55supposed to be secure. But despite their supposed security, millions of dollars are lost to crypto scams every year due to security shortfalls hidden in the blockchain ecosystem. To address this challenge, Prof. Allen Man-ho AU, and Prof. Daniel Xiapu LUO, Department of Computing, have developed novel algorithms to protect the privacy of blockchain users, boost the security of secret keys, discover security vulnerabilities in the blockchain ecosystem, and defend against malicious attacks.Cryptographic foundationBefore a transaction is recorded on a blockchain, it must be verified by all users, a process that can be time-consuming. Privacy is also a concern, as all users can see all the details of a transaction. Prof. Au%u2019s team has addressed these concerns by developing an efficient zeroknowledge proof (ZKP) algorithm that accelerates the validation process and prevents the leaking of sensitive data. For example, instead of posting 1,000 transactions on a blockchain and asking users to verify them one by one, a short proof is posted stating that these 1,000 transactions are valid. Users simply need to validate this proof instead of verifying each of the 1,000 transactions. What%u2019s more, this short proof does not contain any details of the transactions, thus protecting user privacy. When managing virtual assets, the security of the secret key is crucial. Prof. Au%u2019s team has devised a distributed cryptographic key based on threshold cryptography. The secret key is divided into five parts and stored on five servers. To sign into an account, the user needs three of these five parts. %u201cEven if a hacker manages to breach one server, they can%u2019t log into an account without two more parts. The hacker has no idea where the rest of the key is stored, making it a lot harder to steal a secret key,%u201d explains Prof. Au. %u201cWhat%u2019s more, as the key is stored across five servers, the user can still retrieve three-fifths of the key from other servers even if one server is down, and so won%u2019t be locked out of their account.%u201d Threshold cryptography thus not only provides a major boost to secret key security, it also ensures that users can access their assets even if a server fails.IN SAFE HANDS