all archived research

b_verify is a new protocol for issuing and transacting in verifiable records using a public blockchain. Focused on warehouse receipts as a first use case, its purpose is to improve access to credit and price discovery in supply chains, especially in emerging markets pursuing digitization of paper records.

Cryptokernel is a toolkit to help everyone learn about blockchain technology. It shares basic structural elements with Bitcoin but is intended for variation and experimentation.

The Web is a key space for civic debate and the current battleground for protecting freedom of expression. And yet, it has steadily evolved into an ecosystem of large, corporate-controlled mega-platforms. This report evaluates the potential for new technologies to enable shifts toward decentralization.

User-focused updates to Flashbot’s MEV-Boost protocol via transaction-level MEV bundles

We are designing an integrated system of robust and affordable public financing for solar infrastructure. Our blockchain and hardware engineering, and field efforts, are geared to consolidate a model to transform all of Puerto Rico’s public schools into solar-power emergency shelters.

ClockWork is a practical exchange protocol which gives an exchange the ability to prove to a user that it did not front-run their order. In ClockWork, users commit to and encrypt orders inside a timelock puzzle. By assuming a lower bound on the time it takes to solve the puzzle, we ensure that no one, including the exchange, can submit new orders or selectively drop orders after the batch is fixed, and that users cannot repudiate committed orders.Users interacting with the exchange are convinced that the exchange did not front-run, and the protocol creates a transcript between the exchange and the users that serves as evidence orders were matched correctly and has attestations from users who agree they were not front-run.Despite using computationally expensive timelock puzzles, ClockWork provides reasonable performance for batch auctions.

Lack of auditability or inaccurate results from auditing can have devastating effects as demonstrated by the 2008 financial crisis. zkLedger combines techniques from modern cryptography to analyze private data, while ensuring the integrity of that analysis.

We propose a new form of proof systems: zk-SHARKs (zero-knowledge Succinct Hybrid ARguments of Knowledge). These combine the fast verification of zk-SNARKs with the no-trusted-setup of some non-succinct NIZKs.

A zk-SHARK has two verification modes: a prudent mode (relying on a uniform random string), and an optimistic mode (relying on a structured reference string).

Crucially, even complete corruption of the setup used by optimistic verification does not invalidate the prudent verification.

Moreover, old "prudent proofs'' can be re-accelerated with a new optimistic mode setup (in case the old setup becomes unconvincing or compromised).

We propose a construction of zk-SHARKs, tailored for efficiency of both modes: it is competitive with both state-of-the-art SNARKs (in terms of prover and verifier time) and NIZKs (in terms of proof size). Our zk-SHARK construction acieves all three properties outlined above.

We also discuss the applicability to transaction and block verification in blockchain applications.

Discreet log contracts are an exciting new technology that facilitates conditional payments on bitcoin and compatible blockchains

By creating a Discreet Log Contract, two parties can form a monetary contract redistributing their funds to each other, based on preset conditions, without revealing any details of those conditions to the blockchain. Its appearance on the blockchain will be no different than an ordinary multi signature output. Therefore the contract is discreet in the sense that no external observer can learn its existence or details from the public ledger.

Public blockchains have serious problems with scaling and interoperability. The Lightning Network addresses these with a decentralized system for instant, high-volume micropayments removing the risk of delegating custody of funds to trusted third parties.

In the Bitcoin consensus network, all nodes come to agreement on the set of Unspent Transaction Outputs (The “UTXO” set). The size of this shared state is a scalability constraint for the network, as the size of the set expands as more users join the system, increasing resource requirements of all nodes. Decoupling the network’s state size from the storage requirements of individual machines would reduce hardware requirements of validating nodes. We introduce a hash based accumulator to locally represent the UTXO set, which is logarithmic in the size of the full set. Nodes attach and propagate inclusion proofs to the inputs of transactions, which along with the accumulator state, give all the information needed to validate a transaction. While the size of the inclusion proofs results in an increase in network traffic, these proofs can be discarded after verification, and aggregation methods can reduce their size to a manageable level of overhead. In our simulations of downloading Bitcoin’s blockchain up to early 2019 with 500MB of RAM allocated for caching, the proofs only add approximately 25% to the amount otherwise downloaded.

A principal vulnerability of a proof-of-work ("PoW") blockchain is that an attacker can rewrite the history of transactions by forking a previously published block and building a new chain segment containing a different sequence of transactions. If the attacker’s chain has the most cumulative mining puzzle difficulty, nodes will recognize it as canonical. We propose a modification to PoW protocols, called ADESS, that contains two novel features which increase the cost of launching a double-spend attack. The first innovation enables a node to identify the attacker chain by comparing the temporal sequence of blocks on competing chains. The second innovation is to penalize the attacker by requiring it to apply exponentially increasing hashrate in order to make its chain canonical. For any value of transaction, there is a penalty setting in ADESS that renders a double-spend attack unprofitable.

The reorg tracker analyzes consensus security of proof-of-work cryptocurrencies to provide empirical data on the rate of reorgs, detect double-spends, determine how much fifty-one percent attacks cost and which coins are attackable in practice. The tracker actively observes over twenty cryptocurrency networks, and correlates deep reorgs with the Nicehash order book, price data and double-spent transactions to estimate fifty-one percent attack profitability. To date the reorg tracker has detected over forty reorgs over six blocks deep across different cryptocurrencies, and several likely successful double-spend attacks.

Proof-of-Work mining is intended to provide blockchains with robustness against double-spend attacks. However, an economic analysis that follows from Budish (2018), which considers free entry conditions together with the ability to rent sufficient hashrate to conduct an attack, suggests that the resulting block rewards can make an attack cheap. We formalize a defense to double-spend attacks. We show that when the victim can counterattack in the same way as the attacker, this leads to a variation on the classic game-theoretic War of Attrition model. The threat of this kind of counterattack induces a subgame perfect equilibrium in which no attack occurs in the first place.

Pool Detective is a system we built at the DCI, and are currently running, to monitor the behavior of mining pools that operate on Proof-of-Work cryptocurrencies such as Bitcoin, Litecoin and others. Mining pools have ultimate control over the work that constituent miners process and therefore their (mis)behavior can have large consequences for the security of Proof-of-Work networks. We're conducting this research because we think it's important to perform detailed monitoring and analyze the behavior of pools, and no one else is doing that up to this level of detail.

Authored by Rainer Boehme, Lisa Eckey, Tyler Moore, Neha Narula, Tim Ruffing, and Aviv Zohar to appear in Communications of the ACM

Voters are understandably concerned about election security. News reports of possible election inter- ference by foreign powers, of unauthorized voting, of voter disenfranchisement, and of technological failures call into question the integrity of elections worldwide.This article examines the suggestions that “vot- ing over the Internet” or “voting on the blockchain” would increase election security, and finds such claims to be wanting and misleading.

This 2023 report uniquely focuses on users, especially society’s most vulnerable, and is an interdisciplinary collaboration between the MIT Digital Currency Initiative and Maiden Labs, funded by the Gates Foundation. Findings are drawn from:

• design research to identify the important open technical design choices and ways forward for CBDC;

• infrastructure research on existing money technologies to understand the broader public-private dynamics in which CBDC financial inclusion issues are centered;

• and fieldwork to understand the financial experiences of people in four low- and middle-income countries (India, Indonesia, Nigeria, and Mexico) and the ways existing money technologies are failing them or helping them flourish.

For policymakers, technologists, financial-inclusion advocates, and social scientists interested in CBDCs’ risks and opportunities, this report's insights include concrete areas for focus, ideas for design directions, and recommendations for future research. It is a resource for anyone wishing to understand how we can design a digital currency that expands financial inclusion and operates in the public interest, rather than one that exacerbates or even creates a new digital divide for currency.

What will it take for decentralized networks to realize our vision of a radically improved financial system that protects user privacy and increases user agency? In addition to DCI’s focus on open source development and neutral research into the privacy, security, and scalability of decentralized networks, we also believe it will require a robust awareness of the people inside and outside the traditional financial system, their needs, and their perspectives on digital currency’s potential.

That’s why we are collaborating with Maiden, a non-profit user-research lab, to surface user insights that can inform our work as technologists as well as contribute to the public policy dialogues surrounding digital currencies. We recently completed a US-based user-research study, addressing some of the riskiest and most-common assumptions about prospective digital currency users and use cases.

As a neutral digital currency research lab, the MIT DCI has fielded many questions about the energy consumption of Proof of Work (PoW) cryptocurrencies (e.g. Bitcoin). Given the potential environmental impacts of unjustified energy use, we recognize the importance of this issue—but despite the stakes, we see a disturbing lack of rigor, neutrality, and concrete data pervading the conversation. To that end, our Currency Efficiency research project is an attempt to isolate the root concerns underpinning the environmental considerations, offer a usable framework, and gather rigorous data on various crypto and fiat currencies in order to help move the larger conversation forward in a productive manner. We hope this work will eventually allow for a meaningful, rational assessment and comparison of the environmental impact of many cryptocurrencies and payment systems.

Consensus is a fundamental problem in the field of distributed computing and multi-agent systems to achieve system reliability in the presence of some number of faulty or adversarial processes. The goal of processes participating in consensus is to agree on some shared data value that is needed in computation. In the context of blockchains, such data values consist of transactions; all participants must simultaneously agree on the same shared ledger, and new transactions must be able to be added to the ledger. Consensus is at the heart of ensuring that such guarantees are met in blockchains.