Blockchains & System Security @ FIT

Information

The Blockchain and System Security Research Group (BlockSec@FIT) is dedicated toadvancing the frontiers of blockchain technology and systemsecurity. The members of BlockSec@FIT focus on designing,analyzing, and optimizing secure decentralized systems to addresscritical challenges in scalability, privacy, and resilienceagainst adversarial threats. The group is led by Assoc. Prof. IvanHomoliak, while the team leverages FIT's strong academicfoundation to drive research with global impact.

BlockSec@FIT has a mission to develop robust, scalable, and secure decentralized solutions.

Research Areas

Key research areas include:

Scalability and Security in Blockchain Consensus Protocols: Investigating Directed Acyclic Graph (DAG)-based consensus protocols (e.g., PHANTOM, GHOSTDAG, SPECTRE, Inclusive, Prism) to enhance parallel transaction processing and scalability. The group has pioneered the identification of incentive-driven attacks that undermine random transaction selection, proposing novel protection mechanisms to ensure fair and efficient blockchain operation, as demonstrated in large-scale simulations and game-theoretic analyses. Other work includes empirical security analyses of Secret Single Leader Election (SSLE) mechanisms in Ethereum's Proof-of-Stake (PoS), such as Whisk and homomorphic sortition, under denial-of-service (DoS) on the leader and censorship attacks. This research evaluates their effectiveness against targeted and coordinated adversarial strategies, highlighting trade-offs in protection, scalability, and practicality for large validator sets.
Novel Consensus Mechanisms: Exploring innovative protocols beyond traditional Proof-of-Work (PoW) and Proof-of-Stake (PoS), such as Proof-of-Useful-Work (PoUW), which redirects computational efforts toward solving real-world problems (e.g., scientific computations) to minimize energy waste while maintaining security. The group is also advancing PoUW integrated with zk-SNARK proofs for mining, where the "useful work" involves generating verifiable zero-knowledge proofs for privacy-preserving applications. Additionally, research on Proof-of-Social-Capital (PoSC) leverages social interactions, trust, and influence as non-transferable staking resources to promote fairness, decentralization, and privacy in consensus, replacing traditional stake with social capital metrics in privacy-preserving designs.
Blockchain-Based Authentication: Developing secure authentication schemes, such as SmartOTPS - the first one-time password (OTP) scheme for smart contract wallets - ensuring robust user access control in decentralized environments. The group has also introduced SNARKlet, a novel approach to mobile wallet synchronization that eliminates reliance on trusted servers while minimizing storage and bandwidth overhead.
Central Bank Digital Currency (CBDC): Exploring secure architectures for CBDC, focusing on scalability, privacy, and resistance to adversarial attacks.
Decentralized Identity and Privacy: Designing privacy-preserving decentralized identity systems and trust/reputation models to secure user interactions in blockchain ecosystems.
System Security for Decentralized Applications: Addressing vulnerabilities in blockchain infrastructure, including cryptocurrency wallet security, fee-redistribution smart contracts to mitigate undercutting attacks, and adversarial resilience in distributed systems.