securing decentralized platforms

Members of the group

Prof. Dr. Ghassan Karame, Jannik Albrecht, Malcom Mohamed, Anna Piscitelli  

Duration: 06/2023 – 05/2026



Blockchains and decentralized applications thereof are evolving rapidly. The initial wave of interest in cryptocurrencies, initiated with Bitcoin, envisioned permissionless blockchains as an ideal solution to realize trustless payments over the Internet, allowing peers to exchange assets without the intermediation of financial institutions. Despite the initial fame, Bitcoin and follow-up permissionless systems have been found to suffer a number of shortcomings, limiting their adoption in real-world applications. A major obstacle to their widespread adoption is rooted in their probabilistic consistency and liveness guarantees, offering a rather weak notion of “eventual consensus”. Concretely, although blocks are generated at a regular pace, the blockchain nodes cannot be certain that these blocks are stable in the ledger—they can only become more confident that a given block will not be reverted as more blocks are added “on top” of it. Probabilistic finality of blocks directly reflects on the ledger in terms of transaction-confirmation time. This means that transactions cannot be confirmed with certainty, and after being included to the ledger, high-confidence confirmation is possible only once they are deep enough in the blockchain. As a result, the latency and throughput of permissionless systems are extremely limited compared to that of classical consensus protocols. In contrast, permissioned blockchains offer an attractive, faster alternative to permissionless solutions, particularly for industrial deployments. It is therefore no surprise that prominent financial institutions are exploring permissioned blockchains to improve their services and modernize their businesses. On the downside, permissioned consensus protocols scale rather poorly in the number of consensus nodes, which limits their deployment to small- and medium-scale scenarios. Moreover, compared to permissionless blockchains, permissioned blockchains face an “adoption” challenge as some retailers prefer to receive known cryptocurrencies, suchas BTC and ETH, as opposed to yet another locally created cryptocurrency. This project addresses the following challenges: 

  • How can we quantify the security of existing blockchain deployments?
  • How can we ensure the security of decentralized applications against front-running attacks?
  • How can we scale existing deployments without compromising security?