DCI Graduate Students

With block rewards dwindling in Bitcoin, a miner’s revenue will become increasingly reliant on transaction fees. However, these transaction fees are highly variable, which could result in undercutting attacks occurring. Undercutting attacks are when miners intentionally fork the blockchain in an attempt to steal transactions from an already-mined block. These attacks could cause repeated forking of the blockchain, thereby rendering Bitcoin unstable and less secure long-term. The original paper [1] proposing these attacks made assumptions about the future mining environment. For instance, they assumed that block size limits were large relative to the number of transactions and that all transactions had the same fee.

This thesis aims to examine whether undercutting attacks would still be a threat under different mining dynamics. Specifically, we examine two important mempool characteristics that have changed since the original paper was written: the block size limit and the fee gradient. By investigating what happens as these characteristics and factors change, our research is able to not only generate a holistic view of whether undercutting attacks are a threat for a wide variety of possible mempool dynamics, but it also provides guidelines on what range each of these measurable characteristics must fall within in order for the blockchain to be secure and stable long-term. Our research found that the blockchain is safe from undercutting attacks when the block size limit is small relative to the number of transactions, but the blockchain becomes more susceptible to undercutting attacks if transactions with much higher fees enter the mempool infrequently even for smaller block size limits. Moreover, we extend the logic of undercutting attacks from the original paper to show that, if the mempool dynamics are such that the undercutting occurs long-term, the tangible impact on users is that very little progress will be made as fully rational miners will end up only including one transaction per block, regardless of the total amount of available transactions.

Thesis supervisor: Neha Narula

Title: Director, Digital Currency Initiative

Abstract: Since Bitcoin and the Unspent Transaction Output (UTXO)model were introduced by Satoshi Nakamoto over a decade ago, there have been many important issues identified with the UTXO model; the most important being that it is hard to extend the model to accommodate more complex use cases, such as those related to decentralized finance. Currently, Ethereum has many decentralized exchanges which allow users to seamlessly make trades. Performing a trade on chain on Bitcoin is quite difficult; currently, the most elegant way is to set up a Discreet Log Contract (DLC) between you and your counter-party. However, this currently have many downsides; for example they are not transferable (i.e. once Alice and Bob sign up for the DLC, they are stuck in the DLC until settlement or they both interactively agree to leave). We fix this by introducing the Transformable Discreet Log Contract (TDLC), which allows a third party, Carol, to swap in for either Alice or Bob midway through the contract with reduced interaction and the Truly Transformable Discreet Log Contract (TTDLC), which allows multiple parties to seamlessly trade the contract around between them. With both the TDLC and the TTDLC, the party swapping into the contract only has to interact with the single party swapping out. The end goal for the work presented in this thesis is to help improve the usability of Bitcoin for advanced use cases such as those relevant to decentralized finance.

Thesis Supervisor: Neha Narula

Title: Director, Digital Currency Initiative

Abstract: Nakamoto consensus has powered Bitcoin and the cryptocurrency industry over the past 10 years, but its security properties when an adversary's economic incentives are taken into account remain poorly understood. Recently, reports of successful real-world attacks against some coins have served as a wake-up call for the industry to review each coins' consensus risk. This research contributes a new system for detecting transaction reordering events against live cryptocurrencies. We deployed the system on a spectrum of dierent cryptocurrencies and combined our results with historical market data to analyze how the properties of each coin aect its consensus risk and evaluate the eectiveness of existing theoretical models for quantifying the cost of attack. We also describe some of the signicant attacks we detected, providing empirical evidence that launching an attack can be practical, and that counterattacking may be a viable strategy for victims to defend themselves from an economically rational adversary.

Thesis Supervisor: Neha Narula

Title: Director, Digital Currency Initiative

Abstract Equivocation allows attackers to present inconsistent data to users. This is not just a problem for Internet applications: the global economy relies heavily on verifiable and transferable records of property, liens, and financial securities. Equivocation involving such records has been central to multi-billion-dollar commodities frauds and systemic collapses in asset-backed securities markets. In this work we present b_verify, a new protocol for scalable and efficient non-equivocation using Bitcoin. b_verify provides the abstraction of multiple independent logs of statements in which each log is controlled by a cryptographic keypair and makes equivocating about the log as hard as double spending Bitcoin. Clients in b_verify can add a statement to multiple logs atomically, even if clients do not trust each other. This abstraction can be used to build applications without requiring a central trusted party. b_verify can implement a publicly verifiable registry and, under the assumption that no participant can double spend Bitcoin, guarantees the security of the registry. Unlike prior work, b_verify can scale to one million application logs and commit 1,112 new log statements per second. b_verify accomplishes this by using an untrusted server to commit one hundred thousand new log statements with a single Bitcoin transaction which dramatically reduces the cost per statement. Users in b_verify maintain proofs of non-equivocation which are comparable in size to a Bitcoin SPV proof and require them to download only kilobytes of data per day. We implemented a prototype of b_verify in Java to demonstrate its ability to scale. We then built a registry application proof-of-concept for tradeable commodity receipts on top of our prototype. The client application runs on a mobile phone and can scale to one million users and ten million receipts.

Thesis Supervisor: Neha Narula

Title: Director of Digital Currency Initiative at the Media Lab

Abstract

The development of decentralized blockchain-based systems has un- locked opportunity in untrusted systems. As more blockchains were cre- ated, however, a lack of interoperability became apparent. In response, centralized exchanges facilitating transactions across different blockchains emerged, reintroducing trusted third parties that blockchains were in part created to eliminate. Although blockchain capabilities were promising, their emergence resulted in embezzlement, hacks, and scandals that re- sulted in significant financial losses. A program allowing for peer to peer cross-chain exchanges would reestablish the decentralized foundation upon which blockchains were built and eliminate the risks associated with cen- tralized exchanges. In this work we extend Lightning Network capabilities and develop a protocol enabling secure peer to peer channels to safely transact across blockchains. The system connects individuals using the Lightning Network’s channel creation functions, and introduces four new channel commands: Price, Compare, Exchange, and Respond. Together, they integrate hashed timelock contracts that introduce peer to peer nego- tiations and exchange functionality from one blockchain to another. With this functionality in place, individuals gain more control over their own assets and rely less on third parties, reaffirming decentralization through- out the blockchain ecosystem and laying a new foundation for distributed systems to interact with less friction.

Thesis Supervisor: Thaddeus Dryja

Title: MIT Digital Currency Initiative Research Scientist

Abstract

This thesis describes the design and implementation of Auditable Private Ledgers (APL), a privacy solution for distributed ledgers that lets third parties audit private ledger data. With the use of permissioned blockchains, zero-knowledge proofs, and additively homomorphic commitments, we are able to provide a balance between privacy and regulation. For this work, I implemented the cryptographic tools in Go, helped develop zero-knowledge proofs to provide data authenticity and integrity, and performed an evaluation of this system to measure its performance. Our work shows that the system is reasonable to run between a small number of participants, and that we can efficiently run private sums without revealing fine-grained inputs.

Thesis Supervisor: Dr. Neha Narula

Title: Director of Digital Currency Initiative, Media Lab