Event

PhD Defense: Security and Privacy of Blockchain Protocols and Applications

  • Conférencier  Sergei Tikhomirov

  • Lieu

    LU

Please click on the link to register and connect you to the online PhD defense.

Please note that the public part of the defense starts at 5.00 p.m., please use the above mentioned link to join the event.

You may need to wait some moments until the conference e-room opens to the public.

Members of the defense committee:

  • Chairman: A-Prof. Dr Volker Müller, University of Luxembourg
  • Deputy Chairman: A-Prof. Dr Andrew Miller, University of Illinois, Urbana-Champaign
  • Supervisor: Prof. Dr Alex Biryukov, University of Luxembourg
  • Member: Dr Patrick McCorry, PISA Research, London
  • Member: Prof. Dr Matteo Maffei, TU, Wien
  • Expert in an advisory capacity: Dr Arthur Gervais, Imperial College, London

Abstract:

Bitcoin is the first digital currency without a trusted third party. This revolutionary protocol inspired multiple alternative projects that aim to address its limitations such as scalability and privacy. This new area of research at the intersection of computer science and economics is often characterized by the term blockchain.

This thesis explores the security and privacy of blockchain systems.

A cryptocurrency is based on a peer-to-peer network. Performance, resilience, and privacy of the P2P layer are important for the protocol as a whole. In Part 1, we study the P2P networks of Bitcoin and selected privacy-focused cryptocurrencies. We introduce a new attack on privacy that allows an attacker to link transactions issued by the same node. We test the efficiency of the attack in real networks, successfully linking our own transactions. We provide a separate study of the privacy characteristics of mobile cryptocurrency wallets. We discover that very few wallets follow the best practices regarding their users’ privacy.

The architecture of Bitcoin and similar cryptocurrencies emphasizes security but severely limits the transaction throughput. Off-chain protocols address this issue. Part 2 is dedicated to the Lightning Network (LN) – a prominent Bitcoin-based off-chain protocol. Lightning performs transactions off-chain but allows for on-chain dispute resolution. This ensures low latency while inheriting most of Bitcoin’s security guarantees. We introduce a probing attack that allows to quickly discover user balances in the LN. We analyze the likelihood of various privacy attacks on the LN depending on a number of parameters. We describe a limitation on the number of concurrent LN payments and quantify its effects on the transaction throughput.

Bitcoin allows only a limited means to define how coins can be spent. Ethereum is a blockchain network with a focus on programmability. It allows writing programs in a Turing-complete language and permanently store them on-chain. Such programs are called smart contracts and are usually written in a high-level language Solidity. Part 3 explores the security and privacy of smart contracts in Ethereum. We propose Findel – a Solidity-based declarative domain-specific language for financial contracts. We classify the vulnerabilities in real-world Ethereum contracts. We present SmartCheck – a static analysis tool for bug detection in Solidity. We describe an Ethereum-based cryptographic protocol for more privacy-preserving regulation compliance.