In this course, we will cover the basics of Cryptocurrencies and Blockchain (including Bitcoin, Ethereum, and others), with a specific focus on practical security concerns. We'll cover a wide range of topics such as basic cryptography, smart contracts, common vulnerabilities, network attacks on blockchains, transaction privacy and analysis, and more.
|Time:||Tue/Thu 3:30 PM - 4:45 PM|
|Professor:||Eric Wustrow <email@example.com> ECCR 1B13|
|Office Hours:||Wed 11am-12pm or by appointment|
The class will be a mix of hands-on assignments and papers, and students are expected to come to class prepared to discuss the latest tools or papers from assignments. Students will be selected to lead discussions on topics throughout the semester. In groups of 2 or 3, students will conduct an open-ended original research project in the area of Cryptocurrency, and submit a short writeup as a final project.
- 40% - Final project
- 20% - Programming assignments
- 20% - In-class topic presentation
- 15% - Paper reviews
- 5% - Participation
For each paper we read, please submit a short (~150-300 word) summary that describes the paper, and a few discussion questions for the paper; for example, insights, questions, future directions, etc. Please send these to firstname.lastname@example.org with the subject "5033 reading" before class, and include your review as inline text in the email. It's ok to include multiple reviews in the same email, just make the separation clear.
Working in groups of 2 or 3, pick a topic (or propose a new one!) and present it to the class. Presentations should be 15-20 minutes, and should end prompting discussion questions to the class. Send an email to me (email@example.com) with your top 2 choices and who your partner(s) will be by class on January 31.
- Ethereum Lotteries Find a popular Ethereum Lottery, and investiage its smart contract. Disucss how it works: how do users play, how is the winner picked, what fraction of payment goes to the authors, and how could it be attacked?
- ICO Pick a popular Initial Coin Offering (ICO), and study it. How is the token distributed (ERC20, Omni, air drop, etc)? How much money did it raise, and how will it be used? Is there accountability/transparency in the responsbile organization? Does the rate of token sales over time imply automated bots participated in the sale/creation?
- Proof of work Choose a "non-standard" (e.g. not SHA256 or scrypt) proof of work (e.g. Equihash, Primecoin, SpaceMint, Proof-of-Stake, or another!), and describe how it works. Can it be mined with existing hardware? Is it conducive to mining pools or other centralization incentives? If it is currently mined, who are the participants (e.g. are there big obvious miners/pools?).
- Stablecoins Pick a stable coin (e.g. Maker Dai, Tether, NuBits, others) and discuss how it attempts to provide stability. For token-based stablecoins (like Tether), discuss the organization(s) responsible for issuing the token, and study when tokens were created or destroyed over the life of the token, as well as its historical trading history (volume, price, exchanges involved, etc). For decentralized (smart contract)-based stablecoins, how does it work? Is it actually decentralized, or does the publisher still maintain a backdoor? Are there parties (e.g. Price Oracles) that have special power, and how is abuse prevented/disincentivized?
- Cryptocurrency Marketplaces Pick a popular still operating Darknet market (e.g. Dream), and create an account (caution: do not buy any illicit substances!!!). How does the market operate (e.g. are sales escrowed, how is reputation awarded, etc)? What can you learn just by using the site? How might law enforcement discover the website owners, sellers, or buyers? Also describe a previously-operating darknet market (Silk Road, Agora, AlphaBay, etc), and what lead authorities to its discovery and subsequent shutdown.
- Exchanges Pick a popular exchange (besides Coinbase) and sign up for an account. How much volume does the exchange process daily? Describe what KYC is and how the exchange complies with it (or doesn't). Does the exchange offer information on order books, APIs for automated trading, etc? Compare volumes/prices with other popular exchanges. Is there evidence of wash trading or front running?
- Transaction Analysis Explain how transactions can be traced across pseudonymous public keys. Pick a high-profile address (e.g. exchange address, stolen coins, etc) and trace where the coins were sent. What can you infer about the transactions or keys involved? Can you identify other keys controlled by the same entity?
- Entropy analysis Explain what a nonce reuse attack is, and how it applies to cryptocurrencies. Perform a similar analysis on a popular non-Bitcoin blockchain that uses ECDSA (e.g. ETH, Litecoin, Monero, etc). Are there vulnerable coins that could be stolen, either currently or historically? Bonus: set up a small amount in vulnerable transactions, and see if it is stolen.
- Mining attacks Describe Selfish Mining attacks, and how it could be used to help miners. Pick a specific blockchain, and analyze its orphan rate to see if there is evidence of selfish mining. If not, are there other attacks present (e.g. AsicBoost)?
- Mining pools Pick a popular mining pool, and create an account (optionally attempt to submit shares!). Describe how Pool hopping attacks work, and how this pool combats them. What payout scheme does it use, and is it still vulnerable?
- Hardware wallet Pick a hardware wallet and describe how it works. What attacks does it attempt to prevent, and how does it do it? What attacks still work on it? What does the user have to trust in order to keep their coins safe?
Each group will give a 10-15 minute presentation in class, describing what problem they are solving, how they solved it, and anything they plan to do by the due date of the final project. There will be a couple minutes for Q&A for each group. Final papers will be due Monday, May 6, 11:59PM MDT. Please submit papers in USENIX format as a single PDF, 5-8 pages in length, including references.
|Tue, Jan 15||Introduction||[slides]|
|Thu, Jan 17||Crypto means Cryptography
Hashes, entropy, encryption
|Tue, Jan 22||Asymmetric cryptography
public/private keys, RSA
|Thu, Jan 24||Signatures, ECDSA||Project 1: Crypto released
|Tue, Jan 29||Bitcoin
Proof of work
|Reading: Bitcoin: A Peer-to-Peer Electronic Cash System - Satoshi Nakamoto
|Thu, Jan 31||Transactions, Mining pools, Forks||Send in-class presentation choices|
|Tue, Feb 5||Ethereum
|Reading: Ethereum White Paper|
|Thu, Feb 7||Programming smart contracts||Project 1: Crypto due
Project 2: Smart contracts released
|Tue, Feb 12||Smart contracts continued|
|Thu, Feb 14||Smart contract vulnerabilities||Analaysis of the DAO Exploit|
|Tue, Feb 19||Smart contracts|
|Thu, Feb 21||Efficient transactions||Lightning Network Presentation|
|Tue, Feb 26||No class||Project 2: Smart contracts due|
|Thu, Feb 28||No class||Project proposals due by email
|Tue, Mar 5||Proof of work: Selfish Mining||Reading: Majority is not Enough: Bitcoin Mining is Vulnerable - Ittay Eyal and Emin Gün Sirer
Proof of Work presentation
Mining attacks presentation
|Thu, Mar 7||Project Proposals||~5 minutes per group|
|Tue, Mar 12||Markets||Exchanges presentation
|Thu, Mar 14||Darknet markets||Cryptocurrency Marketplaces presentation Mining Pools presentation|
|Tue, Mar 19||Networks
|Thu, Mar 21||Eclipse attacks||Reading: Eclipse Attacks on Bitcoin’s Peer-to-Peer Network - Ethan Heilman, Alison Kendler, Aviv Zohar, and Sharon Goldberg|
|Tue, Mar 26||No class||Spring Break|
|Thu, Mar 28||No class||Spring Break|
|Tue, Apr 2||Privacy
Ring Signatures, Monero
|Transaction Analysis presentation|
|Thu, Apr 4||Zero-knowledge proofs, ZCash||Reading: Zerocash: Decentralized Anonymous Payments from Bitcoin - Eli Ben-Sasson, Alessandro Chiesa, Christina Garman, Matthew Green, Ian Miers, Eran Tromer, and Madars Virza|
|Tue, Apr 9||Tokens
|Thu, Apr 11||Ethereum Lotteries||Project checkpoint due by email - 6pm
Ethereum Lotteries presentation
|Tue, Apr 16||Hardware security
Hardware wallets, side channels
|Reading: Lest we Remember: Cold Boot Attacks on Encryption Keys - J. Alex Halderman, Seth D. Schoen, Nadia Heninger, William Clarkson, William Paul, Joseph A. Calandrino, Ariel J. Feldman, Jacob Appelbaum, and Edward W. Felten
Hardware wallet presentation
|Thu, Apr 18||Randomness in practice||Entropy analysis presentation|
|Tue, Apr 23||Transaction Malleability||Reading: Bitcoin Transaction Malleability and MtGox - Christian Decker and Roger Wattenhofer|
|Thu, Apr 25||No class||Work on final projects!|
|Tue, Apr 30||No class||Work on final projects!|
|Thu, May 2||Final presentations||Each group ~10 minutes|
|Sun, May 5||Final presentations||Each group ~10 minutes|
|Mon, May 6||Final project report due||Final report due by email - 11:59pm|
Final Project written proposals
Each group will send an email containing the name(s) of the group members, the title of a proposed topic final project, and a ~300 word abstract describing the problem and solution of the proposed research. Be sure to describe why the problem is important, and what you specifically plan to do. For example, what tool will you build, and how does it help? How will it work? If you're going to do analysis/measurement, what data will you collect, and how will you get it? For smart contracts, how do people currently solve the problem you are trying to solve, and why is it important to do it in a smart contract?
Final Project in-class proposal
Each group will present a short overview (~5 minutes) of their proposed project. This should include what you described in the written abstract, in some more detail, and also touch on related work (keep in mind this may include papers we don't read in class).
Final project written checkpoint
A few weeks after the proposal, each group will send a brief email update on the progress of their project. Of the proposed work, what has been done so far, and what remains to be done? Have you run into any snags or problems, or had to change direction? It's ok to realize an initial approach isn't going to work (this is research!), but have a plan or effort toward what you will do to change directions or fix the problem.
Final project presentations
In the last week of class, each group will be given 10 minutes to present the results of their final project. This should include the motivation (what they problem is, why it's important), previous related work (and why it was insufficient), your solution, and results. We'll have 2-3 minutes for Q & A from the class for each group.
Final project papers
Each group will submit a 5-8 page paper (in USENIX format), due Mon, May 6 at 11:59pm This should look similar to some of the papers we read: in the Introdction, set up the problem and briefly describe your solution. Describe your system or study, and evaluate it or the results in depth. Describe related work, and also potential future work that might build off your work.