Title title: Obsidian: A Safe, Usable Language for Smart Contracts\
Abstract: Smart contracts running on blockchain platforms automate contracts between participants who have not established mutual trust. Unfortunately, many smart contracts have had flaws resulting in millions of dollars in losses. Obsidian is a novel programming language with a type system that enables static detection of bugs that are common in smart contracts today. It uses typestate to detect improper state manipulation and uses linear types to detect abuse of assets. The authors describe how they combined ideas from type theory with behavioral research methods in order to design a language that is safe while identifying and addressing usability issues with previous typestate approaches. They also describe Obsidian's implementation and case studies they have performed in the areas of parametric insurance and supply chain management, showing that the language can express interesting smart contracts.
Bio: Jonathan Aldrich is a Professor of Computer Science at Carnegie Mellon University. He teaches courses in programming languages, software engineering, object-oriented design, and program analysis for quality and security. Prof. Aldrich directed CMU's Software Engineering Ph.D. program from 2013-2019. Outside the university, Aldrich is the CTO of Noteful, a startup building an educational app for music theory and note reading. Dr. Aldrich’s research centers on programming languages and type systems that are deeply informed by software engineering considerations. His research contributions include modular and gradual verification of functional properties, typestate, and architectural structure, as well as the design of languages and type systems for usability. His notable awards include an NSF CAREER award (2006), the Dahl-Nygaard Junior Prize (2007), the DARPA Computer Science Study Group, and an ICSE most influential paper award (2012). He served as general chair (2015), program chair (2017), and steering committee chair (2017-2019) of SPLASH and OOPSLA. Aldrich holds a bachelor's degree in Computer Science from Caltech and a Ph.D. from the University of Washington.
Bio: Dr. Leemon Baird is the inventor of the hashgraph distributed consensus algorithm, Co-founder of Hedera, and Co-founder and Co-CEO of Swirlds Labs. With over 20 years of technology and startup experience, he has held positions as a Professor of Computer Science at the US Air Force Academy and as a senior scientist in several labs. He has been the Co-Founder of several startups, including two identity-related startups, both of which were acquired. Leemon received his PhD in Computer Science from Carnegie Mellon University and has multiple patents and publications in peer-reviewed journals and conferences in computer security, machine learning, and mathematics.
Fraser Brown
Talk title: CirC: Compiler infrastructure for proof systems, software verification, and more
Abstract: Cryptographic tools like proof systems, multi-party computation, and fully homomorphic encryption are usually applied to computations expressed as systems of arithmetic constraints. In practice, this means that these applications rely on compilers from high-level programming languages (like C) to such constraints. This compilation task is challenging, but not entirely new: the software verification community has a rich literature on compiling programs to logical constraints (like SAT or SMT). In this work, we show that building shared compiler infrastructure for compiling to constraint representations is possible, because these representations share a common abstraction: stateless, non-uniform, non-deterministic computations that we call existentially quantified circuits, or EQCs. Moreover, we show that this shared infrastructure is useful, because it allows compilers for proof systems to benefit from decades of work on constraint compilation techniques for software verification.
Agostino Capponi
Talk title: Do Flashbots Relays Mitigate Frontrunning Risk and MEV?
Abstract: In public blockchains, the transparent observability of pending transactions can lead to suboptimal blockspace allocation. One of the most successful implementations to mitigate this inefficiency is to allow users to submit transactions through private pools which guarantee pre-trade privacy, at the expense of facing execution risk. We show that allowing for private transaction submission pools can reduce allocative blockspace inefficiencies and raise aggregate welfare. However, private pools neither completely eliminate frontrunning attacks nor lead to full efficiency, because validators have strong incentives to preserve miner extractable value (MEV) from frontrunning transactions. To align private incentives with the social optimum, we propose a self-financing system of transfers which eliminates frontrunning, and makes it incentive-compatible for all validators to adopt private pools. We use data from Flashbots to test the empirical implications of our model including (i) welfare gains from private pools for validators and users, and (ii) adoption rates of private pools for validators, users, and frontrunning attackers.
Bio: Agostino Capponi is an Associate Professor in the IEOR Department at Columbia University. His research interests are in financial technology, market microstructure, machine learning in finance, and financial networks. Agostino's research has been funded by major government agencies and private corporations, including NSF, DARPA, DOE, IBM, GRI, Ripple, and Ethereum. His research has been recognized with the 2018 NSF CAREER award, and with the inaugural JP Morgan AI Research Faculty award. His research findings have attracted attention from major media outlets, including Bloomberg, Thomson Reuters, Politico, and the Financial Times. Agostino is a fellow of the crypto and blockchain economics research forum, an academic fellow of Alibaba's Luohan academy, and an external fellow of the FinTech Initiative at Cornell. He serves as an editor of Management Science in the Finance Department, co-editor of Mathematics and Financial Economics, and area editor of Operations Research Letters, and as an associate editor of many premier journals of his field. Agostino is the former Chair of the SIAG/FME Activity Group and of the INFORMS Finance Section, and the founding director of the Columbia Center for Digital Finance and Technologies. He is co-editor of the book "Machine Learning and Data Sciences for Financial Markets: A Guide to Contemporary Practices", recently published by the Cambridge University Press.
Hao Chung
Talk title: Rapidash: Foundations of Side-Contract-Resilient Fair Exchange
Abstract: Fair exchange is a fundamental primitive enabled by blockchains, and is widely adopted in applications such as atomic swaps, payment channels, and DeFi. Most existing designs of blockchain-based fair exchange protocols consider only the participating users as strategic players, and assume that the miners are honest and passive. However, recent works have revealed that the fairness of commonly deployed fair exchange protocols can be broken entirely in the presence of user-miner collusion. In particular, a user can bribe the miners to help it cheat — a phenomenon also referred to as Miner Extractable Value (MEV).
In this work, the authors provide the first formal treatment of side-contract-resilient fair exchange where users and miners may enter into arbitrary contracts on the side. They propose a new fair exchange protocol called Rapidash, and prove that the protocol is incentive compatible in the presence of user-miner collusion. In particular, they show that Rapidash satisfies a coalition-resistant Nash equilibrium absent external incentives. Further, even when there exist arbitrary but bounded external incentives, Rapidash still protects honest players and ensures that they cannot be harmed. Last but not least, the authors' game-theoretic formulations also lay the theoretical groundwork for studying side-contract-resilient fair exchange protocols. Finally, to showcase the instantiability of Rapidash with a wide range of blockchain systems, they present instantiations of Rapidash that are compatible with Bitcoin and Ethereum while incurring only a minimal overhead in terms of costs for the users.
Bio: Hao Chung is a PhD student in the department of Electrical and Computer Engineering at Carnegie Mellon University, advised by Elaine Shi. His research focuses on mechanism design and quantum cryptography.
Sauvik Das
Bio: Sauvik Das directs the SPUD (Security, Privacy, Usability and Design) Lab. His work, at the intersection of HCI, AI and cybersecurity, is oriented around answering the question: How can we design systems that empower people with improved agency over their personal data and experiences online?
A few of his papers have been recognized with awards: a best paper at UbiComp (2013), a distinguished paper at SOUPS (2020), three best paper honorable mentions at CHI (2016, 2017, 2020), a best paper honorable mention at CSCW (2021), and an honorable mention for the NSA's Best Scientific Cybersecurity Paper (2014). His work has also been covered by the popular press, including features in The Atlantic, The Financial Times, and Dark Reading.
Sauvik received his Ph.D. in Human-Computer Interaction from CMU, following a B.S. in Computer Science at Georgia Tech. Prior to joining CMU in 2022, he was an assistant professor of Interactive Computing at Georgia Tech.
Giulia Fanti
Talk title: Raft-Forensics: CFT Distributed Consensus with Accountability of Byzantine Faults
Abstract: Crash fault tolerant (CFT) consensus algorithms are commonly used in scenarios where system components are trusted, such as implementing a central bank digital currency (CBDC). CFT algorithms offer high throughput and low latency, making them an attractive option for CBDCs. However, CFT consensus is vulnerable to Byzantine faults, which can be caused by even a single corrupt component. This could result in double spending of money and the loss of trust in the CBDC by its users. Byzantine fault tolerant (BFT) consensus algorithms can prevent Byzantine failures from preventing consensus, but their safety guarantees may be stronger than practically necessary and they are not as competitive as CFT algorithms in terms of performance. In practice, the authors argue that identifying the adversarial component that caused a Byzantine fault is sufficient, rather than tolerating the fault as BFT algorithms do. They extend Raft, one of the most popular CFT algorithms, to present Raft-Forensics, which provides accountability over Byzantine faults. They theoretically prove that if two honest components fail to reach consensus, an auditing algorithm can find the adversarial component that caused the inconsistency. In empirical evaluation, the authors also demonstrate that Raft-Forensics performs similarly to Raft and significantly better than state-of-the-art BFT algorithms.
Bio: Giulia Fanti is an Assistant Professor of Electrical and Computer Engineering at Carnegie Mellon University. Her research interests span the security, privacy, and efficiency of distributed systems. She is a two-time fellow of the World Economic Forum’s Global Future Council on Cybersecurity and a member of NIST’s Information Security and Privacy Advisory Board. Her work has been recognized with several awards, including best paper awards, a Sloan Fellowship, an Intel Rising Star Faculty Award, and an ACM SIGMETRICS Rising Star Award. She obtained her Ph.D. in EECS from U.C. Berkeley and her B.S. in ECE from Olin College of Engineering.
Hanan Hibshi
Talk title: Introducing Hands-on Blockchain CTF Exercises in Security Classes: Highlights and Challenges
Abstract: Blockchain technology is of great interest to many students who are eager to interact with smart contracts. Smart contracts are essentially software programs written in a specific programming language and follow particular specifications and constraints. As with any other software, smart contracts are susceptible to insecure coding practices and vulnerabilities that can arise when developers misinterpret the language or misunderstand how to apply secure programming concepts in a new language. In this short highlight, the authors will share some insights from their experiment in security classes, where they introduced hands-on CTF exercises to students, allowing them to 1) interact with an Algorand smart contract and 2) identify a software vulnerability in a smart contract written in PyTeal.
Bio: Dr. Hibshi’s research area includes usable security, cybersecurity education, security requirements, and expert decision-making. Dr. Hibshi is experienced in conducting ethical research with human subjects and her work has involved collecting empirical data from security experts to improve the security of composable systems. Her work is at the intersection between software engineering, usable security, human factors and AI. Dr. Hibshi is the research lead investigator for the picoCTF educational platform. Her work is focuses on increasing diversity in capture-the-flag security competitions, improving the user experience when using the platform, and enhancing the educational outcome of cybersecurity CTFs. Her work also includes investigating the challenges facing developers and security experts when working hands-on on security problems. Dr. Hibshi is also investigating usable security and privacy challenges facing developers, experts and professionals in the field. Her recent research investigated mobile developers’ awareness of security data leaks in the architectures of iOS devices, and the privacy and societal impacts of digital ID systems. As a cybersecurity educator, Dr. Hibshi’s also investigates how to improve cybersecurity skills in the future of engineers. Through the picoCTF platform, Dr. Hibshi studies how to attract more talent from underrepresented groups into the platform, and how to create an educational ramp for complex concepts in security engineering such as blockchain and AI.
Jan Hoffmann
Talk title: Automatic Gas Bound Analysis for Smart Contracts
Abstract: In the past decade, new techniques have been developed by the programming languages community for statically and automatically bounding the resource consumption of programs. In this talk, the speaker will present some of these techniques and discuss how they can be applied to make smart contracts more predictable and secure.
Bio: Jan Hoffmann is an Associate Professor of Computer Science at Carnegie Mellon University and a member of the Principles of Programming (PoP) group. His mission is to discover beautiful mathematical ideas that have a real-world impact, shape the way programmers think, and help to create software that is more reliable, efficient, and secure. He is an expert in reasoning about quantitative properties of programs and known for the design and implementation of Resource Aware ML. His work has been supported by an NSF Career Award, a Google Faculty Award, and an Amazon Research Award.
Talk title: Privacy In Decentralized Exchanges With Automated Market Maker
Bio: Zhangxiang Hu is a cryptograher at Ripple. As a Ph.D. student at the University of Oregon he studied in the Center for Cyber Security and Privacy group, and was advised by Dr. Christopher Wilson and Dr. Jun Li. His research interests include cryptography, IoT security and privacy, and blockchain privacy. Before joining UO, he received his Master’s degrees from Oregon State University, where he was advised by Dr. Mike Rosulek. Hu received his B.E. degree from North China University of Technology. One of his current ongoing projects is designing lightweight and efficient key exchange protocols in IoT environment. Another ongoing project is about the privacy in decentralized exchanges with Automated Market Maker Protocols.
Tae Wan Kim
Bio: Tae Wan Kim is an associate professor of business ethics at the Tepper School of Business at Carnegie Mellon University. Kim studies and teaches business ethics. Two main themes of his research are the future of the workplace and cross-cultural business ethics.
He has published in Business Ethics Quarterly, Journal of Business Ethics, Ethics and Information Technology, Academy of Management Learning & Education, Proceedings of ACM CHI, ACM/AAAI, IEEE, and Oxford University Press. Kim is an editorial board member of Business Ethics Quarterly and the Journal of Business Ethics.
Hugo Krawczyk
Talk title: You Only Speak Once: Private Computing on Public Blockchains
Abstract: Blockchains are well-known for their consensus and integrity properties but secrecy and privacy-preserving computation are often at odds with blockchain transparency. This work introduces a notion called "You Only Speak Once" (YOSO) and shows how it leads to scalable secure (multi-party) computation over blockchains. In the YOSO model of computation, small subsets of parties (physical machines) are periodically assigned ephemeral roles that require the machine to send a single message after which the machine erases all its state. Thus, an attacker that is limited at the number of machines it can control at any given time, cannot know which machines/roles to attack till they speak; but then it is too late to learn useful information from their compromise. This model can be realized in blockchains where the proposer of the next block is unpredictable, such as in bitcoin, Algorand, and others.
Bio: Hugo Krawczyk is a Principal Researcher at the Algorand Foundation where he leads the Algorand Centers of Excellence (ACE) program. Prior to that he was an IBM Fellow and Distinguished Research Staff Member with the Cryptography Group at the IBM T.J. Watson Research Center. He is best known as a main cryptography designer for numerous Internet Security standards and for contributions to theoretical and applied cryptography. Hugo has been recognized as a Fellow of the International Association of Cryptologic Research (IACR), and awarded the 2015 RSA Conference Award for Excellence in the Field of Mathematics, the 2018 Levchin Prize for Contributions to Real-World Cryptography, the 2019 NDSS conference Test of Time Award, and multiple IBM awards including two Corporate Awards.
Ben Livshits
Talk title: The Blockchain Imitation Game
Abstract: The use of blockchains for automated and adversarial trading has become commonplace. However, due to the transparent nature of blockchains, an adversary is able to observe any pending, not-yet-mined transactions, along with their execution logic. This transparency further enables a new type of adversary, which copies and front-runs profitable pending transactions in real-time, yielding significant financial gains.
Shedding light on such "copy-paste" malpractice, this paper introduces the Blockchain Imitation Game and proposes a generalized imitation attack methodology called Ape.
Leveraging dynamic program analysis techniques, Ape supports the automatic synthesis of adversarial smart contracts. Over a timeframe of one year (1st of August, 2021 to 31st of July, 2022), Ape could have yielded 148.96M USD in profit on Ethereum, and 42.70M USD on BNB Smart Chain (BSC).
Not only as a malicious attack, the researchers further show the potential of transaction and contract imitation as a defensive strategy. Within one year, they found that Ape could have successfully imitated 13 and 22 known Decentralized Finance (DeFi) attacks on Ethereum and BSC, respectively. Their findings suggest that blockchain validators can imitate attacks in real-time to prevent intrusions in DeFi.
Bio: Ben Livshits is a Reader (similar to Associate Professor in the American academic system) at Imperial College London and an affiliate professor at the University of Washington in Seatte, USA. He is also the VP of Research at MatterLabs and previously the Chief Scientist for Brave Sofware. Previously, he was a research scientist at Microsoft Research in Seattle for about ten years, working on a wide range of research efforts. He received a bachelor's degree in Computer Science and Math from Cornell University in 1999, and his Ph.D. in Computer Science from Stanford University in 2006.
Ben has published papers at PLDI, POPL, Oakland Security, Usenix Security, CCS, SOSP, ICSE, FSE, and many other venues, some of them winning major awards. He is known for his work in software reliability and especially tools to improve software security, with a primary focus on approaches to finding buffer overruns in C programs and a variety of security vulnerabilities (cross-site scripting, SQL injections, etc.) in Web-based applications. He is the author of over 100 academic papers; Ben has also received dozens of patents and multiple tech transfer awards for bringing research in practice. Dr. Livshits' research interests include security, privacy, programming languages, tools, software engineering, crowdsourcing, applications of blockchain and smart contracts, etc.
Michael Madison
Bio: Michael Madison is a Professor at the University of Pittsburgh School of Law in Pittsburgh, Pennsylvania, USA. He is a Senior Scholar with the University of Pittsburgh Institute for Cyber Law, Policy, and Security (Pitt Cyber). At Pitt Law, he is Faculty Director of the Future Law Project and a John E. Murray Faculty Scholar.
Bio: Dr. Giovanna Massarotto is an international expert on antitrust, IP law and economic regulation in the field of information technology. She has a PhD from Bocconi University in Milan where she researched and taught Competition Law as an Adjunct Professor. She is currently Academic Fellow at the Center for Technology Innovation and Competition (CTIC) at University of Pennsylvania and affiliate of the UCL Centre for Blockchain Technologies (UCL CBT). Dr. Massarotto has been invited to lecture on antitrust and legal issues related to blockchain and digital markets by several organizations in the U.S. and EU, including Harvard, the Global Antitrust Institute (GAI) in Washington DC, the OECD, and multiple European universities, such as University of Oxford, University of Liege and EU regulating authorities, including the Competition and Markets Authority (CMA), and Autorita’ per le Garanzie nelle Comunicazioni (AGCOM). Dr. Massarotto spent two years in the United States as a visiting research fellow for her PhD at Fordham University in New York and Washington D.C. working for an economic consulting firm specialized in IP law, economic regulation and antitrust in telecommunication and high-tech industry. She was an Academic Visitor at the University of Oxford, worked at the Italian Antitrust Authority (AGCM) and for various international law firms in Milan. Her book ‘Antitrust Settlements–How a Simple Agreement Can Drive the Economy‘ presents the antitrust consent as a tool to combine law, economics and computer science in both U.S. and EU jurisdictions. In addition to the book, she has published multiple articles that investigate antitrust and regulatory issues related to blockchain, digital markets and software.
Talk title: Storing and Retrieving Secrets on a Blockchain
Abstract: Multiple protocols that implement blockchain-based cryptographic functionalities, such as time-lock encryption, one-time programs, and fair multi-party computation, assume the existence of a cryptographic primitive known as extractable witness encryption. Unfortunately, there are currently no efficient constructions or constructions based on well-studied assumptions of extractable witness encryption. In recent work, the authors propose a protocol that uses a blockchain to provide a functionality that is effectively the same as extractable witness encryption. By making small adjustments to existing blockchains, it is possible to easily implement applications that rely on extractable witness encryption, including both new applications and those that previously existed only as theoretical designs. The proposed protocol uses a new and highly efficient batched dynamic proactive secret sharing (DPSS) as a key building block.
Andrew Miller
Talk title: Pitfalls & Opportunities in TEE-based smart contracts
Abstract: Miller will discuss design challenges and opportunities around TEE-based smart contracts, especially based on our recent experience of coordinated vulnerability disclosures involving access patterns and replay attacks. These are a powerful tool but not a silver bullet, and a bunch of technical debt must be repaid in order to build a secure system that relies on them.
Andrew Myers
Talk title: Enforcing Integrity and Availability in a Deconstructed Blockchain
Abstract: Blockchains offer a one-size-fits-all guarantee of integrity and availability, but require participants to place trust in the same thing, whether it is a majority of mining power, a majority of stake, or a private provider. These trust assumptions also lead to unnecessary inefficiency arising from unnecessary transaction ordering requirements.The study's authors propose to deconstruct blockchains into a lower-level system, Charlotte, in which users can make and enforce their own trust assumptions for integrity and availability of information. Charlotte offers a flexible foundation on top of which both existing blockchains and a wide variety of distributed applications can be built, but like the Web, it provides a decentralized system in which all these applications (including blockchains) can interoperate. Applications can plug in their own mechanisms for ensuring availability and integrity of data structures. Charlotte supports heterogeneous trust: different observers have their own beliefs about who might fail, and how. Despite this heterogeneity and extensibility, Charlotte offers principles for observers to reason about the integrity and availability of data stored in Charlotte.
Bio: Andrew Myers is a Professor in the Department of Computer Science at Cornell University in Ithaca, NY. He received his Ph.D. in Electrical Engineering and Computer Science from MIT in 1999. His research interests include computer security, programming languages, and distributed and persistent programming systems. His work on computer security has focused on practical, sound, expressive languages and systems for enforcing information security. Myers is an ACM Fellow. He has received awards for papers appearing in POPL'99, SOSP'01, SOSP'07, CIDR'13, PLDI'13, PLDI'15, and Oakland'21.
Chandrakana Nandi
Talk title: Verifying Smart Contracts Using The Certora Prover
Abstract: This talk will present the Certora Prover, a tool that checks the semantics of the executable Ethereum bytecode against its intended behavior written in a high-level declarative language for writing relational specifications, called CVL. Developer-written specifications in CVL have prevented billion-dollar mistakes and improved code security.
The Certora Prover uses practical techniques to scale SMT solving to real-world verification conditions. To verify large, complex programs, the Certora Prover splits the original program into subprograms and verifies them separately. This is enabled by a static analysis that simplifies low-level programs, recovers type information, and detects disjoint memory regions. This leads to simpler SMT query generation which the Certora Prover then dispatches to off-the-shelf SMT solvers.
Bio: Chandrakana Nandi is a research scientist and team lead in the R&D group at Certora. Her current research interests are program synthesis, equality saturation, and mutation testing. She got her PhD from University of Washington in 2021. Her PhD thesis was on Designing DSLs and Synthesis Tools for Computation Fabrication for which she won an Adobe Research Fellowship. Her PhD work showed the use of equality saturation for scalable program synthesis and led to the development of the popular Egg library. Her work has received Distinguished Paper Awards at POPL and OOPSLA.
Alex Ozdemir
Talk title: Satisfiability Modulo Finite Fields (with applications to compilers to zero-knowledge proofs)
Abstract: The authors study satisfiability modulo the theory of finite fields and give a decision procedure for this theory. They implement our procedure for prime fields inside the cvc5 SMT solver. Using this theory, they construct SMT queries that perform translation validation for various compilers to zero knowledge proofs (ZKPs). The researchers' experiments show that their field solver is far superior to previous approaches (which encode field arithmetic using integers or bit-vectors). Using their solver, they then build a critical ZKP compiler pass (a "finite-field blaster") and automatically verify it up to a bound. In the process, they find 4 bugs in an existing ZKP compiler's field-blaster.
Bio: Alex Ozdemir is a Stanford PhD student working with the applied cryptography group and CENTAUR: the CENTer for AUtomated Reasoning. He studies "cryptographic computers": cryptosystems that are configured by user-defined programs (such as zero-knowledge proofs and multi-party computations). His work includes new cryptographic computers, compilers for cryptographic computers, and tools for verifying programs that run on cryptographic computers.
Talk title: SPRINT: Robust High Throughput Distributed Schnorr Signature
Abstract: The study's authors describe high-throughput threshold protocols with guaranteed output delivery for generating Schnorr-type signatures (such as Ed25519). Their protocols offer significant increase in throughput already for as few as ten parties, and they remain feasible for many hundreds of parties generating thousands of signatures per minute. Moreover, these protocols extend seamlessly to the dynamic/proactive setting, where each run of the protocol uses a new committee, and they support sub-sampling the committees from among an effectively unbounded number of nodes. The combination of these features makes the researchers' protocol a good match for implementing a signature service over a public blockchain with many validators (where guaranteed output delivery is an absolute must). In that setting, there is a system-wide public key, where the corresponding secret signature key is distributed among the validators. Clients can submit messages (under suitable controls, e.g. smart contracts), and authorized messages are signed relative to the public key. (Joint work with: Fabrice Benhamouda, Shai Halevi, Hugo Krawczyk, Yiping Ma)
Bio: Tal Rabin is the Rachleff Family Professor of Computer Science at University of Pennsylvania. Prior to joining UPenn she has been the head of research at Algorand Foundation, prior to that she was at IBM Research for 23 years as a Distinguished Research Staff Member and the manager of the Cryptographic Research Group. Tal’s research focuses on secure multiparty computation, threshold cryptography, and proactive security and recently adapting these technologies to the blockchain environment. Her works have been instrumental in forming these areas. Tal is an ACM Fellow, an IACR Fellow and member of the American Academy of Arts and Sciences. Tal’s work won the 30 year test of time award at STOC. She is the 2019 recipient of the RSA Award for Excellence in the Field of Mathematics. She was named by Forbes in 2018 as one of the Top 50 Women in Tech in the world. In 2014 Tal won the Anita Borg Women of Vision Award winner for Innovation and was ranked by Business Insider as the #4 on the 22 Most Powerful Women Engineers. She has served as the Program and General Chair of the leading cryptography conferences and as an editor of the Journal of Cryptology. She has initiated and organizes the Women in Theory Workshop, a biennial event for graduate students in Theory of Computer Science. Tal is currently the chair of the SIGACT Executive Board.
Martin Saint
Bio: Martin Saint is a professor, researcher, and cyber engineer, arriving at Carnegie Mellon University’s Africa campus in 2013 with more than 30 years of private and public sector experience. He teaches and researches in the area of complex systems, particularly networks and emerging technologies, and taught the first academic financial technology and blockchain courses on the African continent. He consults on engineering, economics, business, and policy issues for public and private organizations.
He is an invited lecturer at the International Centre for Theoretical Physics in Italy and a research fellow at the Kigali Collaborative Research Centre. He is an advisor for two World Bank-funded African Centers of Excellence, one in the Internet of Things (IoT) and the other in data science. He has completed research at the University of Colorado’s Pervasive Communications Laboratory and Digital Energy Lab, the U.S. Federal Emergency Management Agency’s Emergency Management Institute, and Idaho National Laboratory.
He received his MS and Ph.D. in computer systems networking and telecommunications from the Technology, Cybersecurity, and Policy (TCP) Program in the Department of Computer Science at the University of Colorado in the USA.
Kyle Soska
Bio: Kyle Soska is head of research of Ramiel Capital with research interests in cryptocurrency economics, derivatives, and protocol design. He maintains and operates various on-chain and off-chain automated trading systems along with several quantitative strategies and is actively working on theoretical economic models of bridging and on-chain insurance/risk management.
Wenpin Tang
Talk title: Mechanism design under the Proof of Stake protocol
Abstract: As a digital exchange vehicle, blockchain technology has been successfully deployed in many applications including cryptocurrency, healthcare, supply chain and non-fungible tokens. At the core of Bitcoin is the consensus protocol known as Proof of Work (PoW), in which “miners” compete with each other by solving a hashing puzzle so as to validate an ever-growing log of transactions to update a distributed ledger. Despite its popularity, the PoW protocol has some obvious sustainability problems. To solve the problem of energy efficiency, another consensus protocol – Proof of Stake (PoS) is introduced, which is a bidding mechanism to select a miner to validate the new block. However, the PoS protocol may trigger "rich-get-richer' phenomenon, and may further incur problems in wealth stability and incentive compatibility. In this talk, Wenpin Tang will discuss a mechanism design in the PoS paradigm which requires a minimum tick in auctions.
Robert Townsend
Talk title: Innovative Financial Designs Using the New Technologies: Two Key Examples and More General Considerations
Abstract: Townsend's talk will focus on blueprints for the design of financial systems using new technology tools in combination with economic theory. The new tools: common and unique ledgers with participants’ accounts, e-transfers and e-money, programmability/smart contracts, and encryption to protect the right information and provide the right incentives. Economic theory utilizes contract theory, mechanism design, market design, and industrial organization. Featured applications include an exchange and contract platform (XC) proposed by the IMF to alleviate the cross-border problem, and CBDC as a public good programmable infrastructure proposed for the Digital Real to build a more accessible domestic financial infrastructure. The talk concludes with design considerations for other economic applications where theory provides insights as to what is needed and guidance for technology to get there.
Bio: Robert M. Townsend is the Elizabeth and James Killian Professor of Economics in the Department of Economics at MIT. He is a theorist, macroeconomist, and development economist who analyzes the role and impact of economic organization and financial systems through applied general equilibrium models, contract theory and the use of micro data. He is the author of several books, most recently Distributed Ledgers: Design and Regulation of Financial Infrastructure and Payment Systems (MIT Press, 2020). Other writings include Chronicles from the Field (2013), Financial Systems in Developing Economies (2011), Households as Corporate Firms (2010), The Medieval Village Economy (1993), Financial Structure and Economic Organization (1990) and numerous peer-reviewed journal articles. Townsend is an Elected Member of the National Academy of Sciences, a Member of the American Academy of Arts and Sciences and a Fellow of the Econometric Society. He was the recipient of the Frisch Medal in 1998, the Jean-Jacques Laffont Prize in 2011, and a second Frisch Medal in 2012 for the structural evaluation of a large-scale microfinance program in Thailand. Townsend received his Ph.D. in Economics from the University of Minnesota and his B.A. from Duke University.
Riad Wahby
Talk title: No Silver Bullet: A brief survey of key management technology
Abstract: Key management is one of the toughest and most important challenges in Web3. Choosing a solution is made even tougher by an overwhelming array of technologies and products, all promising to solve all your problems. This talk will give you a high-level overview of the technology landscape. While it certainly won't solve all your problems, it *will* give you a basis for understanding the key-management tradeoff space, and where your application fits.
Bio: Riad Wahby is an assistant professor in CMU's Electrical and Computer Engineering Department. His research focuses on zero-knowledge proofs and their applications. He is also responsible for the design and specification of several cryptographic protocols that form the basis for the security of Ethereum, Avalanche, and other major blockchains. Riad was previously a cryptographic researcher at Algorand, and spent a decade as an analog and mixed-signal integrated circuit designer at Silicon Labs. Riad received his SB and MEng in Electrical Engineering and Computer Science from MIT, and his PhD in Computer Science at Stanford.
Matt Weinberg
Talk Title: Undetectable Selfish Mining
Abstract: Seminal work of Eyal and Sirer [ES 14] establishes that a strategic Bitcoin miner may strictly profit by deviating from the intended Bitcoin protocol, using a strategy now termed Selfish Mining. More specifically, any miner with > 1/3 of the total hashrate can earn bitcoin at a faster rate by selfish mining than by following the intended protocol (depending on network conditions, a lower fraction of hashrate may also suffice).
One convincing critique of selfish mining in practice is that the presence of a selfish miner is statistically detectable: the pattern of orphaned blocks created by the presence of a selfish miner cannot be explained by natural network delays. Therefore, if an attacker chooses to selfish mine, users can detect this, and this may (significantly) negatively impact the value of BTC. So while the attacker may get slightly more bitcoin by selfish mining, these bitcoins may be worth significantly less USD.
Weinberg and fellow researchers develop a selfish mining variant that is provably statistically undetectable: the pattern of orphaned blocks is statistically identical to a world with only honest miners but higher network delay. Specifically, they consider a stylized model where honest miners with network delay produce orphaned blocks at each height independently with probability $\beta'$. The researchers propose a selfish mining strategy that instead produces orphaned blocks at each height independently with probability \beta > \beta'. They further show that their strategy is strictly profitable for attackers with 38.2% << 50% of the total hashrate (and this holds for all natural orphan rates \beta').
Bio: Matt is an assistant professor in Princeton Computer Science. His primary research interest is algorithmic mechanism design: the study of algorithms in settings with strategic participants. In the blockchain space, his research also primarily concerns mechanism design, and in particular the incentives of participants in consensus protocols.
Chris Wilmer
Talk title: Ledger: The world's first peer-reviewed journal for blockchain research
Abstract: In 2014, Wilmer launched the world's first peer-reviewed journal for blockchain research. A lot has happened since then, but the journal remains a venue for high quality research for this inherently interdisciplinary topic. Learn about the journal and how you can publish your work there!
Bio: Chris Wilmer is an associate professor at the University of Pittsburgh, co-founder of Co-founder of NuMat Technologies, Aeronics, and the journal 'Ledger.'
Ke Wu
Title: What Can Cryptography Do For Decentralized Mechanism Design
Abstract: Recent works of Roughgarden (EC’21) and Chung and Shi (SODA’23) initiate the study of a new decentralized mechanism design problem called transaction fee mechanism design (TFM). Unlike the classical mechanism design literature, in the decentralized environment, even the auctioneer (i.e., the miner) can be a strategic player, and it can even collude with a subset of the users facilitated by binding side contracts. Chung and Shi showed two main impossibility results that rule out the existence of a dream TFM.
Besides today’s model that does not employ cryptography, researchers introduce a new MPC-assisted model where the TFM is implemented by a joint multi-party computation (MPC) protocol among the miners. While they show that cryptography allows them to overcome some impossibility results pertaining to the plain model, leading to non-trivial mechanisms with useful guarantees that are otherwise impossible in the plain model, it is not a panacea. The authors still have a zero-miner revenue limitation. To overcome this impossibility, they introduce a mildly stronger reasonable-world assumption, under which we can design mechanisms that achieve optimal miner revenue. They also systematically explore the mathematical landscape of transaction fee mechanism design under the new MPC-assisted model and demonstrate how the reasonable-world assumptions can alter the feasibility and infeasibility landscape. Based on joint work with Elaine Shi and Hao Chung.
Bio: Ke is a fourth-year PhD at Carnegie Mellon University, advised by Prof. Elaine Shi. Her research interest lies at the intersection of cryptography and game theory, with a focus on designing secure computation with strong incentive compatibility and decentralized mechanism design.
Osman Yagan
Abstract: Most blockchain systems run on peer-to-peer (P2P) networks and the resilience and overall security of a blockchain system relies heavily on the structural properties of its peer-to-peer overlay. Despite this, the critical design aspects of the blockchain P2P networks, including their connectivity properties and resilience to different types of adversarial attacks are not well understood. In this talk, the author's will briefly introduce our project that aims to initiate a systematic study towards understanding how the topology of a blockchain P2P network can be analyzed in terms of its resilience to adversarial attacks. A key goal of the project is to develop design guidelines for maximizing the resilience of the blockchain P2P network subject to given constraints, e.g., on the total number of edges in the network and/or the degree of each node. To this end, they plan to gain insights from random graph topologies that are known to achieve connectivity with few edges. A problem of particular interest is the simultaneous optimization of resilience against random and targeted attacks.
Bio: Osman Yağan is a Research Professor of Electrical and Computer Engineering (ECE) at Carnegie Mellon University (CMU). Prior to joining the faculty of the ECE department in August 2013, he was a Postdoctoral Research Fellow in CyLab at CMU. He received his Ph.D. degree in Electrical and Computer Engineering from the University of Maryland at College Park, MD in 2011, and his B.S. degree in Electrical and Electronics Engineering from the Middle East Technical University, Ankara (Turkey) in 2007. His research focuses on modeling, analysis, and performance optimization of computing systems, and uses tools from applied probability, network science, data science, and machine learning. In the context of data science and ML, he is working on statistical inference and decision making using sequential samples (e.g., multi-armed bandits), and resilient distributed machine learning. On the network science side, he has broad interests including robustness of cyber-physical systems with emphasis on critical infrastructure systems; secure and reliable design of large-scale ad-hoc networks with an increasing focus on emerging applications of Internet of Things; and contagion processes in complex networks with a focus on modeling, analysis, and control of spread of viruses, (mis)information, and opinions. He is a senior member of IEEE, and a recipient of a CIT Dean's Early Career Fellowship, an IBM Academic Award, and best paper awards in ICC 2021 and IPSN 2022.
Mingxun Zhou
Talk title: Piano: extremely simple, single-server pir with sublinear server computation
Abstract: Zhou and researchers construct a sublinear-time single-server pre-processing Private Information Retrieval (PIR) scheme with optimal client storage and server computation (up to poly-logarithmic factors), only relying on the assumption of the existence of One Way Functions (OWF). Their scheme achieves amortized $\tilde{O}(\sqrt{n})$ online server computation and client computation and $O(\sqrt{n})$ online communication per query, and requires $\tilde{O}_{\lambda}(n)$ client storage. Unlike prior single-server PIR schemes that rely on heavy cryptographic machinery such as Homomorphic Encryption, their scheme only utilizes lightweight cryptography such as PRFs, which is easily instantiated in practice. To the researchers' knowledge, this is the first practical implementation of a single-server sublinear-time PIR scheme. Compared to existing linear time single-server solutions, their schemes are faster by 10−300× and are comparable to the fastest two-server schemes. In particular, for a 100GB database of 1.6 billion entries, their experiments show that our scheme has less than 40ms online computation time on a single core.
Bio: Mingxun Zhou is a PhD student in the Computer Science Department at Carnegie Mellon University, advised by Elaine Shi and Giulia Fanti. His research focuses on privacy-preserving algorithm design, including differential private algorithms and cryptography. He also has research work on Blockchain technology, P2P network.
