To empower smart contracts with the promising capabilities of cryptography, Ethereum officially introduced a set of cryptographic APIs that facilitate basic cryptographic operations within smart contracts, such as elliptic curve operations. However, since developers are not necessarily cryptography experts, requiring them to directly interact with these basic APIs has caused real-world security issues and potential usability challenges. To guide future research and solutions to these challenges, we conduct the first empirical study on Ethereum cryptographic practices. Through the analysis of 91,484,856 Ethereum transactions, 500 crypto-related contracts, and 483 StackExchange posts, we provide the first in-depth look at cryptographic tasks developers need to accomplish and identify five categories of obstacles they encounter. Furthermore, we conduct an online survey with 78 smart contract practitioners to explore their perspectives on these obstacles and elicit the underlying reasons. We find that more than half of practitioners face more challenges in cryptographic tasks compared to general business logic in smart contracts. Their feedback highlights the gap between low-level cryptographic APIs and high-level tasks they need to accomplish, emphasizing the need for improved cryptographic APIs, task-based templates, and effective assistance tools. Based on these findings, we provide practical implications for further improvements and outline future research directions.

翻译：为赋予智能合约密码学的强大能力，以太坊官方引入了一套加密API，用于支持智能合约内的基础密码学操作（如椭圆曲线运算）。然而，由于开发者未必是密码学专家，要求他们直接使用这些基础API已引发现实世界中的安全问题和潜在可用性挑战。为引导未来相关研究与解决方案，我们开展了首个关于以太坊密码学实践的实证研究。通过分析91,484,856笔以太坊交易、500个与密码学相关的合约及483个StackExchange帖子，我们首次深入剖析了开发者需完成的密码学任务，并识别出他们遇到的五类障碍。此外，我们面向78位智能合约从业者开展在线调查，以探究他们对这些障碍的看法并挖掘潜在原因。研究发现，超过半数的从业者在密码学任务中面临的挑战多于智能合约通用业务逻辑。他们的反馈揭示了底层加密API与所需高层任务之间的鸿沟，凸显了改进加密API、开发基于任务的模板及有效辅助工具的必要性。基于这些发现，我们提出了改进建议并展望了未来研究方向。