Benedikt Bünz bio photo

Benedikt Bünz

I am researcher interested in applied cryptography especially as it relates to cryptocurrencies. My work focuses on enhancing the privacy, usability and security of protocols that are somehow related to blockchains. Currently I am pursuing my PhD in computer science at Stanford and am advised by Dan Boneh. I am a semi professional runner and enjoy travelling especially in inconvenient vehicles.

  G. Scholar LinkedIn Github e-Mail

About Me:

–I am a third-year PhD student in the Applied Crypto Group and am advised by Dan Boneh

–My main research interests are in cryptography, game theory and cryptocurrencies.

–I am the chief scientist at Findora. Findora builds auditable yet private financial networks using advanced cryptography, including some of my own research.

–I am an avid runner and train and compete for Peninsula Distance Club

Publications (Google Scholar):

Cryptography and Cryptocurrencies

Authors

D. Boneh, B. Bünz and B.Fisch

Paper
Talk at Scaling Bitcoin 18
Slides Technical Slides
TLDR
Accumulators are short commitment to a set that support efficient inclusion and exclusion proofs. We present several new batching techniques for accumulators and positional vector commitments in group of unknown order. Our techniques can be used in a stateless blockchain design where all users and miners only require a constant amount of storage. We also present a new vector commitment which can significantly reduce the proof size of IOP instantiations, such as STARKs.
Authors

B. Bünz, S. Agrawal, M. Zamani and D. Boneh

Paper
Slides
TLDR
We propose Zether, a private payment mechanism that is compatible with Ethereum and other account-based payment systems. Zether can provide both confidentiality (by hiding payment amounts) and anonymity (by hiding the identities of senders and recipients). Zether is designed to be inter-operable with arbitrary smart contracts to support applications such as sealed-bid auctions, private payment channels, stake voting, and confidential proof-of-stake. Zether uses an extension to Bulletproofs called Sigma-Bullets which combines Bulletproofs with Sigma protocols.
Authors

D. Boneh, B. Bünz and B.Fisch

Paper
TLDR
We briefly survey two beautiful VDF constructions by Wesolowski and Pietrzak. We give a new computational security proof for one of them and compare their security assumptions.
Authors

D. Boneh, J.Bonneau, B. Bünz and B.Fisch

Paper (Published at CRYPTO 2018)
Talk by Ben Fisch at Crypto 2018
TLDR
We introduce verifiable delay functions (VDFs) which have 3 key properties: They are a functions so for every input there is a unique output. Evaluation incurs a delay, i.e. it takes a significant amount of time even on a highly parallel machine. VDFs are verifiable such that given a proof a verifier can efficiently check that the VDF was evaluated correctly. VDFs have many applications from randomness beacons to proofs of replication and cointossing.
Authors

B. Bünz, J. Bootle, D. Boneh, Andrew Poelstra, Pieter Wuille and Greg Maxwell

Paper (Published at IEEE S&P (Oakland) 2018)
Talk at IEEE S&P
Slides
Implementations

Java reference implementation

libsecp256k1 implementation by Andrew Poelstra

TLDR
Confidential transactions are Bitcoin transactions which are publicly verifiable but do not reveal the amounts that are transferred. They rely on cryptographic commitments and so called zero-knowledge proofs of knowledge. We present a new kind of zero-knowledge proof which is much more efficient and can be used to drastically reduce the size of confidential transactions. On a more technical note bulletproofs are non-interactive zero knowledge proofs without trusted setup and with only logarithmic proof size. Proving and verification cost are linear with low constant overhead.
Authors

G. Dagher, B. Bünz, J.Bonneau, J.Clark and D. Boneh

Paper (Published at CCS 2015)
Talk at Next Context Conference
Implementations

Java reference implementation

Blog by Joseph Bonneau
TLDR
How can a Bitcoin exchange proof that they have enough funds to satisfy all their customers demands without revealing the customers balances, the bitcoin addresses they control or even the total amount of bitcoin they have.
Presented at IEEE S&B Workshop
Authors

B. Bünz, S. Goldfeder, J. Bonneau

Paper
Talk at CESC
Slides
Code
TLDR
We show how one can generate an unpredictable randomness beacon that is publicly verifiable using a blockchain. The beacon can be used to verify the correct execution of randomized algorithms such as lotteries. The novel property of the beacon is that it is publicly verifiable in that a verifier is convinced that the beacon was unpredictable even if she did not partake in the generation of the beacon and without any trust assumptions. We also show how we can enable interactive verification using an efficient smart contract.

Game Theory (Combinatorial Auctions)

Authors

B. Bünz, B. Lubin, S. Seuken

Paper (Published at EC 2018)
TLDR
We systematically look for and evaluate payment rules for combinatorial auctions. Our evaluation is done by computing BNEs for the payment rule in various domains. We find new payment rules that performe significantly better than the currently used ones.
Authors

B. Bünz, B. Lubin, S. Seuken

Paper (Published at AAAI 2015)
Slides
TLDR
We significantly improve on the current state of the art algorithm for computing combinatorial auctions. These auctions were multiple related goods are sold in the same auction are for example used to allocated spectrum to cellular companies around the world. These auctions often generate billions of dollars in revenue but are often limited to a small number of bidders and goods. Faster algorithms for computing their outcome will enable larger scale applications.
Authors

V. Bosshard, B. Bünz, B. Lubin, S. Seuken

Paper (Published at IJCAI 2017)
TLDR
We design several new techniques for quickly computing bayes nash equilibria for combinatorial auctions.

Artificial Intelligence

Authors

D. Selsam, M. Lamm, B. Bünz, P. Liang, L. de Moura,D. Dill

Paper (To appear at ICLR 2019)
Talk by Daniel Selsam at Microsoft Research
[Code](https://github.com/dselsam/neurosat)
TLDR
We develop a neural network based solver for finding satisfying assignments to boolean formulas (SAT solver). At training time the network is given satisfying formulas and only the information of whether the formula has a solution or not. Despite this minimal supervision we are able to directly read of satisfying assignments from the activations of the network if it classifies a formula as satisfiable. Additionally we can even find contradictions if the formula is unsatisfiable. Given that classifying boolean formulas is an NP-complete problem this an interesting exploration into the abilities and flexibilities of neural network and also raises interesting possibilities of using neural networks in the development of state of the art SAT solvers.