When Contracts Meets Crypto: Exploring Developers' Struggles with Ethereum Cryptographic APIs
CoRR(2023)
摘要
To empower smart contracts with the promising capabilities of cryptography,
Ethereum officially introduced a set of cryptographic APIs that facilitate
basic cryptographic operations within smart contracts, such as elliptic curve
operations. However, since developers are not necessarily cryptography experts,
requiring them to directly interact with these basic APIs has caused real-world
security issues and potential usability challenges. To guide future research
and solutions to these challenges, we conduct the first empirical study on
Ethereum cryptographic practices. Through the analysis of 91,484,856 Ethereum
transactions, 500 crypto-related contracts, and 483 StackExchange posts, we
provide the first in-depth look at cryptographic tasks developers need to
accomplish and identify five categories of obstacles they encounter.
Furthermore, we conduct an online survey with 78 smart contract practitioners
to explore their perspectives on these obstacles and elicit the underlying
reasons. We find that more than half of practitioners face more challenges in
cryptographic tasks compared to general business logic in smart contracts.
Their feedback highlights the gap between low-level cryptographic APIs and
high-level tasks they need to accomplish, emphasizing the need for improved
cryptographic APIs, task-based templates, and effective assistance tools. Based
on these findings, we provide practical implications for further improvements
and outline future research directions.
更多查看译文
AI 理解论文
溯源树
样例
生成溯源树,研究论文发展脉络
Chat Paper
正在生成论文摘要