Posts in Papers
Utreexo: A dynamic hash-based accumulator optimized for the Bitcoin UTXO set

by Thaddeus Dryja (MIT’s Digital Currency Initiative)

AbstractIn the Bitcoin consensus network, all nodes come to agreement on the set of Unspent Transaction Outputs (The “UTXO” set). The size of this shared state is a scalability constraint for the network, as the size of the set expands as more users join the system, increasing resource requirements of all nodes. Decoupling the network’s state size from the storage requirements of individual machines would reduce hardware requirements of validating nodes. We introduce a hash based accumulator to locally represent the UTXO set, which is logarithmic in the size of the full set. Nodes attach and propagate inclusion proofs to the inputs of transactions, which along with the accumulator state, give all the information needed to validate a transaction. While the size of the inclusion proofs results in an increase in network traffic, these proofs can be discarded after verification, and aggregation methods can reduce their size to a manageable level of overhead. In our simulations of downloading Bitcoin’s blockchain up to early 2019 with 500MB of RAM allocated for caching, the proofs only add approximately 25% to the amount otherwise downloaded.

Read More
Cryptanalysis of Curl-P and Other Attacks on the IOTA Cryptocurrency

By Ethan Heilman (Boston Uni), Neha Narula (MIT Media Lab), Garrett Tanzer (Harvard), James Lovejoy (MIT Media Lab), Michael Colavita (Harvard), Madars Virza (MIT Media Lab), and Tadge Dryja (MIT Media Lab)

We present attacks on the cryptography formerly used in the IOTA blockchain, including under certain conditions the ability to forge signatures. We developed practical attacks on IOTA’s cryptographic hash function Curl-P-27, allowing us to quickly generate short colliding messages. These collisions work even for messages of the same length. Exploiting these weaknesses in Curl-P-27, we broke the EU-CMA security of the former IOTA Signature Scheme (ISS). Finally, we show that in a chosen-message setting we could forge signatures and multi-signatures of valid spending transactions (called bundles in IOTA).

Read More
Blockchain and the Value of Operational Transparency for Supply Chain Finance

by Jiri Chod (BU), Nikolaos Trikakis (MIT), Gerry Tsoukalas (Upenn Wharton), Henry Aspegren (MIT), and Mark Weber (MIT). Nominated for an award in the Journal of Management Science. Sept 15th, 2018

In this paper, we develop a new theory that shows signaling a firm's fundamental quality (e.g., its operational capabilities) to lenders through inventory transactions to be more efficient --- it leads to less costly operational distortions --- than signaling through loan requests, and we characterize how the efficiency gains depend on firm operational characteristics such as operating costs, market size, inventory salvage value and failure probability.

Read More
Utreexo: A dynamic accumulator for Bitcoin state - A description of research by Thaddeus Dryja

One of the earliest-seen and most persistent problems with Bitcoin has been scalability.  Bitcoin takes the idea of "be your own bank" quite literally, with every computer on the bitcoin network storing every account of every user who owns money in the system.  In Bitcoin, this is stored as a collection of "Unspent transaction outputs", or "utxo"s, which are somewhat unintuitive, but provide privacy and efficiency benefits over the alternative "account" based model used in traditional finance.

Read More
Cellular structure for a digital fiat currency

This paper by DCI Reserach Scientist Robleh Ali sets out a structure for a digital fiat currency system. The primary benefit of the cellular structure is that it lowers barriers to entry for payments by using trustless intermediation between cells in the system. The larger purpose of this structure is to create an open foundation for a decentralized financial system in which competition can thrive but which cannot be captured by private interests.

Read More