I am an Assistant Professor (Lecturer) at King's College London and at heart I am an Engineer with a focus on cryptocurrencies, decentralised systems and building cryptographic protocols.
My research and its implementation is funded by the Ethereum Foundation
, Ethereum Community Fund
and the Research Institute
I have a single PhD Scholarship available for a UK/EU student, so please get in touch if interested.
I advise a startup called Indorse.io, maintain the popular Open Vote Network Project/StateChannels/LocalCrypto,
I'm a member of IC3. I have conducted two security audits for RSK.
In the past, I was a post-doc at UCL with Sarah Meiklejohn, a post-doc at UIUC with Andrew Miller and completed my PhD at Newcastle University with Feng Hao and Siamak F. Shahandashti. My thesis is online.
A short list of links about me
- [Preprint] You sank my battleship! A case study to evaluate state channels as a scaling solution for cryptocurrencies Patrick McCorry, Chris Buckland, Surya Bakshi, Karl Wüst and Andrew Miller [Paper][Blog][Github]
- We propose Kitsune, a new state channel contract that combines features from existing constructions
- We explore the minimal modifications required to deploy an application as a state channel and propose an application template to aid others
- This experiment highlights the worst-case scenario of state channels and how it potentially renders applications like battleship as unreasonable to deploy within a state channel.
- [Preprint] Pisa: Arbitration Outsourcing for State Channels Patrick McCorry, Surya Bakshi, Iddo Bentov, Sarah Meiklejohn and Andrew Miller [Preprint][Video]
- Lets a customer hire an accountable third party to watch over a state channel on their behalf
- Provides cryptographic evidence to customer that third party was hired and seek financial recourse if the third party cheats (i.e. doesn't resolve a dispute in the state channel on customer's behalf).
- I have received $350k from The Ethereum Foundation and the Ethereum Community Fund towards further research and development of state channels.
- [SPW '18] Why Preventing a Cryptocurrency Heist Isn't Good Enough Patrick McCorry, Malte Moeser and Taha Ali [Not online]
- All exchanges deploy preventive security measures to prevent (or reduce impact) of a heist. So far, this hasn't proven good enough.
- We propose that exchanges need to pursue reactionary measures that allow them to respond to a heist - which can be self-enforced by the blockchain. (i.e. a "pending" transaction that can be cancelled)
- [BITCOIN '18] Smart Contracts for Bribing Miners Patrick McCorry, Alexander Hicks and Sarah Meiklejohn [Paper][Ethnews]
- Three contracts to facilitate censorship, double-spending and goldfinger attacks
- Briber and Bribee only trust the contracts; and not each other
- [Audit] Security Audit of RSKJ Ginger 0.2.0, Patrick McCorry, Andrew Miller [Audit Report]
- A security audit commissioned by Rootstock.
- [Preprint] Consensus in the Age of Blockchains, Shehar Bano, Alberto Sonnino, Mustafa Al-Bassam, Sarah Azouvi, Patrick McCorry, Sarah Meiklejohn, George Danezis [Paper]
- Work-in-progress SoK on blockchain consensus protocols.
- [Preprint] The Nuts and Bolts of Micropayments: a Survey, Syed Taha Ali, Dylan Clarke and Patrick McCorry. [Paper]
- Work-in-progress survey on the evolution of micropayment systems and protocols.
- [CCS'17] Betrayal, Distrust, and Rationality: Smart Counter-Collusion Contracts for Verifiable Cloud Computing, Changyu Dong, Yilei Wang, Amjad Aldweesh, Patrick McCorry and Aad van Moorsel accepted at ACM Conference on Computer and Communications Security 2017. [Paper]
- A game-theoretic analysis of defeating collusion between two clouds for verifiable cloud computing.
- Game is set up such that one of the colluding cloud should declare their treachery (i.e. traitor).
- [CBT'17] Atomically Trading with Roger: Gambling on the success of a hard fork, Patrick McCorry, Ethan Heilman and Andrew Miller, accepted at the 1st International Workshop on Cryptocurrencies and Blockchain Technology. [Paper] [Hacking Distributed] [Front Cover of Coindesk]
- An atomic trade protocol that allows two parties to swap coins in the event a blockchain splits into two forks.
- Paper is motivated by a public pledge between Loaded and Roger to swap 60,000 coins in the event that Bitcoin Unlimited splits the blockchain.
- Suitable for any hardfork in Bitcoin that includes replay protection (and if a hardfork oracle can be constructed in Ethereum)
- Presented at Breaking Bitcoin 2017 and Scaling Bitcoin 2017!
- [Preprint] Sprites: Payment Channels that Go Faster than Lightning, Andrew Miller, Iddo Bentov, Ranjit Kumaresan, Patrick McCorry, under review. [Paper] [GitHub] [Coindesk]
- A smart contract for Bidirectional Payment Channels without an expiry time.
- Benefits of Ethereum include continuous withdrawals and deposits.
- Introduces a PreimageManager that reduces the worst-case delay to constant time.
- [FC'17] A Smart Contract for Boardroom Voting with Maximum Voter Privacy, Patrick McCorry, Siamak F. Shahandashti, and Feng Hao, accepted at the 21st Financial Cryptography and Data Security conference, Sliema, Malta. [Paper] [GitHub]
- We study the feasibility of executing cryptography protocols over the Ethereum blockchain.
- We implement the Open Vote Network that is a self-tallying internet voting protocol as a smart contract in Solidity.
- Our smart contract won 3rd prize in the Economist Security Challenge and the code is publicly available. [Blog] [Economist] [Economist Report] [Coindesk]
- [ACISP'16] Towards Bitcoin Payment Networks, Patrick McCorry, Malte Möser, Siamak F. Shahandashti, and Feng Hao, invited paper for 21st Australasian Conference on Information Security and Privacy , Melbourne, Australia.[Paper] [Blog]
- We summarise a new field of research 'Bitcoin Payment Networks' and provide a comparison for Duplex Micropayment Channels and Lightning Channels.
- We discuss how to perform Hashed Time-Locked Contracts (HTLC) in both schemes, and the challenges that payment networks face.
- It is our hope that this paper will inspire others to consider further research in this area.
- [FC'16] Refund Attacks on Bitcoins Payment Protocol, Patrick McCorry, Siamak F. Shahandashti, and Feng Hao, accepted at the 20th Financial Cryptography and Data Security conference, Bridgetown, Barbados.[Paper] [Blog]
- In this paper, we present new attacks on the Payment Protocol, which affect all BIP70 merchants.
- The Silkroad Trader attack highlights an authentication vulnerability in the Payment Protocol while the Marketplace Trader attack exploits the refund policies of existing Payment Processors.
- Both attacks have been experimentally verified on real-life merchants using a modified Bitcoin wallet.
- They have also been acknowledged by both Coinbase and Bitpay with temporary mitigation measures put in place.
- [SSR'15] Authenticated Key Exchange over Bitcoin, Patrick McCorry, Siamak F. Shahandashti, Dylan Clarke, and Feng Hao, accepted by the 2nd Security Standardisation Research Conference in Tokyo, Japan. [Paper]
- Allows two pseudonymous parties to establish a secure end-to-end communication channel using Bitcoin's public ledger.
- This Bitcoin-based Authentication is necessary in the cryptocurrency world as PKI (Pubic key infrastructure) and PAKE (Password based Authenticated Key Exchange) is not good enough to authenticate two pseudnymous users.
- Our technique exploits the random nonce found in ECDSA signatures.
- [SPW'15] Bitcoin: Perils of an Unregulated Global P2P Currency, Syed Taha Ali, Dylan Clarke, Patrick McCorry, accepted by the 23rd Security Protocols Workshop in Cambridge, England. [Paper]
- Ideological and design choices that define Bitcoin’s strengths are also directly responsible for the Bitcoin-related crime that we encounter in the news so often today.
- [BITCOIN'15] ZombieCoin: Powering Next-Generation Botnets with Bitcoin, Syed Taha Ali, Patrick McCorry, Peter Hyun-Jeen Lee and Feng Hao, accepted by the 2nd FC Workshop on Bitcoin Research 2015 in San Jaun, Puerto Rico. [Paper] [Forbes]
- We outline a design for next-generation Botners that leverage the Bitcoin network for a stealth and fast command & control center.
- Our design is immune to traditional takedown methods (closing web accounts/chatrooms/domains, poisoning routing tables, etc) - we have not yet discovered a method to "take down" these future botnets.
- [DIS'14] PosterVote: expanding the action repertoire for local political activism, Vasilis Vlachokyriakos, Rob Comber, Karim Ladha, Nick Taylor, Paul Dunphy, Patrick McCorry, Patrick Olivier, accepted at Proceedings of DIS 2014. [Paper]
- A low-cost deployable poster to encourage local political activism
Peer review activities
- Program Chair
- Master Workshop: Off the Chain 2018
- Program Committee Member
- Financial Cryptography 2019
- Scaling Bitcoin 2018 @ Tokyo
- 2nd Crypto Economics Security Conference 2018 @ Berkeley
- 2nd International Workshop on Cryptocurrencies and Blockchain Technology @ ESORICS 2018.
- 1st Workshop on Cryptocurrencies and Blockchains for Distributed Systems @ ACM MobiSys 2018 (Cryblock)
- 2nd Security on Blockchains @ EuroS&P 2018
- 1st HCI for Blockchain Workshop @ CHI 2018
- 2nd Blockchains, Cryptocurrencies and Contracts Workshop @ AsiaCCS 2018
- 5th Bitcoin Workshop @ Financial Cryptography 2018
- 1st International Workshop on Cryptocurrencies and Blockchain Technology @ ESORICS 2017.
- 4th Bitcoin Workshop @ Financial Cryptography 2017
- Requested Reviewer
- 22nd Eurocrypt 2018
- 22nd Financial Cryptography 2018
- International Workshop on Digital Crime and Forensics 2016
- 14th Theory of Cryptography Conference 2016
- 21st European Symposium on Research in Computer Security (ESORICS) 2016
- 20th Financial Cryptography 2016
- 3rd Bitcoin Workshop @ Financial Cryptography 2016
- 20th European Symposium on Research in Computer Security (ESORICS) 2015
I have had the pleasure of presenting to the following audiences (slides and videos):
- UPCOMING: Bitcoin MIT Exp
- UPCOMING: Ethcc.io community meet up
- UPCOMING: Bitcoin Workshop @ Financial Cryptography 2018 (Smart Contracts for Bribing Miners)
- BPASE @ Stanford University (Smart Contracts for Bribing Miners)
- Guest lecture at Newcastle University 2016 for Feng Hao's class (Quirky world of cryptocurrencies: An Introduction)
- Guest lecture at University of Illinois Urbana-Champaign 2016 for Andrew Miller's class (Open Vote Network)
- Financial Cryptography 2016 (Refund Attacks)
- Bitcoin Summer School (Corfu) 2016 (Towards Bitcoin Payment Networks)
- Australasian Conference on Information Security and Privacy 2016 (Towards Bitcoin Payment Networks)
- North East Fraud Forum 2015 (Refund Attacks)
- PhD Consortium @ European Symposium on Research in Computer Security (ESORICS) 2015
- Cryptoforma @ University of Strathclyde 2015 (AKE)
- Security Standardisation Research 2015 (AKE)
- Cryptoforma @ Kent University 2015 (Zombiecoin)
- Bitcoin Workshop @ Financial Cryptography 2015 (Zombiecoin)
Awards that I have been lucky to win:
- 3rd Prize in the Economist Cyber Security Challenge.
- Design an e-voting system over the Blockchain [Economist],
- Short listed for Impact in Progress Award
- Only PhD student short-listed across all departments at Newcastle University
- 1st Prize in the Creative Cyber Security Hackathon
- Hosted by Newcastle University, Lancaster University, Raytheon and BIS (Department for Business and Innovation, UK) [Press]
- Best overall performance in Computer Science 2013
- [Award] was sponsored by Watersons
- Scott Logic Excellence Award
- Highest grade during the second year of the bachelor's degree
- Best Team for Team Project in Stage 2
- Excellence Scholarship
- Over-achieved the entry requirements to study at Newcastle University
Before the (emotional roller coaster) PhD
In my past life, I graduated 1st in my class with a BSc (Hons) Computer Science with Industrial Placement and during this course I had two jobs:
- Intern Software Engineer for CICS (Customer Information Control Systems) and CPSM (CICSPlex System Management) at IBM,
- Supervisor @ Subway for 5 years, working alongside Moffy.
Quoted in News
This is a short list of articles that have quoted me. This does not include articles about work (listed above) and is probably not up to date.
Yahoo Finance/Quartz, Nasdaq, Money Magazine, Bitcoin Magazine, WikiTribune, Catalyst-inc NI, Hype Codes, Coindesk, Fortune, Engadget, Tech Crunch, Cryptocurrency news, Forbes,Yahoo News, Edgy Labs, International Business Times, Coindesk, Jincor Blog, The Register, So Raven
My Linkedin and Twitter.
I can be contracted at firstname.lastname@example.org.
Thank you for visiting my page!