Cloud and Blockchain Security


This project started in October 2014 and is ongoing.


Kari Kostiainen (ETH)
Ghassan Karame (NEC)

Industry partner



In this project, NEC and ETH aim to address various issues in cloud and blockchain security to improve their security and scalability. In blockchain technology, our project focuses on the security and privacy of different blockchain technologies and on developing new protocols and systems to enhance functionality.

As the first research contribution, we have proposed a new approach to protect the privacy of lightweight clients in blockchain systems like Bitcoin. Our main idea is to leverage commonly available trusted execution capabilities, such as SGX enclaves. We have designed and implemented a system called BITE where enclaves on full nodes serve privacy-preserving requests from lightweight clients. Because a naive method of serving client requests from within SGX enclaves still leaks user information, BITE integrates several privacy measures that address external leakage and SGX side channels. The resulting solution provides strong privacy protection and improves the performance of current lightweight clients.

As the second research contribution, we have designed and developed a new method to allow for the execution of expressive smart contracts on legacy cryptocurrencies, such as Bitcoin, that do not natively support a Turing complete scripting language. Our system, called Bitcontracts, allows the smart contract creator to designate a set of so-called service providers that are responsible for executing the contract off-chain. The contract state is stored in on-chain transactions, and the service providers can collectively authorize state changes by using multi-signature transactions signed by a quorum of them.

As the third research contribution, we have investigated the problems with mining centralization and analyzed approaches that try to solve these issues with decentralization of mining pools. We have found that mining centralization provides several advantages for individual miners compared to decentralized solutions and thus miners are incentivized to prefer centralized mining pools. To mitigate some of the issues that arise from current centralized mining pools, we have proposed a novel mining solution using trusted execution environments.

As the fourth research contribution, we have investigated the censorship-resilience of fast blockchain payments. Permissionless blockchains are known to be too slow for applications like point-of-sale payments. While several techniques have been proposed to speed up blockchain payments, none of them are satisfactory. In particular, existing solutions like payment channels require users to lock up significant funds, and schemes based on pre-defined validators enable easy transaction censoring. We have developed a system called Quicksilver that works with practical collaterals and is fast, censorship-resilient, and confidential at the same time.


Kari Kostiainen, Sven Gnap, Ghassan Karame
Censorship-​Resilient and Confidential Collateralized Second-​Layer Payments
eprint, November 2022
Karl Wüst, Loris Diana, Kari Kostiainen, Ghassan Karame, Sinisa Matetic, Srdjan Capkun
Bitcontracts: Adding Expressive Smart Contracts to Legacy Cryptocurrencies
IACR eprint archive 2019
Sinisa Matetic, Karl Wüst, Moritz Schneider, Kari Kostiainen, Ghassan Karame, Srdjan Capkun
BITE: Bitcoin Lightweight Client Privacy using Trusted Execution
USENIX Security Symposium 2019
Arthur Gervais, Hubert Ritzdorf, Ghassan O. Karame, Srdjan Capkun
Tampering with the Delivery of Blocks and Transactions in Bitcoin
ACM Conference on Computer and Communication Security (CCS), 2015

Claudio Soriente, Ghassan O. Karame, Hubert Ritzdorf, Srdjan Marinovic, Srdjan Capkun
Commune: Shared Ownership in an Agnostic Cloud
Symposium on Access control Models and Technologies (SACMAT), 2015