Abstract: Voting methods weighted by stakes are the baseline governance paradigm in Proof-of-Stake (PoS) blockchains. Such a paradigm may easily lead to distortions: a few users possessing an overwhelming stake amount may potentially fully control the process, even without owning the totality of the stakes. We study this problem through the lens of computational social choice and with a focus on the voting method used in Project Catalyst. We measure users' voting power by the Banzhaf power index, and investigate the issue of generating voting powers that are proportional to users' stakes. We contribute analytical and empirical results. Analytically, we observe that this is impossible in general but that proportionality can be approximated in expectation, albeit under restrictive assumptions over how stakes are randomly distributed.

Abstract: We provide a generic construction of blind signatures from cryptographic group actions following the framework of the blind signature CSIOtter introduced by Katsumata et al. (CRYPTO'23) in the context of isogeny (commutative group action). We adapt and modify that framework to make it work even for non-commutative group actions. As a result, we obtain a blind signature from abstract group actions which are proven to be secure in the random oracle model. We also propose an instantiation based on a variant of monomial code equivalence, interpreted as a symmetric group action.

Abstract: Nakamoto Consensus (i.e., the underlying consensus layer of Bitcoin) is of strong theoretical interest in terms of offering an ever-lasting, large-scale and permissionless computing service, which turns out to be challenging in the classical setting. Yet, despite its unprecedented features, Nakamoto Consensus still suffers from significant security and performance bottlenecks in terms of transaction order fairness: The system bears ephemeral centralization at the point of block production, creating opportunities for the adversary to seek profit by unfairly ordering transactions and adaptively injecting new ones (e.g. front-running / MEV attacks).

In this talk, we focus on blockchain order fairness in terms of transaction serialization, considering both the temporal and causal aspects. Regarding the temporal aspect, we propose the most refined notion of receiver order fairness which we term bounded unfairness; we also explore the complexity of realizing it. Then, we capture both sender and receiver order fairness in the Universal-Composability framework. We build two permissionless protocols assuring input causality. The first protocol, utilizing trusted hardware, allows clients to encrypt transactions which will be decrypted after a pre-determined period of time, measured by the blockchain progression. The second protocol, while achieving the same functionality, obviates the need for hardware enclaves and employs ephemeral committees that send only one message thus achieving input causality alongside adaptive security.

Abstract: Blockchain scalability is fundamentally constrained by redundant verification and excessive on-chain computation. Existing off-chain schemes, such as optimistic rollups, suffer from high latency, multi-round challenges, and weak verifier participation. To address these limitations, we present SideGAP, a sidechain-based framework that enables fast and verifiable off-chain computation with minimal main-chain overhead. SideGAP maintains intermediate execution states, allowing verifiers to directly retrieve any transaction-level snapshot for one-step verification, thereby eliminating multi-round interaction. To further mitigate the verifier's dilemma, SideGAP introduces a verifiable workload proof that binds each endorsement to measurable Gas expenditure, ensuring fairness and deterring free-riding.

Abstract: The anonymity and limited regulatory oversight of blockchain have made it a hotspot for criminal activities and money laundering. By routing illict funds through complex chains of transactions, laundering obscures their origins and creates significant challenges for forensic investigation. Today, on-chain anti-money laundering faces four major challenges: scarce data, hidden behaviors, organized laundering groups, and increasingly diverse laundering strategies. This talk presents a technical roadmap that spans data construction, risk assessment, group analysis, and multi-strategy detection.

We begin by addressing data scarcity with a taint-analysis–based tracing framework that constructs the first laundering dataset on Ethereum, making real-world laundering patterns visible on chain. To handle hidden laundering accounts and scarce labels, we develop an unsupervised risk assessment method that uses suspiciousness indicators and network propagation to identify high-risk accounts. We further reveal the organized nature of laundering by applying dense-subgraph mining and max-flow analysis to detect laundering groups. Finally, we introduce a semantics–structure fusion framework that detects a wide range of laundering strategies and produces suspicious activity reports. Together, these four components offer a coherent and effective approach to advancing on-chain anti–money laundering.

Abstract: A t-out-of-n robust non-interactive zero-knowledge (NIZK) combiner is a construction that, given access to n candidate instantiations of a NIZK for some language, itself implements a NIZK for the same language. Moreover, the combiner is secure assuming at least t of the given candidates are secure. We provide different constructions of robust NIZK combiners. In particular, we show how to obtain: A black-box combiner working for a special class of homomorphic languages where n, t are polynomial and t > ⌊n/2⌋. A non-black-box combiner working for any language, where n, t are constant and t > ⌊n/2⌋. A non-black-box combiner working for any language, where n, t are polynomial and t > ⌊2n/3⌋. On the negative side, we show that no (even non-black-box) robust NIZK combiner exists assuming t ≤ ⌊n/2⌋ (unless the polynomial hierarchy collapses).

Abstract: Memecoins, emerging from internet culture and community-driven narratives, have rapidly evolved into a unique class of crypto assets. Unlike technology-driven cryptocurrencies, their market dynamics are primarily shaped by viral social media diffusion, celebrity influence, and speculative capital inflows.

To capture the distinctive vulnerabilities of these ecosystems, we present the first Memecoin Ecosystem Fragility Framework (ME2F). ME2F formalizes memecoin risks in three dimensions: i) Volatility Dynamics Score capturing persistent and extreme price swings together with spillover from base chains; ii) Whale Dominance Score quantifying ownership concentration among top holders; and iii) Sentiment Amplification Score measuring the impact of attention-driven shocks on market stability. We apply ME2F to representative tokens (over 65% market share).

Abstract: The machine learning problem of model extraction was first introduced in 1991 and gained prominence as a cryptanalytic challenge starting with Crypto 2020. For over three decades, research in this field has primarily focused on ReLU-based neural networks. In this talk, I will introduce our work published at ASIACRYPT 2025. In this work, we take the first step towards the cryptanalytic extraction of PReLU neural networks, which employ more complex nonlinear activation functions than their ReLU counterparts.

Abstract: Blockchains rely on Byzantine fault-tolerant (BFT) protocols. In the asynchronous setting, Multi-Valued Validated Byzantine Agreement (MVBA) is a core building block, and numerous works have sought to improve its performance. However, existing communication-optimal designs depend on classical public-key machinery that is vulnerable to quantum adversaries and incurs substantial computational overhead. This talk presents new MVBA constructions that use only collision-resistant hash functions in a black-box manner, achieving communication optimality matching classical protocols while delivering strong practical speedups across a wide range of scenarios. The result is post-quantum-secure by design, computation-light, and readily deployable in modern asynchronous BFT stacks.

Abstract: Machine learning models are increasingly shared and outsourced, raising requirements of verifying training effort (Proof-of-Learning, PoL) to ensure claimed performance and establishing ownership (Proof-of-Ownership, PoO) for transactions. When models are trained by untrusted parties, PoL and PoO must be enforced together to enable protection, attribution, and compensation. However, existing studies typically address them separately, which not only weakens protection against forgery and privacy breaches but also leads to high verification overhead.

We propose PoLO, a unified framework that simultaneously achieves PoL and PoO using chained watermarks. PoLO splits the training process into fine-grained training shards and embeds a dedicated watermark in each shard. Each watermark is generated using the hash of the preceding shard, certifying the training process of the preceding shard. The chained structure makes it computationally difficult to forge any individual part of the whole training process. The complete set of watermarks serves as the PoL, while the final watermark provides the PoO. PoLO offers more efficient and privacy-preserving verification compared to the vanilla PoL solutions that rely on gradient-based trajectory tracing and inadvertently expose training data during verification, while maintaining the same level of ownership assurance of watermark-based PoO schemes.