Publications
Bibliometrics can be found in Google Scholar.
2026
- Perils of Parallelism: Transaction Fee Mechanisms under Execution Uncertainty. . In submission.
- Geographical Centralization Resilience in Ethereum's Block-Building Paradigms. . ACM SIGMETRICS 2026.
- Blockspace Under Pressure: An Analysis of Spam MEV on High-Throughput Blockchains. . In submission.
- Cirrus: Performant and Accountable Distributed SNARK. . NDSS 2026.
- Boost+: Equitable, Incentive-Compatible Block Building. . In submission.Publicity
- Invited talk at DeCenter Seminar, Princeton, NJ. PPTX
- Censorship Resistance vs Throughput in Multi-Proposer BFT Protocols. . In submission.Highlights
- Awarded Ethereum Academic Grant
2025
- Verifiable Aggregate Receipts with Applications to User Engagement Auditing. . In submission.Publicity
- RediSwap: MEV Redistribution Mechanism for CFMMs. . In Proceedings of the Workshop on Decentralized Finance and Security (DeFi ‘25).Resources
@inproceedings{10.1145/3733815.3764044, author = {Zhang, Mengqian and Yang, Sen and Zhang, Fan}, title = {RediSwap: MEV Redistribution Mechanism for CFMMs}, year = {2025}, isbn = {9798400719042}, publisher = {Association for Computing Machinery}, address = {New York, NY, USA}, url = {https://doi.org/10.1145/3733815.3764044}, doi = {10.1145/3733815.3764044}, booktitle = {Proceedings of the 2025 Workshop on Decentralized Finance and Security}, pages = {27–36}, numpages = {10}, keywords = {Decentralized Finance, MEV Redistribution, Mechanism Design}, series = {DeFi '25} } - AGORA: Open More and Trust Less in Binary Verification Service. . OOPSLA 2025.Resources
@article{10.1145/3763099, author = {Chen, Hongbo and Zhou, Quan and Yang, Sen and Dang, Sixuan and Han, Xing and Zhang, Danfeng and Zhang, Fan and Wang, XiaoFeng}, title = {Agora: Trust Less and Open More in Verification for Confidential Computing}, year = {2025}, issue_date = {October 2025}, publisher = {Association for Computing Machinery}, address = {New York, NY, USA}, volume = {9}, number = {OOPSLA2}, url = {https://doi-org.yale.idm.oclc.org/10.1145/3763099}, doi = {10.1145/3763099}, journal = {Proc. ACM Program. Lang.}, month = oct, articleno = {321}, numpages = {28}, keywords = {Program verification, confidential computing, smart contract, static analysis, trusted computing base} } - Qelect: Lattice-based Single Secret Leader Election Made Practical. . USENIX Security 2025.Resources
@inproceedings{DBLP:conf/uss/WangZ25, author = {Yunhao Wang and Fan Zhang}, editor = {Lujo Bauer and Giancarlo Pellegrino}, title = {Qelect: Lattice-based Single Secret Leader Election Made Practical}, booktitle = {34th {USENIX} Security Symposium, {USENIX} Security 2025, Seattle, WA, USA, August 13-15, 2025}, pages = {8461--8480}, publisher = {{USENIX} Association}, year = {2025}, url = {https://www.usenix.org/conference/usenixsecurity25/presentation/wang-yunhao}, timestamp = {Fri, 31 Oct 2025 16:17:35 +0100}, biburl = {https://dblp.org/rec/conf/uss/WangZ25.bib}, bibsource = {dblp computer science bibliography, https://dblp.org} } - ZIPNet: Low-bandwidth anonymous broadcast from (dis)Trusted Execution Environments. . 25th Privacy Enhancing Technologies Symposium (PETS 2025).Highlights
- Used in Flashnet built by Flashbots
Publicity- Invited talk at NoConsensus.wtf 2025 @ SBC, Berkeley, CA.
Resources@article{DBLP:journals/popets/RosenbergSZWMZ25, author = {Michael Rosenberg and Maurice Shih and Zhenyu Zhao and Rui Wang and Ian Miers and Fan Zhang}, title = {ZIPNet: Low-bandwidth anonymous broadcast from (dis)Trusted Execution Environments}, journal = {Proc. Priv. Enhancing Technol.}, volume = {2025}, number = {2}, pages = {211--225}, year = {2025}, url = {https://doi.org/10.56553/popets-2025-0058}, doi = {10.56553/POPETS-2025-0058}, timestamp = {Mon, 12 May 2025 17:34:54 +0200}, biburl = {https://dblp.org/rec/journals/popets/RosenbergSZWMZ25.bib}, bibsource = {dblp computer science bibliography, https://dblp.org} } - Decentralization of Ethereum's Builder Market. . IEEE S&P'25.Highlights
- Featured in Built to Centralize: How Ethereum’s Winner-Take-All Design Creates a Centralization Crisis and Kills Innovation by Wisdom of DeFi by EigenPhi on Nov 14, 2024.
Publicity- Guest lecture at Berkeley DeFi MOOC.
- Invited talk at CBER Crafting the Cryptoeconomy Conference. PPTX
- Invited talk at Decentralized Science (DeSci) Seminar, University of Sydney (Remote).
- Invited talk at Science of Blockchain Conference 2024 (SBC'24), New York, NY. Video
- Invited talk at IC3 Blockchain Camp, New York, NY.
- Invited talk at EC24 Workshop on Blockchains and Decentralized Finance.
Resources@inproceedings{yangDecentralizationEthereumsBuilder2025, title = {Decentralization of {{Ethereum}}'s {{Builder Market}}}, author = {Yang, Sen and Nayak, Kartik and Zhang, Fan}, date = {2025-05-01}, pages = {1512--1530}, publisher = {IEEE Computer Society}, doi = {10.1109/SP61157.2025.00157}, url = {https://www.computer.org/csdl/proceedings-article/sp/2025/223600b456/26hiUkhZyfK}, urldate = {2025-06-19}, eventtitle = {2025 {{IEEE Symposium}} on {{Security}} and {{Privacy}} ({{SP}})}, isbn = {979-8-3315-2236-0}, langid = {english} } - Insecurity Through Obscurity: Veiled Vulnerabilities in Closed-Source Contracts. . In submission.Highlights
- Featured in Shape Rotator Hackathon.
- Prooφ: A ZKP Market Mechanism. . Financial Cryptography and Data Security 2025 (FC25).Resources
- Presented at ZK Summit 11 (Athens), Tokenomics'24 (Hong Kong), FC'25 (Japan), TLDR'25, IC3 Blockchain Camp'25
- Anonymous Self-Credentials and their Application to Single-Sign-On. . In submission.
- AUCIL: An Inclusion List Design for Rational Parties. . In submission.
- CRATE: Cross-Rollup Atomic Transaction Execution. . In submission.
2024
- SoK: MEV Countermeasures. . Proceedings of the Workshop on Decentralized Finance and Security (DeFi ‘24).
- Unpacking Long-Latency Transactions in Ethereum. . Proceedings of the Workshop on Decentralized Finance and Security (DeFi ‘24).
- (Book Chapter) Web3: Blockchain, the New Economy, and the Self-Sovereign Internet. . Cambridge Press.Resources
- Order from Cambridge
- CrudiTEE: A Stick-and-Carrot Approach to Building Trustworthy Cryptocurrency Wallets with TEEs. . Advances in Financial Technologies (AFT 2024).
- Data Independent Order Policy Enforcement: Limitations and Solutions. . In ACM CCS'24.
- Sprints: Intermittent Blockchain PoW Mining. . USENIX Security'24.
2023
- The Locality of Memory Checking. . ACM Conference on Computer and Communications Security (CCS'23).
- Fed-CBS: A Heterogeneity-Aware Client Sampling Mechanism for Federated Learning via Class-Imbalance Reduction. . Proceedings of the 40th International Conference on Machine Learning, PMLR 202:41354-41381, 2023.
- MISO: Legacy-compatible Privacy-preserving Single Sign-on using Trusted Execution Environments. . 2023 IEEE 8th European Symposium on Security and Privacy (EuroS&P'23).
- He-HTLC: Revisiting Incentives in HTLC. . Network and Distributed System Security (NDSS'23).Publicity
- Invited talk at IC3 Blockchain Camp, Ithaca, NY.
- Invited talk at a16z, New York, NY.
2022
- zkBridge: Trustless Cross-chain Bridges Made Practical. . ACM Conference on Computer and Communications Security (CCS'22).Highlights
- zkBridge is implemented by Polyhedra Network.
Publicity- Invited talk at IC3 Blockchain Camp, New York, NY.
- Invited talk at 1st ACE Symposium on Privacy, Accountability, Verification, and Economics of Blockchain Systems, New Haven, CT.
- Empirical Analysis of EIP-1559: Transaction Fees, Waiting Time, and Consensus Security. . ACM Conference on Computer and Communications Security (CCS).Highlights
- Cited in State of the Network by Coin Metrics on Jan 19, 2022.
- Cited in Vitalik’s tweet on Jan 17, 2022.
2021
- CanDID: Can-Do Decentralized Identity with Legacy Compatibility, Sybil-Resistance, and Accountability. . IEEE Symposium on Security & Privacy (S&P'21).Publicity
- Invited talk at The West Lake Forum on Network Security, Online.
- Invited talk at Annual Convention of Chinese Institute of Engineers - Greater New York Chapter.
- Invited talk at Empire Hacking (organized by Trail of Bits).
2020
- Design Choices for Central Bank Digital Currency: Policy and Technical Considerations. (Authors are ordered alphabetically). NBER Working Paper No. 27634.
- The Ekiden Platform for Confidentiality-Preserving, Trustworthy, and Performant Smart Contracts. . IEEE Security & Privacy Magazine (Volume: 18, Issue: 3, May-June 2020).
- DECO: Liberating Web Data Using Decentralized Oracles for TLS. . ACM Conference on Computer and Communications Security (CCS).Highlights
- Licensed to Chainlink.
- Featured in Chainlink’s New Acquisition From Cornell University Could Transform Blockchain For Good by Forbes on Aug 29, 2020.
- Featured in Chainlink Acquires Blockchain Oracle Solution From Cornell University by CoinDesk on Aug 29, 2020.
- Featured in Chainlink acquires a privacy-preserving oracle protocol from Cornell University by CoinTelegraph on Aug 29, 2020.
- Featured in Chainlink Acquires DECO from Cornell University by PR Newswire on Aug 29, 2020.
- Featured in Chainlink acquires DECO protocol from Cornell University by FXStreet on Sep 1, 2020.
Publicity- Invited talk at W3C Credential Community Group (CCG).
- Invited talk at Stanford Blockchain Conference (SBC'20), Stanford University.
- Invited talk at Real World Crypto (RWC'20), New York City.
- Order-Fairness for Byzantine Consensus. . The Annual International Cryptology Conference (CRYPTO'20).
2019
- CHURP: Dynamic-Committee Proactive Secret Sharing. (*indicates equal contribution). ACM Conference on Computer and Communications Security (CCS'19).Highlights
- Featured in a MIT Tech Review China report by MIT Tech Review China on May 27, 2019.
Publicity- Invited talk at ACM CCS'19, London, UK.
- Invited talk at IC3 Bootcamp, Ithaca, NY.
- Tesseract: Real-Time Cryptocurrency Exchange using Trusted Hardware. . ACM Conference on Computer and Communications Security (CCS'19).
- Ekiden: A Platform for Confidentiality-Preserving, Trustworthy, and Performant Smart Contracts. . IEEE European Symposium on Security and Privacy (EuroS&P'19).Highlights
- Implemented by Oasis Labs.
- Featured in Big Hitter Crypto Funds Pile Into Privacy-Enhanced Smart Contract Startup Oasis Labs by Forbes on Jul 9, 2018.
Resources@inproceedings{chengEkiden2019, title = {Ekiden: {{A Platform}} for {{Confidentiality-Preserving}}, {{Trustworthy}}, and {{Performant Smart Contracts}}}, shorttitle = {Ekiden}, booktitle = {2019 {{IEEE European Symposium}} on {{Security}} and {{Privacy}} ({{EuroS}}\&{{P}})}, author = {Cheng, Raymond and Zhang, Fan and Kos, Jernej and He, Warren and Hynes, Nicholas and Johnson, Noah and Juels, Ari and Miller, Andrew and Song, Dawn}, date = {2019-06}, pages = {185--200}, doi = {10.1109/EuroSP.2019.00023}, eventtitle = {2019 {{IEEE European Symposium}} on {{Security}} and {{Privacy}} ({{EuroS}}\&{{P}})}, keywords = {blockchain,Blockchain,confidentiality preserving smart contracts,Cryptography,Hardware,smart contracts,Smart contracts,trusted hardware}, } - Paralysis Proofs: Secure Dynamic Access Structures for Cryptocurrency Custody and More. . ACM Advances in Financial Technologies (AFT'19).Highlights
- Featured in Cornell IC3 Researchers Propose Solution to Bitcoin’s Multisig “Paralysis” Problem by BitcoinMagazine on Jan 19, 2018.
2017
- REM: Resource-Efficient Mining for Blockchains. . USENIX Security Symposium (Security'17).Highlights
- Featured in The Ridiculous Amount of Energy It Takes to Run Bitcoin by IEEE Spectrum on Sep 28, 2017.
Publicity- Invited talk at USENIX Security'17, Vancouver, BC, Canada.
- Sealed-Glass Proofs: Using Transparent Enclaves to Prove and Sell Knowledge. . IEEE European Symposium on Security and Privacy (EuroS&P'17).
- Solidus: Confidential Distributed Ledger Transactions via PVORM. . ACM Conference on Computer and Communications Security (CCS'17).
2016
- Stealing Machine Learning Models via Prediction APIs. . USENIX Security Symposium (Security'16).
- Town Crier: An Authenticated Data Feed for Smart Contracts. . ACM Conference on Computer and Communications Security (CCS'16).Highlights
- Licensed to ChainLink.
- Featured in Blockchain smart contracts are finally good for something in the real world by MIT Tech Review on Nov 19, 2018.
- Featured in Cornell’s Town Crier Acquired By Chainlink To Expand Decentralized Oracle Network by Forbes on Nov 1, 2018.
- Featured in Chainlink Blockchain Company Acquires Cornell’s Town Crier to Bolster Native Smart Contract Network by BitcoinExchangeGuide on Nov 2, 2018.
- Featured in Chainlink Acquires Town Crier, a Hardware-Based Oracle by Unhashed on Nov 3, 2018.
- Featured in Trust Your Oracle? Cornell Launches Tool for Confidential Blockchain Queries by CoinDesk on May 17, 2017.
- Featured in How Encrypted Weather Data Could Help Corporate Blockchain Dreams Come True by MIT Technology Review on May 11, 2017.
- Featured in Town Crier Service Delivers Solid Data To Coders by ETHNews on May 11, 2017.
Publicity- Invited talk at Silicon Valley Ethereum Meetup, Santa Clara, CA.
- Invited talk at IC3 Retreat, San Francisco, CA.
- Invited talk at CCS'16, Vienna, Austria.
- Invited talk at IC3 Retreat, New York City.
2015
- PlateClick: Bootstrapping Food Preferences Through an Adaptive Visual Interface. . ACM Conference on Information and Knowledge Management (CIKM'15).