Blockchains are the technical basis for cryptocurrencies such as Bitcoin, but they also play a role in many other applications today: they can be used to process more complicated financial transactions or even to close contracts. The key question is: Are these technologies really secure? Is it possible to guarantee with mathematical certainty that such systems cannot be misused? And if not, how can this be fixed?
Prof Matteo Maffei and his team at the Security and Privacy Research Unit of the Institute of Logic and Computation at TU Wien are researching such security issues in the context of blockchain technologies. Maffei was already awarded an ERC Consolidator Grant by the European Research Council in 2018, now he has received an ERC Advanced Grant, the most and prestigious research grant in Europe. The Grant "BlockSec" is endowed with around two and a half million euros for a duration of five years.
Mathematically guaranteed correctness
Blockchains can be used to do business or make agreements without the need for a central, controlling authority. For example, a currency can be created without the need for a central bank. Loans can be granted without the need for a bank to stand between the lender and borrower. These and other functionalities are enabled by so-called ’smart contracts’. They consist of computer code that monitors certain predefined processes in a similar way to a notarial supervisor and then decides objectively and incorruptibly what needs to happen. "All participants first agree on this code, then it runs automatically and can no longer be rewritten," explains Matteo Maffei.This naturally begs the question: Can such systems be outwitted? Can malicious people use any tricks to gain an advantage?
"In such situations, it’s not enough for people to take a close look at the code and, after much deliberation, come to the conclusion that it’s probably secure," says Matteo Maffei. "What you want is mathematical reliability, as people’s money is at stake. To give an idea, around 66.6 billion dollars are currently processed just within the Ethereum ecosystem."
Techniques from software verification are therefore used: Also for particularly safety-sensitive computer code, such as control software for airplanes, it is necessary to guarantee that the code contains no errors and makes the right decision in every logically possible situation. This is why verification software has been developed, which can be used to check other software. This makes it possible to prove mathematically that the software does not contain any errors. Matteo Maffei and his team use similar methods to analyse blockchain technologies - and, if errors are found, to close security gaps.
Combining software technology with game theory and cryptography
In contrast to standard software, which is supposed to offer a certain functionality and thus to exhibit a certain behavior, users can perform any sort of transaction on a blockchain. In this case, the most important security question is whether or not it is possible for a user to gain an advantage to the detriment of others. And to answer this question, a model for interest-oriented behaviour is needed, which can be provided by game theory."If someone carries out a transaction for which the system may not be intended, but which only harms theirselves, without causing problems for anyone else, then this is not really a problem," says Matteo Maffei. "Things get dangerous when there is a possibility that someone could benefit at the expense of others."
The ERC project will therefore combine elements of game theory with elements of software verification. The aim is to ensure that, from a purely logical point of view, agents who are looking out for their own advantage can never cause harm in a particular blockchain application. A combination of innovative cryptography and software engineering techniques will then be employed to strengthen the security of smart contracts when needed, with the ultimate goal to provide guaranteed security for blockchain applications.
Matteo Maffei
Matteo Maffei completed his doctorate at the University of Venice in Italy in 2006. He then moved to Germany and worked as a postdoc at Saarland University. From 2008 he headed his own research group there, and in 2009 he won an Emmy Noether Fellowship from the DFG. In 2013, Matteo Maffei became Associate Professor at Saarland University, and in 2016 he accepted a professorship for Security at TU Wien. In 2018, he received his first ERC Consolidator Grant to research on browser security.Maffei is now Co-Director of the Cybersecurity Centre at TU Wien and the Secint doctoral programme. He coordinates the FWF research project SPyCoDe, is a key researcher at SBA Research and one of the heads of the CD Laboratory for Blockchain Technologies for the Internet of Things.
Prof. Maffei’s Research Team