Loi Luu
National University of Singapore
Network
Latest external collaboration on country level. Dive into details by clicking on the dots.
Publication
Featured researches published by Loi Luu.
computer and communications security | 2016
Loi Luu; Duc-Hiep Chu; Hrishi Olickel; Prateek Saxena; Aquinas Hobor
Cryptocurrencies record transactions in a decentralized data structure called a blockchain. Two of the most popular cryptocurrencies, Bitcoin and Ethereum, support the feature to encode rules or scripts for processing transactions. This feature has evolved to give practical shape to the ideas of smart contracts, or full-fledged programs that are run on blockchains. Recently, Ethereums smart contract system has seen steady adoption, supporting tens of thousands of contracts, holding millions dollars worth of virtual coins. In this paper, we investigate the security of running smart contracts based on Ethereum in an open distributed network like those of cryptocurrencies. We introduce several new security problems in which an adversary can manipulate smart contract execution to gain profit. These bugs suggest subtle gaps in the understanding of the distributed semantics of the underlying platform. As a refinement, we propose ways to enhance the operational semantics of Ethereum to make contracts less vulnerable. For developers writing contracts for the existing Ethereum system, we build a symbolic execution tool called Oyente to find potential security bugs. Among 19, 336 existing Ethereum contracts, Oyente flags 8, 833 of them as vulnerable, including the TheDAO bug which led to a 60 million US dollar loss in June 2016. We also discuss the severity of other attacks for several case studies which have source code available and confirm the attacks (which target only our accounts) in the main Ethereum network.
programming language design and implementation | 2014
Loi Luu; Shweta Shinde; Prateek Saxena; Brian Demsky
Model counting is the problem of determining the number of solutions that satisfy a given set of constraints. Model counting has numerous applications in the quantitative analyses of program execution time, information flow, combinatorial circuit designs as well as probabilistic reasoning. We present a new approach to model counting for structured data types, specifically strings in this work. The key ingredient is a new technique that leverages generating functions as a basic primitive for combinatorial counting. Our tool SMC which embodies this approach can model count for constraints specified in an expressive string language efficiently and precisely, thereby outperforming previous finite-size analysis tools. SMC is expressive enough to model constraints arising in real-world JavaScript applications and UNIX C utilities. We demonstrate the practical feasibility of performing quantitative analyses arising in security applications, such as determining the comparative strengths of password strength meters and determining the information leakage via side channels.
financial cryptography | 2017
Yaron Velner; Jason Teutsch; Loi Luu
Despite their incentive structure flaws, mining pools account for more than 95% of Bitcoin’s computation power. This paper introduces an attack against mining pools in which a malicious party pays pool members to withhold their solutions from their pool operator. We show that an adversary with a tiny amount of computing power and capital can execute this attack. Smart contracts enforce the malicious party’s payments, and therefore miners need neither trust the attacker’s intentions nor his ability to pay. Assuming pool members are rational, an adversary with a single mining ASIC can, in theory, destroy all big mining pools without losing any money (and even make some profit).
computer and communications security | 2016
Loi Luu; Viswesh Narayanan; Chaodong Zheng; Kunal Baweja; Seth Gilbert; Prateek Saxena
computer and communications security | 2015
Loi Luu; Jason Teutsch; Raghav Kulkarni; Prateek Saxena
ieee computer security foundations symposium | 2015
Loi Luu; Ratul Saha; Inian Parameshwaran; Prateek Saxena; Aquinas Hobor
IACR Cryptology ePrint Archive | 2015
Loi Luu; Viswesh Narayanan; Kunal Baweja; Chaodong Zheng; Seth Gilbert; Prateek Saxena
IACR Cryptology ePrint Archive | 2015
Loi Luu; Ratul Saha; Inian Parameshwaran; Prateek Saxena; Aquinas Hobor
IACR Cryptology ePrint Archive | 2017
Loi Luu; Yaron Velner; Jason Teutsch; Prateek Saxena
usenix security symposium | 2017
Loi Luu; Yaron Velner; Jason Teutsch; Prateek Saxena