Financial Cryptography and Data Security 2019


Twenty-Third International Conference
February 18–22, 2019
St. Kitts Marriott Resort
St. Kitts

Ross Anderson live-blogged some of the FC19 sessions. You can read his excellent summaries of the presentations over at Light Blue Touchpaper.

Note: due to delayed arrival of the keynote speaker, some presentations were rearranged and presented out of order.

All events take place in the Royal Ballroom unless otherwise indicated.
Sunday, February 17, 2019

16:00–18:00 Registration Reception
Location: Ocean View Terrace
Monday, February 18, 2019

08:30–09:00 Registration

09:00–09:10 Opening Remarks

Session 1: Keynote
Session Chair: Tyler Moore

Neha Narula
Director, MIT Digital Currency Initiative

Preventing catastrophic cryptocurrency attacks.

One pressing problem facing cryptocurrencies today is the security risk of latent implementation bugs. There are thousands of cryptocurrencies created by developers with varied levels of experience, and attackers can easily and anonymously exploit cryptocurrency vulnerabilities for financial gain. Cryptocurrency developer teams often lack disclosure policies and clear plans on how they might respond to vulnerabilities, putting disclosers and users at risk. In this talk, I will discuss lessons learned for disclosers and developers and remaining open questions based on three different vulnerability disclosures: hash function collisions in IOTA, a chain split bug in bitcoin-abc, and an inflation bug in bitcoin-core. Note that all of these vulnerabilities were disclosed, fixed, and to the best of our knowledge, not exploited.

Neha Narula is the Director of the Digital Currency Initiative at the MIT Media Lab, where her research interests are in cryptocurrencies and distributed systems. She received her PhD in computer science from MIT in 2015, where she published work on fast, scalable databases. Neha has given a TED talk on the future of money, was named to WIRED's list of 25 leaders shaping the next 25 years of technology, and was listed on Fortune's Ledger 40 under 40. In a previous life, she helped relaunch the news aggregator Digg and was a senior software engineer at Google.

Session 2: Cryptocurrency Cryptanalysis
Session Chair: Ian Goldberg

Biased Nonce Sense: Lattice Attacks against Weak ECDSA Signatures in Cryptocurrencies. Joachim Breitner (DFINITY Foundation) and Nadia Heninger (University of California, San Diego)

10:30–11:00 Break

Session 3: Proofs of Stake
Session Chair: Jens Grossklags

Snow White: Robustly Reconfigurable Consensus and Applications to Provably Secure Proofs of Stake. Phil Daian, Rafael Pass (CornellTech), and Elaine Shi (Cornell)

Compounding of Wealth in Proof-of-Stake Cryptocurrencies. Giulia Fanti (CMU), Leonid Kogan (MIT), Sewoong Oh (UIUC), Kathleen Ruan (CMU), Pramod Viswanath, and Gerui Wang (UIUC)

Short Paper: I Can’t Believe It’s Not Stake! Resource Exhaustion Attacks on PoS. Sanket Kanjalkar, Joseph Kuo, Yunqi Li, and Andrew Miller (UIUC)

11:55–13:20 Lunch
Location: Blu Restaurant

Session 4: Measurement
Session Chair: Patrick McCorry

Short Paper: An Exploration of Code Diversity in the Cryptocurrency Landscape. Pierre Reibel, Haaroon Yousaf, and Sarah Meiklejohn (University College London)

Short Paper: An Empirical Analysis of Blockchain Forks in Bitcoin. Till Neudecker and Hannes Hartenstein (Karlsruhe Institute of Technology)

Detecting Token Systems on Ethereum. Michael Fröwis (University of Innsbruck), Andreas Fuchs (University of Münster), and Rainer Böhme (University of Innsbruck)

Measuring Ethereum-based ERC20 Token Networks. Friedhelm Victor and Bianca Katharina Lüders (Technische Universität Berlin)

14:30–15:00 Break

Session 5: Traceability and How to Stop It
Session Chair: Rainer Böhme

New Empirical Traceability Analysis of CryptoNote-Style Blockchains. Zuoxia Yu, Man Ho Au (Department of Computing, The Hong Kong Polytechnic University), Jiangshan Yu (Monash University), Rupeng Yang (School of Computer Science and Technology, Shandong University and Department of Computing,The Hong Kong Polytechnic University), Qiuliang Xu (School of Computer Science and Technology, Shandong University), and Wang Fat Lau (Department of Computing, The Hong Kong Polytechnic University)

Short Paper: An Empirical Analysis of Monero Cross-Chain Traceability. Abraham Hinteregger and Bernhard Haslhofer (Austrian Institute of Technology)

PRCash: Fast, Private and Regulated Transactions for Digital Currencies. Karl Wüst, Kari Kostiainen (ETH Zurich), Vedran Capkun (HEC Paris), and Srdjan Capkun (ETH Zurich)

ZLiTE: Zcash Lightweight Clients using Trusted Execution. Karl Wüst, Sinisa Matetic, Moritz Schneider (ETH Zurich), Ian Miers (Cornell Tech), Kari Kostiainen, and Srdjan Capkun (ETH Zurich)

18:00–20:00 Welcome Reception and Poster Session
Location: North Pool
Tuesday, February 19, 2019

Session 6: Payment Protocol Security
Session Chair: Aron Laszka

Designed to be Broken: A Reverse Engineering Study of the 3D Secure 2.0 Payment Protocol. Mohammed Aamir Ali and Aad van Moorsel (Newcastle University)

Short Paper: Making Contactless EMV Payments Robust Against Rogue Readers Colluding With Relay Attackers. Tom Chothia (University of Birmingham), Ioana Boureanu, and Liqun Chen (University of Surrey)

Short Paper: How to Attack PSD2 Internet Banking. Vincent Haupert and Stephan Gabert (Friedrich-Alexander University Erlangen-Nürnberg)

Your Money or Your Life—Modeling and Analyzing the Security of Electronic Payment in the UC framework. Dirk Achenbach, Roland Gröll, Timon Hackenjos (FZI Forschungszentrum Informatik), Alexander Koch, Bernhard Löwe, Jeremias Mechler, Jörn Müller-Quade (Karlsruher Institut für Technologie), and Jochen Rill (FZI Forschungszentrum Informatik)

10:10–10:40 Break

Session 7: Multiparty Protocols
Session Chair: Florian Kerschbaum

Secure Trick-Taking Game Protocols How to Play Online Spades Even with Cheaters. Xavier Bultel (Université de Rennes 1) and Pascal Lafourcade (Université Clermont Auvergne)

ROYALE: A Framework for Universally Composable Card Games with Financial Rewards and Penalties Enforcement. Bernardo David (IT University of Copenhagen), Rafael Dowsley (Aarhus University and IOHK), and Mario Larangeira (Tokyo Institute of Technology and IOHK)

Universally Verifiable MPC and IRV Ballot Counting. Chris Culnane (University of Melbourne), Olivier Pereira (University of Melbourne and Université catholique de Louvain), Kim Ramchen, and Vanessa Teague (University of Melbourne)

Synchronous Byzantine Agreement with Optimal Resilience, Expected O(n^2) Communication, and Expected O(1) Rounds. Ittai Abraham (VMware Research), Srinivas Devadas (MIT), Danny Dolev (Hebrew University of Jerusalem), Kartik Nayak (VMware Research and Duke University), and Ling Ren (VMware Research and University of Illinois at Urbana-Champaign)

12:00–13:30 Lunch
Location: Blu Restaurant

Session 8: Crypto Means Cryptography
Session Chair: Aniket Kate

Oblivious PRF on Committed Vector Inputs and Application to Deduplication of Encrypted Data. Jan Camenisch (DFINITY), Angelo De Caro (IBM Research), Esha Ghosh (Microsoft Research), and Alessandro Sorniotti (IBM Research)

Adaptively Secure Constrained Pseudorandom Functions. Dennis Hofheinz (Karlsruhe Institute of Technology), Akshay Kamath, Venkata Koppula, and Brent Waters (University of Texas, Austin)

LARA: A Design Concept for Lattice-based Encryption. Rachid El Bansarkhani (TU Darmstadt and QuantiCor Security GmbH)

Short Paper: The Proof is in the Pudding - Proofs of Work for Solving Discrete Logarithms. Marcella Hastings (University of Pennsylvania), Nadia Heninger (University of California, San Diego), and Eric Wustrow (University of Colorado Boulder)

21:00–22:00 General Meeting
Location: Royal Ballroom

22:00–00:00 Rump Session
Location: Royal Ballroom
Session Chair: Joseph Bonneau
Wednesday, February 20, 2019

Session 9: Getting Formal
Session Chair: Gaby Dagher

Minimizing Trust in Hardware Wallets with Two Factor Signatures. Antonio Marcedone, Rafael Pass (Cornell University), and abhi shelat (Northeastern University)

A Formal Treatment of Hardware Wallets. Myrto Arapinis, Andriana Gkaniatsou (University of Edinburgh), Dimitris Karakostas, and Aggelos Kiayias (University of Edinburgh and IOHK)

VeriSolid: Correct-by-Design Smart Contracts for Ethereum. Anastasia Mavridou (NASA Ames), Aron Laszka (University of Houston), Emmanouela Stachtiari (Aristotle University of Thessaloniki), and Abhishek Dubey (Vanderbilt University)

Bitcoin Security under Temporary Dishonest Majority. Georgia Avarikioti, Lukas Kappeli, Yuyi Wang, and Roger Wattenhofer (ETH Zurich)

10:20–10:50 Break

Session 10: Off-Chain Mechanisms and More Measurement
Session Chair: Sven Dietrich

VAPOR: a Value-Centric Blockchain that is Scale-out, Decentralized, and Flexible by Design. Zhijie Ren and Zekeriya Erkin (Delft University of Technology)

Sprites and State Channels: Payment Networks that Go Faster than Lightning. Andrew Miller (UIUC), Iddo Bentov (Cornell Tech), Surya Bakshi (UIUC), Ranjit Kumaresan (Visa Research), and Patrick McCorry (King's College London)

Echoes of the Past: Recovering Blockchain Metrics From Merged Mining. Nicholas Stifter (TU Wien), Philipp Schindler, Aljosha Judmayer (SBA Research), Alexei Zamyatin (Imperial College London), Andreas Kern (SBA Research), and Edgar Weippl (TU Wien)

TxProbe: Discovering Bitcoin's Network Topology Using Orphan Transactions. Sergi Delgado-Segura (UAB), Surya Bakshi (UIUC), Cristina Pérez-Solà (Universitat Rovira i Virgili), James Litton, Andrew Pachulski (UMD), Andrew Miller (UIUC), and Bobby Bhattacharjee (UMD)

13:00–17:45 Excursion

Catamaran cruise to Nevis (including open bar and light lunch on board), with beach/snorkel stop and an opportunity to try a Killer Bee (not included) at Sunshines Beach Bar.

19:00–21:00 BBQ
Location: Beach
Thursday, February 21, 2019

Session 11: Fraud Detection and Game Theory
Session Chair: Ross Anderson

Forecasting Suspicious Account Activity at Large-Scale Online Service Providers. Hassan Halawa, Konstantin Beznosov (University of British Columbia), Baris Coskun (Amazon Web Services), Meizhu Liu (Yahoo! Research), and Matei Ripeanu (University of British Columbia)

Thinking Like A Fraudster: Detecting Fraudulent Transactions Via Statistical Sequential Features. Chen Jing, Cheng Wang, and Chungang Yan (Tongji University)

Secure multiparty PageRank algorithm for collaborative fraud detection. Alex Sangers, Maran van Heesch (TNO), Thomas Attema, Thijs Veugen (TNO and CWI), Mark Wiggerman (ABN AMRO), Jan Veldsink (Rabobank), Oscar Bloemen (ING), and Daniël Worm (TNO)

10:00–10:30 Break

Session 12: IoT Security, and Crypto Still Means Cryptography
Session Chair: Ryan Henry

HEALED: HEaling & Attestation for Low-end Embedded Devices. Ahmad Ibrahim, Ahmad-Reza Sadeghi (TU Darmstadt), and Gene Tsudik (University of California, Irvine)

One-Time Programs Made Practical. Lianying Zhao (University of Toronto), Joseph I. Choi (University of Florida), Didem Demirag (Concordia University), Kevin R. B. Butler (University of Florida), Mohammad Mannan (Concordia University), Erman Ayday (Case Western Reserve University), and Jeremy Clark (Concordia University)

Statement Voting. Bingsheng Zhang (Lancaster University) and Hong-Sheng Zhou (Virginia Commonwealth University)

Fast Authentication from Aggregate Signatures with Improved Security. Muslum Ozgur Ozmen, Rouzbeh Behnia (Oregon State University), and Attila A. Yavuz (University of South Florida)

11:50–12:00 Closing Remarks

12:00–13:30 Lunch
Location: Blu Restaurant

14:00–18:00 Free Afternoon with Activities
(sign-up sheets will be available)

A: Jeep Adventure

B: Kayaking Adventure

C: Rainforest Hike

18:30–22:00 Beachside Food & Drinks at Sunset (sponsored by Kadena)
Location: Mr. X's Shiggidy Shack Beach Bar, The Strip
(about 20 minute walk or a short taxi ride from the hotel)

This event is open to all FC attendees who want to have a good time with some discussion on diversity and inclusion. A primary benefit of blockchain and related technologies is enabling more accessibility and security at scale. How can we take efforts to make sure that everyone can participate? Come join Kadena ( at Mr. X’s Shiggidy Shack for a fun evening on the beach with drinks, food, and music!

Friday, February 22, 2019

08:30–09:00 Workshops Registration

Note: the timing of the lunch and breaks is coordinated among all of the workshops, but some workshops might start earlier in the morning or end later in the afternoon. See their individual programs for details. Workshop registrants can attend any of the workshops and can switch between them as desired.

Workshops Early Morning Session

VOTING'19: 4th Workshop on Advances in Secure Electronic Voting
Location: Antigua Room

WTSC'19: 3rd Workshop on Trusted Smart Contracts
Location: St. Kitts/Nevis Rooms

10:30–11:00 Break

Workshops Late Morning Session

VOTING'19: 4th Workshop on Advances in Secure Electronic Voting
Location: Antigua Room

WTSC'19: 3rd Workshop on Trusted Smart Contracts
Location: St. Kitts/Nevis Rooms

12:30–14:00 Lunch
Location: Blu Restaurant

Workshops Early Afternoon Session

CIW'19: 1st Cryptocurrency Implementers' Workshop
Location: Nevis Room

VOTING'19: 4th Workshop on Advances in Secure Electronic Voting
Location: Antigua Room

WTSC'19: 3rd Workshop on Trusted Smart Contracts
Location: St. Kitts Room

15:30–16:00 Break

Workshops Late Afternoon Session

CIW'19: 1st Cryptocurrency Implementers' Workshop
Location: Nevis Room

VOTING'19: 4th Workshop on Advances in Secure Electronic Voting
Location: Antigua Room

WTSC'19: 3rd Workshop on Trusted Smart Contracts
Location: St. Kitts Room




This conference is organized annually by the International Financial Cryptography Association.