IC3 and the Ethereum Foundation are Conducting our Second Immersive Weeklong Coding and Learning Experience in Blockchains and Smart Contracts with World-leading Professors, Open Source Developers and Students. See a summary of the 2016 Boot Camp here.
Who should attend? Experienced full-time blockchain developers who want to learn, contribute and advance blockchain solutions.
Team leader: Andrew Miller
Implement and demo a Distributed Key Generation (DKG) procedure for setting up threshold signature / threshold encryption keys among N parties.
Honey Badger BFT, as well as many other applications, rely on threshold signatures and threshold encryption. Threshold cryptography requires distributed shares of a key to each of N nodes, one share per node. Right now, the HoneyBadger demo cheats, and does this by use of a “trusted dealer” who learns all the private keys. Clearly this isn’t desirable.
Instead, we know of Distributed Key Generation (DKG) protocols, which let the group of parties generate and distribute shares for themselves. Note that this is more complicated than just establishing a list of public keys, since the threshold cryptography relies on the keys being related by a mathematical relationship.
Team leader: Ethan Cecchetti
Town Crier is an “Oracle” service based on trusted hardware. It uses trusted hardware (Intel SGX) to provide a verifiable log of an HTTPs communication. It can provide a short, on-chain proof that a certain website (identified by its HTTPs certificate) actually delivered a message of a particular form at a particular time.
The TC public Ethereum blockchain service was launched on 15 May. Visit www.town-crier.org for details and background.
Team leader: Ari Juels
Several important blockchain services appear to have serious vulnerabilities. They include:
Storj: Lack of innate erasure coding appears to make this service vulnerable to DoS attacks. The erasure-coding scheme they propose to deploy won’t fix the problem. They punt the problem to users. See “Hostage Bytes” (Section 5.4) in their paper. How easy or hard is it for users to protect themselves?
Oraclize: Allows arbitrary code execution with its new “computation” query type. This would seem to open up vulnerabilities such as Gyges password-resale attacks.
The goal of this project is to investigate such vulnerabilities.
Team leader: Elaine Shi
Thunderella, Thunderella, night and day it’s Thunderella. Commit transactions, make a block, process inputs, round the clock. Thunderella!
Team leader: Ittay Eyal
Using Trusted Execution Environments (TEEs) one can achieve point-to-point payments and payment routing over multiple hops chained together, all without monitoring the blockchain. An ongoing project, TEEChain, achieves this for Bitcoin using Intel’s SGX technology for the TEE. The goal of this project is to implement TEEChain for Ethereum. Beyond protocol design optimized for Ethereum scripts, the protocol requires SGX programming, in particular implementing transaction generation inside SGX.
Team leader: Phil Daian
Implement non-trivial secure smart contracts leveraging cutting edge ecosystem techniques and featuring a unique attack/defend challenge.
The art of writing secure smart contracts is a growing challenge facing the Ethereum ecosystem today. With several recent major high profile smart contract failures and losses, the need for a thorough and practically useful methodology for securing the development of these contracts is paramount.
In this project, team members will be split up individually or into small groups. They will be provided with a specification of a nontrivial and useful smart contract to be deployed on the Ethereum main network. The specification will intentionally open challenges of secure software development. In the first phase, team members implement this contract.
In the second phase of the project, the full source code of all deployed contracts will be made public, and project members will work together to complete full security audits for each of the contracts. Project members will be encouraged to deploy attacks and exploits to try to cause denial of service and user funds loss issues on the testnet contracts. We will supply several vulnerable contracts for users to attack.
Overall, the goal of this project is to increase our understanding of secure smart contract development by exposing its challenges in a lab setting, while providing team members with knowledge on how to attack and defend smart contracts. These sample contracts will also be used in researching a new process framework for developing secure smart contracts, called the Hydra framework. The Hydra framework is a novel application of n-version programming to smart contract security and bug bounty management, whose efficacy will be put to the test by this experiment!
Ideally, we will use the Hydra framework combine the output of all team members in this bootcamp to create the most secure contract ever deployed on ETH mainnet, with our final contract being vulnerable to compromise only if all of the subcontracts developed in the boot camp are too.
“Ithaca is Gorges”. To relax and clear our heads from time to time, we are planning periodic group excursions to local gorges, parks, lakes and points of interest.
STUDENTS: We are offering free access for a limited number of well-qualified full-time students enrolled at the IC3 campuses (Berkeley, Cornell, Cornell Tech, UIUC, and the Technion); please apply here.
INDUSTRY/PROFESSIONAL PARTICIPANTS: All must be affiliated with an IC3 Member or a Boot Camp Donor (see details below).
BOOT CAMP DONOR – $12.5k US
All Industry/Professional participants, please apply here.