About

Ari Juels is the Weill Family Foundation and Joan and Sanford I. Weill Professor of computer science at Cornell Tech, the Cornell Ann S. Bowers College of Computing and Information Science, and the Jacobs Technion-Cornell Institute. He is co-director of the Initiative for CryptoCurrencies and Contracts (IC3) and the chief scientist at Chainlink Labs. Juels's recent areas of interest include blockchains, cryptocurrency, and smart contracts, as well as applied cryptography, user authentication, and privacy. He has a distinguished background, having served as the chief scientist of RSA, director of RSA Laboratories, and a distinguished engineer at EMC (now Dell EMC), where he worked until 2013. Juels holds a Ph.D. in computer science from the University of California, Berkeley, and has been featured as an expert source in various news publications such as Coindesk, the Wall Street Journal, the New York Times, Forbes, and Popular Science.

Research topics

• Computer Security
• Computer Science
• Artificial Intelligence
• Computer network
• Distributed computing
• Finance
• Business
• Economics
• Microeconomics
• Theoretical computer science
• Database
• Algorithm

Selected publications

• The CoinAlg Bind: Profitability-Fairness Tradeoffs in Collective Investment Algorithms

  arXiv (Cornell University) · 2026-01-02

  preprintOpen accessSenior author

  Collective Investment Algorithms (CoinAlgs) are increasingly popular systems that deploy shared trading strategies for investor communities. Their goal is to democratize sophisticated -- often AI-based -- investing tools. We identify and demonstrate a fundamental profitability-fairness tradeoff in CoinAlgs that we call the CoinAlg Bind: CoinAlgs cannot ensure economic fairness without losing profit to arbitrage. We present a formal model of CoinAlgs, with definitions of privacy (incomplete algorithm disclosure) and economic fairness (value extraction by an adversarial insider). We prove two complementary results that together demonstrate the CoinAlg Bind. First, privacy in a CoinAlg is a precondition for insider attacks on economic fairness. Conversely, in a game-theoretic model, lack of privacy, i.e., transparency, enables arbitrageurs to erode the profitability of a CoinAlg. Using data from Uniswap, a decentralized exchange, we empirically study both sides of the CoinAlg Bind. We quantify the impact of arbitrage against transparent CoinAlgs. We show the risks posed by a private CoinAlg: Even low-bandwidth covert-channel information leakage enables unfair value extraction.

  PublisherDOI

• The CoinAlg Bind: Profitability-Fairness Tradeoffs in Collective Investment Algorithms

  ArXiv.org · 2026-01-02

  articleOpen accessSenior author

  Collective Investment Algorithms (CoinAlgs) are increasingly popular systems that deploy shared trading strategies for investor communities. Their goal is to democratize sophisticated -- often AI-based -- investing tools. We identify and demonstrate a fundamental profitability-fairness tradeoff in CoinAlgs that we call the CoinAlg Bind: CoinAlgs cannot ensure economic fairness without losing profit to arbitrage. We present a formal model of CoinAlgs, with definitions of privacy (incomplete algorithm disclosure) and economic fairness (value extraction by an adversarial insider). We prove two complementary results that together demonstrate the CoinAlg Bind. First, privacy in a CoinAlg is a precondition for insider attacks on economic fairness. Conversely, in a game-theoretic model, lack of privacy, i.e., transparency, enables arbitrageurs to erode the profitability of a CoinAlg. Using data from Uniswap, a decentralized exchange, we empirically study both sides of the CoinAlg Bind. We quantify the impact of arbitrage against transparent CoinAlgs. We show the risks posed by a private CoinAlg: Even low-bandwidth covert-channel information leakage enables unfair value extraction.

  PublisherOA PDF

• B-Privacy: Defining and Enforcing Privacy in Weighted Voting

  ArXiv.org · 2025-09-22

  preprintOpen accessSenior author

  In traditional, one-vote-per-person voting systems, privacy equates with ballot secrecy: voting tallies are published, but individual voters' choices are concealed. Voting systems that weight votes in proportion to token holdings, though, are now prevalent in cryptocurrency and web3 systems. We show that these weighted-voting systems overturn existing notions of voter privacy. Our experiments demonstrate that even with secret ballots, publishing raw tallies often reveals voters' choices. Weighted voting thus requires a new framework for privacy. We introduce a notion called B-privacy whose basis is bribery, a key problem in voting systems today. B-privacy captures the economic cost to an adversary of bribing voters based on revealed voting tallies. We propose a mechanism to boost B-privacy by noising voting tallies. We prove bounds on its tradeoff between B-privacy and transparency, meaning reported-tally accuracy. Analyzing 3,582 proposals across 30 Decentralized Autonomous Organizations (DAOs), we find that the prevalence of large voters ("whales") limits the effectiveness of any B-Privacy-enhancing technique. However, our mechanism proves to be effective in cases without extreme voting weight concentration: among proposals requiring coalitions of $\geq5$ voters to flip outcomes, our mechanism raises B-privacy by a geometric mean factor of $4.1\times$. Our work offers the first principled guidance on transparency-privacy tradeoffs in weighted-voting systems, complementing existing approaches that focus on ballot secrecy and revealing fundamental constraints that voting weight concentration imposes on privacy mechanisms.

  PublisherOA PDFDOI

• Liquefaction: Privately Liquefying Blockchain Assets

  2025-05-12 · 1 citations

  articleSenior author

  Inherent in the world of cryptocurrency systems and their security models is the notion that private keys-and thus assets-are controlled by individuals or individual entities. We present Liquefaction, a wallet platform that demon-strates the dangerous fragility of this foundational assumption by systemically breaking it. Liquefaction uses trusted execution environments (TEEs) to encumber private keys, i.e., attach rich, multi-user policies to their use. In this way, it enables the cryptocurrency credentials and assets of a single end-user address to be freely rented, shared, or pooled. It accomplishes these things privately, with no direct on-chain traces. Liquefaction demonstrates the sweeping consequences of TEE-based key encumbrance for the cryptocurrency land-scape. Liquefaction can undermine the security and economic models of many applications and resources, such as locked tokens, DAO voting, airdrops, loyalty points, soulbound tokens, and quadratic voting. It can do so with no on-chain and minimal off-chain visibility. Conversely, we also discuss beneficial applications of Liquefaction, such as privacy-preserving, cost-efficient DAOs and a countermeasure to dusting attacks. Importantly, we describe an existing TEE-based tool that applications can use as a countermeasure to Liquefaction. Our work prompts a wholesale rethinking of existing models and enforcement of key and asset ownership in the cryptocurrency ecosystem.

  PublisherDOI

• Oracle (Blockchain Concept)

  2025-01-01

  book-chapter1st authorCorresponding
  PublisherDOI

• Liquefaction: Privately Liquefying Blockchain Assets

  arXiv (Cornell University) · 2024-12-03

  preprintOpen accessSenior author

  Inherent in the world of cryptocurrency systems and their security models is the notion that private keys, and thus assets, are controlled by individuals or individual entities. We present Liquefaction, a wallet platform that demonstrates the dangerous fragility of this foundational assumption by systemically breaking it. Liquefaction uses trusted execution environments (TEEs) to encumber private keys, i.e., attach rich, multi-user policies to their use. In this way, it enables the cryptocurrency credentials and assets of a single end-user address to be freely rented, shared, or pooled. It accomplishes these things privately, with no direct on-chain traces. Liquefaction demonstrates the sweeping consequences of TEE-based key encumbrance for the cryptocurrency landscape. Liquefaction can undermine the security and economic models of many applications and resources, such as locked tokens, DAO voting, airdrops, loyalty points, soulbound tokens, and quadratic voting. It can do so with no on-chain and minimal off-chain visibility. Conversely, we also discuss beneficial applications of Liquefaction, such as privacy-preserving, cost-efficient DAOs and a countermeasure to dusting attacks. Importantly, we describe an existing TEE-based tool that applications can use as a countermeasure to Liquefaction. Our work prompts a wholesale rethinking of existing models and enforcement of key and asset ownership in the cryptocurrency ecosystem.

  PublisherOA PDFDOI

• PROF: Protected Order Flow in a Profit-Seeking World

  arXiv (Cornell University) · 2024-08-05 · 1 citations

  preprintOpen accessSenior author

  Users of decentralized finance (DeFi) applications face significant risks from adversarial actions that manipulate the order of transactions to extract value from users. Such actions -- an adversarial form of what is called maximal-extractable value (MEV) -- impact both individual outcomes and the stability of the DeFi ecosystem. MEV exploitation, moreover, is being institutionalized through an architectural paradigm known Proposer-Builder Separation (PBS). This work introduces a system called PROF (PRotected Order Flow) that is designed to limit harmful forms of MEV in existing PBS systems. PROF aims at this goal using two ideas. First, PROF imposes an ordering on a set ("bundle") of privately input transactions and enforces that ordering all the way through to block production -- preventing transaction-order manipulation. Second, PROF creates bundles whose inclusion is profitable to block producers, thereby ensuring that bundles see timely inclusion in blocks. PROF is backward-compatible, meaning that it works with existing and future PBS designs. PROF is also compatible with any desired algorithm for ordering transactions within a PROF bundle (e.g., first-come, first-serve, fee-based, etc.). It executes efficiently, i.e., with low latency, and requires no additional trust assumptions among PBS entities. We quantitatively and qualitatively analyze incentive structure of PROF, and its utility to users compared with existing solutions. We also report on inclusion likelihood of PROF transactions, and concrete latency numbers through our end-to-end implementation.

  PublisherOA PDFDOI

• Complete Knowledge: Preventing Encumbrance of Cryptographic Secrets

  2024-12-02 · 4 citations

  articleOpen accessSenior author

  Most cryptographic protocols model a player's knowledge of secrets in a simple way. Informally, the player knows a secret in the sense that she can directly furnish it as a (private) input to a protocol, e.g., to digitally sign a message.

  PublisherOA PDFDOI

• Props for Machine-Learning Security

  arXiv (Cornell University) · 2024-10-27

  preprintOpen access1st authorCorresponding

  We propose protected pipelines or props for short, a new approach for authenticated, privacy-preserving access to deep-web data for machine learning (ML). By permitting secure use of vast sources of deep-web data, props address the systemic bottleneck of limited high-quality training data in ML development. Props also enable privacy-preserving and trustworthy forms of inference, allowing for safe use of sensitive data in ML applications. Props are practically realizable today by leveraging privacy-preserving oracle systems initially developed for blockchain applications.

  PublisherOA PDFDOI

• Strategic Latency Reduction in Blockchain Peer-to-Peer Networks

  ACM SIGMETRICS Performance Evaluation Review · 2023-06-26 · 6 citations

  articleSenior author

  Most permissionless blockchain networks run on peer-to-peer (P2P) networks, which offer flexibility and decentralization at the expense of performance (e.g., network latency). Historically, this tradeoff has not been a bottleneck for most blockchains. However, an emerging host of blockchain-based applications (e.g., decentralized finance) are increasingly sensitive to latency; users who can reduce their network latency relative to other users can accrue (sometimes significant) financial gains. In this work, we initiate the study of strategic latency reduction in blockchain P2P networks. We first define two classes of latency that are of interest in blockchain applications. We then show empirically that a strategic agent who controls only their local peering decisions can manipulate both types of latency, achieving 60% of the global latency gains provided by the centralized, paid service bloXroute, or, in targeted scenarios, comparable gains. Finally, we show that our results are not due to the poor design of existing P2P networks. Under a simple network model, we theoretically prove that an adversary can always manipulate the P2P network's latency to their advantage, provided the network experiences sufficient peer churn and transaction activity.

  PublisherDOI

Recent grants

• TTP: Medium: Democratizing Secure Password Management

  NSF · $1.2M · 2016–2020

• TWC: Medium: Collaborative: Distribution-Sensitive Cryptography

  NSF · $800k · 2015–2019

• NSF-BSF: SaTC: CORE: Small: Blockchain Fairness

  NSF · $500k · 2019–2022

• SaTC: CORE: Medium: Proactive and Reactive Mechanisms for Safer Smart Contracts

  NSF · $1.2M · 2017–2022

Frequent coauthors

• Florian Tramèr

  39 shared

• Yan Ji

  Cornell University

  26 shared

• Fan Zhang

  Yale University

  26 shared

• Thomas Ristenpart

  Cornell University

  24 shared

• Philip Daian

  Cornell University

  23 shared

• Giulia Fanti

  22 shared

• Andrew H. Miller

  Emory University

  19 shared

• Terry Benzel

  Institute of Electrical and Electronics Engineers

  18 shared