Publications
Bibliometrics can be found in Google Scholar.
2026
- TL;DR by AI
Obfuscation hides vulnerabilities in smart contracts, as SKANF detects exploits in MEV bots causing major losses.
Highlights- Featured in Shape Rotator Hackathon.
Resources Perils of Parallelism: Transaction Fee Mechanisms under Execution Uncertainty
. In USENIX Security'26.TL;DR by AIParallel execution complicates fee design because users and schedulers can strategically exploit how the mechanism prices parallelism and execution uncertainty. This paper formalizes those tradeoffs and gives fee mechanisms that hit the best achievable boundary.
ResourcesGeographical Centralization Resilience in Ethereum's Block-Building Paradigms
. In ACM SIGMETRICS 2026.TL;DR by AIEthereum's block-building paradigms cause geographic centralization through latency incentives, as shown via agent-based simulations.
Highlights- Recipient of Flashbots Research Gift
Resources- TL;DR by AI
Cheap, high-throughput chains invite large volumes of speculative MEV traffic that mostly fails but still consumes blockspace and execution resources. This paper models that spam equilibrium and shows how capacity and fee design affect how much spam the chain attracts.
Resources Cirrus: Performant and Accountable Distributed SNARK
. In Network and Distributed System Security (2026).TL;DR by AICirrus is a distributed SNARK protocol achieving scalable, accountable proof generation with universal trusted setup.
Highlights- Recipient of Ethereum ZK Fellowship
ResourcesBoost+: Equitable, Incentive-Compatible Block Building
. In submission.TL;DR by AIMEV-Boost centralizes Ethereum block building because vertically integrated actors get better access and stronger incentives than everyone else. Boost+ redesigns the market so transaction collection and ordering are separated, giving more equal access while preserving incentive compatibility.
Publicity- Invited talk at DeCenter Seminar, Princeton, NJ. PPTX
ResourcesDinocchio: Distributed Prover for Ring Arithmetic
. In submission.TL;DR by AIDinocchio is a distributed SNARK for ring arithmetics. It distributes the prover while keeping proof size and verification time constant. It targets workloads from lattice cryptography and FHE that are inefficient to express over ordinary finite-field SNARKs.
Resources- TL;DR by AI
Multi-proposer BFT systems cannot maximize both censorship resistance and throughput at the same time. This paper formalizes that tradeoff and gives assignment protocols that let designers choose better points on the spectrum.
Highlights- Awarded Ethereum Academic Grant
Resources
2025
- TL;DR by AI
VAR lets a service prove how many users it served without revealing which users those were. The paper builds efficient receipt-based protocols for privacy-preserving audits that still prevent inflated engagement claims.
PublicityResources RediSwap: MEV Redistribution Mechanism for CFMMs
. In Proceedings of the Workshop on Decentralized Finance and Security (DeFi ‘25).TL;DR by AIRediSwap is a CFMM with an MEV-redistribution mechanism to mitigate exploitation and refund value to participants.
Resources@inproceedings{10.1145/3733815.3764044, author = {Zhang, Mengqian and Yang, Sen and Zhang, Fan}, title = {RediSwap: MEV Redistribution Mechanism for CFMMs}, year = {2025}, isbn = {9798400719042}, publisher = {Association for Computing Machinery}, address = {New York, NY, USA}, url = {https://doi.org/10.1145/3733815.3764044}, doi = {10.1145/3733815.3764044}, booktitle = {Proceedings of the 2025 Workshop on Decentralized Finance and Security}, pages = {27–36}, numpages = {10}, keywords = {Decentralized Finance, MEV Redistribution, Mechanism Design}, series = {DeFi '25} }AGORA: Open More and Trust Less in Binary Verification Service
. In ACM SIGPLAN Conference on Object-Oriented Programming, Systems, Languages, and Applications (OOPSLA 2025).TL;DR by AIAGORA enables open and trustworthy binary verification by delegating tasks and using TEEs with blockchain for auditability.
Resources@article{10.1145/3763099, author = {Chen, Hongbo and Zhou, Quan and Yang, Sen and Dang, Sixuan and Han, Xing and Zhang, Danfeng and Zhang, Fan and Wang, XiaoFeng}, title = {Agora: Trust Less and Open More in Verification for Confidential Computing}, year = {2025}, issue_date = {October 2025}, publisher = {Association for Computing Machinery}, address = {New York, NY, USA}, volume = {9}, number = {OOPSLA2}, url = {https://doi-org.yale.idm.oclc.org/10.1145/3763099}, doi = {10.1145/3763099}, journal = {Proc. ACM Program. Lang.}, month = oct, articleno = {321}, numpages = {28}, keywords = {Program verification, confidential computing, smart contract, static analysis, trusted computing base} }Qelect: Lattice-based Single Secret Leader Election Made Practical
. In USENIX Security 2025.TL;DR by AIQelect introduces a lattice-based, constant-round post-quantum SSLE protocol with practical optimizations for significant speed improvements.
Resources@inproceedings{DBLP:conf/uss/WangZ25, author = {Yunhao Wang and Fan Zhang}, editor = {Lujo Bauer and Giancarlo Pellegrino}, title = {Qelect: Lattice-based Single Secret Leader Election Made Practical}, booktitle = {34th {USENIX} Security Symposium, {USENIX} Security 2025, Seattle, WA, USA, August 13-15, 2025}, pages = {8461--8480}, publisher = {{USENIX} Association}, year = {2025}, url = {https://www.usenix.org/conference/usenixsecurity25/presentation/wang-yunhao}, timestamp = {Fri, 31 Oct 2025 16:17:35 +0100}, biburl = {https://dblp.org/rec/conf/uss/WangZ25.bib}, bibsource = {dblp computer science bibliography, https://dblp.org} }ZIPNet: Low-bandwidth anonymous broadcast from (dis)Trusted Execution Environments
. In Privacy Enhancing Technologies Symposium (PETS 2025).TL;DR by AIZIPNet enables scalable, low-bandwidth anonymous broadcast by minimizing server costs via untrusted message aggregation.
Highlights- Used in Flashnet built by Flashbots
Publicity- Invited talk at NoConsensus.wtf 2025 @ SBC, Berkeley, CA.
Resources@article{DBLP:journals/popets/RosenbergSZWMZ25, author = {Michael Rosenberg and Maurice Shih and Zhenyu Zhao and Rui Wang and Ian Miers and Fan Zhang}, title = {ZIPNet: Low-bandwidth anonymous broadcast from (dis)Trusted Execution Environments}, journal = {Proc. Priv. Enhancing Technol.}, volume = {2025}, number = {2}, pages = {211--225}, year = {2025}, url = {https://doi.org/10.56553/popets-2025-0058}, doi = {10.56553/POPETS-2025-0058}, timestamp = {Mon, 12 May 2025 17:34:54 +0200}, biburl = {https://dblp.org/rec/journals/popets/RosenbergSZWMZ25.bib}, bibsource = {dblp computer science bibliography, https://dblp.org} }Decentralization of Ethereum's Builder Market
. In IEEE S&P 2025.TL;DR by AIEmpirical analysis shows builder centralization in Ethereum harms decentralization and necessitates supply chain changes.
Highlights- Featured in Built to Centralize: How Ethereum’s Winner-Take-All Design Creates a Centralization Crisis and Kills Innovation by Wisdom of DeFi by EigenPhi on Nov 14, 2024.
Publicity- Guest lecture at Berkeley DeFi MOOC.
- Invited talk at CBER Crafting the Cryptoeconomy Conference. PPTX
- Invited talk at Decentralized Science (DeSci) Seminar, University of Sydney (Remote).
- Invited talk at Science of Blockchain Conference 2024 (SBC'24), New York, NY. Video
- Invited talk at IC3 Blockchain Camp, New York, NY.
- Invited talk at EC24 Workshop on Blockchains and Decentralized Finance.
Resources@inproceedings{yangDecentralizationEthereumsBuilder2025, title = {Decentralization of {{Ethereum}}'s {{Builder Market}}}, author = {Yang, Sen and Nayak, Kartik and Zhang, Fan}, date = {2025-05-01}, pages = {1512--1530}, publisher = {IEEE Computer Society}, doi = {10.1109/SP61157.2025.00157}, url = {https://www.computer.org/csdl/proceedings-article/sp/2025/223600b456/26hiUkhZyfK}, urldate = {2025-06-19}, eventtitle = {2025 {{IEEE Symposium}} on {{Security}} and {{Privacy}} ({{SP}})}, isbn = {979-8-3315-2236-0}, langid = {english} }Prooφ: A ZKP Market Mechanism
. In Financial Cryptography and Data Security (FC 2025).TL;DR by AIDesigning a transaction fee mechanism for prover markets in ZK-Rollups to ensure efficiency and resist collusion.
- Presented at ZK Summit 11 (Athens), Tokenomics'24 (Hong Kong), FC'25 (Japan), TLDR'25, IC3 Blockchain Camp'25
Resources- TL;DR by AI
Proposes Anonymous Self-Credentials for privacy-preserving and Sybil-resistant single sign-on without trusted providers.
Resources AUCIL: An Inclusion List Design for Rational Parties
. In submission.TL;DR by AIIntroduces a formal inclusion list design using auction-based mechanisms to enhance censorship resistance in blockchains with rational proposers.
ResourcesCRATE: Cross-Rollup Atomic Transaction Execution
. In submission.TL;DR by AICRATE enables secure, atomic cross-rollup transaction execution with formal guarantees and practical implementation.
Resources
2024
SoK: MEV Countermeasures
. In Proceedings of the Workshop on Decentralized Finance and Security (DeFi 2024).TL;DR by AIThis survey systematizes MEV countermeasures by presenting a taxonomy and analyzing their effectiveness against security problems.
Unpacking Long-Latency Transactions in Ethereum
. In Proceedings of the Workshop on Decentralized Finance and Security (DeFi 2024).TL;DR by AIMeasures resource impact and identifies causes of long-latency transactions in Ethereum using Geth analysis.
Resources(Book Chapter) Web3: Blockchain, the New Economy, and the Self-Sovereign Internet
. In Cambridge Press.TL;DR by AIThis book chapter educates on Web3 technologies, focusing on scalability and tokenomics.
- Order from Cambridge
CrudiTEE: A Stick-and-Carrot Approach to Building Trustworthy Cryptocurrency Wallets with TEEs
. In ACM Advances in Financial Technologies (AFT 2024).TL;DR by AICrudiTEE secures TEE-based wallets with economic incentives and MDP modeling against side-channel attacks.
Data Independent Order Policy Enforcement: Limitations and Solutions
. In ACM CCS 2024.TL;DR by AIProves impossibility of data-independent order policy enforcement under rationality and designs AnimaguSwap using rationally binding transactions for security.
ResourcesSprints: Intermittent Blockchain PoW Mining
. In USENIX Security 2024.TL;DR by AISprints is a blockchain protocol that uses intermittent PoW mining with PoD to reduce ecological impact while maintaining security.
2023
The Locality of Memory Checking
. In ACM CCS 2023.TL;DR by AIIntroduces locality in memory checking for blockchain storage, proves lower bounds, and designs efficient authenticated data structures.
Fed-CBS: A Heterogeneity-Aware Client Sampling Mechanism for Federated Learning via Class-Imbalance Reduction
. In Proceedings of the 40th International Conference on Machine Learning, PMLR 202:41354-41381, 2023.TL;DR by AIFed-CBS improves federated learning by selecting clients to reduce class-imbalance via a privacy-preserving measure.
MISO: Legacy-compatible Privacy-preserving Single Sign-on using Trusted Execution Environments
. In IEEE EuroS&P 2023.TL;DR by AIMISO uses TEEs to enable privacy-preserving, legacy-compatible SSO with multi-provider support.
ResourcesHe-HTLC: Revisiting Incentives in HTLC
. In Network and Distributed System Security (2023).TL;DR by AIHe-HTLC is a secure HTLC specification that resists incentive manipulation by considering actively rational miners.
Publicity- Invited talk at IC3 Blockchain Camp, Ithaca, NY.
- Invited talk at a16z, New York, NY.
Resources
2022
zkBridge: Trustless Cross-chain Bridges Made Practical
. In ACM CCS 2022.TL;DR by AIzkBridge provides an efficient trustless cross-chain bridge using succinct proofs for secure interoperability.
Highlights- zkBridge is implemented by Polyhedra Network.
Publicity- Invited talk at IC3 Blockchain Camp, New York, NY.
- Invited talk at 1st ACE Symposium on Privacy, Accountability, Verification, and Economics of Blockchain Systems, New Haven, CT.
Empirical Analysis of EIP-1559: Transaction Fees, Waiting Time, and Consensus Security
. In ACM CCS 2022.TL;DR by AIEIP-1559 improves user experience with easier fees and lower wait times, but has little effect on fees and security.
Highlights- Cited in State of the Network by Coin Metrics on Jan 19, 2022.
- Cited in Vitalik’s tweet on Jan 17, 2022.
2021
CanDID: Can-Do Decentralized Identity with Legacy Compatibility, Sybil-Resistance, and Accountability
. In IEEE S&P 2021.TL;DR by AICanDID is a decentralized identity platform offering legacy compatibility, Sybil-resistance, and privacy-preserving accountability.
Publicity- Invited talk at The West Lake Forum on Network Security, Online.
- Invited talk at Annual Convention of Chinese Institute of Engineers - Greater New York Chapter.
- Invited talk at Empire Hacking (organized by Trail of Bits).
Resources
2020
Design Choices for Central Bank Digital Currency: Policy and Technical Considerations
(Authors are ordered alphabetically). In NBER Working Paper No. 27634.TL;DR by AISurveys technical challenges and solutions for CBDCs, with a vision for future capabilities.
ResourcesDECO: Liberating Web Data Using Decentralized Oracles for TLS
. In ACM CCS 2020.TL;DR by AIDECO enables verifiable proof of web data provenance via TLS using decentralized oracles and zero-knowledge proofs.
Highlights- Licensed to Chainlink.
- Featured in Chainlink’s New Acquisition From Cornell University Could Transform Blockchain For Good by Forbes on Aug 29, 2020.
- Featured in Chainlink Acquires Blockchain Oracle Solution From Cornell University by CoinDesk on Aug 29, 2020.
- Featured in Chainlink acquires a privacy-preserving oracle protocol from Cornell University by CoinTelegraph on Aug 29, 2020.
- Featured in Chainlink Acquires DECO from Cornell University by PR Newswire on Aug 29, 2020.
- Featured in Chainlink acquires DECO protocol from Cornell University by FXStreet on Sep 1, 2020.
Publicity- Invited talk at W3C Credential Community Group (CCG).
- Invited talk at Stanford Blockchain Conference (SBC'20), Stanford University.
- Invited talk at Real World Crypto (RWC'20), New York City.
Order-Fairness for Byzantine Consensus
. In The Annual International Cryptology Conference (CRYPTO 2020).TL;DR by AIIntroduces transaction order-fairness as a new consensus property and proposes Aequitas protocols to achieve it in Byzantine systems.
ResourcesThe Ekiden Platform for Confidentiality-Preserving, Trustworthy, and Performant Smart Contracts
. In IEEE Security & Privacy Magazine (Volume: 18, Issue: 3, May-June 2020).TL;DR by AIEkiden integrates blockchain and TEEs for confidential and efficient smart contracts.
Resources
2019
CHURP: Dynamic-Committee Proactive Secret Sharing
(*indicates equal contribution). In ACM CCS 2019.TL;DR by AICHURP enables proactive secret sharing for dynamic committees in blockchains with low communication complexity.
Highlights- Featured in a MIT Tech Review China report by MIT Tech Review China on May 27, 2019.
Publicity- Invited talk at ACM CCS'19, London, UK.
- Invited talk at IC3 Bootcamp, Ithaca, NY.
Tesseract: Real-Time Cryptocurrency Exchange using Trusted Hardware
. In ACM CCS 2019.TL;DR by AITesseract uses Intel SGX and consensus to enable secure, real-time cross-chain cryptocurrency exchanges and asset tokenization.
Paralysis Proofs: Secure Dynamic Access Structures for Cryptocurrency Custody and More
. In ACM Advances in Financial Technologies (AFT 2019).TL;DR by AIProposes Paralysis Proofs to enable dynamic updates in access structures for digital assets, balancing security and availability.
Highlights- Featured in Cornell IC3 Researchers Propose Solution to Bitcoin’s Multisig “Paralysis” Problem by BitcoinMagazine on Jan 19, 2018.
Ekiden: A Platform for Confidentiality-Preserving, Trustworthy, and Performant Smart Contracts
. In IEEE EuroS&P 2019.TL;DR by AIEkiden combines blockchains with TEEs to provide confidentiality and high performance for smart contracts through a novel separated consensus-execution architecture.
Highlights- Implemented by Oasis Labs.
- Featured in Big Hitter Crypto Funds Pile Into Privacy-Enhanced Smart Contract Startup Oasis Labs by Forbes on Jul 9, 2018.
Resources@inproceedings{chengEkiden2019, title = {Ekiden: {{A Platform}} for {{Confidentiality-Preserving}}, {{Trustworthy}}, and {{Performant Smart Contracts}}}, shorttitle = {Ekiden}, booktitle = {2019 {{IEEE European Symposium}} on {{Security}} and {{Privacy}} ({{EuroS}}\&{{P}})}, author = {Cheng, Raymond and Zhang, Fan and Kos, Jernej and He, Warren and Hynes, Nicholas and Johnson, Noah and Juels, Ari and Miller, Andrew and Song, Dawn}, date = {2019-06}, pages = {185--200}, doi = {10.1109/EuroSP.2019.00023}, eventtitle = {2019 {{IEEE European Symposium}} on {{Security}} and {{Privacy}} ({{EuroS}}\&{{P}})}, keywords = {blockchain,Blockchain,confidentiality preserving smart contracts,Cryptography,Hardware,smart contracts,Smart contracts,trusted hardware}, }
2017
Solidus: Confidential Distributed Ledger Transactions via PVORM
. In ACM CCS 2017.TL;DR by AISolidus enables confidential and verifiable transactions on public blockchains via PVORM, hiding values and identities.
REM: Resource-Efficient Mining for Blockchains
. In USENIX Security Symposium (Security 2017).TL;DR by AIREM leverages Intel SGX to implement Proof-of-Useful-Work, reducing computational waste in blockchain mining.
Highlights- Featured in The Ridiculous Amount of Energy It Takes to Run Bitcoin by IEEE Spectrum on Sep 28, 2017.
Publicity- Invited talk at USENIX Security'17, Vancouver, BC, Canada.
ResourcesSealed-Glass Proofs: Using Transparent Enclaves to Prove and Sell Knowledge
. In IEEE EuroS&P 2017.TL;DR by AISealed-Glass Proofs enable secure verifiable computing in transparent enclaves despite side-channels, applied to bug bounty platforms.
Resources
2016
Town Crier: An Authenticated Data Feed for Smart Contracts
. In ACM CCS 2016.TL;DR by AITown Crier provides authenticated web data to smart contracts using trusted hardware and formal security guarantees.
Highlights- Licensed to ChainLink.
- Featured in Blockchain smart contracts are finally good for something in the real world by MIT Tech Review on Nov 19, 2018.
- Featured in Cornell’s Town Crier Acquired By Chainlink To Expand Decentralized Oracle Network by Forbes on Nov 1, 2018.
- Featured in Chainlink Blockchain Company Acquires Cornell’s Town Crier to Bolster Native Smart Contract Network by BitcoinExchangeGuide on Nov 2, 2018.
- Featured in Chainlink Acquires Town Crier, a Hardware-Based Oracle by Unhashed on Nov 3, 2018.
- Featured in Trust Your Oracle? Cornell Launches Tool for Confidential Blockchain Queries by CoinDesk on May 17, 2017.
- Featured in How Encrypted Weather Data Could Help Corporate Blockchain Dreams Come True by MIT Technology Review on May 11, 2017.
- Featured in Town Crier Service Delivers Solid Data To Coders by ETHNews on May 11, 2017.
Publicity- Invited talk at Silicon Valley Ethereum Meetup, Santa Clara, CA.
- Invited talk at IC3 Retreat, San Francisco, CA.
- Invited talk at CCS'16, Vienna, Austria.
- Invited talk at IC3 Retreat, New York City.
Stealing Machine Learning Models via Prediction APIs
. In USENIX Security Symposium (Security 2016).TL;DR by AIThe paper demonstrates efficient attacks to extract ML models from prediction APIs, revealing security risks in ML-as-a-service deployments.
Resources
2015
PlateClick: Bootstrapping Food Preferences Through an Adaptive Visual Interface
. In ACM Conference on Information and Knowledge Management (CIKM 2015).TL;DR by AIPlateClick bootstraps food preferences via a visual interface with CNN-based similarity learning and online preference propagation, validated in a field study.
Resources