Blockchain Protocols

HoneyBadgerMPC: Confidentiality for Consortium Blockchains

Permissioned blockchains today do not provide strong privacy guarantees. Since all the nodes reach consensus about committed transactions, if even one node suffers a data breach, then privacy is lost. We are investigating how to combine threshold cryptography, homomorphic encryption, and to provide privacy.


Honey Badger BFT is the first *asynchronous* consensus protocol for the post-Bitcoin world. Unlike the other protocols you’ve heard of, like Raft, Paxos, and PBFT, our new protocol makes progress whenever messages are delivered, regardless of how long they are delayed. HoneyBadgerBFT just doesn’t care about the timeliness of the underlying network! HoneyBadgerBFT GitHub page The Honey Badger of BFT Protocols Andrew Miller and Yu Xia and Kyle Croman and Elaine Shi and Dawn Song. CCS 2016.

Sprites and State Channels: Payment Networks that go Faster Than Lighting

Sprites is a payment channel construct that improves upon the current best linearly increasing lock time for a payment routed on a path of channels.
It also includes a generalized state channel construction in the Universal Composability framework for protocols.
[Arxiv Preprint]    [Media Coverage on Coindesk] [Camready]

Pisa: Arbitration Outsourcing for State Channels

PISA builds off the Sprites construction an introduces an incentive protocol to allow users to hire third-parties to arbitrate a state channel dispute on their behalf if they crash. The protocol gives an incentive and penalty to enforce the correct operation of the hired third party up to a financial upper bound for the attacker.
[Arxiv Preprint] [Talk at Off the Chain Workshop]


Provable Security for Blockchains

SaUCy – Composable Cryptography Framework

We are developing a modular framework, dubbed SaUCy (short for Super Amazing Universal ComposabilitY), that will simplify the task of securely composing distributed protocols and cryptographic primitives. This idea is rooted in the theory of universal composability, which is widely used in cryptography for on-paper proofs, but has not yet been adapted to software engineering. To this end, we are applying formal methods to UC to simplify its use, bring new clarity, and provide useful tooling.

Cryptocurrency Projects


We analyzed transactions in the Monero network and proposed deanonymization heuristics for transactions. We investigated and proposed solutions to the security flaws in the anonymity of Monero transactions, which enhanced the security of all Cryptonote currencies and led to the adoption of the solutions still in use today. MoneroLink.

PETS 2018 Andrew Miller, Malte Moser, Kevin Lee, Arvind Narayanan.

I can’t believe it’s not Stake! Resource exhaustion attacks on PoS

We presented a new resource exhaustion attack affecting 26+ several chain-based proof-of-stake cryptocurrencies. These vulnerabilities would allow a network attacker with a very small(in some cases, none) amount of stake to crash any of the network nodes running the corresponding software. We conducted a coordinated disclosure in October 2018 to notify development teams of affected cryptocurrencies.

FC 2019 Sanket Kanjalkar, Joseph Kuo, Yunqi Li, Andrew Miller [paper][blog]