Imperial College London

ProfessorWilliamKnottenbelt

Faculty of EngineeringDepartment of Computing

Professor of Applied Quantitative Analysis
 
 
 
//

Contact

 

+44 (0)20 7594 8331w.knottenbelt Website

 
 
//

Location

 

E363ACE ExtensionSouth Kensington Campus

//

Summary

 

Publications

Publication Type
Year
to

206 results found

Xiong X, Wang Z, Knottenbelt W, Huth Met al., 2023, Demystifying Just-in-Time (JIT) liquidity attacks on Uniswap V3, 2023 5th Conference on Blockchain Research & Applications for Innovative Networks and Services (BRAINS), Publisher: IEEE

Uniswap is currently the most liquid DecentralizedExchange (DEX) on Ethereum. In May 2021, it upgraded to the third protocol version named Uniswap V3. The key feature update is “concentrated liquidity”, which supports liquidity provision within custom price ranges. However, this design introduces a new type of Miner Extractable Value (MEV) source called Just-in-Time (JIT) liquidity attack, where the adversary mints and burns a liquidity position right before and after a sizable swap. We begin by formally defining the JIT liquidity attack and subsequently conduct empirical measurements on Ethereum. Over a span of 20 months, we identify 36,671 such attacks, which have collectively generated profits of 7,498 ETH. Our analysis suggests that the JIT liquidity attack essentially represents a whales’ game, predominantly controlled by a select few bots. The most active bot, identified as 0xa57...6CF, has managed to amass 92% of the total profit. Furthermore, we find that this attack strategy poses significant entry barriers, as it necessitates adversaries to provide liquidity that is, on average, 269 times greater than the swap volume. In addition, our findings reveal that the JIT liquidity attack exhibits relatively poor pr ofitability, with an average Return On Investment (ROI) of merely 0.007%. We alsofind this type of attack to be detrimental to existing Liquidity Providers (LPs) within the pool, as their shares of liquidity undergo an average dilution of 85%. On the contrary, this attack proves advantageous for liquidity takers, who secure execution prices that are, on average, 0.139% better than before. We further dissect the behaviors of the top MEV bots and evaluate theirstrategies through local simulation. Our observations reveal that the most active bot, 0xa57...6CF, conducted 27% of non-optimal attacks, thereby failing to capture at least 7,766 ETH (equivalent to 16.1M USD) of the potential attack profit.

Conference paper

Wang Z, Cirkovic M, Le D, Knottenbelt W, Cachin Cet al., 2023, Pay less for your privacy: towards cost-effective on-chain mixers, 5th ACM Conference on Advances in Financial Technologies (AFT 2023)

On-chain mixers, such as Tornado Cash (TC), have become a popular privacy solution for manynon-privacy-preserving blockchain users. These mixers enable users to deposit a fixed amount ofcoins and withdraw them to another address, while effectively reducing the linkability between theseaddresses and securely obscuring their transaction history. However, the high cost of interactingwith existing on-chain mixer smart contracts prohibits standard users from using the mixer, mainlydue to the use of computationally expensive cryptographic primitives. For instance, the deposit costof TC on Ethereum is approximately 1.1m gas (i.e., 66 USD in June 2023), which is 53× higher thanissuing a base transfer transaction.In this work, we introduce the Merkle Pyramid Builder approach, to incrementally build theMerkle tree in an on-chain mixer and update the tree per batch of deposits, which can thereforedecrease the overall cost of using the mixer. Our evaluation results highlight the effectiveness ofthis approach, showcasing a significant reduction of up to 7× in the amortized cost of depositingcompared to state-of-the-art on-chain mixers. Importantly, these improvements are achieved withoutcompromising users’ privacy. Furthermore, we propose the utilization of verifiable computations toshift the responsibility of Merkle tree updates from on-chain smart contracts to off-chain clients,which can further reduce deposit costs. Additionally, our analysis demonstrates that our designsensure fairness by distributing Merkle tree update costs among clients over time.

Conference paper

Srinivasan P, Subramanian R, Knottenbelt W, 2023, Thinking the GOAT: imitating tennis styles, MIT Sloan Sports Analytics Conference, Publisher: MIT Sloan Sports Analytics Conference

A tactically aware coach is key to improving tennis players’ games; a coach analyses past matches with two considerations in mind: 1) the style of the player and how that style translates to real-world shot-making, and 2) the intent of a shot, irrespective of the outcome. Modern Hawk-Eye technology deployed in top-tier tournaments has enabled deeper analysis of professional matches than ever before. The aim of this paper is to emulate and augment the qualities of great coaches using data collected by Hawk-Eye; we develop a deep learning approach to imitate tennis players’ responses, to learn individual player styles efficiently, and we demonstrate this using performance metrics and illustrations.

Conference paper

Matsui T, Knottenbelt WJ, 2023, Optimal Hedge Ratio Estimation for Bitcoin Futures using Kalman Filter

This paper examines the hedging effectiveness of Bitcoin futures by comparing one form of the constant model, the conventional OLS method, with the time-varying model in estimating the optimal hedge ratio. For the time-varying model, we employ a powerful technique, Kalman filter, a r ecursive a lgorithm w hich h as n umerous real-time, technological applications, but has not been employed in the context of Bitcoin optimal hedge ratio analysis. Through applying the spot and futures daily settlement prices from 18th December 2017 to 30th November 2022 to the two models, we confirm that t he B itcoin futures is an effective instrument for risk hedging. Additionally, we find the dynamic model based on the Kalman filter p erforms b etter - especially in 2019 and 2020 - than the conventional OLS method in terms of risk reduction, supporting previous findings in the context of other commodity futures. We also certify that the Kalman filter s uccessfully c aptures the trend of the optimal hedge ratio, thus enabling hedgers to decide when to change their hedging strategy. Furthermore, we verify the volatile evolution of the estimated time-varying Bitcoin optimal hedge ratio, suggesting the need to further search for a better hedging instrument which achieves a less volatile time path to avoid excessive trading costs.

Conference paper

Matsui T, Al-Ali A, Knottenbelt WJ, 2022, On the Dynamics of Solid, Liquid and Digital Gold Futures, 4th IEEE International Conference on Blockchain and Cryptocurrency (IEEE ICBC), Publisher: IEEE

Conference paper

Pan S, Finlay C, Besenbruch C, Knottenbelt Wet al., 2021, Three gaps for quantisation in learned image compression, New Trends in Image Restoration and Enhancement (NTIRE 2021) (CVPR Workshop), Publisher: IEEE

Learned lossy image compression has demonstrated impressive progress via end-to-end neural network training. However, this end-to-end training belies the fact that lossy compression is inherently not differentiable, due to the necessity of quantisation. To overcome this difficulty in training, researchers have used various approximations to the quantisation step. However, little work has studied the mechanism of quantisation approximation itself. We ad-dress this issue, identifying three gaps arising in the quantisation approximation problem. These gaps are visualised, and show the effect of applying different quantisation approximation methods. Following this analysis, we propose a Soft-STE quantisation approximation method, which closes these gaps and demonstrates better performance than other quantisation approaches on the Kodak dataset.

Conference paper

Koutsouri A, Petch M, Knottenbelt W, 2021, Performance of the CoinShares Gold and Cryptoassets Index under different market regimes, Cryptoeconomic Systems, Vol: 1

Regime-switching models are frequently used to explain the tendency of financial markets to change their behavior, often abruptly. Such changes usually translate to structural breaks in the average means and volatilities of financial indicators, and partition their time-series into distinct segments, each with unique statistical properties. In this paper, we address the problem of identifying the presence of such regimes in the constituents of diversified, cryptoasset-containing portfolios, ultimately to define high-risk market conditions and assess portfolio resilience. For each portfolio component, we first consider a Gaussian Hidden Markov Model (HMM) in order to extract intermediate trend-related states, conditional on the weekly returns distributions. We further apply a Markov-switching GARCH model to the demeaned daily returns to describe changes in the conditional variance dynamics and isolate volatility-related states. We combine the former approaches to generate a number of price paths for each constituent, simulate the portfolio allocation strategy and obtain a risk profile for each combination of the trend and volatility regimes. We apply the proposed method to the CoinShares Gold and Cryptoassets Index, a diversified, monthly-rebalanced index which includes two main risk-weighted components; a cryptoassets basket and physical gold. Results demonstrate an overall stable risk-reward profile when compared against the individual components and suggest a superior performance in terms of Omega ratio for investors that target wealth preservation and moderate annual returns. We detect underperformance regions in bear-low volatility market regimes, where diversification is hindered.

Journal article

Ilie D, Werner S, Stewart I, Knottenbelt Wet al., 2021, Unstable throughput: when the difficulty algorithm breaks, 2021 IEEE Conference on Blockchain and Cryptocurrency (ICBC 2021), Publisher: IEEE, Pages: 1-5

In Proof-of-Work blockchains, difficulty algorithms serve the crucial purpose of maintaining a stable transaction throughput by dynamically adjusting the block difficulty in response to the miners’ constantly changing computational power. Blockchains that may experience severe hash rate fluctuations need difficulty algorithms that quickly adapt the mining difficulty. However, without careful design, the system could be gamed by miners using coin-hopping strategies to manipulate the block difficulty for profit. Such miner behavior results in an unreliable system due to the unstable processing of transactions. We provide an empirical analysis of how Bitcoin Cash’s difficulty algorithm design leads to cyclicality in block solve times as a consequence of a positive feedback loop. In response, we mathematically derive a difficulty algorithm using a negative exponential filter which prohibits the formation of positive feedback and exhibits additional desirable properties, such as history agnosticism. We compare the described algorithm to that of Bitcoin Cash in a simulated mining environment and verify that the former would eliminate the severe oscillations in transaction throughput.

Conference paper

Koutsouri A, Petch M, Knottenbelt W, 2021, Diversification benefits of commodities for cryptoasset portfolios, 2021 International Conference on Blockchain and Cryptocurrency (ICBC 2021), Publisher: IEEE, Pages: 1-9

The aim for balance between risk and reward in investment portfolios often requires studying the diversification contribution of its constituents. This objective requires to specify whether investors can extend their exposure in certain asset classes and benefit their portfolios in a statistically significant way. In this paper, we address this issue of diversification in the context of cryptoasset portfolios and examine whether their risk-adjusted performance can be enhanced through seeking exposure into the commodities class. For an equally-weighted portfolio of five cryptoassets, we first consider the addition of physical gold, as conceptualised by the CoinShares Gold and Cryptoassets Index, a diversified, monthly-rebalanced index that seeks exposure to both asset classes. We further consider modifying the index composition by replacing physical gold with a basket of five commodities. Mean-variance spanning tests reveal that the addition of physical gold in the original cryptoasset portfolio translates to a significant shift in the efficient frontier, both in terms of the global minimum variance and the tangency portfolios. Additionally, expanding the exposure in the commodity side confirms a statistically significant improvement, with the diversification benefit arising from a shift in the tangency portfolio. We further generate a number of price paths for the original index, the modified index and their components, according to a Dynamic Conditional Correlation GARCH specification, to assess the efficiency of the index weighted risk contribution scheme. Results demonstrate a superior performance of the two indices when compared against their constituents in terms of Omega ratio. The modified index appears more appropriate for investors that seek higher annual returns, while the original composition would be more appropriate for individuals with mod

Conference paper

Knottenbelt W, Wolter K, 2021, Message from the Chairs, ACM SIGMETRICS Performance Evaluation Review, Vol: 48, Pages: 2-2, ISSN: 0163-5999

<jats:p>This volume presents the proceedings of the 2nd Symposium of Cryptocurrency Analysis (SOCCA 2020), originally scheduled to be held in Milan, Italy, on November 6, 2020. The COVID-19 pandemic has necessitated, in common with many other conferences, that SOCCA will be held entirely virtual.</jats:p>

Journal article

Werner SM, Perez D, Gudgeon L, Klages-Mundt A, Harz D, Knottenbelt WJet al., 2021, SoK: Decentralized Finance (DeFi)., Publisher: arXiv

Decentralized Finance (DeFi), a blockchain powered peer-to-peer financial system, is mushrooming. One year ago the total value locked in DeFi systems was approximately 600m USD, now, as of January 2021, it stands at around 25bn USD. The frenetic evolution of the ecosystem makes it challenging for newcomers to gain an understanding of its basic features. In this Systematization of Knowledge (SoK), we delineate the DeFi ecosystem along its principal axes. First, we provide an overview of the DeFi primitives. Second, we classify DeFi protocols according to the type of operation they provide. We then go on to consider in detail the technical and economic security of DeFi protocols, drawing particular attention to the issues that emerge specifically in the DeFi setting. Finally, we outline the open research challenges in the ecosystem.

Working paper

Chong QZ, Knottenbelt WJ, Bhatia KK, 2021, Evaluation of Active Learning Techniques on Medical Image Classification with Unbalanced Data Distributions, 1st Workshop on Deep Generative Models for Medical Image Computing and Computer Assisted Intervention (DGM4MICCAI) / 1st MICCAI Workshop on Data Augmentation, Labelling, and Imperfections (DALI), Publisher: SPRINGER INTERNATIONAL PUBLISHING AG, Pages: 235-242, ISSN: 0302-9743

Conference paper

Zamyatin A, Al-Bassam M, Zindros D, Kokoris-Kogias E, Moreno-Sanchez P, Kiayias A, Knottenbelt WJet al., 2021, SoK: Communication Across Distributed Ledgers, 25th International Conference on Financial Cryptography and Data Security (FC), Publisher: SPRINGER-VERLAG BERLIN, Pages: 3-36, ISSN: 0302-9743

Conference paper

Zamyatin A, Avarikioti Z, Perez D, Knottenbelt WJet al., 2020, TxChain: efficient cryptocurrency light clients via contingent transaction aggregation, DPM 2020, Publisher: Springer International Publishing, Pages: 269-286, ISSN: 0302-9743

Cryptocurrency light- or simplified payment verification (SPV) clients allow nodes with limited resources to efficiently verify execution of payments. Instead of downloading the entire blockchain, only block headers and selected transactions are stored. Still, the storage and bandwidth cost, linear in blockchain size, remain non-negligible, especially for smart contracts and mobile devices: as of April 2020, these amount to 50 MB in Bitcoin and 5 GB in Ethereum.Recently, two improved sublinear light clients were proposed: to validate the blockchain, NIPoPoWs and FlyClient only download a polylogarithmic number of block headers, sampled at random. The actual verification of payments, however, remains costly: for each verified transaction, the corresponding block must too be downloaded. This yields NIPoPoWs and FlyClient only effective under low transaction volumes.We present TxChain, a novel mechanism to maintain efficiency of light clients even under high transaction volumes. Specifically, we introduce the concept of contingent transaction aggregation, where proving inclusion of a single contingent transaction implicitly proves that n other transactions exist in the blockchain. To verify n payments, TxChain requires a only single transaction in the best (n≤c), and [missing equation] transactions in the worst case (n>c), where c is a blockchain constant. We deploy TxChain on Bitcoin without consensus changes and implement a hard fork for Ethereum. To demonstrate effectiveness in the cross-chain setting, we implement TxChain as a smart contract on Ethereum to efficiently verify Bitcoin payments.

Conference paper

Gudgeon L, Werner S, Perez Hernandez D, Knottenbelt Wet al., 2020, DeFi protocols for loanable funds: interest rates, liquidity and market efficiency, 2nd ACM Conference on Advances in Financial Technologies (AFT 2020), Publisher: ACM, Pages: 92-112

We coin the term Protocols for Loanable Funds (PLFs)to refer to pro-tocols which establish distributed ledger-based markets for loanable funds. PLFs are emerging as one of the main applications within De-centralized Finance (DeFi), and use smart contract code to facilitate the intermediation of loanable funds. In doing so, these protocols allow agents to borrow and save programmatically. Within these protocols, interest rate mechanisms seek to equilibrate the supply and demand for funds. In this paper, we review the methodologies used to set interest rates on three prominent DeFi PLFs, namely Compound, Aave and dYdX. We provide an empirical examination of how these interest rate rules have behaved since their inception in response to differing degrees of liquidity. We then investigate the market efficiency and inter-connectedness between multiple protocols, examining first whether Uncovered Interest Parity holds within a particular protocol and second whether the interest rates for a particular token market show dependence across protocols,developing a Vector Error Correction Model for the dynamics.

Conference paper

Koutsouri A, Knottenbelt WJ, 2020, Stress Testing Diversified Portfolios: The Case of the CoinShares Gold and Cryptoassets Index, 2nd International Conference on Mathematical Research for Blockchain Economy, Publisher: Springer Verlag

Stress testing involves the use of simulation to assess the resilience of investment portfolios to changes in market regimes and extreme events. The quality of stress testing is a function of the realism of the market models employed, as well as the strategy used to determine the set of simulated scenarios. In this paper, we consider both of these parameters in the context of diversified portfolios, with a focus on the emerging class of cryptoasset-containing portfolios. Our analysis begins with univariate modelling of individual risk factors using ARMA and GJR--GARCH processes. Extreme Value Theory is applied to the tails of the standardised residuals distributions in order to account for extreme outcomes accurately. Next, we consider a family of copulas to represent the dependence structure of the individual risk factors. Finally, we combine the former approaches to generate a number of plausibility-constrained scenarios of interest, and simulate them to obtain a risk profile. We apply our methodology to the CoinShares Gold and Cryptoassets Index, a monthly-rebalanced index which comprises two baskets of risk-weighted assets: one containing gold and one containing cryptoassets. We demonstrate a superior risk-return profile as compared to investments in a traditional market-cap-weighted cryptoasset index.

Conference paper

Ilie DI, Karantias K, Knottenbelt WJ, 2020, Bitcoin crypto–bounties for quantum capable adversaries, MARBLE 2020, Publisher: Springer International Publishing, Pages: 9-25, ISSN: 2198-7246

With the advances in quantum computing taking place over the last few years, researchers have started considering the implications on cryptocurrencies. As most digital signature schemes would be impacted, it is somewhat reassuring that transition schemes to quantum resistant signatures are already being considered for Bitcoin. In this work, we stress the danger of public key reuse, as it prevents users from recovering their funds in the presence of a quantum enabled adversary despite any transition scheme the developers decide to implement. We emphasize this threat by quantifying the damage a functional quantum computer could inflict on Bitcoin (and Bitcoin Cash) by breaking exposed public keys.

Conference paper

Koutsouri A, Poli F, Alfieri E, Petch M, Distaso W, Knottenbelt Wet al., 2020, Balancing Cryptoassets and Gold: A Weighted-Risk-Contribution Index for the Alternative Asset Space, 1st International Conference on Mathematical Research for Blockchain Economy, Publisher: Springer Verlag, Pages: 217-232, ISSN: 0302-9743

Bitcoin is foremost amongst the emerging asset class knownas cryptoassets. Two noteworthy characteristics of the returns of non-stablecoin cryptoassets are their high volatility, which brings with it ahigh level of risk, and their high intraclass correlation, which limits thebenefits that can be had by diversifying across multiple cryptoassets. Yetcryptoassets exhibit no correlation with gold, a highly-liquid yet scarceasset which has proved to function as a safe haven during crises affectingtraditional financial systems. As exemplified by Shannon’s Demon, a lackof correlation between assets opens the door to principled risk controlthrough so-called volatility harvesting involving periodic rebalancing.In this paper we propose an index which combines a basket of five cryp-toassets with an investment in gold in a way that aims to improve therisk profile of the resulting portfolio while preserving its independencefrom mainstream financial asset classes such as stocks, bonds and fiatcurrencies. We generalise the theory of Equal Risk Contribution to allowfor weighting according to a desired level of contribution to volatility. Wefind a crypto–gold weighting based on Weighted Risk Contribution to behistorically more effective in terms of Sharpe Ratio than several alterna-tive asset allocation strategies including Shannon’s Demon. Within thecrypto-basket, whose constituents are selected and rebalanced monthly,we find an Equal Weighting scheme to be more effective in terms of thesame metric than a market capitalisation weighting.

Conference paper

Marchenko Y, Knottenbelt WJ, Wolter K, 2020, EthExplorer: A Tool for Forensic Analysis of the Ethereum Blockchain, Pages: 100-117, ISSN: 0302-9743

This paper presents EthExplorer, a graph-based tool for analysing the Ethereum blockchain. EthExplorer has been designed for the assessment of Ethereum transactions, which represent diverse and complex activities in a large-scale distributed system. EthExplorer shows Ethereum addresses as nodes and transactions as directed arcs between addresses. The graph is annotated in several ways: arcs are scaled according to the amount of Ether they carry and the nodes are colour encoded to indicate types of addresses, such as exchanges, miners or mining pools. Ether transfer transactions and smart contracts are distinguished by line styles. EthExplorer can be used to trace the flow of Ether between addresses. For a given address all its output or input transactions with the corresponding receiver or sender addresses can be found. The set of considered addresses can be increased by adding selected addresses to the set of analysed addresses.

Conference paper

Wolter K, Pesu T, van Moorsel A, Knottenbelt WJet al., 2020, Black-box models for restart, reboot and rejuvenation, Handbook Of Software Aging And Rejuvenation: Fundamentals, Methods, Applications, And Future Directions, Pages: 155-194, ISBN: 9789811214578

This chapter discusses black-box models for retries, where no distinction is made between the purpose of the retry. Retries can be used as restart, to improve userobserved performance, as reboot, for fault-tolerance, or as rejuvenation, to treat the aging of the system. The chapter derives stochastic models and shows the results we obtained for optimising moments of the user-observed job completion time as well as the probability of meeting a deadline. The second part of the chapter provides a review of the literature in this area of the past decade. The chapter closes with a discussion of open problems.

Book chapter

Ilie DI, Knottenbelt WJ, Stewart ID, 2020, Committing to quantum resistance, better: a speed-and-risk-configurable defence for bitcoin against a fast quantum computing attack, 1st International Conference on Mathematical Research for Blockchain Economy (MARBLE), Publisher: Springer International Publishing AG, Pages: 117-132, ISSN: 2198-7246

In light of the emerging threat of powerful quantum computers appearing in the near future, we investigate the potential attacks on Bitcoin available to a quantum-capable adversary. In particular, we illustrate how Shor’s quantum algorithm can be used to forge ECDSA based signatures, allowing attackers to hijack transactions. We then propose a simple commit–delay–reveal protocol, which allows users to securely move their funds from non-quantum-resistant outputs to those adhering to a quantum-resistant digital signature scheme. In a previous paper (Stewart et al. R. Soc. Open Sci. 5(6), 180410 (2018)) [1] we presented a similar scheme with a long fixed delay. Here we improve on our previous work, by allowing each user to choose their preferred delay–long for a low risk of attack, or short if a higher risk is acceptable to that user. As before, our scheme requires modifications to the Bitcoin protocol, but once again these can be implemented as a soft fork.

Conference paper

Pardalos P, Kotsireas I, Guo Y, Knottenbelt Wet al., 2020, Preface, Pages: v-vi, ISSN: 2198-7246

Conference paper

Pardalos P, Kotsireas I, Guo Y, Knottenbelt Wet al., 2020, MARBLE 2019 Conference Proceedings Volume: Preface, Pages: v-vi, ISSN: 2198-7246

Conference paper

Zamyatin A, Avarikioti Z, Perez D, Knottenbelt WJet al., 2020, TxChain: efficient cyptocurrency light clients via contingent transaction aggregation., Publisher: Cryptology ePrint Archive

Cryptocurrency light- or simplified payment verification (SPV) clientsallow nodes with limited resources to efficiently verify execution of payments.Instead of downloading the entire blockchain, only block headers and selectedtransactions are stored. Still, the storage and bandwidth cost, linear in blockchainsize, remain non-negligible, especially for smart contracts and mobile devices: asof April 2020, these amount to 50 MB in Bitcoin and 5 GB in Ethereum.Recently, two improved sublinear light clients were proposed: to validate theblockchain, NIPoPoWs and FlyClient only download a polylogarithmic numberof block headers, sampled at random. The actual verification of payments, however, remains costly: for each verified transaction, the corresponding block musttoo be downloaded. This yields NIPoPoWs and FlyClient only effective underlow transaction volumes.We present TXCHAIN, a novel mechanism to maintain efficiency of light clientseven under high transaction volumes. Specifically, we introduce the concept ofcontingent transaction aggregation, where proving inclusion of a single contingent transaction implicitly proves that n other transactions exist in the blockchain.To verify n payments, TXCHAIN requires a only single transaction in the best(n ≤ c), and dnc + logc(n)e transactions in the worst case (n > c). We deployTXCHAIN on Bitcoin without consensus changes and implement a soft fork forEthereum. To demonstrate effectiveness in the cross-chain setting, we implementTXCHAIN as a smart contract on Ethereum to efficiently verify Bitcoin payments.

Working paper

Ilie DI, Knottenbelt WJ, Stewart I, 2020, Committing to quantum resistance, better: a speed - and - risk - configurable defence for bitcoin against a fast quantum computing attack., Publisher: Cryptology ePrint Archive

In light of the emerging threat of powerful quantum computers appearing in the near future, we investigate the potential attacks onBitcoin available to a quantum-capable adversary. In particular, we illustrate how Shor’s quantum algorithm can be used to forge ECDSA basedsignatures, allowing attackers to hijack transactions. We then proposea simple commit–delay–reveal protocol, which allows users to securelymove their funds from non-quantum-resistant outputs to those adheringto a quantum-resistant digital signature scheme. In a previous paper [34]we presented a similar scheme with a long fixed delay. Here we improveon our previous work, by allowing each user to choose their preferreddelay – long for a low risk of attack, or short if a higher risk is acceptableto that user. As before, our scheme requires modifications to the Bitcoinprotocol, but once again these can be implemented as a soft fork.

Working paper

, 2020, Mathematical Research for Blockchain Economy, 1st International Conference, MARBLE 2019, Santorini, Greece, May 6-9, 2019., Publisher: Springer

Conference paper

Zamyatin A, Al-Bassam M, Zindros D, Kokoris-Kogias E, Moreno-Sanchez P, Kiayias A, Knottenbelt WJet al., 2019, SoK: communication across distributed ledgers., Publisher: Cryptology ePrint Archive

Communication across distributed systems, each running its own consensus, is a problem previously studied under the assumption of trust across systems. With the appearance of distributed ledgers or blockchains, numerous protocols have emerged, which attempt to achieve trustless communication between distrusting ledgers and participants. Cross-chain communication thereby plays a fundamental role in cryptocurrency exchanges, sharding, bootstrapping and extension of distributed ledgers. Unfortunately, existing proposals are designed ad-hoc for specific use-cases, making it hard to gain confidence on their correctness and to use them as building blocks for new systems.

Working paper

Harz D, Gudgeon L, Gervais A, Knottenbelt Wet al., 2019, Balance: dynamic adjustment of cryptocurrency deposits, 2019 ACM SIGSAC Conference on Computer & Communications Security (CCS '19), Publisher: ACM, Pages: 1485-1502

In cryptoeconomic protocols, €nancial deposits are fundamental totheir security. Protocol designers and their agents face a trade-o‚when choosing the deposit size. While substantial deposits might in-crease the protocol security, for example by minimising the impactof adversarial behaviour or risks of currency ƒuctuations, locked-up capital incurs opportunity costs for agents. Moreover, someprotocols require over-collateralization in anticipation of futureevents and malicious intentions of agents. We presentBalance,an application-agnostic system that reduces over-collateralizationwithout compromising protocol security. InBalance, maliciousagents receive no additional utility for cheating once their depositsare reduced. At the same time, honest and rational agents increasetheir utilities for behaving honestly as their opportunity costs forthe locked-up deposits are reduced.Balanceis a round-basedmechanism in which agents need tocontinuouslyperform desiredactions. Rather than treating agents’ incentives and behaviour asancillary, we explicitly model agents’ utility, proving the conditionsfor incentive compatibility.Balanceimproves social welfare givena distribution of honest, rational, and malicious agents. Further,we integrateBalancewith a cross-chain interoperability protocol,XCLAIM, reducing deposits by 10% while maintaining the sameutility for behaving honestly. Our implementation allows any num-ber of agents to be maintained for at most 55,287 gas (≈USD 0.07)to update the agents’ scores, and at a cost of 54,948 gas (≈USD0.07) to update the assignment of agents to layers.

Conference paper

Zamyatin A, Harz D, Lind J, Panayiotou P, Gervais A, Knottenbelt Wet al., 2019, XCLAIM: trustless, interoperable, cryptocurrency-backed assets, 40th IEEE Symposium on Security and Privacy (IEEE S&P 2019), Publisher: IEEE, Pages: 193-210, ISSN: 2375-1207

Building trustless cross-blockchain trading protocols is challenging. Centralized exchanges thus remain the preferred route to execute transfers across blockchains. However, these services require trust and therefore undermine the very nature of the blockchains on which they operate. To overcome this,several decentralized exchanges have recently emerged which offer support for atomic cross-chain swaps (ACCS). ACCS enable the trustless exchange of cryptocurrencies across blockchains,and are the only known mechanism to do so. However, ACCS suffer significant limitations; they are slow, inefficient and costly,meaning that they are rarely used in practice.We present XCLAIM: the first generic framework for achieving trustless and efficient cross-chain exchanges using cryptocurrency-backed assets(CBAs). XCLAIM offers protocols for issuing,transferring, swapping and redeeming CBAs securely in anon-interactive manner on existing blockchains. We instanti-ate XCLAIM between Bitcoin and Ethereum and evaluate our implementation; it costs less than USD 0.50 to issue an arbi-trary amount of Bitcoin-backed tokens on Ethereum. We show XCLAIMis not only faster, but also significantly cheaper than atomic cross-chain swaps. Finally, XCLAIMis compatible with the majority of existing blockchains without modification, and enables several novel cryptocurrency applications, such as cross-chain payment channels and efficient multi-party swaps

Conference paper

Harz D, Gudgeon L, Gervais A, Knottenbelt WJet al., 2019, Balance: dynamic adjustment of cryptocurrency deposits., Publisher: Cryptology ePrint Archive

Financial deposits are fundamental to the security of cryptoeconomic protocols as they serve as insurance against potential misbehaviour of agents. However, protocol designers and their agents face a trade-off when choosing the deposit size. While substantial deposits might increase the protocol security, for example by minimising the impact of adversarial behaviour or risks of currency fluctuations, locked-up capital incurs opportunity costs. Moreover, some protocols require over-collateralization in anticipation of future events and malicious intentions of agents. We present Balance, an application-agnostic system that reduces over-collateralization without compromising protocol security. In Balance, malicious agents receive no additional utility for cheating once their deposits are reduced. At the same time, honest and rational agents increase their utilities for behaving honestly as their opportunity costs for the locked-up deposits are reduced. Balance is a round-based mechanism in which agents need to continuously perform desired actions. Rather than treating agents' incentives and behaviour as ancillary, we explicitly model agents' utility, proving the conditions for incentive compatibility. Balance improves social welfare given a distribution of honest, rational, and malicious agents. Further, we integrate Balance with a cross-chain interoperability protocol, XCLAIM, reducing deposits by 10% while maintaining the same utility for behaving honestly. Our implementation allows any number of agents to be maintained for at most 55,287 gas (ca. USD 0.07) to update all agents' scores, and at a cost of 54,948 gas (ca. USD 0.07) to update the assignment of all agents to layers.

Working paper

This data is extracted from the Web of Science and reproduced under a licence from Thomson Reuters. You may not copy or re-distribute this data in whole or in part without the written consent of the Science business of Thomson Reuters.

Request URL: http://wlsprd.imperial.ac.uk:80/respub/WEB-INF/jsp/search-html.jsp Request URI: /respub/WEB-INF/jsp/search-html.jsp Query String: respub-action=search.html&id=00159431&limit=30&person=true