Security and Privacy of Blockchain Protocols and Applications

Bitcoin is the first digital currency without a trusted third party. This revolutionary protocol allows mutually distrusting participants to agree on a single common history of transactions. Bitcoin nodes pack transactions into blocks and link those in a chain (the blockchain). Hash-based proof-of-work ensures that the blockchain is computationally infeasible to modify.

Bitcoin has spawned a new area of research at the intersection of computer science and economics. Multiple alternative cryptocurrencies and blockchain projects aim to address Bitcoin's limitations. This thesis explores the security and privacy of blockchain systems.

In Part I, we study the privacy of Bitcoin and the major privacy-focused cryptocurrencies. In Chapter 2, we explore the peer-to-peer (P2P) protocols underpinning cryptocurrencies. In Chapter 3, we show how a network adversary can link transactions issued by the same node. We test the efficiency of this novel attack in real networks, successfully linking our own transactions. Chapter 4 studies the privacy characteristics of mobile cryptocurrency wallets. We discover that most wallets do not follow the best practices aimed at protecting users' privacy.

Part II is dedicated to the Lightning Network (LN). Bitcoin's architecture emphasizes security but severely limits transaction throughput. The LN is a prominent Bitcoin-based protocol that aims to alleviate this issue. It performs low-latency transactions off-chain but leverages Bitcoin's security guarantees for dispute resolution. We introduce the LN and outline the history of off-chain protocols in Chapter 5. Then, in Chapter 6, we introduce a probing attack that allows an adversary to discover user balances in the LN. Chapter 7 estimates the likelihood of various privacy attacks on the LN. In Chapter 8, we describe a limitation on the number of concurrent LN payments and quantify its effects on transaction throughput.

Part III explores the security and privacy of Ethereum smart contracts. Bitcoin's language for defining spending conditions is intentionally restricted. Ethereum is a blockchain network allowing for more programmability. Ethereum users can write programs in a Turing-complete high-level language called Solidity. These programs, called smart contracts, are stored on-chain along with their state. Chapter 9 outlines the history of blockchain-based programming. Chapter 10 describes Findel — a Solidity-based declarative domain-specific language for financial contracts. In Chapter 11, we classify the vulnerabilities in real-world Ethereum contracts. We then present SmartCheck — a static analysis tool for bug detection in Solidity programs. Finally, Chapter 12 introduces an Ethereum-based cryptographic protocol for privacy-preserving regulation compliance.