Research Interests I design, implement, and analyze privacy and transparency enhancing technologies.My research integrates applied cryptography and distributed systems.My prominent ongoing research projects are as follows: Cryptocurrencies and Blockchain Technology [NDSS '17 '15] [PETS '17 '16] [CCS '15] [ESORICS '14] We analyze and improve the privacy and security properties of cryptocurrencies (e.g., Bitcoin), IOU credit networks (e.g., Ripple), and commercial blockchain solutions (e.g., Hyperledger).We also develop innovative (payment/smart) contracts for interesting real-world applications.Cryptography for Anonymity [NDSS '17] [ESORICS '16] [ACNS '15 '14] [WPES '12] [TISSec '10] [FC '10] [PETS '07] We develop cryptographic primitives to enhance privacy, scalability, efficiency, and accountability of anonymous communication and anonymous storage protocols.Analyzing Anonymous Communication Networks (ACNs) [CCS '14] [CSF '13 '12] We have developed a framework (AnoA) for defining, analyzing, and quantifying anonymity properties for ACNs.

We assess and analyze the real-time anonymity of the Tor network and other ACNs by implementing a light-weight monitor MATor.Accountability and Transparency [TDSC '16] [COSN '15] We have designed a secure data transfer architecture facilitating transparency in malicious data lineage scenarios.bitcoin jupiterAgainst the sybil attacks in online reputation systems, we have developed an tampering detection approach (Stamper) that allows system operators to detect computations manipulated by a variety of attacker strategies without going after the individual Sybil nodes.best bitcoin ptc sitesLongitudinal Privacy and Right to Delete/Conceal/Forger [IC '17] [SOUPS' 16] We analyze users' deletion habits on the online platform and the associated Streisand effect.bitcoin wallet crash

We propose effective counter-measures to protect those deletions from the Cyberstalkers.Inactive Projects Privacy-Preserving Web Analytics [ACSAC '14] [Oakland '12] Using multi-party computation (MPC) and private-information retrieval (PIR) techniques, we have designed web analytics applications with strong privacy properties.bitcoin atm in franceMulti-party Cryptography [PODC '14 '12] [CT-RSA '13] [ASIACRYPT '11 '10] [SCN '10] [ICDCS '09] We have designed several protocols for verifiable secret sharing and distributed key generation in synchronous as well as asynchronous communication settings, which improve resilience and efficiency of these primitives.linux bitcoin virusWe have also proposed applications of those protocols for identity-based cryptography, MPC, and distributed hash tables (DHTs).bitcoin timeline value

P2P Privacy and Security [ToN '13] [ASIACCS '12] [ICDCS '10] Using threshold cryptography and oblivious transfer, we have designed scalable, robust, and private protocols for secure DHT lookups in peer-to-peer (P2P) systems.For more about my research (inclination)...Research associate, CS, Cornell University.Associate Director, Initiative For Cryptocurrencies & Contracts.Starting Fall '17: Senior Lecturer (Assistant Prof.), EE, Technion.My research focuses on the security and scalability of distributed systems, in particular blockchain protocols and trusted execution environments.I have previously worked on distributed storage algorithms and data aggregation in sensor networks.I completed my Ph.D.in 2013 in the Technion's Electrical Engineering Department under the supervision of Prof. Idit Keidar and Prof. Raphi Rom.I'm looking for Technion graduate students, initially (until September '17) collaborating remotely.Please email me for details.Publications in Google Scholar Blockchain protocols, implementing variants of Bitcoin's blockchain, have an inherent scalability limit.

This limit bounds the possibility to improve the user-perceived latency and maximum throughput.The consequence is that one must trade off bandwidth, latency, and security.We present metrics for evaluating blockchain protocols, and measurements from large scale experiments of the Bitcoin core client.The blockchain promises to become an infrastructure for anonymous online transactions, cheap remittance and smart contracts.To realize this promise in global scale, a blockchain should enable better latency and bandwidth.We present bitcoin-NG, a novel blockchain protocol that allows for bandwidth limited only by the individual nodes' processing power and latency determined by the network's property.Bitcoin-NG: A Next Generation Blockchain.[arXiv] [Bibtex] [Youtube] One of the most central threats on the Bitcoin system is centralization, where a small number of entities control the majority of mining power, and can therefore take control of the system.In Bitcoin and most similar cryptocurrencies, small miners tend to form mining pools.

On the one hand, this is positive, as pools enable the existance of small miners a The largest such entities are open mining pools, where miners join forces to mine together.[PDF] [Bibtex] Since its inception, Bitcoin's blockchain was considered secure against attackers commanding less than 50% of the mining power.Specifically, it was believed that a minority attacker cannot create more blockchain blocks than his fair share.We show that this is not the case.A minority miner can use a strategy we call selfish mining, where he generates blocks, keep them secret, and publishes them judiciously according to the system state.With this attack, a minority miner's presence in the blockchain can grow beyond its fair share.The implications of this phenomena are dangerous, since the revenue of an attacker grows superlinearly with its size.Miners are motivated to join such an attacker, and the attacker is motivated to join other miners, forming a pool with a size that tends towards a majority of the minining power.

If such a huge pool forms, the system becomes centralized, losing its basic premise.Majority is not Enough: Bitcoin Mining is Vulnerable.[PDF] [Bibtex] Large scale data stores refrain from supporting consistent transactional operations due to performance concerns.We propose an architecture that utilizes predictable (though inaccurate) object access to improve transaction performance.However, even with perfect backend transactional support, the users of large Internet applications typically access incoherent caches.We present T-Cache, a transaction-aware cache layer.We demonstrate with realistic workloads that T-Cache significantly improves consistency for cache-accessing users.Cache Serializability: Reducing Inconsistency in Edge Transactions.[PDF] [Bibtex] Fault-Tolerant Transaction Architectures.[PDF] [Bibtex] Ordering Transactions with Prediction in Distributed Object Stores.[PDF] [Bibtex] [SOSP'15 poster] Key-value stores (KVSs), maintained by external cloud providers are the choice object store of numerous Internet applications.

However, KVS cloud providers can and do temporarily fail, and the natural solution is to replicate the object store among multiple providers.However, standard replication techniques do not work in this scenario, due to the limited interface of KVSs.We introduce an algorithm for a KVS replicated among multiple providers, and demonstrate its efficiency with experiments and simulations.Robust Data Sharing with Key-Value Stores.[PDF] [Bibtex] Global Estimation with Local Communication.[PDF] [Bibtex] [PDF] Thinner Clouds with Preallocation.[PDF] [Bibtex] LiMoSense - Live Monitoring in Dynamic Sensor Networks.[PDF] [Springer] [Bibtex] [PDF] [Slides] Distributed Data Clustering in Sensor Networks.[PDF] [Springer] [Bibtex] Distributed Data Classification in Sensor Networks.[PDF] Distributed Clustering for Robust Aggregation in Large Networks.[PDF] Theme by Bootstrap, under MIT licenses is licensed under CC BY 3.0