Emin Gün Sirer
In April, an experimental crowdfunding project started accepting online investments. This system, called the DAO (for Decentralized Autonomous Organization), was like a cross between Kickstarter and a venture capital fund, but with a twist: interested parties had to convert their money into a new type of digital currency before they could invest. Participants could then vote “yes” or “no” on submitted proposals, deciding as a group what to invest in. When a project got enough “yes” votes, computer code would automatically disperse the funds.
Elaine Shi
By the end of May, the DAO had amassed the equivalent of $150 million. But a few weeks later, an anonymous hacker identified a flaw in the voting system and siphoned off more than a third of the funds. “You can think of this as a bank robbery of sorts,” says Emin Gün Sirer, an associate professor of computer science at Cornell, “except one much bigger than any before it.”
Bigger—but not entirely unexpected. Sirer had foreseen the potential for such a breach, and before the fundraising period ended he used his blog to sound the alarm that the code controlling the DAO’s money flow had serious issues.
Ari Juels
But the DAO’s leaders didn’t heed Sirer’s warning, and the subsequent hack sent shockwaves through the industry. Weeks after the breach, when they unveiled a plan to freeze the diverted funds by making changes to the code, Sirer warned that it could open them up to much bigger attacks. This time, they listened. “Everyone stopped in their tracks and decided not to employ the fix,” Sirer says. Instead, they followed his recommendation and employed a different way to neutralize the hacker, and managed to retrieve all of the money—the equivalent of $53 million—in late July.
Sirer’s work on the DAO—studying a new type of financial technology and advising the industry on how it can be implemented and improved—epitomizes the work that he and his colleagues do at the Initiative for Cryptocurrencies and Contracts (IC3). Founded in January, it’s led by Sirer and two other co-directors—Elaine Shi, an associate professor of computer science on the Hill, and Ari Juels, a professor at Cornell Tech—and includes collaborators at the University of California, Berkeley, and two other institutions. They comprise what Sirer calls a “dream team” of about fifty people who are looking for ways to make next-generation financial technology systems more secure, scalable, confidential, and safe, while also developing new technology-based financial products with industry partners.
Among the most high-profile of these technologies are peer-to-peer digital currencies (or “cryptocurrencies”) like bitcoin, which was released to the public in 2009 and is still in use today. Unlike the government-issued currency that most people use every day—either in paper or electronic form—bitcoin and a newer cryptocurrency, known as “ether,” aren’t controlled by any nation or centralized entity. They still fluctuate in value when compared against other currencies and can be transferred very easily online. Although many people are excited about the promise of cryptocurrencies, there are still a number of challenges related to their security and scale, which Shi is trying to address. (In August, the need for improved security was underscored in dramatic fashion when almost 120,000 bitcoins, worth the equivalent of $65 million, was hacked from one of the world’s largest bitcoin-specific money exchanges.) In terms of speed, bitcoin can currently only handle seven transactions per second, a performance that Shi calls “really, really terrible.” But if it could handle IC3’s goal of 100,000 transactions per second, it would be able to support global commerce, Shi says. Her team’s efforts are being funded by a three-year, $3 million National Science Foundation grant, awarded in summer 2015.
So-called “smart contracts,” another area of IC3’s focus, are also expected to have a huge impact on how financial agreements are executed, the co-directors say. To understand how they work, Juels offers an example. Let’s say someone pays extra for flight insurance when he books an international trip. If the flight gets cancelled, he should receive a payout—but that process isn’t anywhere near instantaneous. In fact, that traveler probably has to make numerous calls and deal with various people at the insurance company before he’s reimbursed. If in the course of this process the insurer goes bankrupt, the claim is never paid and the customer loses out. But if the transaction were handled by a smart contract, computers would control the decision making and payouts. The system would be linked to a trustworthy data source that would note when a flight was cancelled and automatically compensate travelers who’d purchased insurance. Sirer, for one, believes that smart contracts are a transformative technology on par with e-mail. “On occasion as a technologist,” he says, “you see something and think that it will be a game changer.”
But as promising as smart contracts may be, systems that function the way computer scientists and companies want them to are still very much a work in progress, Juels says, citing the DAO hack as an example of what can go wrong. “That case illustrates the hazards of these things,” Juels says. “It’s still early days.” IC3 researchers are working to ensure that the code that drives smart contracts can deliver the appropriate outcome, and that data is trustworthy and secure. They rigorously test these systems by modeling real-world scenarios, working with industry partners at firms like IBM and Intel.
IC3 also closely follows developments at the intersection of computer science and financial technology. They review the code behind cryptocurrencies like bitcoin and ether and smart contracts like the one used in the DAO; look for areas where there are flaws or discrepancies; write papers on what they see; and advise industry leaders on how they can improve the performance, safety, and security of their products.
For Juels, who left a chief scientist position at a computer and network security company in 2014 to join Cornell Tech, working on this diverse roster of research projects and collaborations has been a win-win proposition. He notes that it was always difficult to share an advance made in an industry lab with the wider public, because his goal was to improve his employer’s technology, not that of the industry at large. At IC3, by contrast, he can collaborate with as many companies as he likes. “Paradoxically,” he says, “I can have a more meaningful impact on the financial technology industry from academia.”