Towards Secure Decentralized Applications and Consensus Protocols in Blockchains (on Selfish Mining, Undercutting Attacks, DAG-Based Blockchains, E-Voting, Cryptocurrency Wallets, Secure-Logging, and CBDC)

With the rise of cryptocurrencies, many new applications built on decentralized blockchains have emerged. Blockchains are full-stack distributed systems where multiple sub-systems interact. While many deployed blockchains and decentralized applications need better scalability and performance, security is also critical. Due to their complexity, assessing blockchain and DAPP security requires a more holistic view than for traditional distributed or centralized systems. In this thesis, we summarize our contributions to blockchain and decentralized application security. We propose a security reference architecture to support standardized vulnerability and threat analysis. We study consensus security in single-chain Proof-of-Work blockchains, including resistance to selfish mining, undercutting, and greedy transaction selection, as well as related issues in DAG-based systems. We contribute to wallet security with a new classification of authentication schemes and a two-factor method based on One-Time Passwords. We advance e-voting with a practical boardroom voting protocol, extend it to a scalable version for millions of participants while preserving security and privacy, and introduce a repetitive voting framework that enables vote changes between elections while avoiding peak-end effects. Finally, we improve secure logging using blockchains and trusted computing through a centralized ledger that guarantees non-equivocation, integrity, and censorship evidence, then build on it to propose an interoperability protocol for central bank digital currencies that ensures atomic transfers.

💡 Research Summary

This habilitation thesis presents a comprehensive body of research focused on enhancing the security of blockchain systems and decentralized applications (DApps). The work is structured around five core pillars, each addressing critical vulnerabilities and proposing novel solutions.

First, the thesis addresses the lack of standardized security analysis for complex blockchain ecosystems. It proposes a Security Reference Architecture (SRA), a layered stack model (Network, Consensus, Replicated State Machine, Application) that systematically categorizes threats and their interdependencies. This framework is integrated into the ISO/IEC 15408 threat-risk assessment standard to provide a tailored methodology for blockchain security evaluation.

Second, it delves into the security of consensus protocols. For single-chain Proof-of-Work (PoW) blockchains, the author introduces “StrongChain,” a protocol that mitigates selfish mining by rewarding partial PoW solutions and incorporating them into the chain’s weight, thereby improving resistance without introducing new attack vectors like subchain selfish mining. For Directed Acyclic Graph (DAG)-based blockchains (e.g., SPECTRE, PHANTOM), the research provides a groundbreaking game-theoretic analysis. It proves that the commonly used Random Transaction Selection (RTS) strategy is not a Nash Equilibrium, and through simulation, demonstrates that greedy miners deviating from RTS can gain higher rewards while significantly degrading the network’s overall transaction throughput.

Third, the thesis advances cryptocurrency wallet security. It establishes a new classification system for wallet authentication schemes based on factors (knowledge/possession/biometric) and execution locality (local/remote). Building on this, it proposes “SmartOTPs,” an innovative two-factor authentication (2FA) method that leverages smart contracts and One-Time Passwords (OTPs). This design mitigates traditional OTP vulnerabilities like phishing while maintaining usability features like recovery options.

Fourth, it contributes significantly to electronic voting (e-voting). The author designs “BBB-Voting,” a practical boardroom voting protocol, and its scalable successor “SBvote,” which uses a public bulletin board and zero-knowledge proofs to support millions of voters while preserving privacy and verifiability. A major conceptual innovation is the “Always on Voting” framework, which enables repetitive voting—allowing voters to change their preferences between formal elections—while employing cryptographic techniques to avoid cognitive biases like the peak-end effect.

Finally, the work explores secure logging and its application to future financial infrastructure. It presents “Aquareum,” a centralized logging system that synergizes blockchain immutability with Trusted Execution Environments (TEEs) to guarantee non-equivocation, integrity, and censorship evidence for log entries. This foundation is extended to propose “CBDC-AquaSphere,” an interoperability protocol for Central Bank Digital Currencies (CBDCs). This protocol ensures atomic cross-chain transfers between different CBDC systems, addressing a key challenge for the future of digital finance.

In summary, this thesis provides a holistic and deep technical analysis of blockchain security across multiple layers and applications. It moves beyond identifying problems to offering concrete, innovative protocols and frameworks that enhance security, privacy, and functionality for consensus mechanisms, wallets, voting systems, and financial infrastructure.