My research focuses on the security and scalability of distributed systems, in particular blockchain protocols and trusted execution environments. I have previously worked on distributed storage algorithms and data aggregation in sensor networks. I completed my Ph.D. in 2013 in the Technion's Electrical Engineering Department under the supervision of Prof. Idit Keidar and Prof. Raphi Rom.
I'm looking for Technion graduate students, initially (until September '17) collaborating remotely. Please email me for details.
Blockchain protocols, implementing variants of Bitcoin's blockchain, have an inherent scalability limit. This limit bounds the possibility to improve the user-perceived latency and maximum throughput. The consequence is that one must trade off bandwidth, latency, and security. We present metrics for evaluating blockchain protocols, and measurements from large scale experiments of the Bitcoin core client.
The blockchain promises to become an infrastructure for anonymous online transactions, cheap remittance and smart contracts. To realize this promise in global scale, a blockchain should enable better latency and bandwidth. We present bitcoin-NG, a novel blockchain protocol that allows for bandwidth limited only by the individual nodes' processing power and latency determined by the network's property.
One of the most central threats on the Bitcoin system is centralization, where a small number of entities control the majority of mining power, and can therefore take control of the system. In Bitcoin and most similar cryptocurrencies, small miners tend to form mining pools. On the one hand, this is positive, as pools enable the existance of small miners a The largest such entities are open mining pools, where miners join forces to mine together.
Since its inception, Bitcoin's blockchain was considered secure against attackers commanding less than 50% of the mining power. Specifically, it was believed that a minority attacker cannot create more blockchain blocks than his fair share. We show that this is not the case. A minority miner can use a strategy we call selfish mining, where he generates blocks, keep them secret, and publishes them judiciously according to the system state. With this attack, a minority miner's presence in the blockchain can grow beyond its fair share.
The implications of this phenomena are dangerous, since the revenue of an attacker grows superlinearly with its size. Miners are motivated to join such an attacker, and the attacker is motivated to join other miners, forming a pool with a size that tends towards a majority of the minining power. If such a huge pool forms, the system becomes centralized, losing its basic premise.