When we make a transaction, any transaction, we trust that the other party will hold up its end of the bargain. This is easy at the farmer’s market, when we directly exchange money and goods with a vendor. Business conducted over the internet, with strangers often in distant locales, carries more risk and requires more trust.
As more and more of the business of our lives is conducted online and with the rise of sophisticated cybercrime, new technologies are desperately needed to maintain the public’s trust in online systems. Ari Juels, Computer Science, Jacobs Institute at Cornell Tech, is working to create and troubleshoot trustworthy technologies. “Security is all about creating and managing trust relationships,” Juels says.
Juels came to Cornell Tech in 2014 after serving as the chief scientist of RSA Security (now a division of Dell). Among many accolades, he was named a distinguished engineer at what is now DellEMC, a TR 100 top innovator by the MIT Technology Review Magazine, and an industry leader by Computerworld, in addition to securing over 100 patents. He acknowledges some irony when he describes the reason he left industry—in academia he thought he could have more impact.
“It’s really hard to transfer technology out of industry labs,” he explains. “The set of customers that an industry research lab has is small and usually confined to a particular product group in the company. At Cornell Tech, the entire world is our customer in a sense. We’re developing ideas for use by anyone who wants to adopt them.”
A particular focus of Juels’ group is optimizing blockchains, the design that underlies the cryptocurrency network, bitcoin. While currently used mostly in cryptocurrency applications, blockchains will eventually improve and secure the way business is done online, from the financial industry to supply chains to airline travel and more. Cornell Tech’s Initiative for CryptoCurrencies and Contracts (IC3), which Juels co-directs, is leading the way. “IC3 is the biggest academic research initiative devoted to blockchains in the world at this point, which means Cornell is playing a prominent role in this space.”
The concept behind blockchains is relatively simple. Juels describes them as databases, or ledgers, that can be seen and used by everyone in a community and which have further appealing security properties. For instance, things written into the ledger need to follow predetermined rules, and once written to the blockchain, the data cannot be erased. “These seem like pretty rudimentary properties, but actually achieving them is quite difficult in an open community,” Juels says.
In the bitcoin system, transactions are recorded on public ledgers, with full transparency and permanence, and are authorized using digital signatures. Third parties can’t interfere with the transaction—enabling transactions that occur directly between one user and another, without the oversight or interference of a middleman or agency.
“Blockchains have, at least within this cryptocurrency realm, enabled the creation of trust relationships between parties that don’t know one another and don’t have preexisting relationships,” Juels says. “These technologies have what many refer to as revolutionary social and technological potential.”
The blockchain underlying bitcoin, however, is not the type that might appeal to industry. Part of Juels’ goal is to design blockchains which are more secure and more sophisticated in their functionalities. “We’re looking to figure out how blockchain technology can meet the goals of traditional industry,” he says.
“Blockchains have, at least within this cryptocurrency realm, enabled the creation of trust relationships between parties that don’t know one another and don’t have preexisting relationships.”
Streamlining fragmentary record keeping systems and securing those systems are high on the list of functionalities that industry needs. “If transactions can be securely maintained, it becomes easier to audit and reconcile transactions among different parties,” Juels says. “Today, fragmentation carries a high cost, and reconciliation is a time-consuming process.”
In one project, Juels and his group have developed Solidus, a blockchain system that enables strongly confidential transactions among banks, with every transaction being recorded on the blockchain. “So you can have your cake and eat it, too,” Juels says. “You’ve got a completely auditable record on the blockchain, but you can’t tell who’s transacting with whom or the amounts.”
One of the tools that can greatly enhance the sophistication of blockchains is smart contracts, programs that run on blockchains to automatically ensure certain contractual requirements are fulfilled.
“Smart contracts offer a much richer set of functionalities, and as programs, they can intermediate relationships and dealings between business partners in sophisticated ways,” Juels says. “They are basically a form of business logic, of automation. They can turn manual processes into automated ones in a way that’s quite promising. Of course there are a lot of potential catches, but this idea of basically automating back office operations could have a huge impact.”
Smart contracts are already being used as financial instruments, most notably in the unregulated market of initial coin offerings (ICOs), whereby a technology startup offers investors tokens in exchange for an investment, often in cryptocurrency. On a couple of occasions, this hasn’t ended well. Hackers have exploited bugs in the smart contracts and stolen tens of millions of dollars. “Normally if a program has a bug, it’s unlikely to be exploited, and it’s often hard to monetize,” Juels says. “If a smart contract that’s holding a lot of money has a bug, the opportunities for monetization are very attractive.”
In a project called Hydra, Juels is working to make smart contracts more trustworthy. Hydra composes multiple versions of a smart contract, so even if one version is broken, the contract remains intact. Juels’ group has also incorporated bug bounties, rewards for breaking the smart contract. “So we actually encourage people to find bugs so we can ensure that these bugs don’t result in a compromise of the system,” Juels explains.
Town Crier, a Cornell Technology
A complementary technology Juels’ group has developed, Town Crier, aids in getting information securely to blockchains and smart contracts. “To do anything interesting, smart contracts need to get data about what’s going on in the real world,” Juels says. “As the most basic financial instrument—say one that pays out if a stock rises to a particular price—the contract needs to know the price of the stock. But getting trustworthy data to blockchains turns out to be tricky.”
Juels and his team have found a way using new trusted hardware from Intel. Town Crier is already safely transferring data to a public blockchain, Ethereum, as a community service. “It’s also a technology we’re in the process of licensing,” Juels says.
Entrepreneurial ambition is a big part of what lured Juels to Cornell Tech. “IC3 looks in general to ensure that its technologies are impactful, and one way of doing that is through entrepreneurship,” Juels says. “Our aim is to commercialize a number of the technologies we’re working on. I’m particularly interested in doing work with short- to medium-term real-world impact, and that’s what the ethos of this place is all about.”