-sentence philosophy” of proof of stake is not “security comes from burning energy,” but rather “security comes from putting up economic value-at-loss.” In this article, contrary to popular belief, we point out that this value-at-loss can be hedged by short selling or other financial products. We propose a “shorting attack,” which makes a profit by massive short selling and sabotage to a Proof-of-Stake-based cryptocurrency. The shorting attack implies that the security of Proof-of-Stake-based cryptocurrency can be vulnerable by a low stake ratio.
@article{shorting, author = {Lee, Suhyeon and Kim, Seungjoo}, title = {Shorting attack: Predatory, destructive short selling on Proof-of-Stake cryptocurrencies}, journal = {Concurrency and Computation: Practice and Experience}, volume = {35}, number = {16}, pages = {e6585}, keywords = {blockchain, Proof-of-Stake, security, short selling}, doi = {10.1002/cpe.6585}, year = {2023}, }
Rethinking selfish mining under pooled mining

Suhyeon Lee, and Seungjoo Kim

ICT Express, Apr 2023

Abs Bib HTML PDF

Bitcoin’s core security requires honest participants to control at least 51% of the total hash power. However, it has been shown that several techniques can exploit the fair mining in the Bitcoin network. This study focuses on selfish mining, which is based on the idea, ”keeping blocks secret.” Herein, we analyze selfish mining regarding competition between mining pools. We emphasize that mining-related information is shared between mining pools and participants. Based on shared information about selfish mining, we have developed an effective and practical counter strategy.
@article{LEE2023356, title = {Rethinking selfish mining under pooled mining}, journal = {ICT Express}, volume = {9}, number = {3}, pages = {356-361}, year = {2023}, issn = {2405-9595}, doi = {10.1016/j.icte.2022.03.003}, author = {Lee, Suhyeon and Kim, Seungjoo}, keywords = {Blockchain, Mining pool, Security analysis, Selfish mining, Proof-of-Work}, }

2022

Block Double-Submission Attack: Block Withholding Can Be Self-Destructive

Suhyeon Lee, Donghwan Lee, and Seungjoo Kim

In AFT 2022 - ACM Conference on Advances in Financial Technologies, Apr 2022

Abs Bib HTML PDF

Proof-of-Work (PoW) is a Sybil control mechanism adopted in blockchain-based cryptocurrencies. It prevents the attempt of malicious actors to manipulate distributed ledgers. Bitcoin has successfully suppressed double-spending by accepting the longest PoW chain. Nevertheless, PoW encountered several major security issues surrounding mining competition. One of them is a Block WithHolding (BWH) attack that can exploit a widespread and cooperative environment called a mining pool. This attack takes advantage of untrustworthy relationships between mining pools and participating agents. Moreover, detecting or responding to attacks is challenging due to the nature of mining pools. In this paper, however, we suggest that BWH attacks also have a comparable trust problem. Because a BWH attacker cannot have complete control over BWH agents, they can betray the belonging mining pool and seek further benefits by trading with victims. We prove that this betrayal is not only valid in all attack parameters but also provides double benefits; finally, it is the best strategy for BWH agents. Furthermore, our study implies that BWH attacks may encounter self-destruction of their own revenue, contrary to their intention.
@inproceedings{lee2022block, author = {Lee, Suhyeon and Lee, Donghwan and Kim, Seungjoo}, title = {Block Double-Submission Attack: Block Withholding Can Be Self-Destructive}, year = {2022}, isbn = {9781450398619}, publisher = {Association for Computing Machinery}, address = {New York, NY, USA}, doi = {10.1145/3558535.3559787}, booktitle = {AFT 2022 - ACM Conference on Advances in Financial Technologies}, pages = {232–243}, numpages = {12}, keywords = {blockchain, proof-of-work, block double-submission attack, block withholding attack, game theoretic analysis}, location = {Cambridge, MA, USA}, series = {AFT '22}, }
Do You Really Need to Disguise Normal Servers as Honeypots?

Suhyeon Lee, Kwangsoo Cho, and Seungjoo Kim

In MILCOM 2022 - IEEE Military Communications Conference, Nov 2022

Abs Bib PDF

A honeypot, which is a kind of deception strategy, has been widely used for at least 20 years to mitigate cyber threats. Decision-makers have believed that honeypot strategies are intuitive and effective, since honeypots have successfully protected systems from Denial-of-Service (DoS) attacks to Advanced Persistent Threats (APT) in real-world cases. Nonetheless, there is a lack of research on the appropriate level of honeypot technique application to choose real-world operations. We examine and contrast three attack-defense games with respect to honeypot detection techniques in this paper. In particular, we specifically design and contrast two stages of honeypot technology one by one, starting with a game without deception. We demonstrate that the return for a defender using honeypots is higher than for a defender without them, albeit the defender may not always benefit financially from using more honeypot deception strategies. Particularly, disguising regular servers as honeypots does not provide defenders with a better reward. Furthermore, we take in consideration that fake honeypots can make maintaining normal nodes more costly. Our research offers a theoretical foundation for the real-world operator’s decision of honeypot deception tactics and the required number of honeypot nodes.
@inproceedings{10017586, author = {Lee, Suhyeon and Cho, Kwangsoo and Kim, Seungjoo}, booktitle = {MILCOM 2022 - IEEE Military Communications Conference}, title = {Do You Really Need to Disguise Normal Servers as Honeypots?}, year = {2022}, volume = {}, number = {}, pages = {166-172}, keywords = {}, doi = {10.1109/MILCOM55135.2022.10017586}, issn = {2155-7586}, month = nov }
Blockchain as a Cyber Defense: Opportunities, Applications, and Challenges

Suhyeon Lee, and Seungjoo Kim

IEEE Access, 2022

Abs Bib HTML PDF

Targets of cyber crime are not exclusive to the private sector. Successful cyber attacks on nation-states have proved that cyber threats can jeopardize significant national interests. In response, nation-states have begun to handle cyber threats at the national defense level, which is titled ‘cyber defense.’ The cyber defense sector is related to national security, therefore requires robust security technology. Contrary to normal systems, blockchain provides strong security properties without a centralized control entity, and as such its application in the cyber defense field is under the spotlight. In this paper, we present opportunities blockchain provides for cyber defense, research and national projects, and limitations. We constructed a survey of government documents, interviews, related news, technical reports, and research papers from 2016 to 2021. As a result, our research contributes to reducing the gap in blockchain for cyber defense by systematically conducting research and analysis. In our research, we found that not only research but also government-led plans are actively promoting blockchain, which demonstrates that blockchain will play a remarkable role in cyber defense. This paper concludes with suggestions for future research in aspects of the blockchain technology, evaluation, and survey.
@article{9654201, author = {Lee, Suhyeon and Kim, Seungjoo}, journal = {IEEE Access}, title = {Blockchain as a Cyber Defense: Opportunities, Applications, and Challenges}, year = {2022}, volume = {10}, number = {}, pages = {2602-2618}, keywords = {}, doi = {10.1109/ACCESS.2021.3136328}, issn = {2169-3536}, month = {} }

2020

Proof-of-Stake at Stake: Predatory, Destructive Attack on PoS Cryptocurrencies

Suhyeon Lee, and Seungjoo Kim

In ACM Mobicom 2020 Workshop - Cryblock, 2020

Abs Bib PDF

There have been several 51% attacks on Proof-of-Work (PoW) blockchains recently, including Verge and GameCredits, but the most noteworthy has been the attack that saw hackers make off with up to $18 million after a successful double-spend was executed on the Bitcoin Gold network. For this reason, the Proof-of-Stake (PoS) algorithm, which already has advantages of energy efficiency and throughput, is attracting attention as an alternative to the PoW algorithm. With a PoS, the attacker needs to obtain 51% of the cryptocurrency to carry out a 51% attack. But unlike PoW, the attacker in a PoS system is highly discouraged from launching a 51% attack because he would have to risk losing his entire stake amount to do so. Moreover, even if a 51% attack succeeds, the value of PoS-based cryptocurrency will fall, and the attacker with the most stake will eventually lose the most. In this paper, we propose a predatory, destructive attack on PoS cryptocurrencies. The attacker destroys the PoS cryptocurrency system. Then, using the significant depreciation of cryptocurrency, our method can make a profit from a 51% attack on the PoS cryptocurrencies using the traditional stock market’s short selling (or shorting) concept. Our findings are an example to show that the conventional myth that "a destructive attack that destroys the blockchain ecosystem totally will not occur because it is fundamentally unprofitable to the attacker itself" may be wrong.
@inproceedings{10.1145/3410699.3413791, author = {Lee, Suhyeon and Kim, Seungjoo}, title = {Proof-of-Stake at Stake: Predatory, Destructive Attack on PoS Cryptocurrencies}, year = {2020}, isbn = {9781450380799}, publisher = {Association for Computing Machinery}, address = {New York, NY, USA}, doi = {10.1145/3410699.3413791}, booktitle = {ACM Mobicom 2020 Workshop - Cryblock}, pages = {7–11}, numpages = {5}, keywords = {cryptocurrency, security, 51\% attack, ethereum, blockchain, short selling, proof-of-stake, shorting}, location = {London, United Kingdom}, series = {CryBlock '20}, }

2019

Ransomware protection using the moving target defense perspective

Suhyeon Lee, Huy Kang Kim, and Kyounggon Kim

Computers & Electrical Engineering, 2019

Abs Bib PDF

Ransomware has become the most dangerous threat today because of its unique and destructive characteristics. Ransomware encrypts the victim’s important files and then requires money to decrypt them. Ransomware has become among the most preferred measures for cybercriminals to earn money. Moreover, the technology for producing ransomware continues to evolve; as a result, it has becomes more difficult to defend. In this study, we analyze major ransomware including WannaCry and propose a method to protect valuable files from existing ransomware. To this end, the moving target defense method is applied by randomly changing the file extensions that ransomware attempts to encrypt. We show that our proposed method can successfully protect files from ransomware. Finally, we present the proposed method which can be reasonably used without performance degradation.
@article{LEE2019288, title = {Ransomware protection using the moving target defense perspective}, journal = {Computers & Electrical Engineering}, volume = {78}, pages = {288-299}, year = {2019}, issn = {0045-7906}, author = {Lee, Suhyeon and Kim, Huy Kang and Kim, Kyounggon}, keywords = {Ransomware, Malware, Moving target defense, File extension, Randomization}, doi = {10.1016/j.compeleceng.2019.07.014}, }
Countering Block Withholding Attack Efficiently

Suhyeon Lee, and Seungjoo Kim

In IEEE INFOCOM 2019 Workshop - Cryblock, Apr 2019

Abs Bib PDF

Bitcoin, well-known cryptocurrency, selected Poof-of-Work (PoW) for its security. PoW mechanism incentivizes participants and deters attacks on the network. So far, Bitcoin’s PoW has been adopted in many cryptocurrencies. Researchers found, however, some vulnerabilities in PoW such as selfish mining, block withholding attack, and so on. Especially, after Rosenfeld suggested block withholding attack and Eyal made this attack practical, many variants and countermeasures have been proposed. However, most of countermeasures cause many changes in the mining algorithm itself, which makes it impractical. In this paper, we propose new countermeasure to prevent block withholding attack effectively. Mining pools can adapt our method without changing their mining environment.
@inproceedings{8845116, author = {Lee, Suhyeon and Kim, Seungjoo}, booktitle = {IEEE INFOCOM 2019 Workshop - Cryblock}, title = {Countering Block Withholding Attack Efficiently}, year = {2019}, volume = {}, number = {}, pages = {330-335}, keywords = {}, doi = {10.1109/INFCOMW.2019.8845116}, issn = {}, month = apr, }