ECE 398 SC: Smart Contracts and Blockchain Security, Spring 2018 (2nd half)

Instructor Andrew Miller soc1024@illinois.edu
Location ECEB 3081
Lecture Times
Tuesday and Thursday, 12:30pm - 1:50pm
Office CSL 461
Office Hours
Thursdays 2:30pm-3:30pm
Piazza [piazza]
Course registration is totally full!
This is a HALF-SEMESTER course, the second half of Spring 2018.
It is worth 2 credits.

Smart Contracts and Blockchains are an important emerging programming model, where a secure publicly-shared database (“the blockchain”) is used as the cornerstone for distributed systems involving parties that do not trust each other. Smart contracts are deployed today on cryptocurrencies like Bitcoin and Ethereum, where real money is already put at stake (e.g., a billion dollar ecosystem of smart-contract based crowdfunding has recently emerged). Smart contracts are also central to the emerging industry trends (from companies like IBM, Microsoft, and many others) on using blockchains in various industry sectors, such as finance and supply chains.

Security is a foremost concern when designing smart contract applications, since they are targets for adversarial behavior. Poorly designed and implemented smart contracts have already been exploited for tens of millions of dollars. Smart contracts therefore provide a timely viewpoint for learning fundamental concepts in computer security, such as adversarial thinking and defensive programming. Furthermore, smart contracts provide a natural platform for using cryptographic techniques, such as digital signatures and hash functions.

By the end of this course, students will be able to use cryptographic tools (digital signatures, hash functions, authenticated data structures) to design secure smart contract applications. They will be able to apply adversarial thinking to blockchain and smart contract applications in order to find and prevent vulnerabilities. They will have completed several smart contract programming assignments, and completed a final project involving the design and implementation of an Auction application on top of the Ethereum smart contract platform.

Topics:

Intended audience: This course is designed to appeal to undergraduates with a computer engineering / computer science background.

Prerequisites: This course involves several programming assignments in the Solidity smart contract programming language. No prior experience with Solidity is expected. However, introductory programming course or prior experience with programming (with any of: Python, Java, Javascript, C/C++, or others) is a prerequisite.

The information in this syllabus is subject to change.

Texts, resources

Textbooks are not required, required readings will be accessible online. Here are some useful links:

Calendar

All due dates are 11:59pm central time.
Week 1: Introduction
Tuesday, March 13 Course introduction, syllabus.
What exactly is a blockchain anyway?
Introduction to Cryptocurrency
- [slides]
- optional reading: Preface "The Long Road to Bitcoin" by Jeremy Clark (pages 3-21 of [textbook])
Thursday, March 15 Hands on with Ethereum [slides]
[handout] following the demo in class
Browse the testnet:

Homework (due Thursday March 15, 11:59pm):
- Install [metamask]:

- Introduce yourself in Piazza (and post your testnet address)
- get Ether from testnet [faucet]
- send (any amount of) testnet ether to the following address:
0x1B326Ad348e19ecFd1406C43D3bF7a95547AC55c

Optional: - create a smart contract on Ethereum testnet, similar to the demo in class [handout]
- Solidity IDE: remix.ethereum.org
Spring Break! (March 17 - 25)
Bored over Spring break? Consider the following activities:
Complete the [CryptoZombies] tutorials
Week 2: Solidity and Smart Contract Programming
Tuesday, March 27 Solidity programming basics
Name registration application
Lecture notes [slides]
**programming assignment hw2 released on Piazza, due Tuesday Apr 3, 11:59pm**
Solidity documentation: [docs]
Ethereum Whitepaper (applications): [whitepaper]
Thursday, March 29 Hash functions, lotteries and flipping coins Lecture notes: [slides] **no quiz**
Reading: (Ch 1.1 Cryptographic Hash Functions)
Week 3: Security
Tuesday, April 3 ERC20 Tokens and ICOs homework is due tonight!
Lecture notes: [slides]
Thursday, April 5 Thinking like an attacker
A brief history of Ethereum disasters
Lecture notes [slides]
quiz released: solidity challenges
reading:
- Call for Moratorium of the dao
- Analysis of the DAO hack
Week 4:
Tuesday, April 10 Ethereum Disasters cont'd
**quiz due tonight, see [piazza] **
Thursday, April 12 Merkle trees and authenticated data structures Lecture notes: [slides]
**Homework 3 on Merkle trees released** [piazza] (due 11:59pm Thursday, April 19)
Week 5:
Tuesday, April 17 Off-chain payment channels Lecture notes: [slides]
Reading:
- 1.3 Digital Signatures
- Sparky: A Lightning Network in Two Pages of Solidity
Thursday, April 19 Oracles and data feeds **hw3 Merkle trees due tonight** (11:59pm)
Lecture Notes: [slides]
Payment Channel code used for demo: [tinyduplex.sol]
Week 6:
Tuesday, April 25 Auctions and game theory Lecture Notes: [slides]
[Auction template]
release Auction House programming project
Thursday, April 26 on-chain marketplaces, prediction markets Reading: Decision Markets for Policy Advice by Robin Hanson
Week 7:
Tuesday, May 1 Zero Knowledge Proofs and Privacy Lecture Notes: [slides]
Thursday, May 3 READING DAY NO CLASS
Finals Week: May 7+
Tuesday, May 8 Takehome/online final exam Final (takehome) exam due 11:59pm
Auction house programming project due 11:59pm

Grading

Programming Project (Solidity Auction House) (40% of grade)

This course will center around a programming project, which involves building several variations of secure auction applications using smart contracts written in Solidity.

Quizzes and short programming assignments (30% of grade)

Final Exam (20% of grade)

The final exam is intended to assess your understanding of the conceptual material presented in class and to check that you completed the programming project and programming quizzes.

Attendance / Participation (10% of grade)

Occasionally throughout the course you'll need to respond to some challenge related to the MPs (i.e., generate a key pair and post your public key in Piazza). Points for these tasks will be folded in to the MP.

Academic Integrity

https://www.ece.illinois.edu/academics/grad/overview/general-info.asp "The faculty of the Department of Electrical and Computer Engineering expects all students to maintain academic integrity at all times in the classroom and the research laboratory and to conduct their academic work in accordance with the highest ethical standards of the engineering profession. Students are expected to maintain academic integrity by refraining from academic dishonesty, and by refraining from conduct which aids others in academic dishonesty or which leads to suspicion of academic dishonesty. Violations of academic integrity will result in disciplinary actions ranging from failing grades on assignments and courses to probation, suspension or dismissal from the University."

Ethics statement

This course is partially about computer security. As such, we will discuss several attack techniques and scenarios from the point of view of an attacker. Is it unethical for you to use such techniques to compromise the security of others. This course is also partially about virtual currency. This is a rapidly evolving area where laws, regulations, and policies apply. The assignments in this course only require you to use test networks, not real money. It is your responsibility not to run afoul of laws, regulations, or ethical standards. If in doubt please contact me (the instructor). Some guidelines:
The above information is subject to change. Refresh frequently!