This Yale Technology Could Fix Blockchain’s Security Issues and Make It a Lot More Viable

There are startup ideas that offer incremental improvements to existing industries – and then there are ones that completely reinvent those industries, charting a path that will forever change the way things have been done before. CertiK – a new system for securing blockchain based on decades of Yale research – is a game-changer. It provides for the first time a bug-free, hacker-resistant means for securing transactions on blockchain. Its first target is securing the transactions of digital currencies like bitcoin and ether; but ultimately CertiK could help pave the way for a more blockchain-based world – one where fairness and transparency is the rule.

“A lot of people are excited about blockchain not because of the money they can make, but because they believe in a decentralized community,” says Zhong Shao, Thomas L. Kempner Professor of Computer Science at Yale, who has spent the past 20 years developing certified software that relies on mathematical proofs, and who has, in recent years, developed what many in the programming community thought was impossible – a certified operating system known as CertiKOS. CertiK is Shao’s latest variant on that theme, creating certifiable smart contracts and blockchain systems that rely on mathematical proofs.  

With the rapid rise in cryptocurrency like bitcoin, ethereum and litecoin, there has also been a breathtaking amount of money lost to hackers and glitches – including a $530M heist from Coincheck, a cryptocurrency exchange in Japan in January 2018; a loss of at least $154M in November 2017 from an ethereum client called Parity due to a software bug; and a $50M theft from the DAO or Decentralized Autonomous Organization, which trades in a currency called “ether” in June 2016.

Blockchain transactions are governed by what is called “smart contracts” – computer programs that control the transfer of digital currencies. Smart contracts are open sourced - written piecemeal by programmers around the world. Once submitted, no one can rewrite that code.

“Blockchain is built on trust,” says Ronghui Gu, who came to Yale in 2011 for his PhD specifically to study under Shao and has led the design and development of CertiK. Gu has moved to the Computer Science department at Columbia as a tenure-track Assistant Professor. “But it’s not secure. Implementation can have bugs. It’s easy to make mistakes and hard to fix it.”

Because all submitted code is permanent, the only way to stop a money-draining bug or hack is through “hard forking,” a permanent split from the older version which invalidates all previous software and requires all users to upgrade.

The uncertainty and risk forced the blockchain community down a path likened to a Wild West-like world – where riches can be easily made and lost. But it doesn’t have to be that way, Shao argues. Once you have a formal verification process in which every code submitted is “checked” via a mathematical proof before being accepted, you can build anything on blockchain without fear of the system being hacked.

CertiK is not only a startup advancing a new secure system for ensuring blockchain transactions, but also a foundation that is building out this system by tapping into the programming community. The foundation trains programmers in CertiK’s formal verification technique which involves “breaking down hard-to-solve problems into many small, easy-to-solve mass proofs,” says Gu. “These are then composed together for end-to-end guarantees.” Proofs can be solved by hand, using one’s own algorithms or using CertiK’s established methods. Once these proofs are validated by multiple independent entities, they are confirmed.

Once something has been verified, says Gu, “people can use these certified libraries to build more certified systems. We’re building a certified human knowledge database.”

 “Programmable blockchain could be bigger than the Internet,” Shao says. He imagines a world in which more and more essential services move to a cyber society without the worry of human error—insurance, banking, law and accounting. As a place where business is done, “Maybe the virtual world will play a more important role than the physical world,” he muses.

Once the security issues are solved, there’s no limit to where blockchain can go. “Bitcoin is just one blockchain,” says Judy Yan, Managing Director of Danhua Capital which has invested in CertiK. “There are lots of blockchains, both public and private, and lots of financial institutions and alliances want their own. But they want these security issues to be solved.”

“CertiK is among the first to use a mathematical approach to check the reliability and security in engineered systems and smart contracts,” says Shoucheng Zhang, Founding Chairman of Danhua Capital and JG Jackson and CJ Wood Professor of Physics at Stanford University “That’s one significant breakthrough in science and one giant leap for blockchain technology.”

The Yale Office of Cooperative Research has been working closely with Shao and Gu on finding the right avenue to commercialize their research. “The digital blockchain environment is so vulnerable,” says Richard Andersson, Senior Business Development Associate at OCR. “This Yale technology could fundamentally change that.”

CONTACT: Brita Belli, Communications Officer, Yale Office of Cooperative Research, (203)804-1911, brita.belli@yale.edu.