On 26 February 2016 the 3rd workshop on Bitcoin and Blockchain Research in association with Financial Cryptography 2016 took place in Barbados. This workshop aims to bring together researchers interested in cryptocurrencies to present their latest work and discuss together the future of Bitcoin. The program chairs were Sarah Meiklejohn from University College London and Jeremy Clark from Concordia University. The themes addressed during the workshop included blockchain architecture, anonymity, and proof of work alternatives. This event was also a great way for researchers with similar interests to network and share their ideas.

The workshop consisted of 2 keynotes and 4 plenary sessions: Bitcoin network analysis, Enhancing Bitcoin, Ethereum, and Blockchain Architecture.

Nathaniel Popper kicked off the day with a keynote presentation. Nathaniel is a journalist from the New York Times and author of the book ‘Digital Gold: The Untold story of Bitcoin’. He went on to speak about the history of Bitcoin covering Silk Road, Mt Gox, as well as the role of governments.

Then the first session, about Bitcoin network analysis, included two talks. The first one, Stressing Out: Bitcoin Stress Testing, by Khaled Baqer et al., was about DoS attack on Bitcoin, and was presented by Ross Anderson due to visa issues. The second one was Why buy when you can rent? Bribery attacks on Bitcoin-style consensus, by Joseph Bonneau on bribery attacks and cloud mining.

The next session, Enhancing Bitcoin, started with a talk by Ethan Heilman, Blindly Signed Contracts: Anonymous On-Blockchain and Off-Blockchain Bitcoin Transactions, on how to enhance Bitcoin anonymity. Then Mathieu Turuani gave a talk on Automated Verification of Electrum wallet, followed by Aggelos Kiayias on Proof of Proof of Work. Today many light-weight clients use SPV verification instead of full verification. Is it possible to have an even lighter verification? They introduce a modification of the Bitcoin blockchain protocol with sublinear complexity in the length of the chain.

For the third session we heard two talks about Ethereum. The first one, co-presented by Kevin Delmolino and Mitchell Arnett, Step by Step Towards Creating a Safe Smart Contract: Lessons and Insights from a Cryptocurrency Lab was a step by step guide to creating a smart contract. Smart contracts are not easy to program; the team exposed the difficulty they encountered when designing such applications. They even released open-source course materials for programming smart contracts. The second talk was by Joseph Bonneau, EthIKS: Using Ethereum to audit a CONIKS key transparency log. Gustav Simonsson from Ethereum then gave a keynote presentation: Ethereum Protocol and Client Implementations Security.

The last session of the day, dedicated to Blockchain Architecture, included a presentation by Andrew Miller on the controversial topic of Scaling Decentralized Blockchains. In this talk Andrew presented measurements he has been doing on Bitcoin’s blockchain as well as his position on scaling Bitcoin: using off-chain functionality. This talk was followed by Malte Möser on Bitcoin Covenants, an extension to Bitcoin’s scripting language. He gave two applications of covenants that improve Bitcoin security: vault, to disincentivize key theft, and poison transactions to improve Bitcoin-NG latency and scalability. Then Iddo Bentov presented his paper on Cryptocurrencies Without Proof of Work where he proposed a proof of stake implementation

To conclude the day, Sean Bowe from Zcash did a live demo of the world first zero-knowledge contingency payment. In his setting Alice wants to pay Bob to solve a Sudoku puzzle. This process relies on an interactive zero-knowledge proof and an atomic swap over the blockchain. It achieves privacy in both the solution and the problem while keeping a small transaction size. The transaction is also completely trustless. Given a question Q, a hash H and an encrypted answer E, the Zero-knowledge proof consists of proving that Bob knows an answer A and key K such that A answers Q, E is the encryption of A given key K and H is SHA256(K). After 20 minutes of suspense the transaction did work and received one confirmation, which was twice the expected time. Gregory Maxwell gave more technical details in his blogpost.