Teaching

• Winter '23-'24: 048888 (New: Also 236668) Blockchain and Cryptocurrencies. Tuesday 10:30-12:30, Taub 4. [info] [Moodle]
  (Previous: Winter '18-'19, Spring '21, Spring '22, Spring '23)
• Winter '23-'24: 046280 Principles and Tools for Computer Security. Thursday 10:30-12:30, location TBA.
  (Previous: Spring '20, Winter '20-'21, '21-'22, '22-'23)
• Spring '23: 046209 Operating Systems. [Moodle]
  (Previous: Spring '18, Spring '19, Spring '20, Spring '21, Spring '22)
• Seminar on blockchain and cryptocurrencies (Winter '17-'18, Winter '19-'20)
• CS5437 (Cornell) Principals and Practice of Cryptocurrencies (Spring '16)

Students

• Michael Mirkin (PhD)
• Roi Bar-Zur (PhD, with Aviv Tamar)
• Marwa Mouallem (MSc)

Alumni

• Matan Yechieli (MSc, 2023)
• Itay Tsabary (PhD, 2022 → StarkWare)
• Yael Doweck (MSc, 2020 → StarkWare)
• Alex Manuskin (MSc, 2020 → ZenGo)
• Oded Naor (MSc, 2019 → PhD)
• Uri Kirstein (UG Project, 2020 → Certora)

Research

Publications in Google Scholar and DBLP.

Selected projects:

Authentication

Human-machine authentication, the binding of a principal to a digital identity, stands at the basis of security analysis and design and its various aspects are actively studied. Nonetheless, authentication in large-scale systems and in decentralized systems presents challenges that are, to the best of our knowledge, not addressed or even defined by previous work.
[ Avalanche Summit II]

Wallet Design We define the faults keys suffer (loss, leak, theft), formulate cryptocurrency wallets as monotone boolean functions, and search for optimal wallets. We use exhaustive search where possible and heuristic approaches otherwise, revealing surprising behavior.
[post] [Tokenomics'21]
Wallet designer app: Find optimal wallet and deploy directly with Metamask. (First place in the 2022 IC3 Blockchain Camp hackathon) [Ethereum Wallet Designer]

Interactive Authentication Interactive authentication mechanisms offer superior security compared to one-shot methods, with provable bounds and maximal mechanisms improving widely-used systems.
With Deepak Maram and Mahimna Kelkar. [tech report '23]

Blockchain Incentives

The security of blockchain protocols relies critically on incentives, generated as tokens within the system. This allows them to achieve unprecedented guarantees, but opens up questions on security, mechanism design, and performance.

WeRLman: To Tackle Whale (Transactions), Go Deep (RL) Blockchain consensus is sensitive to reward variance due to fees, not only to reward value. Using deep reinforcement learning to explore the large state space induced due to fees.
With Roi Bar-Zur, Ameer Abu-Hanna, and Aviv Tamar. [post] [tech report '22] [IEEE S&P'23] [ Roi @ IEEE S&P'23]

Mutual Assured Destruction HTLC (MAD-HTLC) A new attack threatens the common HTLC primitive that secures various smart contracts including payment channels. A novel alternative utilizes Mutual Assured Destruction (MAD-HTLC) to align participant incentives, utilizing miners as first-class participants.
With Itay Tsabary, Matan Yehieli and Alex Manuskin. [post] [IEEE S&P'21] [ Itay @ IBRD'21]

Blockchain Denial of Service (BDoS) First blockchain DoS by a minority attacker (actually much smaller) – by manipulating incentives.
With Michael Mirkin, Yan Ji, Jonathan Pang, Ariah Klages-Mundt, and Ari Juels. [post] [CCS'20] [ Michael @ CCS'20]

Random-Termination Markov Decision Process Efficient MDP analysis of selfish mining strategies by introducing a random-termination edge, resulting in a linear target function. New bound for Ethereum security.
With Roi Bar-Zur and Aviv Tamar. [AFT'20] [ Roi @ AFT'20]

The Gap Game When a blockchain's minting rate is not large enough, miners switch to intermittent mining sooner rather than later.
With Itay Tsabary. [CCS'18] [ Itay @ CCS'18]

Selfish Mining The security threshold for Nakamoto's blockchain is lower than previously thought, as minority miners are incentivized to deviate from the protocol.
With Emin Gun Sirer [HD post '13] [DT post '20] [FC'14] [CACM'18]

Blockchain Performance

Proof of Work and similar mechanisms overcome Sybil attacks in open decentralized systems, but introduce new trade-offs. The interaction of second-tier protocols with an underlying blockchain poses novel challenges.

Teechain Payment channels and chains of channels with asynchronous blockchain access using Trusted Execution Environments (Intel SGX).
With Joshua Lind, Oded Naor, Florian Kelbert, Emin Gün Sirer, and Peter Pietzuch. [SOSP'19] [ Josh @ SOSP'19]

Ostraka High-throughput blockchain by scaling up: securely parallelizing a Bitcoin node.
With Alex Manuskin and Michael Mirkin. [IEEE S&B'20] [ Alex @ Binary District 2018]

Bitcoin-NG High-throughput blockchain with low first-confirmation latency by separating leader election from block proposal.
With Adem Efe Gencer, Emin Gün Sirer, and Robbert Van Renesse. [NSDI'16]

Proof of Work Sustainability

Proof of Work overcomes Sybil resistance in an open decentralized system but comes at a significant cost in terms of ecological impact. Can similar security be achieved with a reduced footprint?

HEB: Hybrid-Expenditure Blockchains Reducing external (physical) PoW expenditure while keeping security against rational attackers. We achieve this while keeping the system decentralized by incentivizing miners to expend tokens on-chain.
With Itay Tsabary and Alexander Spiegelman. [arXiv]

REM: Resource-Efficient Mining Using personally-useful work for Proof of Work, enforced by a 2-level hierarchy of TEE enclaves.
With Fan Zhang, Robert Escriva, Ari Juels, and Robbert van Renesse. [USENIX-SECURITY'17] [ Fan @ USENIX-SECURITY'17]