Coalition-safe equilibria with virtual payoffs

Consider a set of participants invited to execute a protocol Π. The protocol will incur some cost to run while in the end (or at regular intervals), it will populate and update local bookkeeping tables that assign virtual rewards to participants. Each participant aspires to offset the costs of participation by these virtual payoffs that are provided in the course of the protocol and are assumed to be accepted as forms of payment. In this setting, we introduce and study a notion of coalition-safe equilibria. In particular, we consider a strategic coalition of participants that is centrally coordinated and potentially deviates from Π with the objective to increase its utility with respect to the view of at least one of the other participants. The protocol Π is called a coalition-safe equilibrium with virtual payoffs (EVP) if no such protocol deviation exists. We apply our notion to study incentives in blockchain protocols. Compared to prior work, our framework has the advantages that it simultaneously (i) takes into account that each participant may have a divergent view of the rewards given to the other participants, as the reward mechanism employed is subject to consensus among participants (and our notion is well defined independently of whether the underlying protocol achieves consensus or not) (ii) accounts for the stochastic nature of these protocols by enforcing the equilibrium condition to hold with overwhelming probability. We use our framework to provide a unified picture of incentives in the Bitcoin blockchain, for absolute and relative rewards based utility functions. Importantly, we prove that organizing all miners into a single dictatorial pool is an EVP in the setting of non-zero transaction verification costs for coalitions of up to n - 1 participants. In addition we prove novel results regarding incentives of the Fruitchain blockchain protocol [PODC 2017] showing that the equilibrium condition holds for coalitions up to n - 1 participants for absolute rewards based utility functions and less than n/2 for relative rewards based utility functions, with the latter result holding for any "weakly fair" blockchain protocol, a new property that we introduce and may be of independent interest.

[1]  Danny Dolev,et al.  An almost-surely terminating polynomial protocol for asynchronous byzantine agreement with optimal resilience , 2008, PODC '08.

[2]  R. Trost,et al.  What is “Incentive Compatibility”? , 1999 .

[3]  Ran Canetti,et al.  Security and Composition of Multiparty Cryptographic Protocols , 2000, Journal of Cryptology.

[4]  Jason Teutsch,et al.  Demystifying Incentives in the Consensus Computer , 2015, CCS.

[5]  Ittai Abraham,et al.  Distributed computing meets game theory: combining insights from two fields , 2011, SIGA.

[6]  Hubert Ritzdorf,et al.  On the Security and Performance of Proof of Work Blockchains , 2016, IACR Cryptol. ePrint Arch..

[7]  Joseph Farrell Cheap Talk, Coordination, and Entry , 1987 .

[8]  Ueli Maurer,et al.  Rational Protocol Design: Cryptography against Incentive-Driven Adversaries , 2013, 2013 IEEE 54th Annual Symposium on Foundations of Computer Science.

[9]  Jonathan Katz,et al.  Byzantine Agreement with a Rational Adversary , 2012, ICALP.

[10]  Aggelos Kiayias,et al.  Ouroboros: A Provably Secure Proof-of-Stake Blockchain Protocol , 2017, CRYPTO.

[11]  Dino Gerardi,et al.  Unmediated Communication in Games with Complete and Incomplete Information , 2002, J. Econ. Theory.

[12]  Danny Dolev,et al.  Distributed computing meets game theory: robust mechanisms for rational secret sharing and multiparty computation , 2006, PODC '06.

[13]  Ronald L. Rivest,et al.  Time-lock Puzzles and Timed-release Crypto , 1996 .

[14]  Elaine Shi,et al.  FruitChains: A Fair Blockchain , 2017, IACR Cryptol. ePrint Arch..

[15]  Joseph Y. Halpern,et al.  Rational Consensus: Extended Abstract , 2016, PODC.

[16]  José Enrique Vila,et al.  Unmediated communication in repeated games with imperfect monitoring , 2004, Games Econ. Behav..

[17]  S. Matthew Weinberg,et al.  On the Instability of Bitcoin Without the Block Reward , 2016, CCS.

[18]  Christophe Bisière,et al.  The Blockchain Folk Theorem , 2018, The Review of Financial Studies.

[19]  Yoad Lewenberg,et al.  Inclusive Block Chain Protocols , 2015, Financial Cryptography.

[20]  Fred B. Schneider,et al.  Implementing fault-tolerant services using the state machine approach: a tutorial , 1990, CSUR.

[21]  Stefan Savage,et al.  A fistful of bitcoins: characterizing payments among men with no names , 2013, Internet Measurement Conference.

[22]  Sara Tucci Piergiovanni,et al.  On the Bitcoin Limitations to Deliver Fairness to Users , 2017, OTM Conferences.

[23]  Adi Shamir,et al.  Quantitative Analysis of the Full Bitcoin Transaction Graph , 2013, Financial Cryptography.

[24]  Ghassan O. Karame,et al.  Toward Fairness of Cryptocurrency Payments , 2016, IEEE Security & Privacy.

[25]  Sahadeo Padhye,et al.  Hash Function , 2018, Introduction to Cryptography.

[26]  A. W. Tucker,et al.  Contributions to the theory of games (AM-40) , 1959 .

[27]  S. Matthew Weinberg,et al.  Bitcoin: A Natural Oligopoly , 2018, ITCS.

[28]  Anna Lysyanskaya,et al.  Rationality and Adversarial Behavior in Multi-party Computation , 2006, CRYPTO.

[29]  Jared Saia,et al.  Scalable rational secret sharing , 2011, PODC '11.

[30]  Ghassan O. Karame,et al.  Is Bitcoin a Decentralized Currency? , 2014, IEEE Security & Privacy.

[31]  Suguman Bansal Reasoning about Incentive Compatibility , 2016 .

[32]  J. Sobel,et al.  STRATEGIC INFORMATION TRANSMISSION , 1982 .

[33]  Abhi Shelat,et al.  Analysis of the Blockchain Protocol in Asynchronous Networks , 2017, EUROCRYPT.

[34]  Abhi Shelat,et al.  Completely fair SFE and coalition-safe cheap talk , 2004, PODC '04.

[35]  Ittay Eyal,et al.  The Gap Game , 2018, CCS.

[36]  Leslie Lamport,et al.  The Byzantine Generals Problem , 1982, TOPL.

[37]  Moni Naor,et al.  Pricing via Processing or Combatting Junk Mail , 1992, CRYPTO.

[38]  Michael Dahlin,et al.  BAR fault tolerance for cooperative services , 2005, SOSP '05.

[39]  Ari Juels,et al.  SquirRL: Automating Attack Discovery on Blockchain Incentive Mechanisms with Deep Reinforcement Learning , 2019, ArXiv.

[40]  Joseph Y. Halpern,et al.  Game theory with costly computation: formulation and application to protocol security , 2010, ICS.

[41]  Aggelos Kiayias,et al.  Blockchain Mining Games , 2016, EC.

[42]  Jonathan Katz,et al.  Fair Computation with Rational Players , 2012, EUROCRYPT.

[43]  Emin Gün Sirer,et al.  Majority Is Not Enough: Bitcoin Mining Is Vulnerable , 2013, Financial Cryptography.

[44]  Aggelos Kiayias,et al.  The Bitcoin Backbone Protocol: Analysis and Applications , 2015, EUROCRYPT.

[45]  Tim Roughgarden,et al.  Algorithmic Game Theory , 2007 .

[46]  Jonathan Katz,et al.  Incentivizing Blockchain Forks via Whale Transactions , 2017, Financial Cryptography Workshops.

[47]  Elaine Shi,et al.  Snow White: Provably Secure Proofs of Stake , 2016, IACR Cryptol. ePrint Arch..

[48]  M. Whinston,et al.  Coalition-Proof Nash Equilibria I. Concepts , 1987 .

[49]  Joseph Bonneau,et al.  Why Buy When You Can Rent? - Bribery Attacks on Bitcoin-Style Consensus , 2016, Financial Cryptography Workshops.

[50]  Stefanos Leonardos,et al.  PREStO: A Systematic Framework for Blockchain Consensus Protocols , 2019, IEEE Transactions on Engineering Management.

[51]  Danny Dolev,et al.  Distributed Protocols for Leader Election: A Game-Theoretic Perspective , 2013, DISC.

[52]  Aviv Zohar,et al.  Optimal Selfish Mining Strategies in Bitcoin , 2015, Financial Cryptography.

[53]  Aviv Zohar,et al.  On bitcoin and red balloons , 2012, EC '12.

[54]  Tim Roughgarden,et al.  Transaction Fee Mechanism Design for the Ethereum Blockchain: An Economic Analysis of EIP-1559 , 2020, ArXiv.

[55]  Ran Canetti,et al.  Universally composable security: a new paradigm for cryptographic protocols , 2001, Proceedings 2001 IEEE International Conference on Cluster Computing.

[56]  Kartik Nayak,et al.  Stubborn Mining: Generalizing Selfish Mining and Combining with an Eclipse Attack , 2016, 2016 IEEE European Symposium on Security and Privacy (EuroS&P).

[57]  Iddo Bentov,et al.  Tortoise and Hares Consensus: the Meshcash Framework for Incentive-Compatible, Scalable Cryptocurrencies , 2017, IACR Cryptol. ePrint Arch..

[58]  S. Nakamoto Bitcoin: A Peer-to-Peer Electronic Cash System , 2008 .

[59]  Ueli Maurer,et al.  Universally Composable Synchronous Computation , 2013, TCC.

[60]  Cyril Grunspan,et al.  On profitability of selfish mining , 2018, ArXiv.

[61]  Joshua A. Kroll,et al.  The Economics of Bitcoin Mining, or Bitcoin in the Presence of Adversaries , 2013 .

[62]  Yoav Shoham,et al.  Essentials of Game Theory: A Concise Multidisciplinary Introduction , 2008, Essentials of Game Theory: A Concise Multidisciplinary Introduction.

[63]  Jonathan Katz,et al.  Bridging Game Theory and Cryptography: Recent Results and Future Directions , 2008, TCC.

[64]  Ying-Chang Liang,et al.  A Survey on Applications of Game Theory in Blockchain , 2019, ArXiv.

[65]  Aggelos Kiayias,et al.  Reward Sharing Schemes for Stake Pools , 2018, 2020 IEEE European Symposium on Security and Privacy (EuroS&P).

[66]  Kartik Nayak,et al.  Solidus: An Incentive-compatible Cryptocurrency Based on Permissionless Byzantine Consensus , 2016, ArXiv.

[67]  Georg Fuchsbauer,et al.  Efficient Rational Secret Sharing in Standard Communication Networks , 2010, IACR Cryptol. ePrint Arch..

[68]  Ueli Maurer,et al.  But Why does it Work? A Rational Protocol Design Treatment of Bitcoin , 2018, IACR Cryptol. ePrint Arch..

[69]  Nikos Leonardos,et al.  Oceanic Games: Centralization Risks and Incentives in Blockchain Mining , 2019, MARBLE.

[70]  Amos Fiat,et al.  Energy Equilibria in Proof-of-Work Mining , 2019, EC.

[71]  Nikita Borisov,et al.  SmartCast: An Incentive Compatible Consensus Protocol Using Smart Contracts , 2017, Financial Cryptography Workshops.