We devise and improve fundamental cryptographic techniques underpinning secure decentralized systems.

Oracles (zkTLS).

Oracles originate as systems to supply verifiable data to smart contracts, but applications go far beyond. Our papers Town Crier and DECO were among the first to formalize oracle security and realize it via verifiable provenance of TLS-encrypted data, turning HTTPS websites into sources of verifiable claims. These works initiated a rich exploration of the cryptographic techniques, as well as many real-world implementations.

TEEs.

Trusted Execution Environments (TEEs) are CPU-enforced mechanisms that enable remote program execution with confidentiality and integrity guarantees. We apply TEEs to enhance decentralized systems, for confidentiality (Ekiden), frontrunning prevention (Tesseract), energy efficiency (REM), and client-side security (Paralysis Proofs, CrudiTEE).

We devise new trust models of TEEs so systems can rely on TEEs while enjoying graceful degradation. Our exploration includes tolerating full leakage (Sealed Glass Proof), detecting leakage (ZipNet), or incentivizing reporting of leakage (CrudiTEE).

FHE and ZKPs.

Decentralized systems must withstand powerful attacks, often requiring heavyweight cryptographic machinery such as fully homomorphic encryption (FHE) and zero-knowledge proofs (ZKPs). Our recent work has contributed to efficiency improvements in the application of these primitives to decentralized systems, exploiting protocol-level optimization (Qelect), parallelism (zkBridge, Cirrus), and outsourcing (Prooφ).

Traditional security analysis models participants as either honest or malicious, but participants in decentralized systems are economically motivated. Leveraging incentives properly can achieve unprecedented guarantees, but abusing incentives can lead to effective attacks.

Bribery attacks.

Powerful attack vector where an attacker spends money bribing parties to take specific actions for even bigger profit.

• He-HTLC presents a model where rational participants can actively seek economic incentives by, for example, altering the software they run, and demonstrates that prior HTLC designs are vulnerable in this model, and proposed a secure design called He-HTLC.
• Our CCS'24 paper showed that threshold-encryption-based MEV mitigation protocols are vulnerable to an attack where participants are bribed to reveal the encryption key in a way that avoids accountability. We also present a novel solution.

Leverage incentive for defense.

• CrudiTEE explores a new approach to TEE side-channel mitigation through economic incentives, specifically for TEE-based cryptocurrency wallets. By taking into account the cost and profit of side-channel attacks, CrudiTEE can disincentivize attackers from exfiltrating signing keys in the first place.

How to price computation in decentralized systems?

• Our CCS'21 paper examined the real-world consequences of the then new transaction fee mechanism (TFM).
• Prooφ proposes a mechanism for zero-knowledge proof markets, featuring co-designed security mechanisms to complement mechanism design techniques.

DeFi and MEV.

DeFi has some unique advantages over traditional finance, but it gives rise to Miner Extractable Value (MEV), impacting security and decentralization. We work on understanding and mitigating negative consequences of MEV.

• “Decentralization of Ethereum’s Builder Market” analyzes Ethereum’s hyper-centralized builder market. It reveals dynamics leading to builder centralization and quantifies the consequences through proposer loss. (Presented at SBC'24, CBER CtCC, EC'24 Workshop, S&P'25. Reported by Wisdom of DeFi by EigenPhi.)
• RediSwap is an AMM that captures MEV and refund it fairly among users and liquidity providers.

Identity.

Improving digital identity with principles and tools from decentralized systems.

• Anonymous Self-Credentials (ASC): bootstrapping anonymous credential from Sybil-proof blockchain identities.
• MISO: making SSO anonymous without changing SSO. The key idea is to mix SSO sessions.
• CanDID: a platform for practical, user-friendly realization of decentralized identity, the idea of empowering end users with management of their own credentials.