Preprints

M. Kelkar, S. Deb, S. Long, A. Juels, and S. Kannan.

We introduce Themis, a scheme for introducing fair ordering of transactions into (permissioned) Byzantine consensus protocols with at most f faulty nodes among n >_ 4f + 1. Themis is the first such scheme to achieve (optimistic) linear communication complexity. at the same time, it enforces the strongest notion of fair ordering proposed to date. Themis also achieves standard liveness, rather than the weaker notion of previous work. We show experimentally that Themis can be integrated into state-of-the-art consensus protocols with minimal modification or performance overhead. Additionally, we introduce a suite of experiments of general interest for evaluating the practical strength of various notions of fair ordering and the resilience of fair-ordering protocols to adversarial manipulation. We use this suite of experiments to show that the notion of fair ordering enforced by Themis is significantly stronger in theory and for realistic workloads than those of competing systems. We believe Themis offers strong practical protection against many types of transaction-ordering attacks - such as front-running - that are currently impacting commonly used smart contract systems.

S. Kanjalkar, Y. Zhang, S. Gandlur, and A. Miller.

Paper

In recent years, multiparty computation as a service (MPCaaS) has gained popularity as a way to build distributed privacy-preserving systems. We argue that for many such applications, we should also require that the MPC protocol is publicly auditable, meaning that anyone can check the given computation is carried out correctly -- even if the server nodes carrying out the computation are all corrupt. In a nutshell, the way to make an MPC protocol auditable is to combine an underlying MPC protocol with verifiable computing proof (in particular, a SNARK). Building a general-purpose MPCaaS from existing constructions would require us to perform a costly "trusted setup" every time we wish to run a new or modified application. To address this, we provide the first efficient construction for auditable MPC that has a one-time universal setup. Despite improving the trusted setup, we match the state-of-the-art in asymptotic performance: the server nodes incur a linear computation overhead and constant round communication overhead compared to the underlying MPC, and the audit size and verification are logarithmic in the application circuit size. We also provide an implementation and benchmarks that support our asymptotic analysis in example applications. Furthermore, compared with existing auditable MPC protocols, besides offering a universal setup our construction also has a 3x smaller proof, 3x faster verification time and comparable prover time.

K. Babel, P. Daian, M. Kelkar, and A. Juels.

Paper

We introduce the Clockwork Finance Framework (CFF), a general purpose, formal verification framework for mechanized reasoning about the economic security properties of composed decentralized-finance (DeFi) smart contracts. CFF features three key properties. It is contract complete, meaning that it can model any smart contract platform and all its contracts---Turing complete or otherwise. It does so with asymptotically optimal model size. It is also attack-exhaustive by construction, meaning that it can automatically and mechanically extract all possible economic attacks on users cryptocurrency across modeled contracts. Thanks to these properties, CFF can support multiple goals-economic security analysis of contracts by developers, analysis of DeFi trading risks by users, and optimization of arbitrage opportunities by bots or miners. Because CFF offers composability, it can support these goals with reasoning over any desired set of potentially interacting smart contract models. We instantiate CFF as an executable model for Ethereum contracts that incorporates a state-of-the-art deductive verifier. Building on previous work, we introduce extractable value (EV), a new formal notion of economic security in composed DeFi contracts that is both a basis for CFF analyses and of general interest. We construct modular, human-readable, composable CFF models of four popular, deployed DeFi protocols in Ethereum: Uniswap, Uniswap V2, Sushiwap, and MakerDAO, representing a combined 17 billion USD in value as of August 2021. We use these models to show experimentally that CFF is practical and can drive useful, data-based EV-based insights from real world transaction activity. Without any explicitly programmed attack strategies, CFF uncovers on average an expected $56 million of EV per month in the recent past.

D. Maram, I. Bentov, M. Kelkar, and A. Juels.

Paper

Blockchain systems are rapidly gaining traction. Decentralized storage systems like Filecoin are a crucial component of this ecosystem that aim to provide robust file storage through a Proof of Replication (PoRep) or its variants. However, a PoRep actually offers limited robustness. Indeed if all the file replicas are stored on a single hard disk, a single catastrophic event is enough to lose the file. We introduce a new primitive, Proof of Geo-Retrievability or in short "GeoPoRet", that enables proving that a file is located within a strict geographic boundary. Using GeoPoRet, one can trivially construct a PoRep by proving that a file is in several distinct geographic regions. We define what it means for a GeoPoRet scheme to be complete and sound, in the process making important extentions to prior formalism. We propose GoAT, a practical GeoPoRet scheme to prove file geolocation. Unlike previous geolocation systems that rely on trusted-verifiers, GoAT bootstraps using public timestamping servers on the internet that serve as geolocation anchors, tolerating a local threshold of dishonest anchors. GoAT internally uses a communication-efficient Proof-of-Retrievability (PoRet) scheme in a novel way to achieve constant-size PoRet-component in its proofs. We validate GoAT's practicality by conducting an initial measurement study to find usable anchors and also perform a real-world experiment. The results show that a significant fraction of the internet can be used as GoAT anchors. Furthermore, GoAT achieves geolocation radii as little as 1000km.

T. Kell, H. Yousaf, S. Allen, S. Meiklejohn, and A. Juels.

Paper

Pyramid schemes are investment scams in which top-level participants in a hierarchical network recruit and profit from an expanding base of defrauded newer participants. Pyramid schemes have existed for over a century, but there have been no in-depth studies of their dynamics and communities because of the opacity of participants' transactions. In this paper, we present an empirical study of Forsage, a pyramid scheme implemented as a smart contract and at its peak one of the largest consumers of resources in Ethereum. As a smart contract, Forsage makes its (byte)code and all of its transactions visible on the blockchain. We take advantage of this unprecedented transparency to gain insight into the mechanics, impact on participants, and evolution of Forsage. We quantify the (multi-million-dollar) gains of top-level participants as well as the losses of the vast majority (around 88%) of users. We analyze Forsage code both manually and using a purpose-built transaction simulator to uncover the complex mechanics of the scheme. Through complementary study of promotional videos and social media, we show how Forsage promoters have leveraged the unique features of smart contracts to lure users with false claims of trustworthiness and profitability, and how Forsage activity is concentrated within a small number of national communities.

M. Salathe, C. L. Althaus, N. Anderegg, D. Antonioli, T. Ballouz, E. Bugnion, S. Capkun, D. Jackson, S.-I. Kim, J. R. Larus, N. Low, W. Lueks, D. Menges, C. Moullet, M. Payer, J. Riou, T. Stadler, C. Troncoso, E. Vayena, and V. von Wyl.

Paper

In the wake of the pandemic of coronavirus disease 2019 (COVID-19), contact tracing has become a key element of strategies to control the spread of severe acute respiratory syndrome coronavirus 2019 (SARS-CoV-2). Given the rapid and intense spread of SARS-CoV-2, digital contact tracing has emerged as a potential complementary tool to support containment and mitigation efforts. Early modelling studies highlighted the potential of digital contact tracing to break transmission chains, and Google and Apple subsequently developed the Exposure Notification (EN) framework, making it available to the vast majority of smartphones. A growing number of governments have launched or announced EN-based contact tracing apps, but their effectiveness remains unknown. Here, we report early findings of the digital contact tracing app deployment in Switzerland. We demonstrate proof-of-principle that digital contact tracing reaches exposed contacts, who then test positive for SARS-CoV-2. This indicates that digital contact tracing is an effective complementary tool for controlling the spread of SARS-CoV-2. Continued technical improvement and international compatibility can further increase the efficacy, particularly also across country borders.

L. Barman, I. Dacosta, M. Zamani, E. Zhai, A. Pyrgelis, B. Ford, J. Feigenbaum, and J-P. Hubaux.

Paper

Organizational networks are vulnerable to traffic-analysis attacks that enable adversaries to infer sensitive information from network traffic — even if encryption is used. Typical anonymous communication networks are tailored to the Internet and are poorly suited for organizational networks. We present PriFi, an anonymous communication protocol for LANs, which protects users against eaves-droppers and provides high-performance traffic-analysis resistance. PriFi builds on Dining Cryptographers networks (DC-nets), but reduces the high communication latency of prior designs via a new client/relay/server architecture, in which a client’s packets remain on their usual network path without additional hops, and in which a set of remote servers assist the anonymization process without adding latency. PriFi also solves the challenge of equivocation attacks, which are not addressed by related work, by encrypting traffic based on communication history. Our evaluation shows that PriFi introduces modest latency overhead (≈100ms for 100 clients) and is compatible with delay-sensitive applications such as Voice-over-IP

I. Tsabary, A. Spiegelman, and I. Eyal.

Paper

Proof of Work (PoW) is a Sybil-deterrence security mechanism. It introduces an external cost to a system by requiring computational effort to perform actions. However, since its inception, a central challenge was to tune this cost. Initial designs for deterring spam email and DoS attacks applied overhead equally to honest participants and attackers. Requiring too little effort did not deter attacks, whereas too much encumbered honest participation. This might be the reason it was never widely adopted. Nakamoto overcame this trade-off in Bitcoin by distinguishing desired from malicious behavior and introducing internal rewards for the former. This solution gained popularity in securing cryptocurrencies and using the virtual internally-minted tokens for rewards. However, in existing blockchain protocols the internal rewards fund (almost) the same value of external expenses. Thus, as the token value soars, so does the PoW expenditure. Bitcoin PoW, for example, already expends as much electricity as Colombia or Switzerland. This amount of resource-guzzling is unsustainable and hinders even wider adoption of these systems. In this work we present Hybrid Expenditure Blockchain (HEB), a novel PoW mechanism. HEB is a generalization of Nakamoto's protocol that enables tuning the external expenditure by introducing a complementary internal-expenditure mechanism. Thus, for the first time, HEB decouples external expenditure from the reward value. We show a practical parameter choice by which HEB requires significantly less external consumption compare to Nakamoto's protocol, its resilience against rational attackers is similar, and it retains the decentralized and permissionless nature of the system. Taking the Bitcoin ecosystem as an example, HEB cuts the electricity consumption by half.

E. Shi.

Paper

Back in the 1970s, it became clear that computers were going to be used in aircraft control. Since this was a mission-critical system, it was important to replicate it on multiple machines. But how do we make sure that the multiple machines share a consistent view and make consistent decision? To understand this problem better, NASA sponsored the Software Implemented Fault Tolerance (SIFT) project [WLG+89], whose goal was to build a resilient aircraft control system that tolerated faults of its components. The famous work of Lambort et al. [LSP82] which introduced the well-known Byzantine Generals problem, came out of this project. This work laid the foundation of distributed consensus. Since then, distributed consensus has come a long way and has been deployed in many application settings. In the past couple of decades, companies like Google and Facebook have adopted distributed consensus as part of their computing infrastructure, e.g., to replicate mission-critical services such as Google Wallet and Facebook Credit. Starting in 2009, Bitcoin and various subsequent cryptocurrencies came around and became popular. The cryptocurrencies achieved a new breakthrough in distributed consensus, since they showed, for the first time, that consensus is viable in a decentralized, permissionless environment where anyone is allowed to participate. In this course, you will learn the mathematical foundations of distributed consensus as well as how to construct consensus protocols and prove them secure. We will motivate distributed consensus with a modern narrative, and yet we will cover the classical theoretical foundations of consensus. We will cover both classical, permissioned consensus protocols, as well as modern, permissionless consensus protocols such as Bitcoin.

Published Papers

2022

S. Das, T. Yurek, Z. Xiang, A. Miller, L. Kokoris-Kogias, and L. Ren. Practical Asynchronous Distributed Key Generation. IEEE S&P, 2022.
T. Yurek, L. Luo, J. Fairoze, A. Kate, and A. Miller. hbACSS: How to Robustly Share Many Secrets. NDSS, 2022. (to appear)
I. Khaburzaniya, K. Chalkias, K. Lewi, and H. Malvai. Aggregating and thresholdizing hash-based signatures using STARKs. ACM CCS, 2022.
G. Asharov, I. Komargodski, W-K. Lin, E. Peserico, and E. Shi. Optimal Oblivious Parallel RAM. SODA, 2022.
I. Eyal. On cryptocurrency wallet design. ICBE S&P, 2022.
G. Asharov, T-H. H. Chan, K. Nayak, R. Pass, L. Ren, and E. Shi. Locality-Preserving Oblivious RAM. Journal of Cryptology, 2022.
J. Liu, P. Li, R. Cheng, N. Asokan, and D. Song. Parallel and Asynchronous Smart Contract Execution. IEEE S&P, 2022.

2021

Y. Liu and R. Pass. On the Possibility of Basing Cryptography on EXP not equal BPP. Crypto, 2021 (Best Paper Award).
C. Acay, R. Recto, J. Gancher, A. C. Myers, and E. Shi. Viaduct: An Extensible, Optimizing Compiler for Secure Distributed Programs. ACM PLDI, 2021.
I. Tsabary, M. Yechieli, and I. Eyal. MAD-HTLC: Because HTLC is Crazy-Cheap to Attack. IEEE S&P, 2021.
K. Gurkan, P. Jovanovic, M. Maller, S. Meiklejohn, G. Stern, and A. Tomescu. Aggregatable Distributed Key Generation. Eurocrypt, 2021.
G. Asharov, I. Komargodski, W-K. Lin, and E. Shi. Oblivious RAM with Worst-Case Logarithmic Overhead. CRYPTO, 2021.
C. Hou, M. Zhou, Y. Ji, P. Daian, F. Tramer, G. Fanti, and A. Juels. SquirRL: Automating Attack Discovery on Blockchain Incentive Mechanisms with Deep Reinforcement Learning. NDSS, 2021.
E. Cecchetti, S. Yao, H. Ni, and A. C. Myers. Compositional Security for Reentrant Applications. IEEE S&P, 2021 (Best Paper Award).
E. Shi. Streamlet: An Absurdly Simple, Textbook Blockchain Protocol. ASIA CCS, 2021.
A. Judmayer, N. Stifter, A. Zamyatin, I. Tsabary, I. Eyal, P. Gazi, S. Meiklejohn, and E. Weippl. SoK: Algorithmic Incentive Manipulation Attacks on Permissionless PoW Cryptocurrencies. IC Financial Cryptography and Data Security, 2021.
F. Suri-Payer, M. Burke, Z. Wang, Y. Zhang, L. Alvisi, and N. Crooks. Basil: Breaking Up BFT with ACID (transactions). ACM SOSP, 2021.
D. Maram, H. Malvai, F. Zhang, N. Jean-Louis, A. Frolov, T. Kell, T. Lobban, C. Moy, A. Juels, and A. Miller. CanDID: Can-Do Decentralized Identity with Legacy Compatibility, Sybil-Resistance, and Accountability. IEEE S&P, 2021.
K. Thomas, D. Akhawe, M. Bailey, D. Boneh, E. Bursztein, S. Consolvo, N. Dell, Z. Durumeric, P. G. Kelley, D. Kumar, D. McCoy, S. Meiklejohn, T. Ristenpart, and G. Stringhini. SoK: Hate, Harassment, and the Changing Landscape of Online Abuse. IEEE S&P, 2021.
E. Prasad. Digital Currencies: Risk or Promise? The Case for Central Bank Digital Currencies. Cato Journal, Spring/Summer 2021.
S. Kanjalkar, Y. Zhang, S. Gandlur, and A. Miller. Publicly Auditable MPC-as-a-Service with succinct verification and universal setup. IEEE S&P, 2021.
A. Judmayer, N. Stifter, A. Zamyatin, I. Tsabary, I. Eyal, P. Gazi, S. Meiklejohn, and E. Weippl. Pay to Win: Cheap, Cross-Chain Bribing Attacks on PoW Cryptocurrencies. IC Financial Cryptography and Data Security, 2021.
G. Kappos, H. Yousaf, A. M. Piotrowska, S. Kanjalkar, S. Delgado-Segura, A. Miller, and S. Meiklejohn. An Empirical Analysis of Privacy in the Lightning Network. FC, 2021.
Y. Shibuya, G. Yamamoto, F. Kojima, E. Shi, S. Matsuo, and A. Laszka. Selfish Mining Attacks Exacerbated by Elastic Hash Supply. FC, 2021.
J. Liu, P. Li, R. Cheng, N. Asokan, and D. Song. Parallel and asynchronous smart contract execution. IEEE PDS, 2021.
K. Wust, L. Diana, K. Kostiainen, G. Karame, S. Matetic, and S. Capkun. Bitcontracts: Supporting Smart Contracts in Legacy Blockchains. NDSS, 2021.
B. Ford. Technologizing Democracy or Democratizing Technology? A Layered-Architecture Perspective on Potentials and Challenges. Digital Technology and Democratic Theory. Univ. of Chicago Press, 2021.
B. Canakci, and R. van Renesse. Scaling Membership of Byzantine Consensus. ACM CCS, 2021.
T-H. H. Chan, W-K. Lin, K. Nayak, and E. Shi. Perfectly Secure Oblivious Parallel RAM with O(log3N/loglogN) Overhead. ITC, 2021.
K-M. Chung, T-H. H. Chan, T. Wen, and E. Shi. Game-Theoretic Fairness Meets Multi-Party Protocols: The Case of Leader Election. CRYPTO, 2021.
I. Abraham, P. Jovanovic, M. Maller, S. Meiklejohn, G. Stern, and A. Tomescu. Reaching Consensus for Asynchronous Distributed Key Generation. ACM PODC, 2021.

2020

E. C. Crities, M. Maller, S. Meiklejohn, and R. Mercer. Reputable List Curation from Decentralized Voting. PETS, 2020.
A. Morgan, R. Pass, and A. Polychroniadou. Succinct Non-Interactive Secure Computation. EUROCRYPT, 2020.
N. Ephraim, C. Freitag, I. Komargodski, and R. Pass. SPARKs: Succinct Parallelizable Arguments of Knowledge. EUROCRYPT, 2020.
E. Cecchetti, S. Yao, H. Ni, and A. C. Myers. Securing Smart Contracts with Information Flow. FAB, 2020.
G. Asharov, T-H. H. Chan, K. Nayak, R. Pass, L. Ren, and E. Shi. Bucket oblivious sort: An extremely simple oblivious sort. SIAM, 2020.
F. Rezaei, S. Naseri, I. Eyal, and A. Houmansadr. The Bitcoin Hunter: Detecting Bitcoin Traffic over Encrypted Channels. ICCS S&P, 2020.
R. Bar-Zur, I. Eyal, and A. Tamar. Efficient MDP Analysis for Self-Mining in Blockchains. ACM AFT, 2020.
A. Klages-Mundt, D. Harz, L. Gudgeon, J-Y. Liu, and A. Minca. Stablecoins 2.0: Economic Foundations and Risk-based Models. ACM AFT, 2020.
Y. Zhang, S. Setty, Q. Chen, L. Zhou, and L. Alvisi. Byzantine Ordered Consensus without Byzantine Oligarchy. USENIX OSDI, 2020 (Best Paper Award).
C. Ding, D. Chu, E. Zhao, X. Li, L. Alvisi, and R. van Renesse. Scalog: Seamless Reconfiguration and Total Order in a Scalable Shared Log. USENIX NSDI, 2020.
V. Sivaraman, S. Bojja Venkatakrishnan, K. Ruan, P. Negi, L. Yang, R. Mittal, G. Fanti, and M. Alizadeh. Routing cryptocurrency with the spider network. NSDI, 2020. HotNets, 2018.
W. Tang, W. Wang, G. Fanti, and S. Oh. Privacy-Utility Tradeoffs in Routing Cryptocurrency over Payment Channel Networks. Sigmetrics, 2020.
T-H. H. Chan, K-M. Chung, W-K. Lin, and E. Shi. MPC for MPC: Secure Computation on a Massively Parallel Computing Architecture. ITCS, 2020.
Y. Peng, M. Du, F. Li, R. Cheng, and D. Song. FalconDB: Blockchain-based Collaborative Database. ACM SIGMOD, 2020.
A. Kosba, D. Papadopoulos, C. Papamanthou, and D. Song. MIRAGE: Succinct Arguments for Randomized Algorithms with Applications to Universal zk-SNARKs. USENIX, 2020.
B. Y. Chan and E. Shi. STREAMLET: Textbook Streamlined Blockchains. ACM AFT, 2020.
M. Kelkar, F. Zhang, S. Goldfeder, and A. Juels. Order-Fairness for Byzantine Consensus. CRYPTO, 2020.
S. Allen, S. Capkun, I. Eyal, G. Fanti, B. Ford, J. Grimmelmann, A. Juels, K. Kostiainen, S. Meiklejohn, A. Miller, E. Prasad, K. Wust, and F. Zhang. Design choices for central bank digital currency: Policy and technical considerations. Brookings Institute Working Paper, 2020.
Y. Liu and R. Pass. On One-way Functions and Kolmogorov Complexity. IEEE FOCS, 2020.
K. Wust, S. Matetic, S. Egli, K. Kostiainen, and S. Capkun. ACE: Asynchronous and Concurrent Execution of Complex Smart Contracts. ACM CCS, 2020.
A. Manuskin, M. Mirkin, and I. Eyal. Ostraka: Secure Blockchain Scaling by Node Sharding. IEEE S&B, 2020.
F. Zhang, S. K. D. Maram, H. Malvai, S. Goldfeder, and A. Juels. DECO: Liberating Web Data Using Decentralized Oracles for TLS. ACM CCS, 2020.
M. Mirkin, Y. Ji, J. Pang, A. Klages-Mundt, I. Eyal, and A. Juels. BDoS: Blockchain Denial of Service. ACM CCS, 2020.
R. Gennaro and S. Goldfeder. One Round Threshold ECDSA with Identifiable Abort. ACM CCS, 2020.
L. Gudgeon, P. Moreno-Sanchez, S. Roos, P. McCorry, and A. Gervais. SoK: Layer-Two Blockchain Protocols. FC, 2020.
A. Kiayias, A. Miller, and D. Zindros. Non-Interactive Proofs of Proof-of-Work. FC, 2020.
A. Moin, K. Sekniqi, and E. G. Sirer. SoK: A Classification Framework for Stablecoin Designs. FC, 2020.
S. Bano, A. Sonnino, M. Al-Bassam, S. Azouvi, P. McCorry, S. Meiklejohn, and G. Danezis. SoK: Consensus in the Age of Blockchains. AFT, 2020.
K. A. Negy, P. Rizun, and E. G. Sirer. Selfish Mining Re-Examined. FC, 2020.
P. Daian, S. Goldfeder, T. Kell, Y. Li, X. Zhao, I. Bentov, L. Breidenbach, and A. Juels. Flash Boys 2.0: Frontrunning, Transaction Reordering, and Consensus Instability in Decentralized Exchanges. IEEE S&P, 2020. Bloomberg article here.
E. Kokoris-Kogias, E.C. Alp, L. Gasser, P. Jovanovic, E. Syta, and B. Ford. CALYPSO: Private Data Management for Decentralized Ledgers.
G. Asharov, I. Komargodski, W-K. Lin, K. Nayak, E. Peserico, and E. Shi. OptORAMa: Optimal Oblivious RAM. EUROCRYPTO, 2020.
E. Shi Path Oblivious Heap:Optimal and Practical Oblivious Priority Queue. IEEE S&P, 2020.
E. Stefanov, M van Dijk, E. Shi, C. Fletcher, L. Ren, X. Yu, and S. Devadas. A Retrospective on Path RAM. IEEE S&P, 2020.
V. Mavroudis, K. Wust, A. Dhar, K. Kostiainen, and S. Capkun. Snappy: Fast On-chain Payments with Practical Collaterals. NDSS, 2020.
I. Sheff, X. Wang, R. van Renesse, and A. Myers. Heterogeneous Paxos. OPODIS, 2020.
T-H. H. Chan, R. Pass, and E. Shi. Sublinear-Round Byzantine Agreement under Corrupt Majority. IACR PKC, 2020.
A. Miller, Y. Zhang, and S. Kanjalkar. Baby SNARK (do do dodo dodo).
R. Paccagnella, P. Datta, W. Ul Hassan, A. Bates, C. Fletcher, A. Miller, and D. Tian. CUSTOS: practical Tamper-Evident Auditing of Operating Systems Using Trusted Execution. NDSS, 2020.
G. Avarikioti, E. Kokoris Kogias, R. Wattenhofer, and D. Zindros. Brick: Asynchronous Payment Channels.
J. Wan, H. Xiao, E. Shi, and S. Devadas. Expected Constant Round Byzantine Broadcast under Dishonest Majority. TCC, 2020.
J. Wan, H. Xiao, S. Devadas, and E. Shi. Round-Efficient Byzantine Broadcast under Strongly Adaptive and Majority Corruptions. TCC, 2020.
S. Capkun and many others. DP3T - Decentralized Privacy-Preserving Proximity Tracing.

2019

D. Easley, M. O'Hara, and S. Basu. From mining to markets: The evolution of bitcoin transaction fees. Journal of Financial Economics (Volume 134, Issue 1), 2019.
S.K.D. Maram, F. Zhang, L. Wang, A. Low, Y. Zhang, A. Juels, and D. Song. CHURP: Dynamic-Committee Proactive Secret Sharing. ACM CCS, 2019.
E. Cecchetti, B. Fisch, I. Miers, and A. Juels. PIEs: Public Incompressible Encodings for Decentralized Storage. ACM CCS, 2019.
P. Ananth, X. Fan, and E. Shi. Towards Attribute-Based Encryption for RAMs from LWE: Sub-linear Decryption, and More. ASIACRYPT, 2019.
E. Shi. Streamlined Blockchains: A Simple and Elegant Approach (A Tutorial and Survey). ASIACRYPT, 2019.
P. Fauzi, S. Meiklejohn, R. Mercer, C. Orlandi. Quisquis: A New Design for Anonymous Cryptocurrencies. ASIACRYPT, 2019.
I. Bentov, Y. Ji, F. Zhang, Y. Li, X. Zhao, L. Breidenbach, P. Daian and A. Juels. Tesseract: Real-Time Cryptocurrency Exchange Using Trusted Hardware. ACM CCS, 2019.
G. Fanti, J. Jiao, A. Makkuva, S. Oh, R. Rana, and P. Viswanath. Barracuda: The Power of l-Polling in Proof-of-Stake Blockchains. ACM MobiHoc, 2019 (Best Paper Award).
A. Juels, L. Breidenbach, A. Coventry, S. Nazarov, S. Ellis, and B. Magauran. Mixicles: Simple Private Decentralized Finance. JBCN, 2019
M. Schneider, S. Matetic, A. Juels, A. Miller, and S. Capkun. Secure Brokered Delegation Through DelegaTEE. IEEE S&P, 2019.
P. McCorry, S. Bakshi, I. Bentov, S. Meiklejohn and A. Miller. Pisa: Arbitration Outsourcing for State Channels. ACM AFT, 2019.
E.C. Alp, L. Kokoris-Kogias, G. Fragkouli, and B. Ford. Rethinking General-Purpose Decentralized Computing. ACM HotOS, 2019.
S. Matetic, K. Wust, M. Schneider, K. Kostiainen, G. Karame, and S. Capkun. BITE: Bitcoin Lightweight Client Privacy using Trusted Execution. USENIX, 2019.
K. Wust, K. Kostiainen, V. Capkun, and S. Capkun. PRCash: Fast, Private and Regulated Transactions for Digital Currencies. FC, 2019.
Y. Kwon, J. Liu, M. Kim, D. Song, Y. Kim. Impossibility of Full Decentralization in Permissionless Blockchains. ACM AFT, 2019.
K. Wust, S. Matetic, M. Schneider, I. Miers, K. Kostiainen, and S. Capkun. ZLite: Lightweight Clients for Shielded Zcash Transactions using Trusted Execution. FC, 2019.
D. Dachman-Soled, C. Liu, C. Papamanthou, E. Shi, and U. Vishkin. Oblivious Network RAM and Leveraging Parallelism to Achieve Obliviousness. Journal of Cryptology, 2019.
M. Maller, S. Bowe, M. Kohlweiss, and S. Meiklejohn. Sonic: Zero-Knowledge SNARKs from Linear-Size Universal and Updatable Structured Reference Strings. ACM CCS, 2019.
D. Lu, T. Yurek, S. Kulshreshtha, R. Govind, R. Mahadev, A. Kate, and A. Miller. HoneyBadgerMPC and AsynchroMix: Practical AsynchronousMPC and its Application to Anonymous Communication. ACM CCS, 2019.
S. Bano, A. Sonnino, M. Al-Bassam, S. Azouvi, P. McCorry, S. Meiklejohn, and G. Danezis. SoK: Consensus in the Age of Blockchains. ACM AFT, 2019.
A. Kharraz, Z. Ma, P. Murley, C. Lever, J. Mason, A. Miller, N. Borisov, M. Antonakakis, and M. Bailey. Outguard: Detecting In-Browser Covert Cryptocurrency Mining in the Wild. ACM, 2019.
H. Yousaf, G. Kappos, and S. Meiklejohn. Tracing Transactions Across Cryptocurrency Ledgers. USENIX, 2019.
P. Reibel, H. Yousaf, and S. Meiklejohn. Why is a Ravencoin Like a TokenDesk? An Exploration of Code Diversity in the Cryptocurrency Landscape. FC, 2019.
A. Sonnino, M. Al-Bassam, S. Bano, S. Meiklejohn, and G. Danezis. Coconut: Threshold Issuance Selective Disclosure Credentials with Applications to Distributed Ledgers. NDSS, 2019.
J. Grimmelmann. Continuity and Change in Internet Law. Communications of the ACM, 2019.
J. Grimmelmann. Bone Crusher 2.0: The Fourth Annual Greg Lastowka Memorial Lecture. 71 Rutgers University Law Review 843, 2019.
P. Daian, R. Pass and E. Shi. Snow White: Provably Secure Proofs of Stake. FC, 2019.
G. Fanti, L. Kogan, S. Oh, K. Ruan, P. Viswanath, and G. Wang. Compounding of Wealth in Proof-of-Stake Cryptocurrencies. FC, 2019.
G. Asharov, T.-H. H. Chan, K. Nayak, R. Pass, L. Ren, and E. Shi. Locality-Preserving Oblivious RAM. Journal of Cryptology, 2022. EUROCRYPT(2), 2019.
T.-H. H. Chan, R. Pass, and E. Shi. Consensus Through Herding. EUROCRYPT (1), 2019.
W.-K. Lin, E. Shi, and T. Xie. Can We Overcome the n log n Barrier for Oblivious Sorting?. SODA, 2019.
T.-H. H. Chan, K.-M. Chung, B.M. Maggs, E. Shi. Foundations of Differentially Oblivious Algorithms. SODA, 2019.
V. Bagaria, s. Kannan, D. Tse, G. Fanti, and P. Viswanath. Prism: Deconstructing the Blockchain to Approach Physical Limits. ACM CCS, 2019.
A. Farhadi, M.T. Hajiaghayi, K.G. Larsen, and E. Shi. Lower bounds for external memory integer sorting via network coding. STOC, 2019.
S. Kanjalkar, J. Kuo, Y. Li, and A. Miller. Short Paper: I Can't Believe It's Not Stake! Resource Exhaustion Attacks on PoS. FC, 2019.
A. Miller, I. Bentov, S. Bakshi, R. Kumaresan, and P. McCorry. Sprites and State Channels: Payment Networks that Go Faster than Lightning. FC, 2019.
S. Delgado-Segura, S. Bakshi, C. Perez-Sola, J. Litton, A. Pachulski, A. Miller, and B. Bhattacharjee. TxProbe: Discovering Bitcoin's Network Topology Using Orphan Transactions. FC, 2019.
R. Cheng, F. Zhang, J. Kos, W. He, N. Hynes, N. Johnson, A. Juels, A. Miller and D. Song. Ekiden: A Platform for Confidentiality-Preserving, Trustworthy, and Performant Smart Contract Execution. Euro S&P, 2019.
J. Grimmelmann. All Smart Contracts Are Ambiguous. Journal of Law & Innovation, 2019.
Y. Guo, R. Pass, and E. Shi. Synchronous, with a Chance of Partition Tolerance. CRYPTO, 2019.
E. Shi. Analysis of deterministic longest-chain protocols. IEEE CSF, 2019.

2018

E. Hildenbrandt, M. Saxena, X. Zhu, N. Rodrigues, P. Daian, D. Guth and G. Rosu. KEVM: A Complete Semantics of the Ethereum Virtual Machine. CSF, 2018
I. Tsabary and I. Eyal. The Gap Game. ACM CCS, 2018.
G. Kappos, H. Yousaf, M. Maller and S. Meiklejohn. An Empirical Analysis of Anonymity in Zcash. USENIX Security, 2018.
S. Matetic, M. Schneider, A. Miller, A. Juels and S. Capkun. DelegaTEE: Brokered Delegation Using Trusted Execution Environments. USENIX Security, 2018.
I. Eyal and E.G. Sirer. Majority is not enough: bitcoin mining is vulnerable. ACM CCS, 2018.
Y. Zhou, D. Kumar, S. Bakshi, J. Mason, A. Miller and M. Bailey. Erays: Reverse Engineering Ethereum's Opaque Smart Contracts. USENIX Security, 2018.
G. Fanti, S. Bakshi, S. Venkatakrishnan, A. Miller, B. Denby, S. Bhargava and P. Viswanath. Dandelion++: Lightweight Cryptocurrency Networking with Formal Anonymity Guarantees. ACM SIGMETRICS, 2018.
K. Lee and A. Miller. Authenticated Data Structures for Privacy-Preserving Monero Light Clients. IEEE S&P, 2018.
A.E. Gencer, S. Basu, I. Eyal, R.V. Renesse and E.G. Sirer. Decentralization in Bitcoin and Ethereum Networks. Financial Cryptography and Data Security (FC), 2018.
M. Möser, K. Soska, E. Heilman, K. Lee, H. Heffan, S. Srivastava, K. Hogan, J. Hennessey, A. Miller, A. Narayanan and N. Christin. An Empirical Analysis of Traceability in the Monero Blockchain. PETS, 2018.
S.K. Kim, Z. Ma, S. Murali, J. Mason, A. Miller, and M. Bailey. Measuring Ethereum Network Peers. ACM IMC, 2018.
K. Karlsson, D. Adams, G. Rubambiza, Z. Xian, R. van Renesse, H. Weatherspoon, and S. Wicker. Untethered: Deployable Blockchains for IoT Environments. ACM CC, 2018.
G. Karame, and S. Capkun. Blockchain Security and Privacy. IEEE S&P, 2018.
B. Fisch, R. Pass, and A. Shelat. Socially Optimal Mining Pools. EC, 2018.
K. Wust, and A. Gervais. Do you need a Blockchain?. CVCBT, 2018.
H. Ritzdorf, K. Wust, A. Gervais, G. Felley, and S. Capkun. TLS-N: Non-repudiation over TLS Enabling Ubiquitous Content Signing. NDSS, 2018.
S. Meiklejohn and R. Mercer. Mobius: Trustless Tumbling for Transaction Privacy. PETS, 2018.
J. Groth, M. Kohlweiss, M. Maller, S. Meiklejohn, and I. Miers. Updatable and Universal Common Reference Strings with Applications to zk-SNARKs. CRYPTO, 2018.
E. Prasad. Central Banking in a Digital Age: Stock-Taking and Preliminary Thoughts. Hutchins Center on Fiscal & Monetary Policy at Brookings, 2018.
L. Breidenbach, P. Daian, F. Tramèr and A. Juels. Enter the Hydra: Towards Principled Bug Bounties and Exploit-Resistant Smart Contracts. USENIX Security, 2018.
P. McCorry, A. Hicks and S. Meiklejohn. Smart Contracts for Bribing Miners. Financial Cryptography and Data Security (FC), BITCOIN, 2018.
E. Stefanov, M. van Dijk, E. Shi, T.-H. H. Chan, C. Fletcher, L. Ren, X. Yu, and S. Devadas. Path ORAM: An Extremely Simple Oblivious RAM Protocol. ACM CCS, 2018.
R. Pass, and E. Shi. Thunderella: Blockchains with Optimistic Instant Confirmation. EUROCRYPT, 2018.
F. Zhang, P. Daian, I. Bentov and A. Juels. Paralysis Proofs: Safe Access-Structure Updates for Cryptocurrencies and More. Advances in Financial Technologies (AFT), 2019. BITCOIN, 2018.
S. Azouvi, M. Maller and S. Meiklejohn. Egalitarian Society or Benevolent Dictatorship: The State of Cryptocurrency Governance. Financial Cryptography and Data Security, BITCOIN, 2018.
E. Kokoris-Kogias, P. Jovanovic, L. Gasser, N. Gailly, E. Syta and B. Ford. OmniLedger: A Secure, Scale-Out, Decentralized Ledger via Sharding. IEEE S&P, 2018.
A. Kosba, C. Papamanthou, and E. Shi. xJsnark: A Framework for Efficient Verifiable Computation. IEEE S&P, 2018.
T.-H. H. Chan, K. Nayak, and E. Shi. Perfectly Secure Oblivious Parallel RAM. TCC, 2018.
S. Meiklejohn. Top Ten Obstacles along Distributed Ledgers' Path to Adoption. IEEE S&P, 2018.
N. Crooks, M. Burke, E. Cecchetti, S. Harel, R. Agarwal, and L. Alvisi. Obladi: Oblivious Serializable Transactions in the Cloud. USENIX OSDI, 2018.
K. Karlosson, W. Jiang, S. Wicker, D. Adams, E. Ma, R. van Renesse, and H. Weatherspoon. Vegvisir: A Partition-Tolerant Blockchain for the Internet-of-Things. IEEE DCS, 2018.
T-H. H. Chan, J. Katz, K. Nayak, A. Polychroniadou, and E. Shi. More is Less: Perfectly Secure Oblivious Algorithms in the Multi-server Setting. ASIACRYPT, 2018.

2017

R. Pass and E. Shi. FruitChains: A Fair Blockchain. PODC, 2017.
R. Pass and E. Shi. Hybrid Consensus: Efficient Consensus in the Permissionless Model. DISC, 2017.
R. Pass and E. Shi. The Sleepy Model of Consensus. ASIACRYPT, 2017.
E. Cecchetti, F. Zhang, Y. Ji, A. Kosba, A. Juels and E. Shi. Solidus: Confidential Distributed Ledger Transactions via PVORM. ACM CCS, 2017.
S. Matetic, M. Ahmed, K. Kostiainen, A. Dhar, D. Sommer, A. Gervais, A. Juels, and S. Capkun. ROTE: Rollback Protection for Trusted Execution. USENIX Security, 2017.
F. Zhang, I. Eyal, R. Escriva, A. Juels and R. V. Renesse. REM: Resource-Efficient Mining for Blockchains. USENIX Security, 2017.
P. Daian, I. Eyal, A. Juels and G. Sirer. PieceWork: Generalized Outsourcing Control for Proofs of Work. BITCOIN, 2017.
F. Tramer, F. Zhang, H. Lin, J.P. Hubaux, A. Juels and E. Shi. Sealed-Glass Proofs: Using Transparent Enclaves to Prove and Sell Knowledge. IEEE Euro S&P, 2017.
A. E. Gencer, R. V. Renesse and E. G. Sirer. Service-Oriented Sharding with Aspen. CoRR, 2016.
M. Borge, E. Kokoris-Kogias, P. Jovanovic, L. Gasser, N. Gailly and B. Ford. Proof-of-Personhood: Redemocratizing Permissionless Cryptocurrencies. IEEE S&P, 2017.
E. Syta, P. Jovanovic, E. Kokoris-Kogias, N. Gailly, L. Gasser, I. Khoffi, M.J. Fischer and B. Ford. Scalable Bias-Resistant Distributed Randomness. IEEE S&P, 2017.
I. Eyal. Blockchain Technology: Transforming Libertarian Cryptocurrency Dreams to Finance and Banking Realities. IEEE S&P, 2017.
K. Nikitin, E. Kokoris-Kogias, P. Jovanovic, N. Gailly, L. Gasser, I. Khoffi, J. Cappos and B. Ford. CHAINIAC: Proactive Software-Update Transparency via Collectively Signed Skipchains and Verified Builds. USENIX Security, 2017.

2016

M. Milutinovic, W. He, H. Wu and M. Kanwal. 2016. Proof of Luck: an Efficient Blockchain Consensus Protocol.. In Proceedings of the 1st Workshop on System Software for Trusted Execution (SysTEX '16).
K. Nayak, S. Kumar, A. Miller, E. Shi. Stubborn Mining: Generalizing Selfish Mining and Combining with an Eclipse Attack.. IEEE Euro S&P, 2016.
F. Zhang, E. Cecchetti, K. Croman, A. Juels and E. Shi. Town Crier: An Authenticated Data Feed for Smart Contracts. ACM CCS, 2016.
A. Miller, Y. Xia, K. Croman, E. Shi and D. Song. The Honey Badger of BFT Protocols. ACM CCS, 2016.
A. Juels, A. Kosba and E. Shi. The Ring of Gyges: Investigating the Future of Criminal Smart Contracts. ACM CCS, 2016.
I. Eyal, A. E. Gencer, E. G. Sirer and R. V. Renesse. Bitcoin-NG: A Scalable Blockchain Protocol. NSDI, 2016.
B. Marino and A. Juels. Setting Standards for Altering and Undoing Smart Contracts. Rule ML, 2016.
K. Croman, C. Decker, I. Eyal, A.E. Gencer, A. Juels, A. Kosba, A. Miller, P. Saxena, E. Shi, E. G. Sirer, D. Song and R. Wattenhofer. On Scaling Decentralized Blockchains (A Position Paper). BITCOIN'16. (Full version here)
E. Zhai, D.I. Wolinsky, R. Chen, E. Syta, C. Teng and B. Ford. AnonRep: Towards Tracking-Resistant Anonymous Reputation. In USENIX NSDI, 2016.
E. Syta, I. Tamas, D. Visher, D.I. Wolinsky, P. Jovanovic, L. Gasser, N. Gailly, I. Khoffi and B. Ford. Keeping Authorities “Honest or Bust” with Decentralized Witness Cosigning. IEEE S&P, 2016.
E.K. Kogias, P. Jovanovic, N. Gailly, I. Khoffi, L. Gasser and B. Ford. Enhancing Bitcoin Security and Performance with Strong Consistency via Collective Signing. USENIX Security, 2016.
A. Kosba, A. Miller, E. Shi, Z. Wen and C. Papamanthou. Hawk: The Blockchain Model of Cryptography and Privacy-Preserving Smart Contracts. IEEE S&P, 2016.

2015 and Older

A. Miller, A. Kosba, J. Katz, E. Shi. Nonoutsourceable Scratch-Off Puzzles to Discourage Bitcoin Mining Coalitions.. ACM CCS, 2015.
A. Kiayias, Q.Tang. Traitor-deterring Schemes: Using Bitcoin as Collateral for Digital Contents. ACM CCS, 2015.
R. Pass and a. shelat. Micropayments for Decentralized Currencies. ACM CCS, 2015.
A. Miller, J. Litton, A. Pachulski, N. Gupta, D. Levin, N. Spring and B. Bhattacharjee. Discovering bitcoin's public topology and influential nodes. Whitepaper, 2015.
I. Eyal. The Miner's Dilemma. IEEE S&P, 2015.
J. Bonneau, A. Miller, J. Clark, A. Narayanan, J. A. Kroll, E. W. Felten. SoK: Research Perspectives and Challenges for Bitcoin and Cryptocurrencies. IEEE S&P, 2015.
A. Everspaugh, R. Chatterjee, S. Scott, A. Juels and T. Ristenpart. The Pythia PRF Service. USENIX Security, 2015. (Proposes a password-hardening system; securing Bitcoin brainwallets is one application.)
A. Miller, R. Jansen. Shadow-Bitcoin: Scalable Simulation via Direct Execution of Multi-threaded Applications. USENIX CSET Workshop, 2015.
I. Eyal and E. G. Sirer. Majority Is Not Enough: Bitcoin Mining Is Vulnerable.. Financial Cryptography and Data Security (FC), pp. 436-454, 2014.
A. Miller, A. Juels, E. Shi, B. Parno and J. Katz. Permacoin: Repurposing Bitcoin Work for Long-Term Data Preservation.. IEEE S&P, 2014. (Note: Permacoin is an altcoin that "recycles" the resource costs of mining by creating a distributed storage system as a side-effect.)
J. Bonneau, A. Narayanan, A. Miller, J. Clark, J. A. Kroll and E.W. Felten. Mixcoin: Anonymity for Bitcoin with accountable mixes. Financial Cryptography and Data Security (FC), 2014.
A. Miller and J.J. LaViola, Jr. Anonymous Byzantine Consensus from Moderately-hard puzzles: A Model for Bitcoin. Tech Report, 2014.
M. Ghosh, M. Richardson, B. Ford and R.Jansen. A TorPath to TorCoin: Proof-of-Bandwidth Altcoins for Compensating Relays. Workshop of Hot Topics in Privacy Enhancing Technologies 2014.
S. Barber, X. Boyen, E. Shi and E. Uzun. Bitter to Better: How to Make Bitcoin a Better Digital Currency. In Financial Cryptography and Data Security (FC), 2012.
B. Ford, J. Strauss, C. Lesniewski-Laas, S. Rhea, F. Kaashoek and R. Morris. Persistent Personal Names for Globally Connected Mobile Devices. USENIX OSDI, 2006.
M. Jakobsson and A. Juels. Proofs of Work and Bread Pudding Protocols. Communications and Multimedia Security (CMS), pp. 258-272, 1999.
A. Juels. Trustee Tokens: Simple and Practical Tracing of Anonymous Digital Cash.. FC, pp. 29-45, 1999.
M. Jakobsson and A. Juels. X-Cash: Executable Digital Cash.. FC, pp. 16-27, 1998.