IC3: Advancing the science and applications of blockchains

Latest on Blog

by James Austgen, Andrés Fábrega, Sarah Allen, Kushal Babel, Mahimna Kelkar, and Ari Juels on January 16, 2024
Decentralized Autonomous Organizations (DAOs) are increasingly popular, and already managing many billions of dollars in treasuries. Their decentralized governance is a transformative new way of organizing communities. But as they grow, DAOs will face a new and potent threat to their decentralization - Dark DAOs. A Dark DAO is a private smart contract that targets a legitimate DAO, attacking its voting integrity by enabling vote-buying among its users. First considered in 2018, Dark DAOs haven’t yet appeared in the wild — but only because DAOs are not very decentralized today. As DAOs continue on a path to higher decentralization, Dark DAOs will inevitably surface. Vote-buying may be illegal in political elections, but in DAOs it’s probably legal. It’s legal in shareholder voting and there’s even a marketplace to facilitate it. Vote-buying in DAOs would follow the trend in Web3 of monetizing everything from people’s friends to maximal-extractable value (MEV).
by James Austgen, Andrés Fábrega, Sarah Allen, Kushal Babel, Mahimna Kelkar, and Ari Juels on December 04, 2023
Decentralized Autonomous Organizations, or DAOs, promise to revolutionize the ways that communities collaborate. The ‘D’ in DAO — the decentralization — is the critical ingredient. But the way most people in the Web3 community reason about DAO decentralization today is flawed. It fails to point the way toward sound DAO governance. Today, people commonly view decentralization in DAOs — and other Web3 projects — entirely in terms of how tokens are distributed among addresses. The Gini coefficient and similar measures of wealth inequality — such as entropy of token holdings — are popular metrics for this purpose. A high Gini coefficient over addresses in a DAO is “bad” - it means high concentration — dominant control by whales and other large holders. A low Gini coefficient, on the other hand, is “good,” indicating even distribution of tokens. Our new research shows that there are gaping blind spots in this view of DAO decentralization. Happily, we also show that it’s possible to do better.
by Haoqian Zhang on October 03, 2023
The name “front-running” came from when a broker needs to deliver the clients’ orders to the trading desk physically. The term vividly describes how it works - an attacker who knows a large order could run ahead to execute a trade before the client’s order goes through. What is the incentive for someone to do that? Here is an example that explains why. Suppose a broker receives a large order from a client, say, buy 500,000 shares of a company’s stock. The order is big enough to drive up the share’s price. Knowing this information, an attacker can place his small order, say 10,000 shares of the same stock, before the large order. The attacker can sell his shares at a higher price when the price goes up after the large order went through. The formal definition of front-running is a practice of benefiting from the advanced knowledge of pending transactions. Although benefiting some entities involved, this practice puts others at a significant financial disadvantage, making this behavior illegal in traditional markets with established securities regulations.
by Andrew Miller, Nerla Jean-Louis, Yunqi Li, and James Austgen on August 25, 2023
Enhancing smart contract privacy is a critical stride towards the development of more useful blockchain applications. Trusted execution environments (TEEs) or secure enclaves are being used in multiple networks (Secret Network, Oasis Network, Obscuro, etc) to enable privacy without significantly increasing computational costs. However, the utilization of TEEs also brings forth challenges, specifically in designing secure network architectures that fully capitalize on the strengths of TEEs while mitigating potential risks. Our recent paper detailing several attacks on these TEE based blockchain networks that broke user privacy guarantees without doing the hard work of breaking into the TEE hardware.
by Kushal Babel, Nerla Jean-Louis, Mahimna Kelkar, Yunqi Li, Carolina Ortega Perez, Aditya Asgoankar, Sylvain Bellemare, Ari Juels, and Andrew Miller on June 12, 2023
TLDR - The Sting Framework (SF) is a new idea for bolstering the security of systems at risk of information leakage. SF addresses the case where a corrupt service (called a Subversion Service) arises that enables adversaries to exploit such leakage. SF presumes a player, called an informer, that wishes to alert the community to the presence of the corrupt service — either as a public service or to claim a bounty. SF enables the informer to generate a publicly verifiable proof that the corrupt service exists.
by Kushal Babel, Yan Ji, Ari Juels, and Mahimna Kelkar on April 17, 2023
In today’s blockchain landscape, the life of a transaction is nasty, brutish, and short. Or, as some put it, a blockchain like Ethereum is a “dark forest” — a reference to a popular sci-fi novel in which the universe is filled with predatory civilizations.
Older blogs...

Events

August 7-9, 2024
The conference focuses on technical innovations in the blockchain ecosystem, and brings together researchers and practioners working in the space. We are interested in the application of cryptography, decentralized protocols, formal methods, and empirical analysis, to improving the security and scalability of blockchain deployments. We aim to foster collaboration among practitioners and researchers working on blockchain protocol development, cryptography, distributed systems, secure computing, crypto-economics, and economic risk analysis.
January 8-11, 2024
Thank you to all who joined us for the IC3 2024 Winter Retreat at the Eurotel Victoria in Les Diablerets, Switzerland!
August 28-30, 2023
This conference focuses on technical innovations in the blockchain ecosystem, and brings together researchers and practioners working in the space. We are interested in the application of cryptography, decentralized protocols, formal methods, and empirical analysis, to improving the security and scalability of blockchain deployments. We aim to foster collaboration among practitioners and researchers working on blockchain protocol development, cryptography, distributed systems, secure computing, crypto-economics, and economic risk analysis.
Tuesday August 29, 2023
Thank you to all who joined us for the IC3 Members & Friends Reception at SBC(Science of Blockchain Conference) 2023!Held at the President's Terrace, an iconic rooftop bar in Palo Alto, the event boasted breathtaking views of Stanford, the Santa Cruz Mountains, and a California sunset. This event provided an opportunity for IC3 academic researchers, industry partners and invited guests to mingle and discuss the latest in blockchain research.
June 12-18, 2023
Thank you to all who joined us for the 8th Annual IC3 Blockchain Camp! This 7-day experience was hosted at the Cornell Tech Campus on Roosevelt Island, New York City, NY for the first time this year. A special thank you is also due to our camp technical committee of Surya Bakshi, Haaroon Yousaf, Lorenz Breidenbach, and Patrick McCorry for preparing another immersive coding and learning experience and to the IC3 Industry Partners!
More events

News

Featured Projects

Ratel: MPC-extensions for Smart Contracts

Enhancing privacy on smart contract-enabled blockchains has garnered much attention in recent research. Zero-knowledge proofs (ZKPs) is one of the most popular approaches, however, they fail to provide full expressiveness and fine-grained privacy. To illustrate this, we underscore an underexplored type of Miner Extractable Value (MEV), called Residual Bids Extractable Value (RBEV). Residual bids highlight the vulnerability where unfulfilled bids inadvertently reveal traders’ unmet demands and prospective trading strategies, thus exposing them to exploitation. ZKP-based approaches failed to address RBEV as they cannot provide post-execution privacy without some level of information disclosure. Other MEV mitigations like fair-ordering protocols also failed to address RBEV. We introduce Ratel, an innovative framework bridging a multi-party computation (MPC) prototyping framework (MP-SPDZ) and a smart contract language (Solidity), harmonizing the privacy with full expressiveness of MPC with Solidity’s on-chain programmability. This synergy empowers developers to effortlessly craft privacy-preserving decentralized applications (DApps). We demonstrate Ratel’s efficacy through two distinguished decentralized finance (DeFi) applications - a decentralized exchange and a collateral auction, effectively mitigating the potential RBEV issue. Furthermore, Ratel is equipped with a lightweight crash-reset mechanism, enabling the seamless recovery of transiently benign faulty nodes. To prevent the crash-reset mechanism abused by malicious entities and ward off DoS attacks, we incorporate a cost-utility analysis anchored in the Bayesian approach. Our performance evaluation of the applications developed under the Ratel framework underscores their competency in managing real-world peak-time workloads. For further details, please check out our Projects Page.

Keywords:
MEV
Smart Contracts
ZKP
DeFi

More projects:

  • DAO Decentralization: Voting-Bloc Entropy, Bribery, and Dark DAOs
  • FinTech: Advances in Blockchain and Crypto Economics
  • Quick Order Fairness: Implementation and Evaluation
  • Credentials: Asynchronous Authentication
  • Motorway: Seamless high speed BFT
Even more projects...