CMU Secure Blockchain Summit Speakers

Talk Title

Token-Based Platform Governance

Abstract

We develop a model to compare the governance of traditional shareholder-owned platforms to that of platforms that issue tokens. A traditional shareholder governance structure leads a platform to extract rents from its users. A platform that issues tokens for its services can mitigate this rent extraction, as rent extraction lowers the platform owners'; token seigniorage revenues. However, this mitigation from issuing “service tokens” is effective only if the platform can commit itself not to dilute the “service token” subsequently. Issuing “hybrid tokens” that bundle claims on the platform's services and its profits enhances efficiency even absent ex-ante commitment power. Finally, giving users the right to vote on platform policies, by contrast, redistributes surplus but does not necessarily enhance efficiency.

Bio

Joseph Abadi is an economist in the Research Department at the Federal Reserve Bank of Philadelphia. Joseph's research interests include innovations in fintech and digital currency as well as the connections between financial stability and the business cycle. He has worked on adapting the theory of blockchain consensus algorithms to economic environments and on understanding the consequences of financial innovation for systemic risk.

Joseph's interest in topics related to macrofinance initially stemmed from a desire to understand the impacts of the Great Recession. He became interested in fintech because of its potential to revolutionize financial markets.

Joseph has a Ph.D. in economics from Princeton University and a bachelor's degree in mathematics and physics from MIT.

Talk Title

Formal Verification of SNARK Soundness

Abstract

Succinct Non-interactive Arguments of Knowledge (SNARKs) have seen interest and development from the cryptographic community over recent years, and there are now constructions with very small proof size designed to work well in practice. A SNARK protocol can only be widely accepted as secure, however, if a rigorous proof of its security properties has been vetted by the community. Even then, it is sometimes the case that these security proofs are flawed, and it is then necessary for further research to identify these flaws and correct the record.

In this talk, we describe our effort to create formal frameworks in the Lean theorem prover for representing SNARKs and prove their cryptographic properties. We describe a decision procedure for checking the soundness of Linear PCP SNARKs, a class of very efficient SNARK which includes the well-known Groth '16. We will also discuss directions for extending this work to Polynomial IOP SNARKs.

Bio

Bolton Bailey is a Ph.D. student in the Decentralized Systems Lab UIUC. He works on Formal Verification of Cryptographic Proof Systems.

Talk Title

SCIF: Securing Smart Contracts with Explicit Trust

Abstract

Despite widespread knowledge of the damage caused by smart contract vulnerabilities, insecure contracts continue to expose enormous sums of money to frequent attacks. The open ecosystem and public nature of smart contract systems make them particularly challenging to protect, especially against subtle attacks like reentrancy and confused deputies that humans often struggle to reason about. We identify that these attacks fundamentally stem from violations of implicit trust assumptions between contracts, and design SCIF, a new smart contract language, to address these flaws. SCIF makes trust assumptions explicit using information flow control, a language-based tool adept at soundly reasoning about trust assumptions and dependencies in complex systems. In doing so, SCIF enables developers to write compositional smart contracts that are free from reentrancy vulnerabilities, confused deputy attacks, and more by construction, even in the presence of malicious contracts that do not follow SCIF's rules.

Bio

Ethan holds a bachelor's in Mathematics – Computer Science from Brown University (2012) and a PhD in Computer Science from Cornell University (2021) where he was supported in part by a 2017 NDSEG fellowship. He also spent 3 years as a software engineer at TripAdvisor before graduate school and 2 years as a post-doc at the Maryland Cybersecurity Center at the University of Maryland.

Talk Title

Blockchain censorship

Abstract

Permissionless blockchains promise resilience against censorship by a single entity. This suggests that deterministic rules, not third-party actors, decide whether a transaction is appended to the blockchain. In 2022, the U.S. Office of Foreign Assets Control (OFAC) sanctioned a Bitcoin mixer and an Ethereum application, challenging the neutrality of permissionless blockchains. We formalize, quantify, and analyze the security impact of blockchain censorship. We find that 46% of Ethereum blocks were made by censoring actors complying with OFAC sanctions, indicating the significant impact of OFAC sanctions on the neutrality of public blockchains. We discover that censorship affects not only neutrality but also security. After Ethereum's transition to Proof-of-Stake (PoS), censored transactions faced an average delay of 85%, compromising their security and strengthening sandwich adversaries.

Bio

Nicolas Christin is a Professor at Carnegie Mellon University, jointly appointed in the School of Computer Science and in the Department of Engineering and Public Policy. He co-directs the Secure Blockchain Initiative within Carnegie Mellon CyLab Security and Privacy Institute. He holds a Ph.D. in Computer Science from the University of Virginia, and was a post-doc at UC Berkeley prior to joining Carnegie Mellon in 2005. His research interests are in computer and information systems security. Most of his work is at the boundary of measurements, systems and policy research. He has most recently focused on security analytics, online crime modeling, and economic and human aspects of computer security. His group's research won several awards including best papers at conferences such as ACM CHI or USENIX Security, IEEE Cybersecurity Award, Allen Newell Award for Research Excellence, test-of-time award at IEEE Symposium on Security and Privacy, among others.

Talk Title

Collusion-Resilience in Transaction Fee Mechanism Design

Abstract

Users bid in a transaction fee mechanism (TFM) to get their transactions included and confirmed by a blockchain protocol. Roughgarden (EC'21) initiated the formal treatment of TFMs and proposed three requirements: user incentive compatibility (UIC), miner incentive compatibility (MIC), and a form of collusion-resilience called OCA-proofness. Ethereum's EIP-1559 mechanism satisfies all three properties simultaneously when there is no contention between transactions, but loses the UIC property when there are too many eligible transactions to fit in a single block. Chung and Shi (SODA'23) considered an alternative notion of collusion-resilience, called c-side-constract-proofness (c-SCP), and showed that, when there is contention between transactions, no TFM can satisfy UIC, MIC, and c-SCP for any c at least 1. OCA-proofness asserts that the users and a miner should not be able to "steal from the protocol" and is intuitively weaker than the c-SCP condition, which stipulates that a coalition of a miner and a subset of users should not be able to profit through strategic deviations (whether at the expense of the protocol or of the users outside the coalition).

Our main result is the first proof that, when there is contention between transactions, no (possibly randomized) direct-revelation TFM satisfies UIC, MIC, and OCA-proofness. This result resolves the main open question in Roughgarden(EC'21). We also suggest several relaxations of the basic model that allow our impossibility result to be circumvented.

Bio

I am a PhD student in the department of Electrical and Computer Engineering at Carnegie Mellon University, where I am fortunate to have Elaine Shi as my advisor. My research focuses on the mechanism design for blockchains and quantum cryptography.

Talk Title

Distributed Randomness using Weighted VRFs

Abstract

Generating and integrating shared randomness into a blockchain can expand applications and strengthen security. We aim to have validators generating blockchain randomness autonomously, and fresh shared randomness is generated for each block. We focus on proof-of-stake blockchains, where each validator has a different amount of stake (aka weight). Such chains introduce a weighted threshold setting where subset authorization relies on the cumulative weight of validators rather than the subset size.

We introduce three cryptographic protocols to enable generating shared randomness in a weighted setting: A publicly verifiable secret sharing scheme (PVSS) which is weighted and aggregatable, a weighted distributed key generation protocol (DKG), and a weighted verifiable unpredictable function (VUF). Importantly, in the VUF protocol, which is the protocol that is run most frequently, the computation and communication costs of participants are independent of their weight. This feature is crucial for scalability.

We implemented our schemes on top of Aptos blockchain, which is a proof-of-stake blockchain deployed in production. Our micro-benchmarks demonstrate that the signing and verification time, as well as the signature size, are independent of the total weight of the parties, whereas the signing time and signature size of the baseline (BLS with virtualization) increase significantly. For instance, our VUF reduces the signature size by factors of $7\times$ and $34\times$ for total weights of $821$ and $4053$, respectively. We also demonstrate the practicability of our design via an end-to-end evaluation.

Bio

Sourav Das is a Ph.D. candidate at UIUC working with Prof. Ling Ren on applied cryptography and consensus algorithms. He is a recipient of the Chainlink Ph.D. Fellowship, a best paper runner's up at ACM CCS 2021, and the Mavis Future Faculty fellow at UIUC. He received his bachelor's degree from IIT Delhi, where his thesis “Scaling smart contracts in Proof-of-work Blockchains" won the best undergraduate thesis award in the department.

Talk Title

Proof of Compliance for Anonymous, Unlinkable Messages

Abstract

Anonymous systems are susceptible to malicious activity. Today, compliance with system-generated rules in such systems can be guaranteed at the level of a single message by utilizing Zero-Knowledge Proofs (ZKP). However, it remains unclear how to prove compliance for rules that are defined over a collection of a user's messages, without compromising the unlinkability of the messages.

To address this challenge, we propose an efficient protocol called Shuffle-ZKP, which enables users within an unlinkable messaging system to collectively prove their compliance. Our protocol leverages a distributed and private set equality check protocol along with generic Non-Interactive Zero-Knowledge (NIZK) proof systems. We also provide an additional attributing protocol to identify misbehaving users. We theoretically analyze the protocol's correctness and privacy properties; we then implement and test it across multiple use cases.

Our empirical results show that in use cases involving thousands of users, each user is able to generate a compliance proof within 0.2-10.6 seconds, depending on the use case, while the additional communication overhead remains under 3KB. Furthermore, the protocol is computationally efficient on the server side; the verification algorithm requires a few seconds to handle thousands of users in all of our use cases.

Bio

Giulia Fanti is an Assistant Professor of Electrical and Computer Engineering at Carnegie Mellon University. Her research interests span the security, privacy, and efficiency of distributed systems. She is a senior fellow at the Atlantic Council's GeoEconomics Center, a two-time fellow of the World Economic Forum's Global Future Council on Cybersecurity and a member of NIST's Information Security and Privacy Advisory Board. Her work has been recognized with several awards, including best paper awards, a Sloan Fellowship, an Intel Rising Star Faculty Award, and an ACM SIGMETRICS Rising Star Award. She obtained her Ph.D. in EECS from U.C. Berkeley and her B.S. in ECE from Olin College of Engineering.

Talk Title

Practical Security Analysis of Zero-Knowledge Proof Circuits

Abstract

As privacy-sensitive applications based on zero-knowledge proofs (ZKPs) gain increasing traction, there is a pressing need to detect vulnerabilities in ZKP circuits. This paper studies common vulnerabilities in Circom (the most popular domain-specific language for ZKP circuits) and describes a static analysis framework for detecting these vulnerabilities. Our technique operates over an abstraction called the circuit dependence graph (CDG) that captures key properties of the circuit and allows expressing semantic vulnerability patterns as queries over the CDG abstraction. We have implemented 9 different detectors using this framework and performed an experimental evaluation on over 258 circuits from popular Circom projects on Github. According to our evaluation, these detectors can identify vulnerabilities, including previously unknown ones, with high precision and recall.

Bio

I am the Chief Research Officer at Veridise, Inc, where our goal is to harden blockchain security with formal methods.

I received my Ph.D. from the University of Texas, Austin (UT Austin) in December 2020. After graduating, I extended my stay at UT Austin for a brief postdoc position (until May of 2021). All my years at UT, I was working under the supervision of Işıl Dillig and was a member of the UToPiA group. Prior to UT Austin, I received my B.Sc. and M.Sc. degrees (both in C.S.) from the University of Athens, Greece. During my master's, I was working as a research assistant under the supervision of Yannis Smaragdakis.

Talk Title

Educating Programmers on security vulnerabilities in blockchain software: Highlights and Challenges

Abstract

Blockchain is an interesting technology to many students. They are eager to try it out and start interacting with smart contracts. In the end, smart contracts are software written in a different programming language and follow certain specifications and constraints. Like any other software, smart contracts are prone to insecure coding practices and vulnerabilities that could arise when developers misinterpret the language or misunderstand how to apply secure programming concepts in a new language.

In this short highlight, we will share some insights from our experiment in security classes where we introduced hands-on CTF exercises where students 1) interact with an Algorand smart contract, and 2) identify a software vulnerability in a smart contract written in PyTeal.

Bio

Hanan Hibshi is an assistant teaching professor at the Information Networking Institute at Carnegie Mellon University, and one of the research investigators for the CMU's; picoCTF educational platform. Hibshi's research areas include usable security and privacy, cybersecurity education, security requirements, mobile and IoT Security, expert's decision-making, and ML and AI for security and privacy.

Hibshi received a Ph.D. in societal computing from Carnegie Mellon University and an M.S. in information security technology and management from the Information Networking Institute at Carnegie Mellon University. Prior to her academic career, she had had some experience working in the banking industry.

Hibshi is interested in studying security experts; how to better train experts and how to develop intelligent tools that better accommodate their needs. One example of Hibshi's research is her early research findings that had attracted the attention of an international, multi-institution collaboration with the University of Nottingham. Her work examined the intersection between security requirements risk assessment and empirical data-driven intelligent systems using fuzzy logic.

Hibshi has published in top venues, and she reviews research submissions at top security, privacy, and software engineering venues.

Talk Title

How do users secure seed phrases?

Abstract

Seed phrases are an essential security touch point for many end-users who dabble with web3 and blockchain technologies. But how do users secure seed phrases? In this short talk, I will discuss our mixed-methods work on understanding strategies users employ for securing their seed phrases and how they learn about these strategies.

Bio

Jason Hong works in the areas of usability, mobility, privacy, and security. His research lies at the intersection of human-computer interaction, privacy and security, and systems, focusing primarily on two questions:

• How can we use rich sensor data to improve our lives?
• How can we make privacy and security easier for everyone?

Hong's research group is CHIMPS (Computer Human Interaction: Mobility Privacy Security). The group's work has been featured in CNN, The New York Times, and BBC.

Talk Title (Keynote Presentation)

Identity, Security, and Accountability: Critical Evolutions Needed for Trustworthy Blockchain Ecosystems

Abstract

Responsible innovation does not mean unchecked technological advancement without regard for democratic principles and critical protections for societies and consumers. Blockchain infrastructure presents great potential promise and has stoked innovation across financial sectors as well as areas like cybersecurity, supply chain risk management, and identity. However, blockchain systems carry inherent features that in aggregate, compounded by the commingling of traditionally bifurcated technological and financial infrastructure, can present significant vulnerabilities that have been exploited by illicit actors. The absence or ambiguity of key features surrounding identity, security, and accountability present some of the greatest challenges the sector must overcome. Without deliberate and thoughtful intervention on part of governments and ecosystem players, we run the risk of not fulfilling the promise of this technology and enhancing its peril.

Bio

Carole House is an Executive in Residence at Terranet Ventures, Inc., and a Nonresident Senior Fellow at the Atlantic Council. She also currently serves as the Chair of the Technology Advisory Committee (TAC) to the Commodity Futures Trading Commission (CFTC), on Advisory Boards for Third Way's U.S.-China Digital World Order initiative, the Digital Dollar Project, and the Idaho Department of Finance's Financial Innovation Lab (FIL), and as a Senior Advisor at FS Vector. Carole recently left the White House National Security Council (NSC), where she served as the Director for Cybersecurity and Secure Digital Innovation. Carole joined the NSC from the U.S. Treasury's Financial Crimes Enforcement Network (FinCEN), where she led cybersecurity, virtual currency, and emerging technology policy efforts as a Senior Cyber and Emerging Technology Policy Officer. Prior to FinCEN, she worked as a Presidential Management Fellow supporting the White House Office of Management and Budget's Cyber and National Security Unit and the U.S. Senate Committee on Homeland Security and Governmental Affairs on cybersecurity, supply chain risk management, and critical infrastructure protection policy issues Carole is a former Army Captain who served in chemical defense and military intelligence until November 2014, including a deployment to Kandahar Province, Afghanistan, from 2012 to 2013 in support of Operation Enduring Freedom. She holds a BA in international affairs from the University of Georgia and an MA in security studies from Georgetown University.

Talk Title

PriDe CT: Towards Public Consensus, Private Transactions, and Forward Secrecy in Decentralized Payments

Abstract

Anonymous Zether, proposed by Bunz et al. (FC, 2020) and subsequently improved by Diamond (IEEE S&P, 2021) is an account-based confidential payment mechanism that works by using a smart contract to achieve privacy (i.e. identity of receivers to transactions and payloads are hidden). In this work, we look at simplifying the existing protocol while also achieving batching of transactions for multiple receivers, while ensuring consensus and forward secrecy. To the best of our knowledge, this work is the first to formally study the notion of forward secrecy in the setting of blockchain, borrowing a very popular and useful idea from the world of secure messaging. Specifically, we introduce:

• FUL-Zether, a forward-secure version of Zether (Bunz et al., FC, 2020).
• PRIvate DEcentralized Confidental Transactions (PriDe CT), a much-simplified version of Anonymous Zether that achieves competitive performance and enables batching of transactions for multiple receivers.
• PRIvate DEcentralized Forward-secure Until Last update
• Confidential Transactions (PriDeFUL CT), a forward-secure version of PriDe CT.

We also present an open-source, Ethereum-based implementation of our system.

PriDe CT uses linear homomorphic encryption as Anonymous Zether but with simpler zero-knowledge proofs. PriDeFUL CT uses an updatable public key encryption scheme to achieve forward secrecy by introducing a new DDH-based construction in the standard model.

In terms of transaction sizes, Quisquis (Asiacrypt, 2019), which is the only cryptocurrency that supports batchability (albeit in the UTXO model), has 15 times more group elements than PriDe CT. Meanwhile, for a ring of N receivers, Anonymous Zether requires 6 log N more terms even without accounting for the ability to batch in PriDe CT. Further, our implementation indicates that, for N=32 even if there were 7 intended receivers, PriDe CT outperforms Anonymous Zether in proving time and gas consumption.

Bio

Harish Karthikeyan is a cryptography researcher at J.P. Morgan AI Research and J.P. Morgan AlgoCRYPT Center of Excellence. Harish completed his Ph.D. from New York University, under the supervision of Yevgeniy Dodis in 2022 and joined J.P. Morgan as a researcher following that. His research areas include cryptography and privacy with a focus on secure messaging, federated learning, and blockchain technologies.

Talk Title

HyperNova: Towards Practical Zero-Knowledge Virtual Machines

Abstract

Succinct zero-knowledge proofs are a powerful cryptographic technique for demonstrating the correctness of computations without revealing any secret inputs. Modern applications are beginning to employ recursive zero-knowledge proofs (proofs that demonstrate the existence of other proofs) due to their distinct ability to prove stateful computations with dynamic control flow. For instance, one can prove large statements such as “the Ethereum virtual machine executed correctly” by proving that “there exists a proof for the previous state of the virtual machine and the most recent cycle is valid.” Recursive proofs can similarly be utilized to incrementally prove the correct execution of delay functions, zkRollups, transparency dictionaries, and distributed computations.

We present HyperNova, a zero-knowledge recursive proof system that marks the latest development in a growing line of work that brings recursive proofs significantly closer to practice. HyperNova achieves an efficient recursion overhead for computations represented using high-degree constraints (i.e., additional “glue” computation proven in each recursive step) and one of the most efficient provers in this regime.

Underlying HyperNova's efficiency results is a new efficient folding scheme for high-degree constraints, that efficiently reduces the task of checking two NP instances into the task of checking a single NP instance of the same size.

Bio

I am a Computer Science Ph.D. candidate at Carnegie Mellon University working with Professor Bryan Parno. Previously, I was at the University of Illinois, where I earned my B.S. in Computer Science and B.S. in Mathematics.

I am primarily interested in cryptography, a collection of mathematical techniques that guarantee the privacy and integrity of digital information. My research focuses on designing zero-knowledge proofs, a powerful technique for proving the correctness of computations without revealing any secret inputs.

Talk Title

LVR (loss-versus-rebalancing) and the economics of decentralized exchanges

Abstract

Automated market making (AMM) protocols such as Uniswap have recently emerged as an alternative to the most common market structure for electronic trading, the limit order book, and have been the dominant market mechanism for trust-less decentralized exchanges. Milionis et al. (2022) developed a model of the underlying economics of AMMs from the perspective of their passive liquidity providers (LPs), centering on the main adverse selection cost incurred by LPs, which we call "loss-versus-rebalancing" (LVR, pronounced "lever"). The central contribution is a "Black-Scholes formula for AMMs". LVR captures the informational asymmetry in AMMs due to stale prices that are picked off by better informed arbitrageurs. We are able to derive closed-form expressions for this adverse selection cost, for all automated market makers, including constant function market makers and those featuring concentrated liquidity (e.g., Uniswap v3). Quantitatively, empirically observed delta-hedged LP returns closely match our quantitative model. LVR can also inform the design of the next generation of market mechanisms---in fact, LVR has been considered as a centerpiece in decentralized finance, and has had wide impact in the industry with subsequent ongoing work to mitigate LVR in AMMs.

Bio

Jason Milionis is a 3rd year Ph.D. student in the Computer Science Department at Columbia University, advised by Christos Papadimitriou and Tim Roughgarden. His research interests span the intersection of algorithmic game theory and economics with emerging areas of computation, especially blockchains and machine learning. On the former, he studies blockchains and their applications especially in decentralized finance as innovative frameworks that pose unique incentive alignment challenges. Jason previously graduated with the highest honors from the National Technical University of Athens (NTUA) in Electrical and Computer Engineering, majoring in Computer Science.

Talk Title

Sailfish: Towards Improving Latency of DAG-based BFT

Abstract

Existing DAG-based BFT protocols exhibit long latency to commit decisions. The primary reason for such a long latency is having a leader every 2 or more “rounds”. Even under honest leaders, these protocols require two or more reliable broadcast (RBC) instances to commit the proposal submitted by the leader (leader vertex), and additional RBCs to commit other proposals (non-leader vertices). In this work, we present Sailfish, the first DAG-based BFT that supports a leader vertex in each round. Under honest leaders, Sailfish maintains a commit latency of one RBC round plus 1\delta time to commit the leader vertex (where \delta is the actual transmission latency of a message) and only an additional RBC round to commit non-leader vertices.

Bio

Kartik Nayak is an assistant professor in the Department of Computer Science at Duke University and a staff researcher at Espresso Systems. He works in blockchains and applied cryptography. Before joining Duke University, he spent a year as a postdoctoral researcher at VMware Research. Before that, he graduated from the University of Maryland, College Park. He has served on program committees of several top-tier conferences, such as IEEE SP, ACM CCS, PODC, VLDB, Asiacrypt, Financial Cryptography and PoPETS. Kartik is a recipient of the 2016 Google Ph.D. fellowship in Security. His research is funded by the NSF CAREER Award, several NSF SaTC Awards, VMware Early Career Grant Award, Novi, Zcash Foundation, and Ethereum Foundation.

Talk Title

Why Bitcoin and Ethereum Differ in Transaction Costs: A Theory of Blockchain Fee Policies

Abstract

Blockchains, the technology underlying cryptocurrencies, face large fluctuations in user demand and marginal costs. These fluctuations make effective fee policies necessary to manage transaction service allocation. This paper models the conflict between the blockchain designer and validators with monopoly power in choosing between price-setting and quantity-setting fee policies. The key determinants of the advantage of price-setting on blockchains are the validators' bargaining power, the elasticity of demand, the validators' uncertainty about demand, and the covariance of demand and marginal costs. My results help account for differences between the fee policy designs of Bitcoin and Ethereum, the leading blockchains, and have implications for how they can be improved.

Bio

I am currently an Assistant Professor of Economics at New York University, Leonard N. Stern School of Business, and a Research Affiliate at the Centre for Economic Policy Research.

My research focuses on the impact of incentives in macroeconomic environments. I investigate issues related to public finance, labor economics, and the emerging areas of blockchains and decentralized finance. To tackle these topics, I use several tools, from mechanism design, contract theory, and optimal control. Click here for more information and to read my full research papers.

I completed my undergraduate studies at École Polytechnique in Paris. I then earned my Ph.D. in Economics from Northwestern University in 2018, where I was advised by Professors Pavan, Lorenzoni, and De Nardi. After that, I spent a year as a postdoc at the Federal Reserve Bank of Chicago from 2018 to 2019.

Talk Title

Automated Exchange Economies

Abstract

The canonical mechanism for financial asset exchange is the limit-order book. In decen- tralized blockchain ledgers (DeFi), costs and delays in appending new blocks to the ledger render a limit-order book impractical. Instead, a “pricing curve” is specified (e.g., the "constant product pricing function") and implemented using smart contracts deployed to the ledger. We develop a framework to study the equilibrium properties of such markets. Our framework provides new insights into how informational frictions distort liquidity provision in DeFi markets.

Bio

Bryan Routledge is an Associate Professor of Finance at the Tepper School of Business, Carnegie Mellon University. He received his Ph.D. from the University of British Columbia in 1996. His research includes modeling the risk premia, blockchain incentives, stable coins, cryptocurrency derivative markets, natural language processing, data ethics, and machine learning. He is an associate editor at the Journal of Quantitative Finance and the Critical Review of Finance, and the Secretary Treasurer of the Western Finance Association. At the Tepper School he has taught a broad set of courses including, Venture Capital, Blockchain, Fintech, Alpha, Finance Core, and Business Science. He is currently developing and teaching a new class on the AI applications to Business. In 2022-2023, he was a Provost Inclusive Teaching Fellow. Previously, he was the co-chair of the working group that helped lead the design and construction of the Tepper Quad project that was completed in 2018.

Talk Title

Policy Panel

Abstract

Thomas will serve as a panelist on the policy panel.

Bio

Thomas Ruchti joined the OFR in 2022. His research focuses on earnings management and disclosure, financial intermediation, and market microstructure. Previously, he was an assistant professor at Carnegie Mellon University's Tepper School of Business. He holds a doctorate in social sciences from California Institute of Technology, and a bachelor's degree in mathematics from Ohio University.

Talk Title

TBD

Abstract

Forthcoming

Bio

Paul Sengh is the co-founder of OpenBlock Labs, an incentive modeling and analytics platform for decentralized protocols. OpenBlock has spearheaded incentive initiatives for leading protocols in the space, such as EigenLayer, Lido, Arbitrum, Solana, Sui, and many others. Prior to OpenBlock, Paul was an ML research scientist at Stanford University and has worked on startups in the ML space. Paul holds a B.S. in computer science from Carnegie Mellon University.

Talk Title

Elaine Shi, Co-Director of the Carnegie Mellon University Secure Blockchain Initiative, will provide opening and closing remarks during the Secure Blockchain Summit, as well as moderate sessions and panels during the summit.

Abstract

N/A

Bio

I am an Associate Professor at Carnegie Mellon University's Computer Science Department and Department of Electrical and Computer Engineering. I design and build systems that are efficient, provably secure, and friendly to users and programmers. To this end, I take an interdisciplinary approach that blends cryptography, systems security, and language-based security.

I am interested in cryptography, game theory, algorithms, and foundations and blockchains. I am part of the CMU crypto group.

Talk Title

Panel discussion on policy and governance for blockchains and other distributed ledgers

Abstract

N/A

Bio

Chester Spatt is the Pamela R. and Kenneth B. Dunn Professor of Finance at the Tepper School of Business at Carnegie Mellon University, where he has taught since 1979. He served as Chief Economist of the U.S. Securities and Exchange Commission (2004-2007). He earned his Ph.D. in economics from the University of Pennsylvania and received his undergraduate degree from Princeton University.

Professor Spatt is a well-known scholar studying financial economics with broad interests in financial markets. He has been a leading expert on market structure and trading, mortgage valuation and contracting, taxation and asset allocation and financial regulation. His co-authored 2004 paper in the Journal of Finance on asset location won TIAA-CREF’s Paul Samuelson Award for the Best Publication on Lifelong Financial Security. He has served as Executive Editor and one of the founding editors of the Review of Financial Studies, President and a member of the Founding Committee of the Society for Financial Studies, President of the Western Finance Association, and is currently an Associate Editor of several finance and real estate journals. He also is currently a member of the Financial Economists Roundtable, a Research Associate of the National Bureau of Economic Research, and has served as a member of the Federal Reserve’s Model Validation Council, the Advisory Committee of the Office of Financial Research, the Equity Market Structure Advisory Committee of the SEC, the Shadow Financial Regulatory Committee and the Systemic Risk Council.

Talk Title

Optimal Flexible Consensus and its Application to Ethereum

Abstract

Classic BFT consensus protocols guarantee safety and liveness for all clients if fewer than one-third of replicas are faulty. However, in applications such as high-value payments, some clients may want to prioritize safety over liveness. Flexible consensus allows each client to opt for a higher safety resilience, albeit at the expense of reduced liveness resilience. We present the first construction that allows optimal safety-liveness tradeoff for every client simultaneously. This construction is modular and is realized as an add-on applied on top of an existing consensus protocol. The add-on consists of an additional round of voting and permanent locking done by the replicas, to sidestep a sub-optimal quorum-intersection-based constraint present in previous solutions. We adapt our construction to the existing Ethereum protocol to derive optimal flexible confirmation rules that clients can adopt unilaterally without requiring system-wide changes. This is possible because existing Ethereum protocol features can double as the extra voting and locking. We demonstrate an implementation using Ethereum's consensus API.

Bio

Education:

1. B.Tech. in Electrical Engineering (2015 - 2019)
   Indian Institute of Technology Bombay (Mumbai, India)
2. PhD in Electrical Engineering (2019 - present)
   Stanford University (California, USA)

My current research is on the security and performance of blockchain protocols. I am also broadly interested in information theory, machine learning, and their intersections. I am grateful to have Prof. David Tse as my PhD advisor.

Please look at my projects to know about my research and publications.

I am also a violinist and singer in the Carnatic (south Indian) classical style of music. I am an ardent fan of Indian classical music and I'm committed to preserving and popularising this art.

Youtube link to my performances

Talk Title

TBD

Abstract

TBD

Bio

Abhishek (Abhi) Srivastava currently serves as Associate Vice President of the DeFi and Digital Assets (DFDA) team at Moody's Ratings. His role entails the comprehensive analysis of emerging digital assets landscape, digital financial products and services, as well as publishing researches that can help traditional financial entities have clarity on the digital transformation underway. His team has also been a part of ratings of some of the biggest blockchain-based digital assets recently issued.

Abhi has a bachelor's degree in Electrical Engineering and a Master's in financial risk management. He began his career by leading back-end teams on a variety of data analysis and machine learning projects for some of the biggest banks in India. He also was part of teams designing and executing digital transformation plans for financial institutions. His experience in these roles provided a solid foundation in both technological innovation and risk management.

After his graduate program in the U.S., Abhis worked as a quantitative researcher for boutique credit risk research firms before joining Moody's, where he has been working for close to six years now. His present role helps leverage both his technology and financial risk assessment experiences to help financial institutions navigate the dynamic landscape of blockchain and digital assets.

Abhi is an FRM certification holder and has completed an intensive certificate program on Fintech and blockchain at Columbia University.

Talk Title

The Blockchain Accounting Standard Foundation

Abstract

Ben is excited to announce the creation of the Blockchain Accounting Standards Foundation, which aims to create, maintain, and promote a digital asset accounting schema that facilitates the conversion of digital asset transactions into standardized accounting journal entries. The schema will define a data specification and outline the minimum types of data required from digital asset data providers to enable accurate and consistent financial reporting. This schema provides a standardized framework for converting digital asset transactions into accounting journal entries, facilitating accurate and efficient financial reporting in the rapidly growing digital asset ecosystem. Ben and his team are actively seeking feedback as they refine the draft schema, and they are eager to speak with anybody interested in this initiative.

Bio

A CPA with more than ten years of varied public and private accounting experience, Ben Taylor has led many complex financial projects to successful outcomes. He began his career at Ernst & Young, followed by in-house management roles at Fannie Mae and other public companies.

Ben holds a B.S. in Accounting from the University of Maryland.

Talk Title

Panel discussion on policy and governance for blockchains and other distributed ledgers

Abstract

N/A

Bio

Peter is Director of Research at Coin Center, the leading non-profit research and advocacy group focused on the public policy issues facing cryptocurrency technologies such as Bitcoin and Ethereum. He's a founding board member of the Zcash Foundation, a non-profit charity dedicated to building financial privacy infrastructure for the public good, and an advisor to StarkWare, a company on the forefront of developing trust-minimized scaling solutions for blockchains using zero-knowledge proof cryptography. He is a graduate of NYU Law, has a BS in economics from George Mason University, and is a self-taught web developer. He drafts Coin Center's public regulatory comments, and helps shape its research agenda. He has testified before the Senate Banking Committee, and the House Financial Services and Energy and Commerce Committees. He has briefed staff and members of the EU parliament, and educated policymakers and regulatory staff around the world on the subject of cryptocurrency regulation and decentralized computing systems. Previously, he was a Google Policy Fellow and collaborated with various digital rights organizations on projects related to privacy, surveillance, and digital copyright law. In a former life he was a working actor in New York City and Washington, D.C. theater.

Talk Title

Revisiting the Primitives of Transaction Fee Mechanism Design

Abstract

[Roughgarden, 2021] introduces the field of Transaction Fee Mechanism Design -- the study of auctions run by untrusted miners for transaction inclusion in a blockchain. The work poses desiderata that `good' transaction fee mechanisms should satisfy, which underlie (together with a slight modification posed in [Chung and Shi, 2023]) this rapidly evolving research agenda. Informally, they aim to capture when an auction is `simple for users' (User Incentive Compatibility, UIC), `simple for miners' (Myopic Miner Incentive Compatibility, MMIC), and `resistent to collusion' (Off-Chain Agreement Proof, OCA-Proof [Roughgarden, 2021], or c-Side-Contract-Proof, c-SCP [Chung and Shi, 2023].

We argue that these desiderata are both too restrictive and too permissive, and provide alternative desiderata. Specifically, we argue that the Multi-Party Computation-assisted Second-Price Auction should be considered `simple for miners', although it is not MMIC. We also argue that EIP-1559 should not be considered `simple for miners' (even in the unlimited supply setting), although it is MMIC.

We propose alternative desiderata to capture `simple for users', `simple for miners', and `collusion resistant', motivated by the thought of a Bayesian revenue-maximizing miner. We prove that no mechanism satisfies all three definitions, even in the unlimited supply setting (whereas EIP-1559 is UIC, MMIC, OCA-Proof, and ∞-SCP). Finally, we argue that `simple for users' and `simple for miners' might suffice in some settings (the MPC-assisted Second-Price Auction satisfies both), and evaluate other auctions (such as [Ferreira and Weinberg, 2021]'s Deferred-Revelation Auction) through our framework.

Bio

As of January 2017, I'm a faculty member at Princeton University in the Department of Computer Science.

My primary research interest is in Algorithmic Mechanism Design: algorithm design in settings where users have their own incentives. I'm also interested more broadly in Economics and Computation, Algorithms Under Uncertainty, and Theoretical Computer Science in general. See here for more details.

Before joining the faculty at Princeton, I spent two years as a postdoc in Princeton's CS Theory group, and was a research fellow at the Simons Institute during the Fall 2015 (Economics and Computation) and Fall 2016 (Algorithms and Uncertainty) semesters. I completed my PhD in 2014 at MIT, where I was very fortunate to be advised by  Costis Daskalakis. Prior to that, I graduated from Cornell University with a BA in Math in 2010, where I was also fortunate to have worked with Bobby Kleinberg.

Talk Title

Maximizing Miner Revenue in Transaction Fee Mechanism Design

Abstract

Transaction fee mechanism design is a new decentralized mechanism design problem where users bid for space on the blockchain. Several recent works showed that the transaction fee mechanism design fundamentally departs from classical mechanism design. They then systematically explored the mathematical landscape of this new decentralized mechanism design problem in two settings: in the plain setting where no cryptography is employed, and in a cryptography-assisted setting where the rules of the mechanism are enforced by a multi-party computation protocol. Unfortunately, in both settings, prior works showed that if we want the mechanism to incentivize honest behavior for both users as well as miners (possibly colluding with users), then the miner revenue has to be zero. Although adopting a relaxed, approximate notion of incentive compatibility gets around this zero miner-revenue limitation, the scaling of the miner revenue is nonetheless poor.

In this talk, we show that if we make a mild reasonable-world assumption that there are sufficiently many honest users, we can circumvent the known limitations on miner revenue, and design auctions that generate asymptotically optimal miner revenue. We also systematically explore the mathematical landscape of transaction fee mechanism design under the new reasonable-world assumptions, and demonstrate how such assumptions can alter the feasibility and infeasibility landscape.

Bio

Ke Wu is a Ph.D. candidate at Carnegie Mellon University, advised by Elaine Shi. Her research focused on combining cryptography and game theory to model incentives and design incentive-compatible mechanisms. Before joining CMU, she completed her MS in CS in 2017 at Johns Hopkins University, where she worked with Xin Li on coding theory. Prior to that, she graduated from Fudan University with a BA in Math in 2016.

Talk Title

Ariel Zetlin-Jones, Co-Director of the Carnegie Mellon University Secure Blockchain Initiative, will provide opening and closing remarks during the Secure Blockchain Summit, as well as moderate sessions and panels during the summit.

Abstract

N/A

Bio

Ariel Zetlin-Jones is an associate professor of Economics in Carnegie Mellon University's Tepper School of Business and is affiliated with the CyLab Security and Privacy Institute.

Talk Title

Proof of Compliance for Anonymous, Unlinkable Messages

Abstract

Anonymous systems are susceptible to malicious activity. For instance, in anonymous payment systems, users may engage in illicit practices like money laundering. Similarly, anonymous federated learning systems decouple user updates to a central machine learning model from the user's identity; malicious users can manipulate their updates to poison the model. Today, compliance with system-generated rules in such systems can be guaranteed at the level of a single message by utilizing Zero-Knowledge Proofs (ZKP). However, it remains unclear how to prove compliance for rules that are defined over a collection of a user's messages, without compromising the unlinkability of the messages.

To address this challenge, we propose an efficient protocol called Shuffle-ZKP, which enables users within an unlinkable messaging system to collectively prove their compliance. Our protocol leverages a distributed and private set equality check protocol along with generic Non-Interactive Zero-Knowledge (NIZK) proof systems. We also provide an additional attributing protocol to identify misbehaving users. We theoretically analyze the protocol's correctness and privacy properties; we then implement and test it across multiple use cases. Our empirical results show that in use cases involving thousands of users, each user is able to generate a compliance proof within 0.2-10.6 seconds, depending on the use case, while the additional communication overhead remains under 3KB. Furthermore, the protocol is computationally efficient on the server side; the verification algorithm requires a few seconds to handle thousands of users in all of our use cases.

Bio

Mingxun Zhou is a PhD student in the Computer Science Department at Carnegie Mellon University, advised by Elaine Shi and Giulia Fanti. His research focuses on privacy-preserving algorithm design, including differential private algorithms and cryptography. He also has research work on blockchain technology and P2P networks.