ECEN 5033/CSCI 4830 Cryptocurrency Security

Spring 2019

Course info

In this course, we will cover the basics of Cryptocurrencies and Blockchain (including Bitcoin, Ethereum, and others), with a specific focus on practical security concerns. We'll cover a wide range of topics such as basic cryptography, smart contracts, common vulnerabilities, network attacks on blockchains, transaction privacy and analysis, and more.

Location: ECES 114
Time: Tue/Thu 3:30 PM - 4:45 PM
Professor: Eric Wustrow <ewust@colorado.edu> ECCR 1B13
Office Hours: Wed 11am-12pm or by appointment
Piazza: https://piazza.com/class/jqy0tbymnq12p6 Piazza signup: signup

Grading

The class will be a mix of hands-on assignments and papers, and students are expected to come to class prepared to discuss the latest tools or papers from assignments. Students will be selected to lead discussions on topics throughout the semester. In groups of 2 or 3, students will conduct an open-ended original research project in the area of Cryptocurrency, and submit a short writeup as a final project.

Paper reviews

For each paper we read, please submit a short (~150-300 word) summary that describes the paper, and a few discussion questions for the paper; for example, insights, questions, future directions, etc. Please send these to ewust@colorado.edu with the subject "5033 reading" before class, and include your review as inline text in the email. It's ok to include multiple reviews in the same email, just make the separation clear.

In-class presentations

Working in groups of 2 or 3, pick a topic (or propose a new one!) and present it to the class. Presentations should be 15-20 minutes, and should end prompting discussion questions to the class. Send an email to me (ewust@colorado.edu) with your top 2 choices and who your partner(s) will be by class on January 31.

Final Project

Each group will give a 10-15 minute presentation in class, describing what problem they are solving, how they solved it, and anything they plan to do by the due date of the final project. There will be a couple minutes for Q&A for each group. Final papers will be due Monday, May 6, 11:59PM MDT. Please submit papers in USENIX format as a single PDF, 5-8 pages in length, including references.

Schedule

Date Topic
Week 1
Tue, Jan 15 Introduction [slides]
Thu, Jan 17 Crypto means Cryptography
Hashes, entropy, encryption
[slides]
Week 2
Tue, Jan 22 Asymmetric cryptography
public/private keys, RSA
[slides]
Thu, Jan 24 Signatures, ECDSA Project 1: Crypto released
[slides]
Week 3
Tue, Jan 29 Bitcoin
Proof of work
Reading: Bitcoin: A Peer-to-Peer Electronic Cash System - Satoshi Nakamoto
[slides]
Thu, Jan 31 Transactions, Mining pools, Forks Send in-class presentation choices
Week 4
Tue, Feb 5 Ethereum
Smart contracts
Reading: Ethereum White Paper
Thu, Feb 7 Programming smart contracts Project 1: Crypto due
Project 2: Smart contracts released
Week 5
Tue, Feb 12 Smart contracts continued
Thu, Feb 14 Smart contract vulnerabilities Analaysis of the DAO Exploit
Week 6
Tue, Feb 19 Smart contracts
Thu, Feb 21 Efficient transactions Lightning Network Presentation
Week 7
Tue, Feb 26 No class Project 2: Smart contracts due
Thu, Feb 28 No class Project proposals due by email
Week 8
Tue, Mar 5 Proof of work: Selfish Mining Reading: Majority is not Enough: Bitcoin Mining is Vulnerable - Ittay Eyal and Emin Gün Sirer
Proof of Work presentation
Mining attacks presentation
Thu, Mar 7 Project Proposals ~5 minutes per group
Week 9
Tue, Mar 12 Markets Exchanges presentation
Stablecoins presentation
Thu, Mar 14 Darknet markets Cryptocurrency Marketplaces presentation Mining Pools presentation
Week 10
Tue, Mar 19 Networks
Introduction
Thu, Mar 21 Eclipse attacks Reading: Eclipse Attacks on Bitcoin’s Peer-to-Peer Network - Ethan Heilman, Alison Kendler, Aviv Zohar, and Sharon Goldberg
Week 11
Tue, Mar 26 No class Spring Break
Thu, Mar 28 No class Spring Break
Week 12
Tue, Apr 2 Privacy
Ring Signatures, Monero
Transaction Analysis presentation
Thu, Apr 4 Zero-knowledge proofs, ZCash Reading: Zerocash: Decentralized Anonymous Payments from Bitcoin - Eli Ben-Sasson, Alessandro Chiesa, Christina Garman, Matthew Green, Ian Miers, Eran Tromer, and Madars Virza
Week 13
Tue, Apr 9 Tokens
ICOs
ICO presentation
Thu, Apr 11 Ethereum Lotteries Project checkpoint due by email - 6pm
Ethereum Lotteries presentation
Week 14
Tue, Apr 16 Hardware security
Hardware wallets, side channels
Reading: Lest we Remember: Cold Boot Attacks on Encryption Keys - J. Alex Halderman, Seth D. Schoen, Nadia Heninger, William Clarkson, William Paul, Joseph A. Calandrino, Ariel J. Feldman, Jacob Appelbaum, and Edward W. Felten
Hardware wallet presentation
Thu, Apr 18 Randomness in practice Entropy analysis presentation
Week 15
Tue, Apr 23 Transaction Malleability Reading: Bitcoin Transaction Malleability and MtGox - Christian Decker and Roger Wattenhofer
Thu, Apr 25 No class Work on final projects!
Final week
Tue, Apr 30 No class Work on final projects!
Thu, May 2 Final presentations Each group ~10 minutes
Sun, May 5 Final presentations Each group ~10 minutes
Mon, May 6 Final project report due Final report due by email - 11:59pm

Final Project written proposals

Each group will send an email containing the name(s) of the group members, the title of a proposed topic final project, and a ~300 word abstract describing the problem and solution of the proposed research. Be sure to describe why the problem is important, and what you specifically plan to do. For example, what tool will you build, and how does it help? How will it work? If you're going to do analysis/measurement, what data will you collect, and how will you get it? For smart contracts, how do people currently solve the problem you are trying to solve, and why is it important to do it in a smart contract?

Final Project in-class proposal

Each group will present a short overview (~5 minutes) of their proposed project. This should include what you described in the written abstract, in some more detail, and also touch on related work (keep in mind this may include papers we don't read in class).

Final project written checkpoint

A few weeks after the proposal, each group will send a brief email update on the progress of their project. Of the proposed work, what has been done so far, and what remains to be done? Have you run into any snags or problems, or had to change direction? It's ok to realize an initial approach isn't going to work (this is research!), but have a plan or effort toward what you will do to change directions or fix the problem.

Final project presentations

In the last week of class, each group will be given 10 minutes to present the results of their final project. This should include the motivation (what they problem is, why it's important), previous related work (and why it was insufficient), your solution, and results. We'll have 2-3 minutes for Q & A from the class for each group.

Final project papers

Each group will submit a 5-8 page paper (in USENIX format), due Mon, May 6 at 11:59pm This should look similar to some of the papers we read: in the Introdction, set up the problem and briefly describe your solution. Describe your system or study, and evaluate it or the results in depth. Describe related work, and also potential future work that might build off your work.