3rd Edition of the TUM Blockchain&Cybersecurity Salon

Aims

Exploring core technologies for security, scalability, and privacy in blockchain and cybersecurity systems
Discussing applications and solutions with requirements met by these core technologies, and to which extent these technologies provide value
Exchange on methods for assessment of distributed systems, with focus on P2P layer, smart-contract security, and cryptographic innovations
Extend to intersection of cybersecurity solutions and distributed systems
Bridge academia, industry, and students and introduce recent topics from various layers of the blockchain stack and cybersecurity
Introduce current technologies to startups, SMEs, and enterprises to bring research into practice

Topical Scope

Individual layers of Blockchain Protocols spanning hardware, peer-to-peer network, consensus, execution layers, applications, and ecosystems
Innovative scalability and privacy technologies, such as zero knowledge proofs or trusted execution environments
Cybersecurity solutions for AI, access management, identity solutions, …
Design, verification, and implementation of smart contracts logic
Methods and tools for performance assessment
Overview of possible optimization solutions and their applicability to blockchain solutions
Applications and use-cases of distributed and decentralized systems and their open challenges

Organisation by the Technical University of Munich

Chair: Georg Carle
Organizing committee chairs: Kilian Glas, Filip Rezabek, and Nina Schwanke

Venue

27 and 28 May 2025
TUM-IAS Institute of Advance Studies

Program

Day 1 - 27. May 2025

Session 1

Topic: Privacy and Security in the Blockchain Technologies

Chair: Georg Carle (TUM)

Georg Carle (TUM): Welcome and Introduction
Daniel Hugenroth (University of Cambridge): Sloth: Key Stretching and Deniable Encryption using Secure Elements on Smartphones Abstract Video

Privacy enhancing technologies must not only protect sensitive data in-transit, but also locally at-rest. For many secure communication protocols, we want deniable encryption based on passwords. However, traditional password-based encryption requires users to memorize long passphrases. The Sloth design leverages the Secure Element on both Android and iOS smartphones to enforce strict rate-limits and thus allow to generate shorter passphrases.

Working around the limitations of the user-level APIs which do not expose rate-limiting capability led to the development of new password-hashing schemes that provide strong wall-time guarantees and are available on the majority of smartphones today without any modifications. We presented the Sloth Paper at PETS ‘24 and it is available as an open-source project.
Marti Gorny (NP Labs): Programmable Privacy: Are we Stuck? Abstract Video Slides

Programmable privacy is complex to reason about and build applications with. Private payments have been around for a while, yet a proper zero-knowledge, fully programmable chain (think EVM-equivalent) is a myth. The so-called “zkRollups” today are only verifiable, not private. The fundamental impossibility of a “private” programmable chain is that web3 apps rely on a shared state, which must be public to provide any practical value.

In this talk, I will discuss approaches to programmable privacy with a few example applications.
Jan Gorzny (Zircuit): Adding AIs to Sequencers Abstract Video

Rollups scale Ethereum by relying on sequencers, components which order and include transactions, to build blocks off-chain. This talk explores the transformative potential of integrating artificial intelligence (AI) into blockchain rollup sequencers. We’ll explore the idea of utilizing AI for transaction ordering, increase user security, enhance scalability, and more. Some of these ideas are in use right now, while others are worth exploring.
Daniel Kales (TACEO): coSNARKs - Marrying MPC and ZK Abstract Video Slides

This talk will give an introduction to the topic of coSNARKs - executing zero-knowledge proof systems using multiparty computation protocols. We will go through the basic ideas, performance, existing tooling and current bottlenecks and also take a look at exising and new use-cases that can benefit from coSNARKs.

Session 2

Topic: P2P Decentralization & TEEs

Chair: Filip Rezabek (TUM)

Lucianna Kiffer (IMDEA Networks Institute): Deanonymizing Ethereum Validators: The P2P Network Has a Privacy Issue Abstract Video Slides

Many blockchain networks aim to preserve the anonymity of validators in the peer-to-peer (P2P) network, ensuring that no adversary can link a validator’s identifier to the IP address it is running from, due to associated privacy and security concerns. This talk presents work that demonstrates that the Ethereum P2P network does not offer this anonymity. I will present our methodology that enables any node in the network to identify validators hosted on connected peers and empirically verify the feasibility of the proposed method. Using data collected from four nodes over three days, we locate more than 15% of Ethereum validators in the P2P network. The insights gained from our deanonymization technique provide valuable information on the distribution of validators across peers, their geographic locations, and hosting organizations. The work presented in this talk has been awarded a bug bounty by the Ethereum Foundation.
Moe Mahhouk (Flashbots): TEE-enforced Data Clean Rooms Abstract Video Slides
Ethereum block builders aim to maximize arbitrage opportunities across thousands of decentralized exchanges (DEXs) and limit order books, yet they often lack the specialized expertise and resources to identify these opportunities efficiently. We present Bob, a low-latency Trusted Execution Environment (TEE)-enforced data room designed to address this challenge by enabling secure collaboration between block builders and high-frequency trading (HFT) firms. Named after bottom-of-block arbitrage, Bob allows builders to leverage HFT expertise to enhance arbitrage capture while ensuring robust protection for both parties’ sensitive information.

Bob employs Intel’s Trusted Domain Extensions (TDX) to create a confidential and verifiable VM environment. Within this TDX VM, a rootless Podman container hosts a sandboxed proprietary process from the HFT firm, granting it controlled access to a stream of sensitive data from co-located block builders. This setup delivers near-native performance and requires no code modifications, offering HFT firms a seamless development experience.

A defining feature of Bob is its implementation of mutual privacy:
1. HFT proprietary code privacy: Access to the container is restricted to the HFT firm’s SSH public key, safeguarding their trading algorithms.
2. Builder data privacy: Many restrictions are enforced as root—including namespaced sandboxing, firewall rules, and delayed logging—to prevent the unknown HFT process from accessing or leaking sensitive builder data in undesirable ways. Bob democratizes access to block building on Ethereum, empowering small HFT teams to compete more effectively in arbitrage markets, which ultimately drives better user outcomes.
Beyond blockchains, this TEE-enforced data clean room primitive is versatile, performant, and user-friendly, with potential applications in domains like artificial intelligence and secure multi-party computation that require mutual privacy.
Annika Wilde (Ruhr University Bochum): The Forking Way: When TEEs Meet Consensus Abstract Video Slides

An increasing number of distributed platforms combine Trusted Execution Environments (TEEs) with blockchains. This combination is often described as a promising “marriage”: TEEs enable confidential computing on the blockchain, while the consensus mechanism could help defend TEEs against forking attacks.

In this talk, we present a systemization of 29 blockchain solutions that integrate TEEs, ranging from academic proposals to production-ready platforms. We uncover a lack of consensus within the community on how TEEs and blockchains should be combined. Specifically, we identify four broad approaches to interconnect TEEs with consensus, analyze their limitations, and discuss potential remedies. Our analysis also reveals previously undocumented forking attacks on three production-ready TEE-based blockchains: Ten, Phala, and the Secret Network. We demonstrate how our findings enable effective countermeasures, showcasing a concrete fix for one of the affected systems.

Session 3

Poster Madness

Chair: Kilian Glas (TUM)

Presentation of posters.

Session 4

Topic: Trust Considerations in Decentralized Systems & Scaling Solutions

Chair: Burak Öz (Technical University of Munich & Flashbots)

Christof Ferreira Torres (INESC-ID & Instituto Superior Técnico, University of Lisbon): Do You Trust Your Wallet? An Analysis on the Privacy Aspects of Web3 Wallets Abstract

Web3 promises decentralization and improved privacy. However, many decentralized applications and wallets rely on traditional web technologies that lack strong privacy protections. In this talk, we present a study on the privacy risks associated with Web3. We introduce a framework to assess wallet data exposure and find that over 1,300 websites check for installed wallets, potentially tracking users. Additionally, traffic analysis of 616 dApps and 100 wallets reveals over 2,000 instances of wallet address leaks. Our findings highlight the urgent need for privacy-centric Web3 design.
Kilian Glas (TUM): A Scalable Byzantine-Tolerant Distributed Membership Data Structure for Decentralized Networks Abstract

Peer-discovery or membership protocols play a crucial role in any distributed system; they allow network participants to find other nodes and form the foundation for blockchains, file sharing, or decentralized storage networks. However, protocols deployed in practice mainly rely on heuristics to prevent Byzantine nodes from mounting eclipse attacks on honest nodes, biasing peer sampling for upstream applications towards malicious nodes, or taking over subspaces of the logical identity space. This issue becomes even more pressing when more complex overlay networks, such as the currently developed data availability sampling protocol for Ethereum, are built on top of the peer discovery protocol. To this end, we introduce a distributed membership data structure that guarantees uniform identity assignment, prevents network partitions and eclipse attacks, automatically scales up to very large network sizes, and exposes a lookup-based peer sampling functionality with quantifiable adversarial bias. The latter can be used by applications to build randomized structured overlay networks that inherit security guarantees from the membership protocol.
Chrysa Stathakopoulou (Chainlink Labs): Inside the Offchain Reporting Protocol Abstract

Chainlink’s Offchain Reporting (OCR) protocol is the backbone of Chainlink products, including Data Feeds, Data Streams, CCIP, and more. This talk will explore the core design principles behind OCR and how it enables secure and efficient distributed applications. We’ll dive into the Reporting Plugin API, a powerful abstraction layer that allows developers to build a wide range of use cases on top of one battle-tested consensus protocol.

Session 5

Panel Discussions

Moderator: Eomji Park (Encode Club)

Panelists

Topics
- Turning Research into Ventures
- Balancing Academia and Startups

Session 6

Blockchain Optimization and Interoperability Approaches

Session Chair: Kilian Glas (TUM)

Dionysis Zindros (Common Prefix): Pod: An Optimal-Latency, Censorship-Free, and Accountable Generalized Consensus Layer Abstract Video Slides

In this talk, I will present pod, a new layer-1 aiming at achieving optimal latency matching the physical network conditions (one roundtrip). Pod can replace traditional blockchains for some (but not all) applications, including payments, auctions, and bulletin boards. It achieves optimal latency by relaxing the notion of total order provided by traditional blockchains, and instead provides only a partial order, where transactions have a bounded “wiggle room” to move around. We take inspiration from web2 systems such as databases, replication, and scalability techniques from the classical web, but also achieve byzantine and omission resilience by utilizing techniques and data structures from web3-era techniques such as Merkle Mountain Ranges.
Yann Vonlanthen (ETH Zurich): Mangrove: Fast and Parallelizable State Replication for Blockchains Abstract Video Slides

Mangrove is a novel scaling approach to building blockchains with parallel smart contract support. Unlike in monolithic blockchains, where a single consensus mechanism determines a strict total order over all transactions, Mangrove uses separate consensus instances per smart contract, without a global order.

To allow multiple instances to run in parallel while ensuring that no conflicting transactions are committed, we propose a mechanism called Parallel Optimistic Agreement. Additionally, we leverage a lightweight Byzantine Reliable Broadcast primitive to reduce latency.

Mangrove is optimized for performance under optimistic conditions, where there is no misbehavior and the network is synchronous. Under these conditions, our protocol can achieve the latency of 2 communication steps between creating and executing a transaction.
Andreas Penzkofer (Movement Labs): The Modular Thesis of Movement Abstract Video Slides

Blockchain scalability and security benefit from a modular approach, which separates sequencing, data availability, execution, and settlement, allowing networks to integrate new technologies as they emerge. This talk aims to highlight some of the opportunities that arise when taking a strongly modular - non monolithic approach to chain design.

Movement Network in particular applies this through the Move Stack, enabling configurable Move-based chains. A BlockSTM-based high-throughput execution layer ensures efficient processing, while a dedicated settlement mechanism provides fast confirmation using economic security from a validator network. The latter confirmation layer also underpins interoperability as it enables seamless synchronous cross-chain interactions within a chain-cluster without single points of failure.

Session 7

Panel Discussions

Moderator: Filip Rezabek (TUM)

Panelists

Topics
- Connecting Academia and Industry
- Collaborative Research Models
- Aligning Incentives

Day 2 - Wednesday 28.5.2025

Session 8

Topic: New Trends in Cybersecurity & Blockchain relevant to SMEs and beyond

Session Chair: Georg Carle (TUM)

Georg Carle (TUM): Welcome and Introduction
Ingo Weber (TUM/Fraunhofer), Edoardo Marangone (Sapienza University of Rome): CAKE and MARTSIA: Fine-Grained Data Sharing in Blockchain Applications and Business Processes Abstract Video Slides

Blockchain technology provides support for the automation of multi-party business processes, even in conditions of partial trust among the participants. Although this enhances traceability, integrity, and persistence, it hinders the adoption of public blockchains for process automation since it conflicts with typical confidentiality requirements in enterprise settings. The CAKE and MARTSIA approaches address this limitation by enabling fine-grained, read-access control over shared data at the level of individual message components. In these systems, encrypted data are stored in a distributed environment and linked to the blockchain that governs process execution. Data owners define access policies to regulate which users are authorized to access specific portions of the information. To ensure the desired confidentiality and integrity properties, these solutions leverage Attribute-Based Encryption (and its extensions) for secure data storage. They employ smart contracts to enforce access control, verify data integrity, and maintain linkage with process-level data.
Lars Hupel (Giesecke+Devrient): A Conceptual Model for Point-of-Sale Payment with Retail CBDC Abstract Video

The European Central Bank, like many other central banks, is pushing forward with the introduction of a Central Bank Digital Currency (CBDC). The Digital Euro is designed for retail use cases, which includes peer-to-peer and merchant payments. Many different form factors are supported, with a focus on offline capabilities. While the picture is clear about how users can access and obtain CBDC, the acceptance side is not fully understood yet. At points of sale, CBDC will become one of already many different payment options. This paper analyzes the technical background of CBDC wallets and proposes a conceptual model of how to introduce CBDC payment to consumers.
Stefan Genchev (TUM): The EU Digital Identity Wallet: A Pragmatic Analysis of Ambition vs. Security Realities Abstract

A decade since the EU’s eIDAS regulation aimed to unify digital identification, Europe is implementing a major restructuring of this framework, signaling a significant paradigm shift in the approach to digital identities. This talk assesses these pivotal changes. We’ll cover the original eIDAS network—its intended goals, actual outcomes, and particularly its shortcomings. Subsequently, we will scrutinize the forthcoming EU Digital Identity Wallet. We will explore its recognized potential for significant change but also critically examine the governance, privacy, and security challenges that must be addressed before its successful rollout. This session offers a pragmatic analysis of Europe’s evolving digital identity strategy and its concrete implications for cybersecurity.
Bram van Roelen (Maven 11): Venture Capital investing in the Blockchain Space Abstract Video Slides

This talk examines the critical success factors for blockchain startups from Maven 11’s unique vantage point. We’ll explore the evolving frameworks for evaluating product viability in decentralized ecosystems, how product thinking shapes investment theses, and where we see the most promising opportunities for builders in the current market.

Session 9

Topic: Blockchain Infrastructure & Network Challenges

Session Chair: Sebastian Steinhorst (TUM)

Burak Öz (Technical University of Munich & Flashbots): Pandora’s Box: Cross-Chain Arbitrages in the Realm of Blockchain Interoperability Abstract Video

Over recent years, the blockchain ecosystem has grown significantly with the emergence of new Layer-1 (L1) and Layer-2 (L2) networks. These blockchains typically host Decentralized Exchanges (DEXes) for trading assets such as native currencies and stablecoins. While this diversity enriches the ecosystem, it also fragments liquidity, posing challenges for DEXes offering the same assets across multiple blockchains. This fragmentation leads to price discrepancies, creating opportunities like arbitrages for profit-seeking traders, which fall under the broader category of exploitative economic practices known as Maximal Extractable Value (MEV). Although MEV extraction has been extensively studied within single domains (i.e., individual blockchains), cross-chain arbitrages, a form of cross-domain MEV, have received little attention due to their non-atomic nature, complicating both execution and detection.

In this paper, we shed light on opaque cross-chain MEV activities by presenting the first systematic study of two non-atomic cross-chain arbitrage strategies: Sequence-Independent Arbitrage (SIA) and Sequence-Dependent Arbitrage (SDA). The former involves independent, opposite-direction trades across chains, while the latter relies on asset bridges. We analyze the effectiveness of these strategies across nine blockchains over a one-year period from September 2023 to August 2024, identifying 260,808 cross-chain arbitrages, 32.37% of which involve bridging solutions. These arbitrages generated a lower-bound profit of 9,496,115.28 USD from a total traded volume of 465,797,487.98 USD. Additionally, we examine the security implications of cross-chain arbitrages, uncovering centralization among arbitrageurs, network congestion caused by failed transactions, and growing private mempool adoption. Finally, we discuss sequencer incentives and propose a risk-optimized arbitrage strategy.
Filip Rezabek (TUM): Data Center Execution Assurance - Closing the Gap in TEE Deployment Strategies Abstract Video

Confidential Virtual Machines (CVMs) provide isolation guarantees for data in use, but their threat model does not include physical level protection and side-channel attacks. Therefore, current deployments rely on trusted cloud providers to host the CVMs’ underlying infrastructure. However, the TEE attestation does not provide information about the operator hosting a CVM. Without knowing whether a Trusted Execution Environment (TEE) runs within a provider’s infrastructure, a user cannot accurately assess the risks of physical attacks. We observe a misalignment in the threat model, where the workloads are protected against other tenants but do not offer end-to-end security assurances to external users without reliance on cloud providers. The attestation should be extended to bind CVM with the provider. A possible solution can rely on the Protected Platform Identifier (PPID), a unique CPU identifier. However, the implementation details of various TEE manufacturers, attestation flows, and providers vary. This makes verification of attestations, migration easiness, and building applications without relying on a trusted party challenging, highlighting a key limitation that must be addressed for the adoption of CVMs. We discuss two points focusing on hardening and extensions of TEEs’ attestation.
Narges Dadkhah (Freie Universität Berlin): Tuning Block Size for Workload Optimization in Consortium Blockchain Networks Abstract Video

Determining the optimal block size is crucial for achieving high throughput in blockchain systems. Many studies have focused on tuning various components, such as databases, network bandwidth, and consensus mechanisms. However, the impact of block size on system performance remains a topic of debate, often resulting in divergent views and even leading to new forks in blockchain networks. This research proposes a mathematical model to maximize performance by determining the ideal block size for Hyperledger Fabric, a prominent consortium blockchain. By leveraging machine learning and solving the model with a genetic algorithm, the proposed approach assesses how factors such as block size, transaction size, and network capacity influence the block processing time. The integration of an optimization solver enables precise adjustments to block size configuration before deployment, ensuring improved performance from the outset. This systematic approach aims to balance block processing efficiency, network latency, and system throughput, offering a robust solution to improve blockchain performance across diverse business contexts.
Jan Lauinger (Quantstamp/Zircuit): ZK Rollups supporting EIP-7702 Abstract

EIP-7702 enables a new transaction type for Ethereum transactions. This new set-code transaction delegates smart contract calls to EOAs, which essentially allows smart contract executions at EOAs (storage context of the EOA). EIP-7702 enables new interesting applications such as transaction batching, payment sponsorships, or privilege de-escalation (sign sub-keys with permissions). This talk explains interesting facets of EIP-7702 and how zk-rollups can support it.

Session 10

Panel Discussions

Moderator: Nina Schwanke (TUM)

Panelists

Topics
- TUM Alumni Panel
- From Lecture Hall to Career
- Building Industry-Ready Skills

Session 11

Decentralized Identities, Business Logic, and Governance

Session Chair: Ingo Weber (TUM/Fraunhofer)

Johnnatan Messias (Max Planck Institute for Software Systems (MPI-SWS)): Fairness in Token Allocation: Mitigating Voting Power Concentration in Decentralized Autonomous Organizations Abstract Video Slides

As decentralized finance (DeFi) ecosystems mature, achieving fairness in token allocation is essential to maintaining fair governance. This talk explores two key studies—“Airdrops: Giving Money Away Is Harder Than It Seems” and “Understanding Blockchain Governance: Analyzing Decentralized Voting to Amend DeFi Smart Contracts”—to explore the unintended consequences of token distribution mechanisms like airdrops. Drawing on empirical data from leading DeFi projects, we reveal how these mechanisms can lead to token concentration and unfair voting power, which undermine the democratic ideals of decentralized autonomous organizations (DAOs).

Through case studies of prominent protocols such as Arbitrum, Uniswap, and Compound, we analyze how flaws in token distribution design contribute to the centralization of power. This concentration of tokens accelerates wealth accumulation and consolidates control over governance decisions, reducing diversity and participation in DAOs.

We conclude by offering strategies to improve token distribution models and governance structures, aiming to promote fairness and reduce centralization in these ecosystems.
Fabian Stiehle (TUM): Research at the Intersection of Blockchain and Business Processes: The Case of Decentralised Business Processes Abstract Video

At the core of any organisation lie its processes.

The field of Business Process Management (BPM) integrates concepts from business administration and computer science to analyse and implement processes via information systems. Currently, such processes are often centrally organised. The rise of platform economies has highlighted the risks of such centralisation, including market monopolisation and user dependency on proprietary systems. In this talk, I will outline my current research at the intersection of BPM and Blockchain, where we strive to explore decentralised systems that give rise to decentralised processes. On the way to autonomous, transparent, and trustworthy process execution, many organisational and technical challenges still need to be addressed.
Felix Hoops (TUM): CRSet: Private Non-Interactive Verifiable Credential Revocation Abstract Video

Like any digital certificate, Verifiable Credentials (VCs) require a way to revoke them in case of an error or key compromise. Existing solutions for VC revocation, most prominently Bitstring Status List, are not viable for some use cases because they may leak the issuer’s activity, which in turn leaks internal business metrics. For instance, staff fluctuation through the revocation of employee IDs. We introduce CRSet, a non-interactive mechanism that trades some space efficiency to reach stronger privacy characteristics. It is built upon Bloom filters and uses Ethereum blob-carrying transactions.

Wrap-up of the Blockchain&Cybersecurity Salon

Poster Sessions

Shouvik Ghosh: Assessment of Confidential Computations in MoveVM using TEEs Motivation and Background
Eber Christer: Privacy-Preserving Smart Contracts
Eric Naeser: Development of a Quality-Controlling and Location-Preserving Blockchain-Based Crowdsourcing Platform for Wildlife Conservation
Yudhistira Wibowo: Real-World Performance Evaluation of Hyperledger Indy Under Dynamic Network Scenarios
Veronika Bauer: Evaluation of zk-SNARKs inside TEEs
Lennart Weight, Daniel Schlingensiepen: Secure&Transparent Mobile Document Signing
Nina Schwanke: Cybersecurity Polygon Program
Gopi Mehta: TUM Blockchain Club