We devise and improve fundamental cryptographic techniques underpinning secure decentralized systems.

Oracles (zkTLS).

Oracles originate as systems to supply verifiable data to smart contracts, but their applications extend to digital identity, social media, and AI. Our papers Town Crier and DECO were among the first to formalize oracle security and realize it via verifiable provenance of TLS-encrypted data, turning HTTPS websites into sources of verifiable claims. These works initiated a new line of research and many real-world implementations.

Slides: Overview of zkTLS

TEEs.

Trusted Execution Environments (TEEs) are CPU-enforced mechanisms that enable remote program execution with confidentiality and integrity guarantees. Beyond fast performance, TEE has unique security advantages over alternatives (e.g. MPC), most notably resilience to bribery and collusion. We leverage TEEs to enhance decentralized systems, for confidentiality (Ekiden), frontrunning prevention (Tesseract), energy efficiency (REM), and client-side security (Paralysis Proofs, CrudiTEE).

The main security limitation of TEE is side channels. We devise new trust models of TEEs so systems can rely on TEEs while enjoying graceful degradation. Our exploration includes tolerating full leakage (Sealed Glass Proof), detecting leakage (ZipNet), or incentivizing reporting of leakage (CrudiTEE).

Anonymity

Decentralized systems run in open networks, allowing an adversary to observe network messages and deanonymize users and system participants. We develop anonymity protocols optimized for decentralized systems.

ZipNet is a new Dining Cryptographer (DC) net protocol features low server cost, efficient scheduling, and simple disruption. Qelect is the first practical FHE-based secret single-leader election (SSLE) protocol, a primitive that hides the leader identity in consensus protocols.

Distributed ZKPs

Recent engineering and research breakthroughs have significantly improved the practicality of zero-knowledge proofs (ZKPs). We explore novel applications and fundamental improvements in new settings, building on, e.g., our recent works on parallel ZKP generation (e.g., zkBridge, Cirrus).

Traditional security analysis models participants as either honest or malicious, but participants in decentralized systems are economically motivated. Leveraging incentives properly can achieve unprecedented guarantees, but abusing incentives can lead to effective attacks.

Bribery attacks.

Powerful attack vector where an attacker spends money bribing parties to take specific actions for even bigger profit.

• He-HTLC presents a model where rational participants can actively seek economic incentives by, for example, altering the software they run, and demonstrates that prior HTLC designs are vulnerable in this model, and proposed a secure design called He-HTLC.
• Our CCS'24 paper showed that threshold-encryption-based MEV mitigation protocols are vulnerable to an attack where participants are bribed to reveal the encryption key in a way that avoids accountability. We also present a novel solution.

Leverage incentive for defense.

• CrudiTEE explores a new approach to TEE side-channel mitigation through economic incentives, specifically for TEE-based cryptocurrency wallets. By taking into account the cost and profit of side-channel attacks, CrudiTEE can disincentivize attackers from exfiltrating signing keys in the first place.

How to price computation in decentralized systems?

• Our CCS'21 paper examined the real-world consequences of the then new transaction fee mechanism (TFM).
• Prooφ proposes a mechanism for zero-knowledge proof markets, featuring co-designed security mechanisms to complement mechanism design techniques.

DeFi and MEV.

DeFi has some unique advantages over traditional finance, but it gives rise to Miner Extractable Value (MEV), impacting security and decentralization. We work on understanding and mitigating negative consequences of MEV.

• “Decentralization of Ethereum’s Builder Market” analyzes Ethereum’s hyper-centralized builder market. It reveals dynamics leading to builder centralization and quantifies the consequences through proposer loss. (Presented at SBC'24, CBER CtCC, EC'24 Workshop, S&P'25. Reported by Wisdom of DeFi by EigenPhi.)
• RediSwap is an AMM that captures MEV and refund it fairly among users and liquidity providers.

Identity.

Improving digital identity with principles and tools from decentralized systems.

• Anonymous Self-Credentials (ASC): bootstrapping anonymous credential from Sybil-proof blockchain identities.
• MISO: making SSO anonymous without changing SSO. The key idea is to mix SSO sessions.
• CanDID: a platform for practical, user-friendly realization of decentralized identity, the idea of empowering end users with management of their own credentials.