The summer school will take place from September 2nd, 2019 to including September 5th, 2019.
Details about the social event are currently being finalized.
NOCUST - A Securely Scalable Commit-Chain
To scale permissionless blockchains, one potential approach known as Layer 2 scaling is to off-load transactions from the blockchain. The Blockchain is then used only as a resource, in case of disputes. Commit-chains are layer 2 solutions that as opposed to side-chains do not require any additional consensus mechanism to operate. Therefore, it inherits security from the parent blockchain. This talk will cover NOCUST, a securely scalable commit-chain construction. We will show how NOCUST can grow in practice to over one billion users with small operating costs. We will demonstrate how the system can function securely while users stay custodian of their assets entirely. Further, Layer 2 is an excellent opportunity to fix some of the significant issues with blockchain’s user experience. Currently, transactions are slow to process, require block confirmations and users need to pay complex gas fees. With NOCUST, transactions are confirmed almost instantly and do not expect any gas fees to be paid. This presentation is relevant for hackers and developers because it will provide the tools, such as the NOCUST SDK, for them to build scalable blockchain applications with the enhanced user experience.
Arthur Gervais is Co-founder and CEO of Liquidity Network; a leading Layer 2 project on top of Ethereum which provides transfer and swap platform for any token. Arthur obtained his Ph.D. from ETH Zurich on the topic of blockchain security and was also co-founder of the smart contract formal verification tool securify.ch. He is an accomplished academic speaker, specializing in three areas: IT-security, privacy, and scalability. One of his most recently published papers is NOCUST - a securely scalable commit-chain, is similar to a side-chain, but doesn’t require an additional consensus mechanism and solely relies on the security of its parent-chain. Please also see more at Arthur’s site arthurgervais.com.
Foundations of Distributed Trust
Although practical Byzantine fault-tolerant (BFT) consensus protocols have been available for two decades, they have never been deployed in production until very recently. The widespread interest in cryptocurrencies and blockchains has changed this. BFT consensus protocols are at the heart of many current blockchain platforms, which run without a central authority.
This presentation will explore the foundations of BFT consensus, such as quorum systems, reliable broadcasts, and protocols for storing data. Furthermore, the talk also discusses protocols with asymmetric trust. By letting nodes express their subjective assumptions of whom they trust and by how much, this model bridges between standard BFT consensus and decentralized blockchains. The approach is related to consensus in the Ripple and Stellar blockchains, which have introduced similar ideas but only with a heuristic approach.
Christian Cachin is a professor of computer science at the University of Bern, where he leads the cryptology and data security research group since 2019. Prior to that he worked for IBM Research - Zurich during more than 20 years. He has held visiting positions at MIT and at EPFL and has taught at several universities during his career in industrial research. He graduated with a Ph.D. in Computer Science from ETH Zurich in 1997. An IEEE Fellow, ACM Distinguished Scientist, and recipient of multiple IBM Outstanding Technical Achievement Awards, he has also served as the President of the International Association for Cryptologic Research (IACR) from 2014-2019.
With a background in cryptography, he is interested in all aspects of security in distributed systems and especially in cryptographic protocols, consistency, consensus, blockchains, and cloud-computing security. He has developed many cryptographic protocols, particularly for achieving consensus and for executing distributed cryptographic operations over the Internet. In the area of cloud computing, he has contributed to standards in storage security and developed protocols for key management.
Permissioned Blockchains: What, Why, How
Permissioned blockchains allow a well identifiable set of participants to run blockchain technology in a setting where the involved parties require some means of identifying each other while not necessarily fully trusting the other members of the network. This represents an emerging alternative to permissionless blockchains (in which anybody can participate, e.g., Bitcoin, Ethereum) that better addresses the needs of business applications of blockchain technology and distributed ledgers. In this talk, we will explore permissioned blockchain technologies with a focus on the Hyperledger Project, a prominent open-source initiative under the patronage of the Linux Foundation, dedicated to bringing blockchain technologies to businesses.
Angelo De Caro joined the Storage Systems group of IBM Research – Zurich in May 2015. His research is focused on the Hyperledger fabric and the privacy and cryptography of the blockchain. Angelo received his PhD in Computer Science in 2013 from the University of Salerno, in Italy, under the supervision of Prof. Carlo Blundo and Prof. Giuseppe Persiano. After his PhD, he worked with Dr. Tatsuaki Okamoto at NTT, Japan, in 2013 and with Prof. Michel Abdalla at École normale supérieure, France, in 2014-2015. Angelo has been also engaged in several EU projects including ECRYPTII (European Network of Excellence in Cryptology II) and TREDISEC (Trust-aware, REliable and Distributed Information SEcurity in the Cloud). His research interests are in theoretical cryptography and its applications to the blockchain and the cloud.
Towards an Open-source and Off-chain Financial System
Cryptocurrencies do not scale. Fundamentally, there is a tradeoff between the network’s throughput and the diversity of peers who can verify transactions in real time (and thus hold the block producers accountable). In this talk, we provide an overview of an alternative scaling approach, off-chain protocols, that lets parties transact (or execute the terms of a smart contract) locally amongst themselves instead of the global network. Off-chain is remarkable as in the best case it lets parties bypass all network fees and blockchain latency. We’ll cover the two leading approaches, channel-based networks and commit-chains, that together is leading to the emergence of a global, off-chain and permissionless financial system. Finally we discuss a new security assumption introduced by off-chain protocols, the always online assumption, and how the the community are trying to alleviate it.
Patrick McCorry works on the open-source project PISA. He was previously an Assistant Professor at King’s College London. His focus is cryptocurrencies, smart contracts, cryptography and decentralised systems. Patrick is the UK’s first PhD graduate in Cryptocurrencies and his work has recently appeared at Devcon3 and 4, Scaling Bitcoin 2017, Breaking Bitcoin 2017 and BPASE 2018 alongside numerous academic venues.
Designing a Usable Cryptocurrency for the Web - Nimiq
Most of today’s blockchain and cryptocurrency systems are very technical, hard to use by non-experts and require users to download large amounts of data, providing a high barrier of entry. Thus, non-technical users often trade in security for usability, for example by choosing centralized, custodial services over decentralized, non-custodial alternatives.
The presentation will go into the technical depths of our current blockchain implementation and planned improvements. We will introduce our novel consensus algorithm called Albatross. We will also give an overview of Nimiq OASIS, an open scheme for atomic asset swaps. In collaboration with a bank, this will allow atomically swapping fiat currencies like the Euro with Hashed Timelock-compatible cryptocurrencies like Nimiq – without introducing additional trusted parties.
Pascal Berrang is a Blockchain Researcher and Developer at Nimiq. He obtained his PhD from CISPA, Saarland University on the topic of biomedical data privacy in 2018. For his thesis, he received the Dr.-Eduard-Martin award. He is also a member of the saarsec CTF team, regularly finishing those hacking competitions in the top 3. His interests lie in the areas of IT-security, privacy and scalability with a focus on distributed ledgers.
Practical Safety Certification of Ethereum Smart Contracts
Certification of smart contracts is a pressing security concern. Today, billions worth of USD are controlled by smart contracts, and only in the past few years, millions of these have been lost by exploiting subtle flaws found in the code of these contracts. To prevent these exploits, we need to formalize and verify the contract’s requirements before its deployment on the blockchain. Temporal safety properties are a natural fit for capturing custom requirements of smart contracts: the functions of the contract are executed in an infinite loop, processing a new transaction at each iteration, and its requirements typically specify which sequences of states are considered valid.
In this talk, we will overview the landscape of existing security tools for automated testing (e.g. fuzzing) and security analysis (e.g. based on symbolic execution, static analysis, and interactive theorem provers). I will explain how these techniques differ in terms of the guarantees they provide and the level of automation they can achieve.
Given this background, we will also present opportunities to build next-generation automated security tools which are capable to verify the safety of smart contracts with little manual effort. We will demonstrate that a careful combination of techniques, such as predicate abstraction, is practical and useful, by demo-ing how it is used to verify properties for popular libraries, such as ERC20 and SafeMath implementations.
Dr. Hubert Ritzdorf is the CTO and co-founder of ChainSecurity. He earned his PhD from ETH Zurich in 2018, working on the security of cloud and blockchain services for 5+ years. During his research he proposed novel protocols and analysed existing ones.
At ChainSecurity, Hubert leads the auditing and designs new analysis tools that make audits faster and more secure. He has audited the smart contracts of over 40 clients which raised hundreds of million Dollars in their ICOs and in the process has found countless critical vulnerabilities that would have allowed an attacker to steal or divert funds. Hubert has also provided design consultation for blockchain-based systems and has reviewed several high-level protocols built around smart contracts.
Proof Systems for Sustainable Blockchains: How to Prove You Waste Space and Time
The security of Bitcoin’s blockchain requires that honest miners constantly dedicate more computational power towards securing the blockchain than is available to a potential adversary. This leads to a massive waste of energy; at its hitherto peak, the electricity used for Bitcoin mining equaled the electricity consumption of Austria. In this lecture I will discuss how disk-space, instead of computation, can be used as a resource to construct a more sustainable blockchain. We will discuss definitions and constructions of “proofs of space” and “verifiable delay functions”, and how they can be used to construct a Blockchain with similar dynamics and security properties as the Bitcoin blockchain.
Krzysztof Pietrzak is a cryptographer and since 2011 professor at the Institute of Science and Technology Austria (IST Austria). His research spans theoretical and applied aspects of information security, more recently also in the blockchain space. He is the recipient of an ERC starting and consolidator grant and three Eurocrypt best paper awards.
Algorand: A Secure, Scalable and Decentralized Blockchain
Blockchains stand to revolutionize the way a modern society operates. They can secure all kinds of traditional transactions, such as payments, in the exact order in which the transactions occur; and enable totally new transactions, such as cryptocurrencies and smart contracts. They can remove intermediaries and usher in a new paradigm for trust. As currently implemented, however, blockchains scale poorly and cannot achieve their enormous potential. Algorand is the first blockchain that is truly secure, scalable and decentralized. It is permissionless and works in a highly asynchronous environment. It dispenses with “proof of work” and “miners” and requires only a negligible amount of computation. Moreover, its transaction history does not “fork”, guaranteeing immediate finality of a transaction the moment the transaction enters the blockchain.
Jing Chen is Chief Scientist and Head of Theory Research at Algorand, and Assistant Professor in the Computer Science Department at Stony Brook University. Her main research interests are distributed ledgers, game theory, and algorithms. Jing received her bachelor and master’s degrees in computer science from Tsinghua University, and her PhD in computer science from MIT. She did a one-year postdoc at the Institute for Advanced Study, Princeton. Jing received the NSF CAREER Award in 2016.
Building Privacy-Preserving Dapps with NuCypher
NuCypher develops cryptographic solutions for privacy management and data governance, including the NuCypher Network, the leading privacy management layer for blockchain and Ethereum, and NuFHE, the fastest available fully homomorphic encryption library.
Nimiq provides two kinds of integrations:
- Core Client API: A low-level API to interact directly with the blockchain, accounts and transactions programmatically (browser and NodeJS)
- Nimiq Hub API: A high-level API to create beautiful checkout and signature requests for your users (browser only)
We will show how you can connect to the blockchain in 3 lines of code and further interact with addresses and transactions programmatically. We’ll also show how to easily request payments in your webapp or webshop, and how to interact directly with your users’ Nimiq accounts to sign transactions and messages.
We will prepare a few simple app ideas to quickly try out your newfound knowledge! Our API documentation and tutorials are available at https://nimiq.com/developers.
Requirements: It would be good for the participants to bring their laptop to get some hands-on experience.