Position within the page tree

Start
Institute
Team
Graf, Mike

Mike Graf

Dipl.-Math.

Ph.D. Student
Institute of Information Security

Contact

+49 711 685 60736
Email

Universitaetsstrasse 38
70569 Stuttgart
Germany
Room: 2.418

Publications

2023
1. Mike Graf, Ralf Küsters, and Daniel Rausch, “AUC: Accountable Universal Composability,” in IEEE Symposium on Security and Privacy, S&P 2023, San Francisco, USA, May 22-25, 2023, 2023. (to appear).
  - Abstract
  - BibTeX
  Abstract
  Accountability is a well-established and widely used security concept that allows for obtaining undeniable cryptographic proof of misbehavior, thereby incentivizing honest behavior. There already exist several general purpose accountability frameworks for formal game-based security analyses. Unfortunately, such game-based frameworks do not support modular security analyses, which is an important tool to handle the complexity of modern protocols. Universal composability (UC) models provide native support for modular analyses, including re-use and composition of security results. So far, accountability has mainly been modeled and analyzed in UC models for the special case of MPC protocols, with a general purpose accountability framework for UC still missing. That is, a framework that among others supports arbitrary protocols, a wide range of accountability properties, handling and mixing of accountable and non-accountable security properties, and modular analysis of accountable protocols. To close this gap, we propose AUC, the first general purpose accountability framework for UC models, which supports all of the above, based on several new concepts. We exemplify AUC in three case studies not covered by existing works. In particular, AUC unifies existing UC accountability approaches within a single framework.
  BibTeX
  @inproceedings{GrafKuestersRausch-SP-2023, abstract = {Accountability is a well-established and widely used security concept that allows for obtaining undeniable cryptographic proof of misbehavior, thereby incentivizing honest behavior. There already exist several general purpose accountability frameworks for formal game-based security analyses. Unfortunately, such game-based frameworks do not support modular security analyses, which is an important tool to handle the complexity of modern protocols. Universal composability (UC) models provide native support for modular analyses, including re-use and composition of security results. So far, accountability has mainly been modeled and analyzed in UC models for the special case of MPC protocols, with a general purpose accountability framework for UC still missing. That is, a framework that among others supports arbitrary protocols, a wide range of accountability properties, handling and mixing of accountable and non-accountable security properties, and modular analysis of accountable protocols. To close this gap, we propose AUC, the first general purpose accountability framework for UC models, which supports all of the above, based on several new concepts. We exemplify AUC in three case studies not covered by existing works. In particular, AUC unifies existing UC accountability approaches within a single framework.}, author = {Graf, Mike and K{\"u}sters, Ralf and Rausch, Daniel}, booktitle = {{IEEE} Symposium on Security and Privacy, S{\&}P 2023, San Francisco, USA, May 22-25, 2023}, note = {(to appear)}, publisher = {{IEEE}}, title = {{AUC: Accountable Universal Composability}}, year = 2023 }
2022
1. Mike Graf, Ralf Küsters, and Daniel Rausch, “AUC: Accountable Universal Composability,” Cryptology ePrint Archive, Technical Report 2022/1606, 2022.
  Abstract
  Accountability is a well-established and widely used security concept that allows for obtaining undeniable cryptographic proof of misbehavior, thereby incentivizing honest behavior. There already exist several general purpose accountability frameworks for formal game-based security analyses. Unfortunately, such game-based frameworks do not support modular security analyses, which is an important tool to handle the complexity of modern protocols. Universal composability (UC) models provide native support for modular analyses, including re-use and composition of security results. So far, accountability has mainly been modeled and analyzed in UC models for the special case of MPC protocols, with a general purpose accountability framework for UC still missing. That is, a framework that among others supports arbitrary protocols, a wide range of accountability properties, handling and mixing of accountable and non-accountable security properties, and modular analysis of accountable protocols. To close this gap, we propose AUC, the first general purpose accountability framework for UC models, which supports all of the above, based on several new concepts. We exemplify AUC in three case studies not covered by existing works. In particular, AUC unifies existing UC accountability approaches within a single framework.
  BibTeX
  @techreport{GrafKuestersRausch-IACR-2022, abstract = {Accountability is a well-established and widely used security concept that allows for obtaining undeniable cryptographic proof of misbehavior, thereby incentivizing honest behavior. There already exist several general purpose accountability frameworks for formal game-based security analyses. Unfortunately, such game-based frameworks do not support modular security analyses, which is an important tool to handle the complexity of modern protocols. Universal composability (UC) models provide native support for modular analyses, including re-use and composition of security results. So far, accountability has mainly been modeled and analyzed in UC models for the special case of MPC protocols, with a general purpose accountability framework for UC still missing. That is, a framework that among others supports arbitrary protocols, a wide range of accountability properties, handling and mixing of accountable and non-accountable security properties, and modular analysis of accountable protocols. To close this gap, we propose AUC, the first general purpose accountability framework for UC models, which supports all of the above, based on several new concepts. We exemplify AUC in three case studies not covered by existing works. In particular, AUC unifies existing UC accountability approaches within a single framework.}, author = {Graf, Mike and K{\"u}sters, Ralf and Rausch, Daniel}, institution = {Cryptology ePrint Archive}, number = {2022/1606}, title = {{AUC: Accountable Universal Composability}}, url = {https://publ.sec.uni-stuttgart.de/grafkuestersrausch-iacr-2022.pdf}, year = 2022 }
  Link
  https://publ.sec.uni-stuttgart.de/grafkuestersrausch-iacr-2022.pdf
2021
1. Mike Graf, Daniel Rausch, Viktoria Ronge, Christoph Egger, Ralf Küsters, and Dominique Schröder, “A Security Framework for Distributed Ledgers,” CCS ’21: ACM Conference on Computer and Communications Security, November 14--19, 2021, Seoul, South Korea, 2021.
  Abstract
  In the past few years blockchains have been a major focus for security research, resulting in significant progress in the design, formalization, and analysis of blockchain protocols. However, the more general class of distributed ledgers, which includes not just blockchains but also prominent non-blockchain protocols, such as Corda and OmniLedger, cannot be covered by the state-of-the-art in the security literature yet. These distributed ledgers often break with traditional blockchain paradigms, such as block structures to store data, system-wide consensus, or global consistency. In this paper, we close this gap by proposing the first framework for defining and analyzing the security of general distributed ledgers, with an ideal distributed ledger functionality at the core of our contribution. This functionality covers not only classical blockchains but also non-blockchain distributed ledgers in a unified way. To illustrate our ledger functionality, we first show that the prominent ideal blockchain functionalities from Badertscher et al. and its privacy preserving derivative from Kerber et al. realize (suitable instantiations of) our functionality, which precisely captures their security properties. This immediately implies that their respective implementations, including Bitcoin, Ouroboros Genesis, and Ouroboros Crypsinous, realize our ideal ledger functionality as well. Secondly, we demonstrate that our ideal ledger functionality is capable of precisely modeling also non-blockchain distributed ledgers by performing the first formal security analysis of such a distributed ledger, namely the prominent Corda protocol. Due to the wide spread use of Corda in the industry, in particular the financial sector, this analysis is of independent interest. These results also illustrate that our ideal ledger functionality not just generalizes the modular treatment of blockchains to distributed ledgers, but moreover helps to unify existing results.
  BibTeX
  @article{GrafRauschRongeEggerKuestersSchroeder-CCS-2021, abstract = {In the past few years blockchains have been a major focus for security research, resulting in significant progress in the design, formalization, and analysis of blockchain protocols. However, the more general class of distributed ledgers, which includes not just blockchains but also prominent non-blockchain protocols, such as Corda and OmniLedger, cannot be covered by the state-of-the-art in the security literature yet. These distributed ledgers often break with traditional blockchain paradigms, such as block structures to store data, system-wide consensus, or global consistency. In this paper, we close this gap by proposing the first framework for defining and analyzing the security of general distributed ledgers, with an ideal distributed ledger functionality at the core of our contribution. This functionality covers not only classical blockchains but also non-blockchain distributed ledgers in a unified way. To illustrate our ledger functionality, we first show that the prominent ideal blockchain functionalities from Badertscher et al. and its privacy preserving derivative from Kerber et al. realize (suitable instantiations of) our functionality, which precisely captures their security properties. This immediately implies that their respective implementations, including Bitcoin, Ouroboros Genesis, and Ouroboros Crypsinous, realize our ideal ledger functionality as well. Secondly, we demonstrate that our ideal ledger functionality is capable of precisely modeling also non-blockchain distributed ledgers by performing the first formal security analysis of such a distributed ledger, namely the prominent Corda protocol. Due to the wide spread use of Corda in the industry, in particular the financial sector, this analysis is of independent interest. These results also illustrate that our ideal ledger functionality not just generalizes the modular treatment of blockchains to distributed ledgers, but moreover helps to unify existing results.}, author = {Graf, Mike and Rausch, Daniel and Ronge, Viktoria and Egger, Christoph and K{\"u}sters, Ralf and Schr{\"o}der, Dominique}, booktitle = {{CCS '21: ACM Conference on Computer and Communications Security, November 14--19, 2021, Seoul, South Korea}}, publisher = {{ACM}}, title = {{A Security Framework for Distributed Ledgers}}, url = {https://publ.sec.uni-stuttgart.de/grafrauschrongeeggerkuestersschroeder-ccs-2021.pdf}, year = 2021 }
  Link
  https://publ.sec.uni-stuttgart.de/grafrauschrongeeggerkuestersschroeder-ccs-2021.pdf
2. Mike Graf, Daniel Rausch, Viktoria Ronge, Christoph Egger, Ralf Küsters, and Dominique Schröder, “A Security Framework for Distributed Ledgers,” Cryptology ePrint Archive, Technical Report 2021/145, 2021.
  Abstract
  In the past few years blockchains have been a major focus for security research, resulting in significant progress in the design, formalization, and analysis of blockchain protocols. However, the more general class of distributed ledgers, which includes not just blockchains but also prominent non-blockchain protocols, such as Corda and OmniLedger, cannot be covered by the state-of-the-art in the security literature yet. These distributed ledgers often break with traditional blockchain paradigms, such as block structures to store data, system-wide consensus, or global consistency. In this paper, we close this gap by proposing the first framework for defining and analyzing the security of general distributed ledgers, with an ideal distributed ledger functionality at the core of our contribution. This functionality covers not only classical blockchains but also non-blockchain distributed ledgers in a unified way. To illustrate our ledger functionality, we first show that the prominent ideal blockchain functionalities from Badertscher et al. and its privacy preserving derivative from Kerber et al. realize (suitable instantiations of) our functionality, which precisely captures their security properties. This immediately implies that their respective implementations, including Bitcoin, Ouroboros Genesis, and Ouroboros Crypsinous, realize our ideal ledger functionality as well. Secondly, we demonstrate that our ideal ledger functionality is capable of precisely modeling also non-blockchain distributed ledgers by performing the first formal security analysis of such a distributed ledger, namely the prominent Corda protocol. Due to the wide spread use of Corda in the industry, in particular the financial sector, this analysis is of independent interest. These results also illustrate that our ideal ledger functionality not just generalizes the modular treatment of blockchains to distributed ledgers, but moreover helps to unify existing results.
  BibTeX
  @techreport{GrafRauschRongeEggerKuestersSchroeder-IACR-2021, abstract = {In the past few years blockchains have been a major focus for security research, resulting in significant progress in the design, formalization, and analysis of blockchain protocols. However, the more general class of distributed ledgers, which includes not just blockchains but also prominent non-blockchain protocols, such as Corda and OmniLedger, cannot be covered by the state-of-the-art in the security literature yet. These distributed ledgers often break with traditional blockchain paradigms, such as block structures to store data, system-wide consensus, or global consistency. In this paper, we close this gap by proposing the first framework for defining and analyzing the security of general distributed ledgers, with an ideal distributed ledger functionality at the core of our contribution. This functionality covers not only classical blockchains but also non-blockchain distributed ledgers in a unified way. To illustrate our ledger functionality, we first show that the prominent ideal blockchain functionalities from Badertscher et al. and its privacy preserving derivative from Kerber et al. realize (suitable instantiations of) our functionality, which precisely captures their security properties. This immediately implies that their respective implementations, including Bitcoin, Ouroboros Genesis, and Ouroboros Crypsinous, realize our ideal ledger functionality as well. Secondly, we demonstrate that our ideal ledger functionality is capable of precisely modeling also non-blockchain distributed ledgers by performing the first formal security analysis of such a distributed ledger, namely the prominent Corda protocol. Due to the wide spread use of Corda in the industry, in particular the financial sector, this analysis is of independent interest. These results also illustrate that our ideal ledger functionality not just generalizes the modular treatment of blockchains to distributed ledgers, but moreover helps to unify existing results.}, author = {Graf, Mike and Rausch, Daniel and Ronge, Viktoria and Egger, Christoph and K{\"u}sters, Ralf and Schr{\"o}der, Dominique}, institution = {Cryptology ePrint Archive}, number = {2021/145}, title = {{A Security Framework for Distributed Ledgers}}, url = {https://publ.sec.uni-stuttgart.de/grafrauschrongeeggerkuestersschroeder-iacr-2021.pdf}, year = 2021 }
  Link
  https://publ.sec.uni-stuttgart.de/grafrauschrongeeggerkuestersschroeder-iacr-2021.pdf
2020
1. Mike Graf, Ralf Küsters, and Daniel Rausch, “Accountability in a Permissioned Blockchain: Formal Analysis of Hyperledger Fabric,” in IEEE European Symposium on Security and Privacy, EuroS&P 2020, Genoa, Italy, September 7-11, 2020, 2020, pp. 236--255.
  Abstract
  While accountability is a well-known concept in distributed systems and cryptography, in the literature on blockchains (and, more generally, distributed ledgers) the formal treatment of accountability has been a blind spot: there does not exist a formalization let alone a formal proof of accountability for any blockchain yet. Therefore, in this work we put forward and propose a formal treatment of accountability in this domain. Our goal is to formally state and prove that if in a run of a blockchain a central security property, such as consistency, is not satisfied, then misbehaving parties can be identified and held accountable. Accountability is particularly useful for permissioned blockchains where all parties know each other, and hence, accountability incentivizes all parties to behave honestly. We exemplify our approach for one of the most prominent permissioned blockchains: Hyperledger Fabric in its most common instantiation.
  BibTeX
  @inproceedings{GrafKuestersRausch-EuroSP-2020, abstract = {While accountability is a well-known concept in distributed systems and cryptography, in the literature on blockchains (and, more generally, distributed ledgers) the formal treatment of accountability has been a blind spot: there does not exist a formalization let alone a formal proof of accountability for any blockchain yet. Therefore, in this work we put forward and propose a formal treatment of accountability in this domain. Our goal is to formally state and prove that if in a run of a blockchain a central security property, such as consistency, is not satisfied, then misbehaving parties can be identified and held accountable. Accountability is particularly useful for permissioned blockchains where all parties know each other, and hence, accountability incentivizes all parties to behave honestly. We exemplify our approach for one of the most prominent permissioned blockchains: Hyperledger Fabric in its most common instantiation.}, author = {Graf, Mike and K{\"u}sters, Ralf and Rausch, Daniel}, booktitle = {{IEEE} European Symposium on Security and Privacy, EuroS{\&}P 2020, Genoa, Italy, September 7-11, 2020}, pages = {236--255}, publisher = {{IEEE}}, title = {{Accountability in a Permissioned Blockchain: Formal Analysis of Hyperledger Fabric}}, url = {https://publ.sec.uni-stuttgart.de/grafkuestersrausch-eurosp-2020.pdf}, year = 2020 }
  Link
  https://publ.sec.uni-stuttgart.de/grafkuestersrausch-eurosp-2020.pdf
2. Mike Graf, Ralf Küsters, and Daniel Rausch, “Accountability in a Permissioned Blockchain: Formal Analysis of Hyperledger Fabric,” Cryptology ePrint Archive, Technical Report 2020/386, 2020.
  Abstract
  While accountability is a well-known concept in distributed systems and cryptography, in the literature on blockchains (and, more generally, distributed ledgers) the formal treatment of accountability has been a blind spot: there does not exist a formalization let alone a formal proof of accountability for any blockchain yet. Therefore, in this work we put forward and propose a formal treatment of accountability in this domain. Our goal is to formally state and prove that if in a run of a blockchain a central security property, such as consistency, is not satisfied, then misbehaving parties can be identified and held accountable. Accountability is particularly useful for permissioned blockchains where all parties know each other, and hence, accountability incentivizes all parties to behave honestly. We exemplify our approach for one of the most prominent permissioned blockchains: Hyperledger Fabric in its most common instantiation.
  BibTeX
  @techreport{GrafKuestersRausch-IACR-2020, abstract = {While accountability is a well-known concept in distributed systems and cryptography, in the literature on blockchains (and, more generally, distributed ledgers) the formal treatment of accountability has been a blind spot: there does not exist a formalization let alone a formal proof of accountability for any blockchain yet. Therefore, in this work we put forward and propose a formal treatment of accountability in this domain. Our goal is to formally state and prove that if in a run of a blockchain a central security property, such as consistency, is not satisfied, then misbehaving parties can be identified and held accountable. Accountability is particularly useful for permissioned blockchains where all parties know each other, and hence, accountability incentivizes all parties to behave honestly. We exemplify our approach for one of the most prominent permissioned blockchains: Hyperledger Fabric in its most common instantiation.}, author = {Graf, Mike and K{\"{u}}sters, Ralf and Rausch, Daniel}, institution = {Cryptology ePrint Archive}, number = {2020/386}, title = {{Accountability in a Permissioned Blockchain: Formal Analysis of Hyperledger Fabric}}, url = {https://publ.sec.uni-stuttgart.de/grafkuestersrausch-iacr-2020.pdf}, year = 2020 }
  Link
  https://publ.sec.uni-stuttgart.de/grafkuestersrausch-iacr-2020.pdf

Are you a student and want to write a thesis / carry out a project at the SEC?

Please see our notes on theses and projects!

Mike Graf

Contact

Publications

2023

Abstract

BibTeX

2022

Abstract

BibTeX

Link

2021

Abstract

BibTeX

Link

Abstract

BibTeX

Link

2020

Abstract

BibTeX

Link

Abstract

BibTeX

Link

Are you a student and want to write a thesis / carry out a project at the SEC?

Audience

Formalities

Services

Organization

Mike Graf

Contact

Publications

2023

Abstract

BibTeX

2022

Abstract

BibTeX

Link

2021

Abstract

BibTeX

Link

Abstract

BibTeX

Link

2020

Abstract

BibTeX

Link

Abstract

BibTeX

Link

Are you a student and want to write a thesis / carry out a project at the SEC?

Here you can reach us

Audience

Formalities

Services

Organization