TU Wien:Cryptocurrencies VU (Maffei)

From VoWi
Jump to navigation Jump to search


Lecturers Simon JeanteurMatteo Maffei
Alias Cryptocurrencies (en)
Department Forschungsbereich Security and Privacy
When winter semester
Last iteration 2022WS
Language English
Mattermost cryptocurrenciesRegisterMattermost-Infos
Links tiss:192065, tiss:184789
Master Logic and Computation Wahlmodul Logic, Mathematics, and Theoretical Computer Science
Master Software Engineering & Internet Computing Wahlmodul Advanced Security


Basic knowledge about cryptocurrencies, including cryptographic primitives like hashing and digital signatures. Further, material about altcoins, Ethereum, Smart Contracts, off-chain payments, routing.


WS 2021/22 (6 ECTS)[edit]

  • 11 weekly lectures + 3 Q&A sessions + 1 Tutorial
  • 3 assignments (Bitcoin in SQL, Ethereum Smart contract security, Lightning network)
  • One written exam + 1 retake

WS 2018/19 (6 ECTS)[edit]

  • 13 weekly lectures
  • Two written exams (midterm and final)

WS 2017/18 (3 ECTS)[edit]

  • 11 weekly lectures
  • Two assignments
  • Written exam at the end of the semester

Benötigte/Empfehlenswerte Vorkenntnisse[edit]

  • no real requirements
  • basic SQL is helpful but a cheatsheet gets provided for that assignment
  • interest in the technology and also theory and not just riding the hypetrain


The lecture is quite difficult to follow: The slides aren't really good and it's hard to understand Prof Maffei. (Better read the book)

WS 2021/22: The Bitcoin related parts of the lecture were outsourced to recordings of Princeton's lectures on the topic. There were Q&A sessions where questions were answered. The parts on Lightning/Ethereum/Altcoins were held by the lecturers depending on their particular area of expertise. The quality of presentations ranged from bad (Very thick accent, "I know this slide is messy", hard to follow) to outstanding.


  • WS 2017/18: There are two exercises to be done by each student. Collaboration or better said discussion is allowed and has to be disclosed in the submission paper.
  • WS 2018/19: Two assignments, the first one is done in groups of up to three students. Assignment 1 was equal to WS 2017/18. Assignment 2 consisted of exploiting 4 smart contracts.

Assignment 1:[edit]

There are three parts to be done, all of them on a subset of the blockchain.

Part one has to be performed on the first 100.000 entries of the bitcoin blockchain. There are invalid blocks which would not pass the bitcoin validation algorithm. Goal is to find the invalid blocks and present them. All of this is one in sql, you get a basic representation of the blockchain as an sql file which has to be loaded into postgresql. There are only three tables which reference each other and several queries have to be made to find all the invalid blocks.

Part two is on an even smaller part of the blockchain which also gets provided by an initialization sql script. The goal here is to find unspent transactions which is fairly simple.

Part three is a de-anonymization attempt based on a clustering function which gets provided. Before using the provided function one has to insert in a given table all potential transactions based on joint control and serial control. After that it is possible to use the given function and finish the task with some basic queries based on the output.

Assignment 2:[edit]

You are provided access to a private ethereum blockchain where a DAO contract ( decentralized autonomous organization) is hosted. Each student has his/her own contract and has to exploit a known bug on this contract. For this example you need to install geth and the solidity compiler and write some simple solidity code. The exploit and the respective code are presented to you in a paper that gets linked in the exercise instructions, so it is not that hard. Goal is to exploit the DAO and steal all the coins on your personal part of the ethereum blockchain.

Prüfung, Benotung[edit]

WS 2021: The grading scheme is extremely odd in this lecture. Half your grade comes from a single test covering all lectures, which isn't that unusual. The other half, however, is. There are three group-exercises you need to solve, however starting from the second one they are literally one-person tasks (you need a personalized environment that is mailed to you). In practice that means your grade is highly dependent on the performance of (often random) team members without even the possibility of compensating for their performance (or rather lack thereof). The exercises are also highly outdated (the Ethereum exercise shipped with 4 year old libraries) and, although thematically interesting, not relevant anymore in practice. The exam had a strong focus in Bitcoin (payment channels in particular), to the degree that the class could reasonably be renamed to "Bitcoin and a splash of Ethereum". A large portion of the test also had to do with Bitcoin scripts and required writing and debugging them. Although this was technically part of the material, it was never brought up in any lectures; so unless you went out of your way to read the additional literature you had to figure it out on the spot, which was criticized by many participants.

WS 2018/19: Two exams which should not be underestimated. The first exam covers about 2/3 of the material of the whole LVA (about 9 slide sets + 2 tutorials), the final exam covers the rest (about 4 slide sets + 2 tutorials). The tutorials cover important topics, especially the first tutorial covers a lot of important cryptographic concepts which were very relevant for the test. The final exam covered only 4 slide sets and was probably underestimated by some people. However, a deep understanding of the topics was required to be able to answer the questions which the slides did not really bring across.

It was possible to retake one or both exams about three weeks after the final exam (mid/end of February). The early date for the retake led to student complaints which were ignored.

WS 2017/18: Relativ grundlegendes Wissen abgefragt, nichts über Ripple oder LN (siehe auch Prüfung).

Dauer der Zeugnisausstellung[edit]

WS17: Prüfung 02.02. - Zeugnis am 26.03. (7 Wochen; Übungspunkte wurden auch erst am 02.03. bzw. 09.03. eingetragen, die LVA-Leitung hat nicht mit so vielen LVA-Teilnehmern gerechnet und daher (zu) wenig Kapazitäten eingeplant, war auch die 1. Abhaltung der LVA).

WS 2018/19: About two weeks between the exam and the publishing of the results: Midterm exam on 30.11., results online on 17.12. Final exam on 24.1., results online on 8.2.


WS 2018/19[edit]

The first assignment is a group project and takes about one to two days per person if done carefully. The second assignment consisted of exploiting 4 contracts which took me about 3 days. I studied about 40 hours for the first exam and about 30 hours for the second exam, the assignments took me about 40 hours as well. All in all I would say that I didn't need the full 150 hours (6 ECTS).

WS 2017/18[edit]

For the assignments one or two days should be enough.

Other opinion: One or two days is not enough. The first assignment needs some reading and understanding, the second can take more time depending on the network. We executed the right commands with no success until one day before end they told us we need to sync it..
Other opinion: If you are familiar with the respective tools and know what you are doing, the first assignment takes ~4-8 hours and the second one ~1-2 hours plus time for writing the report. I agree that not knowing the tools/techniques and needed theory knowledge can add at least 1-2 working days per assignment.


Princeton: lecture book and videos


  • Don't start too late, with the first assignment was my main challenge figuring out the basic structure and what refers to what and not even the SQL writing. There is normally an easy way for the SQL queries.
  • I would suggest looking for the Princeton book "Bitcoin and Cryptocurrency Technologies" online (there is a free PDF) and just read it. They explain everything very good. There are also some videos online. The book covers everything (the lecture is basically the book) so you will be fine with only reading it.
    • Note: The book covers a lot of the material for the exam and it helps to read it, it doesn't cover the lecture material in full anymore as of WS 2018/19.
  • The course is not too bad, requires not too much effort but if one doesn't know much about the Cryptocurrencies it's probably also not the best way to get into this topic. I would rather recommend attending Smart Contracts VU and Seminar aus Security (Kryptowährungen) SE first (which give a much better introduction to the the topic) and then attend this lecture.

Verbesserungsvorschläge / Kritik[edit]

  • The quality of the slides should be improved. Mathematical formulas are typeset in running text which makes them hard to comprehend. The slides could be a bit more formal in terms of definitions etc. because the tests ask for a deeper understanding as well.
  • The retake exams where scheduled for mid February (18.02.) and the points of the final exam were only announced about a week before the exam which lead to a lot of protests from students.