4th Edition of the TUM Blockchain&Cybersecurity Salon
Aims
- Exploring core technologies for security, scalability, and privacy in blockchain and cybersecurity systems
- Discussing applications and solutions with requirements met by these core technologies, and to which extent these technologies provide value
- Exchange on methods for assessment of distributed systems, with focus on P2P layer, smart-contract security, and cryptographic innovations
- Extend to intersection of cybersecurity solutions and distributed systems
- Bridge academia, industry, and students and introduce recent topics from various layers of the blockchain stack and cybersecurity
- Introduce current technologies to startups, SMEs, and enterprises to bring research into practice
Topical Scope
- Individual layers of Blockchain Protocols spanning hardware, peer-to-peer network, consensus, execution layers, applications, and ecosystems
- Innovative scalability and privacy technologies, such as zero knowledge proofs or trusted execution environments
- Cybersecurity solutions for AI, access management, identity solutions, …
- Design, verification, and implementation of smart contracts logic
- Methods and tools for performance assessment
- Overview of possible optimization solutions and their applicability to blockchain solutions
- Applications and use-cases of distributed and decentralized systems and their open challenges
- Supply chain security
Organisation by the Technical University of Munich, KTH Royal Institute of Technology, and Instituto Superior Técnico - University of Lisbon
- Chair: Georg Carle
- Organizing committee chairs: Veronika Bauer, Stefan Genchev, Martin Monperrus, Filip Rezabek, Nina Schwanke, and Christof Ferreira Torres
Venue
- 2nd and 3rd June 2026
- TUM-IAS Institute of Advance Studies
Program
Day 1 - Tuesday 02.06.2026
Get Together - 09:00-09:30 CEST
Session 1 - 09:30-11:00 CEST
Topic: Blockchain Stack Attacks & Verification
Chair: Georg Carle (TUM)
- Georg Carle (TUM): Welcome and Introduction
- Christof Ferreira Torres (INESC-ID & Instituto Superior Técnico, University of Lisbon): From Predator to Prey: Illuminating Ethereum’s Dark Forest of MEV Bot Exploits
Abstract
Amid the rapid expansion of decentralized exchanges, lending protocols, yield farming, and the tokenization of real-world assets, Maximal Extractable Value (MEV) has quietly developed into a highly profitable domain. What began as a niche phenomenon has matured into a complex ecosystem with multiple intermediaries, each capturing a portion of the value extracted. To date, estimates indicate that more than one billion USD has been generated, largely through the strategic reordering of blockchain transactions.
While some MEV practices, such as sandwich attacks, are widely viewed as harmful to users, others, including arbitrage and liquidations, can contribute positively to market efficiency. However, the significant financial incentives have also drawn in a new wave of malicious actors, extending beyond the traditionally studied forms of harmful MEV. These adversaries are typically indifferent to distinctions between “benign” and “harmful” MEV; instead, they opportunistically exploit any vulnerable MEV bot when profit is possible. As a result, MEV bots themselves have increasingly become targets of sophisticated exploitation.
In this work, we introduce the first comprehensive taxonomy of attacks against MEV bots and propose a static analysis–driven methodology to identify both direct and indirect attack vectors. Our approach combines Datalog-based analysis with execution simulation, achieving scalability while reducing false positives. Applying this framework, we examine 11,887 MEV bot contracts and identify bytecode-level vulnerabilities susceptible to direct exploitation. In addition, we analyze 463,830 tokens listed on Uniswap, revealing that a notable fraction are deliberately engineered with malicious logic to indirectly target MEV bots. Overall, our findings expose the adversarial nature of the MEV landscape and emphasize the fragile security assumptions underlying many existing MEV extraction strategies.
- Daniel Kales (TACEO): Merces: Private Token Transfers via MPC and CoSNARKs
Abstract
In this talk we present two methods of shielding ERC20 tokens to gain privacy using MPC and Collaborative SNARKs. The first one, dubbed Merces1, focuses on confidential tokens, where balances and transfer amounts remain private while sender and receiver addresses are allowed to leak. The second one, Merces2, takes this approach a step further and additionally hides sender and receiver addresses to achieve a fully private token contract. In both proposals, MPC is responsible for privacy, whereas the ZK proof ensures integrity, even if the MPC servers would collude. In other words, funds can never be misused by the MPC network. Regarding performance: with Merces1 we currently achieve 300 TPS (including proof generation), whereas Merces2 currently achieves around 4 TPS, showing practical feasibility. Both protocols are currently deployed as demos on Base, Arc and Plasma testnet.
- Claudio Di Ciccio (Utrecht University): Leveraging Trusted Execution Environments for Secure and Confidential Process Monitoring
Abstract
Process monitoring techniques enable organisations to gain insights into their business processes by analysing execution records (event logs) stored by information systems. While most efforts in the field focus on intra-organisational scenarios, many real-world business processes span multiple independent organisations (e.g., in a supply chain). Monitoring such collaborative business processes requires integrating event data from various information systems into a unified knowledge base. The transmission of process records across organisational boundaries poses significant challenges to data secrecy and security. Data analysis can reveal information that participating organisations may not consent to disclose to one another or to a third-party hosting process mining services. Consequently, organisations may be reluctant to outsource sensitive data.
This talk will present recent advancements in secrecy-preserving inter-organisational process monitoring, with online and offline settings. The presented techniques leverage Trusted Execution Environments (TEEs). TEEs are hardware-protected contexts that guarantee code integrity and data confidentiality before, during, and after their use. Owing to these characteristics, TEEs constitute computing vaults to which information can be securely transferred beyond an organisation’s borders. Computing nodes other than the information provisioners can thus aggregate and elaborate the original, unaltered process data in a secure, externally inaccessible context. The talk will describe architectures and protocols to that end, alongside experiments assessing the performance and scalability of those solutions.
Session 2 - 11:30-13:00 CEST
Topic: Blockchain Scalability, Consensus & Interoperability
Chair: Filip Rezabek (TUM)
- Roger Wattenhofer (Anza & ETH Zurich): Reconstructing the Solana Blockchain
Abstract
Solana is an established high-performance blockchain, but 2026 promises to be a pivotal year for Solana. The Alpenglow consensus update revises core aspects of block production and finality, with implications for latency, throughput, and fault tolerance. Building on this new protocol design, Solana will then offer multiple concurrent proposers to mitigate transaction censorship and improve liveness under adversarial conditions. This talk examines the technical motivations behind these changes, their expected impact, and the economic trade-offs of evolving Solana’s architecture.
- Zeta Avarikioti (TU Wien & Common Prefix): CoBRA: A Universal Strategyproof Confirmation Protocol for Quorum-based Proof-of-Stake Blockchains
Abstract
The security of many Proof-of-Stake (PoS) payment systems relies on quorum-based State Machine Replication (SMR) protocols. While classical analyses assume purely Byzantine faults, real-world systems must tolerate both arbitrary failures and strategic, profit-driven validators. We therefore study quorum-based SMR under a hybrid model with honest, Byzantine, and rational participants.
We first establish the fundamental limitations of traditional consensus mechanisms, proving two impossibility results: (1) in partially synchronous networks, no quorum-based protocol can achieve SMR when rational and Byzantine validators collectively exceed 1/3 of the participants; and (2) even under synchronous network assumptions, SMR remains unattainable if this coalition comprises more than 2/3 of the validator set.
Assuming a synchrony bound Δ, we show how to extend any quorum-based SMR protocol to tolerate up to 1/3 Byzantine and 1/3 rational validators by modifying only its finalization rule. Our approach enforces a necessary bound on the total transaction volume finalized within any time window Δ and introduces the \emph{strongest chain rule}, which enables efficient finalization of transactions when a supermajority of honest participants provably supports execution. Empirical analysis of Ethereum and Cosmos demonstrates validator participation exceeding the required 5/6 threshold in over 99 of blocks, supporting the practicality of our design.
Finally, we present a recovery mechanism that restores safety and liveness after consistency violations, even with up to 5/9 Byzantine stake and 1/9 rational stake, guaranteeing full reimbursement of provable client losses.
- Yvonne-Anne Pignolet (StableClear): The Trust Spectrum: Architectures for Non-Custodial Multi-Chain Swaps
Abstract
When we trade assets across different blockchains, it’s crucial to consider who we trust with our money during the process? In this talk, we explore the “Trust Spectrum” of settlement architectures. We’ll look at how to build a neutral Financial Market Infrastructure. I will share the architectural journey of StableClear, comparing three different ways to handle cross-chain settlement. Moreover, we will discuss the design principles required to ensure users keep control of their assets at all times, making the infrastructure “non-custodial” as well as the technical trade-offs required to build a safer, more transparent foundation for the future of finance.
Lunch Break - 13:00-14:15 CEST
Session 3 - 14:15-14:55 CEST
Panel Discussions
Moderator: Eomji Park (Encode Club)
- Panelists
- Topics
- Connecting Academia and Industry
- Bridging Theory and Protocol Design
- Academia vs industry, or both?
Session 4 - 15:00-16:00 CEST
Poster Madness
Chair: Veronika Bauer (TUM)
Presentation of posters.
Coffee Break
Session 5 - 16:30-18:00 CEST
Topic: Cybersecurity Automation and Supply Chain Security
Chair: Christof Ferreira Torres (INESC-ID & Instituto Superior Técnico, University of Lisbon)
- Martin Monperrus (KTH Royal Institute of Technology): Software Supply Security of Web3
Abstract
Web3 applications, built on blockchain technology, manage billions of dollars in digital assets through decentralized applications (dApps) and smart contracts. These systems rely on complex, software supply chains that introduce significant security vulnerabilities. This paper examines the software supply chain security challenges unique to the Web3 ecosystem, where traditional Web2 software supply chain problems intersect with the immutable and high-stakes nature of blockchain technology. We analyze the threat landscape and propose mitigation strategies to strengthen the security posture of Web3 systems.
- Yannis Smaragdakis (Dedaub & University of Athens): Static Analysis for Smart Contract Decompilation and Verification
Abstract
He will give a quick overview of the techniques that underpin the Dedaub decompiler for EVM smart contracts as well as the security analyzer that has led to many vulnerability discoveries (e.g., 11 large bug bounties of over $3M total). The backdrop of both technologies is context-sensitive static analysis, a model that allows tunable precision of program reasoning. The talk will illustrate the actual algorithms, which vary significantly per application domain.
- Kaihua Qin (University of Warwick): Using AI to Understand Smart Contracts and Blockchain Hacks
Abstract
Smart contracts now secure hundreds of billions of dollars, yet most deployed contracts are closed-source and difficult to inspect. Meanwhile, blockchain attacks continue to happen at a rapid pace, with incident analysis often taking hours of manual work.
This talk presents two recent systems using large language models to automate blockchain understanding. The first system focuses on decompilation: recovering human-readable Solidity code from Ethereum bytecode. The second focuses on incident response: automatically reconstructing DeFi exploits, identifying root causes, and generating executable attack reproductions from on-chain evidence.
- Miguel Pardal (IST, University of Lisbon): FoodSteps: Trustworthy Food Traceability with Permissioned Blockchain
Abstract
This talk presents FoodSteps, a blockchain-based solution for recording and sharing supply chain events to enable trustworthy food traceability. FoodSteps is based on Hyperledger Fabric and explores how a permissioned blockchain can support integrity, auditability, and controlled data sharing within a consortium.
The Fundão Cherries case illustrates how enterprise systems and sensor data can be captured and verified from farm to fork. The talk concludes with lessons learned and directions for future work on blockchain service providers and sovereign data tools.
Session 6 - 18:00-18:45 CEST
Panel Discussions
Moderator: Filip Rezabek (TUM)
- Panelists
- Topics
- Turning Research into Ventures
- Collaborative Research Models
- Aligning Incentives
Day 2 - Wednesday 03.06.2026
Get Together - 09:00-09:30 CEST
Session 7 - 09:30-11:15 CEST
Topic: MEV, DeFi & Mechanism Design
Chair: Christof Ferreira Torres (INESC-ID & Instituto Superior Técnico, University of Lisbon)
- Georg Carle (TUM): Welcome and Introduction
- Lioba Heimbach (Category Labs): Blockspace Under Pressure: An Analysis of Spam MEV on High-Throughput Blockchains
Abstract
On high-throughput, low-fee blockchains, a qualitatively new form of maximal extractable value (MEV) has emerged: searchers submit large volumes of speculative transactions, whose profitability is resolved only at execution time. We refer to this as spam MEV. On major rollups, it can at times consume more than half of block gas, even though only a small fraction of probes ultimately results in a trade. Despite growing awareness of this phenomenon, there is no principled framework for understanding how blockchain design parameters shape its prevalence and impact.
We develop such a framework, modeling spam transactions competing for on-chain opportunities under a competitive equilibrium that drives their profits to zero, and deriving equilibrium spam volumes as a function of block capacity, minimum gas price, and the transaction fee mechanism. Empirical evidence from Base and Arbitrum supports the model: spam grew sharply as block capacity was scaled up and fell when minimum gas prices were introduced. Our analysis yields three main insights. First, spam is always costly: when block capacity is scarce, it displaces users and drives up gas prices; as block capacity grows, it increasingly consumes execution resources, raising network externality, i.e., the cost of provisioning and processing blocks. We show that spam takes an increasing share of each additional unit of block capacity, so capping it before all users are included creates a favorable trade-off: forgoing a small amount of user welfare eliminates disproportionate spam and externality. Second, we extend the analysis to priority fee ordering and show that ordering transactions by gas price helps reduce spam, as spammers must pay more to reach early block positions. Third, as user demand grows and blockspace is scaled accordingly, spam’s share of block capacity plateaus rather than growing indefinitely.
- Burak Öz (Technical University of Munich & Flashbots): The Price of Decentralization in Block Building
Abstract
We study the decentralized block-building process as a coverage game, with information sources acting as resources from which builders collect transactions to include in their proposed blocks. A builder’s location relative to an information source determines the probability that a transaction emitted by that source is received before the block deadline. At each block construction round, builders simultaneously choose where to locate. We show that the lack of coordination among builders leads to over-concentration at the same regions, causing redundant transaction coverage and welfare losses relative to the optimal placement chosen by a social planner.
- Akaki Mamageishvili (Offchain Labs): TimeBoost: Do Ahead-of-Time Auctions Work?
Abstract
We study the performance of the TimeBoost auction, by comparing cumulative fixed time markout of fast lane trades over the TimeBoost interval to bids for the fast lane. Such comparison allows to assess how well bids predict future extracted value from the time advantage. The correlation between winning bids and markouts is weak across bidders, suggesting that bids are a noisy predictor of extracted value. The correlation slightly improves when comparing paid bids (the second highest bid) instead of winning bids to markouts, which we attribute to the fact that the auction is more of a common value type. In all settings, the relative order of the most frequent bidder performance remains the same, together with their absolute profits. Bids and markouts aggregated over long time intervals exhibit much higher correlation, indicating that bidders detect trends much better than identify when the high arbitrage value is exactly available. One possible explanation for this is the fact that the correlation between previous minute markouts and current minute bids is significant, suggesting that the previous minute markouts is used to predict the next minute value when bidding.
- Christoph Schlegel (Flashbots): Competing Auctions in Intermediated Markets
Abstract
We analyze competing auctions in intermediated markets, where a seller selects among parallel mechanisms for the sale of a single good - most prominently the relay-and-protocol architecture of proposer-builder separation in Ethereum.
When the intermediary can enforce single-homing on its bidders, sealed-bid second-price intermediary auctions fully unravel into the sealed first-price principal auction; open bidding-format intermediaries unravel only partially, collapsing into first-price in equilibrium under symmetric latency and sorting fast bidders to the intermediary under asymmetric latency. Any last-look advantage is removed through the availability of a credible sealed bidding channel. These results extend to multi-plexing environments (no enforcement by the intermediary).
While the unraveling result indicates that the availability of a sealed first-price bidding channel pushes the overall market to the same auction structure, the very assumption of the credibility of such channel is problematic, as the seller may have an incentive to leak information: a first-price auction is leakage-resistant in the presence of a single ``fast" bidder but not against two or more. However, if the seller can credibly commit to not leak bids, it is optimal for them to do so.
A main motivation is the forthcoming Glamsterdam update of Ethereum: our analysis suggests that the availability of an in-protocol (first price) bidding channel severely limits the design space for out-of-protocol auctions by relays and other intermediaries.
Session 8 - 11:30-13:00 CEST
Topic: Privacy, Cryptography & Quantum Threats
Chair: Georg Carle (TUM)
- Jonathan Passerat-Palmbach (Flashbots & Imperial College): Encrypted Mempools from the MEV Perspective Abstract
Encrypted mempools promise to hide transaction content until ordering is final, countering MEV and censorship on Ethereum and its layer twos. This talk systematises threshold-encrypted mempools, from Shutter and Ferveo to the latest research, and shows how the field converged on four properties: batched decryption, silent setup, epochless encryption, and collision-free encoding. We then argue that every current proposal shares a limitation: blind ordering and binary decryption suppress benign MEV and the incentives that sustain decentralisation, which motivates a programmable-privacy direction.
- Filip Rezabek (TUM): Proof of Cloud - Data Center Execution Assurance for Confidential VMs Abstract
Confidential Virtual Machines (CVMs) protect data in use by running workloads within hardware-enforced Trusted Execution Environments (TEEs). However, existing CVM attestation mechanisms only certify what code is running, not where it is running. Commercial TEEs mitigate passive physical attacks through memory encryption but explicitly exclude active hardware tampering (memory interposers, physical side channels, …). Yet current attestations provide no cryptographic evidence that a CVM executes on hardware residing within a trusted data center where such attacks would not take place. This gap enables proxy attacks in which valid attestations are combined across machines to falsely attest trusted execution. To bridge this gap, we introduce Data Center Execution Assurance (DCEA), a design that generates a cryptographic Proof of Cloud by binding CVM attestation to platformlevel Trusted Platform Module (TPM) evidence. DCEA combines two independent roots of trust. First, the TEE manufacturer, and second, the infrastructure provider, by cross-linking runtime TEE measurements with the vTPM-measured boot CVM state. This binding ensures that CVM execution, vTPM quotes, and platform provenance all originate from the same physical chassis.
We formalize the environment’s provenance and show that DCEA prevents advanced relay attacks, including a novel mix-and-match proxy attack. Using the AGATE framework in the Universal Composability model, we prove that DCEA emulates an ideal location-aware TEE even under a malicious host software stack. We implement DCEA on Google Cloud bare-metal Intel TDX instances using Intel TXT and evaluate its performance, demonstrating practical overheads and deployability. DCEA refines the CVM threat model and enables verifiable execution-location guarantees for privacy-sensitive workloads.
- Mahdi Sedaghat (Soundness Labs & KU Leuven): Post-Quantum Readiness in Blockchain Abstract
Most blockchains use elliptic curve signatures (ECDSA, EdDSA) in execuation layer, which break under a strong quantum adversary. Exposed public keys today could enable future signature forgeries. This talk presents a practical way to make wallets post-quantum secure without moving assets or hard forks. We start from our FC’26 result: a proof-of-seed construction where the seed phrase, protected by a hash, acts as a quantum-safe anchor. A zero-knowledge proof links this seed to the on-chain account via a smart contract, no new keys, no migration. We then extend this idea to ECDSA chains (e.g., Bitcoin, Ethereum) using BIP39/BIP32, outlining a concrete wallet-level upgrade path and practical deployment patterns across smart contracts, client-side proving, and custody setups.
Lunch Break - 13:00-14:00 CEST
Session 9 - 14:00-14:40 CEST
Panel Discussions
Moderator: Eomji Park (Encode Club)
- Panelists
- Topics
- From TUM to industry
- Relevant topics for work
Session 10 - 14:45-16:00 CEST
Topic: Building Trust and Security Services
Chair: Martin Monperrus (KTH Royal Institute of Technology)
- Markus Rudy (Edgeless Systems): Remote Attestation of Distributed Services Abstract
Confidential computing is available on most modern hardware and CVMs can be ordered at most larger cloud providers. The big issue adopters are facing today is how to use these hardware primitives to establish trust in a remote system, especially when they are distributed. This talk is going to present Contrast, a Kubernetes runtime that schedules pods as confidential micro-VMs, and how it can help simplify reference value calculation and transitive verification of workloads, even for third parties and end users.
- Felix Hoops (TUM & Haven): Blockchain as Invisible Infrastructure for Digital Supply Chains Abstract
We present design insights from building a decentralized data marketplace for automotive simulation data, where competing organizations must exchange data assets without creating dependencies on each other or a central operator. We explore why organizational Self-Sovereign Identity architectures drift towards centralization and how blockchain can be the key to resilient, decentralized digital supply chains. Our work designs for organizations ranging from SMEs to global OEMs and delivers three design insights. First, every multi-layered organizational structure reduces to a three-layer identity model: trust anchor, organization, individual. Second, blockchain is the key to create long-lived identifiers with censorship-resistance. It preserves sovereignty while providing auditability. Third, in industrial contexts, the blockchain layer must be abstracted away from the user to gain organizational acceptance and reduce user friction.
- Veronika Bauer (TUM): Confidential Computing for zk-SNARKs - Offloading Proof Generation to TEEs Abstract
zk-SNARKs allow the creation of zero-knowledge proofs that can be verified in sub-linear time, making their verification very efficient. This fast verification comes at the price of a computationally expensive proof generation process. The high resource demand often limits users with constrained computational capabilities from generating proofs locally. A possible solution is to delegate zk-SNARK proof generation to a cloud environment. This approach comes with the need to trust the cloud provider, as the witness, potentially containing sensitive information, must be uploaded to the cloud to generate a proof. To mitigate this, Trusted Execution Environments (TEEs) have been proposed to safeguard sensitive computations by ensuring confidentiality and integrity within the execution environment. To assess the practicability of this solution, we conducted a comprehensive evaluation of SHA-256 proof generation across two TEE platforms - Intel TDX and AMD SEV-SNP. Although proof generation offloading comes with a runtime overhead, we demonstrate the feasibility of the approach.
Wrap-up of the Blockchain&Cybersecurity Salon
Poster Sessions
- Antoine Breton: Secure Execution of WebAssembly Workloads Using TEE
- Eber Christer: Empirical Analysis of Validator Performance in Solana
- José Afonso Teixeira: Post-Quantum Cryptography in Intra-Vehicle Networks
- Jonas Gebele: Semantic Non-Fungibility and Violations of the Law of One Price in Prediction Markets
- Till Koebele: Assessment of I/O in Blockchain Systems
- Yudhistira Wibowo: Assessment of Succinct proofs for TEE Attestations
- Filip Rezabek: Cybersecurity Polygon Program
- Damian Mayr: TUM Blockchain Club
- Sofia Bobadilla: PoCo: Agentic Proof-of-Concept Exploit Generation for Smart Contracts
- Dr. Muhammad El-Hindi: TEEs for Databases
- João Durão: Fast&Securious: Permissioned Blockchain Application Performance Optimization
- Emanuel Nunes: Multi-Party Confidential Data Sharing for Hyperledger Fabric
- Noah Lokocz: Design of a Post-Quantum Secure Cloud-Based eID Infastructure
Speakers overview
Christof Ferreira Torres
Assistant Professor
INESC-ID & Instituto Superior Técnico, University of Lisbon
Daniel Kales
TACEO
Panelists
Organizing committee
Christof Ferreira Torres
Assistant Professor
INESC-ID & Instituto Superior Técnico, University of Lisbon
Registration
- The number of spots for on-site participations are limited.
- Registration form for audience: Google form
- Speakers use seperate form provided by the organizational team.
Venue - Institute of Advanced Studies, Garching Campus of TUM
Address: Lichtenbergstraße 2a, 85748 Garching bei München, Germany
- 2&3 June - Faculty club, fourth floor
Transport
- Subway U6 - Garching Forschungszentrum
- Possible to arrive with a car - free parking on
- For other inqueries contact the Organizing committee chairs
Knowledge Partner
