Coalition-Safe Equilibria with Virtual Payoffs

Consider a set of parties invited to execute a protocol $\Pi$. The protocol will incur some cost to run while in the end (or at regular intervals), it will populate and update local tables that assign (virtual) rewards to participants. Each participant aspires to offset the costs of participation by these virtual payoffs that are provided in the course of the protocol. In this setting, we introduce and study a notion of coalition-safe equilibrium. In particular, we consider a strategic coalition of participants that is centrally coordinated and potentially deviates from $\Pi$ with the objective to increase its utility with respect to the view of {\em at least one} of the other participants. The protocol $\Pi$ is called a coalition-safe equilibrium with virtual payoffs (EVP) if no such protocol deviation exists. We apply our notion to study incentives in blockchain protocols. We proceed to use our framework to provide a unified picture of incentives in the Bitcoin blockchain, for absolute and relative rewards based utility functions, as well as prove novel results regarding incentives of the Fruitchain blockchain protocol [PODC 2017] showing that the equilibrium condition holds for collusions up to $n-1$ players for absolute rewards based utility functions and less than $n/2$ for relative rewards based utility functions, with the latter result holding for any "weakly fair" blockchain protocol, a new property that we introduce and may be of independent interest.

[1]  Jonathan Katz,et al.  Byzantine Agreement with a Rational Adversary , 2012, ICALP.

[2]  Jonathan Katz,et al.  Incentivizing Blockchain Forks via Whale Transactions , 2017, Financial Cryptography Workshops.

[3]  Elaine Shi,et al.  FruitChains: A Fair Blockchain , 2017, IACR Cryptol. ePrint Arch..

[4]  Joseph Bonneau,et al.  Why Buy When You Can Rent? - Bribery Attacks on Bitcoin-Style Consensus , 2016, Financial Cryptography Workshops.

[5]  Ittay Eyal,et al.  The Gap Game , 2018, SYSTOR.

[6]  Aggelos Kiayias,et al.  The Bitcoin Backbone Protocol: Analysis and Applications , 2015, EUROCRYPT.

[7]  Abhi Shelat,et al.  Completely fair SFE and coalition-safe cheap talk , 2004, PODC '04.

[8]  Fred B. Schneider,et al.  Implementing fault-tolerant services using the state machine approach: a tutorial , 1990, CSUR.

[9]  S. Matthew Weinberg,et al.  On the Instability of Bitcoin Without the Block Reward , 2016, CCS.

[10]  Danny Dolev,et al.  An almost-surely terminating polynomial protocol for asynchronous byzantine agreement with optimal resilience , 2008, PODC '08.

[11]  J. Sobel,et al.  STRATEGIC INFORMATION TRANSMISSION , 1982 .

[12]  Ghassan O. Karame,et al.  Toward Fairness of Cryptocurrency Payments , 2016, IEEE Security & Privacy.

[13]  Danny Dolev,et al.  Distributed computing meets game theory: robust mechanisms for rational secret sharing and multiparty computation , 2006, PODC '06.

[14]  Ran Canetti,et al.  Universally composable security: a new paradigm for cryptographic protocols , 2001, Proceedings 2001 IEEE International Conference on Cluster Computing.

[15]  M. Whinston,et al.  Coalition-Proof Nash Equilibria I. Concepts , 1987 .

[16]  Ari Juels,et al.  SquirRL: Automating Attack Discovery on Blockchain Incentive Mechanisms with Deep Reinforcement Learning , 2019, Proceedings 2021 Network and Distributed System Security Symposium.

[17]  Stefanos Leonardos,et al.  PREStO: A Systematic Framework for Blockchain Consensus Protocols , 2019, IEEE Transactions on Engineering Management.

[18]  José Enrique Vila,et al.  Unmediated communication in repeated games with imperfect monitoring , 2004, Games Econ. Behav..

[19]  Moni Naor,et al.  Pricing via Processing or Combatting Junk Mail , 1992, CRYPTO.

[20]  Ronald L. Rivest,et al.  Time-lock Puzzles and Timed-release Crypto , 1996 .

[21]  Ueli Maurer,et al.  But Why does it Work? A Rational Protocol Design Treatment of Bitcoin , 2018, IACR Cryptol. ePrint Arch..

[22]  Kartik Nayak,et al.  Solidus: An Incentive-compatible Cryptocurrency Based on Permissionless Byzantine Consensus , 2016, ArXiv.

[23]  Christophe Bisière,et al.  The Blockchain Folk Theorem , 2018, The Review of Financial Studies.

[24]  Emin Gün Sirer,et al.  Majority Is Not Enough: Bitcoin Mining Is Vulnerable , 2013, Financial Cryptography.

[25]  Nikita Borisov,et al.  SmartCast: An Incentive Compatible Consensus Protocol Using Smart Contracts , 2017, Financial Cryptography Workshops.

[26]  Kartik Nayak,et al.  Stubborn Mining: Generalizing Selfish Mining and Combining with an Eclipse Attack , 2016, 2016 IEEE European Symposium on Security and Privacy (EuroS&P).

[27]  Abhi Shelat,et al.  Analysis of the Blockchain Protocol in Asynchronous Networks , 2017, EUROCRYPT.

[28]  Ran Canetti,et al.  Security and Composition of Multiparty Cryptographic Protocols , 2000, Journal of Cryptology.

[29]  Hubert Ritzdorf,et al.  On the Security and Performance of Proof of Work Blockchains , 2016, IACR Cryptol. ePrint Arch..

[30]  Joseph Farrell Cheap Talk, Coordination, and Entry , 1987 .

[31]  Iddo Bentov,et al.  Tortoise and Hares Consensus: the Meshcash Framework for Incentive-Compatible, Scalable Cryptocurrencies , 2017, IACR Cryptol. ePrint Arch..

[32]  Stefan Savage,et al.  A fistful of bitcoins: characterizing payments among men with no names , 2013, Internet Measurement Conference.

[33]  Joseph Y. Halpern,et al.  Rational Consensus: Extended Abstract , 2016, PODC.

[34]  Amos Fiat,et al.  Energy Equilibria in Proof-of-Work Mining , 2019, EC.

[35]  Georg Fuchsbauer,et al.  Efficient Rational Secret Sharing in Standard Communication Networks , 2010, IACR Cryptol. ePrint Arch..

[36]  Jason Teutsch,et al.  Demystifying Incentives in the Consensus Computer , 2015, CCS.

[37]  Joshua A. Kroll,et al.  The Economics of Bitcoin Mining, or Bitcoin in the Presence of Adversaries , 2013 .

[38]  Aggelos Kiayias,et al.  Ouroboros: A Provably Secure Proof-of-Stake Blockchain Protocol , 2017, CRYPTO.

[39]  Dino Gerardi,et al.  Unmediated Communication in Games with Complete and Incomplete Information , 2002, J. Econ. Theory.

[40]  Jonathan Katz,et al.  Fair Computation with Rational Players , 2012, EUROCRYPT.

[41]  Leslie Lamport,et al.  The Byzantine Generals Problem , 1982, TOPL.

[42]  Aggelos Kiayias,et al.  Blockchain Mining Games , 2016, EC.

[43]  Elaine Shi,et al.  Snow White: Provably Secure Proofs of Stake , 2016, IACR Cryptol. ePrint Arch..

[44]  Danny Dolev,et al.  Distributed Protocols for Leader Election , 2013, DISC.

[45]  Aviv Zohar,et al.  Optimal Selfish Mining Strategies in Bitcoin , 2015, Financial Cryptography.

[46]  Jonathan Katz,et al.  Bridging Game Theory and Cryptography: Recent Results and Future Directions , 2008, TCC.

[47]  Ueli Maurer,et al.  Universally Composable Synchronous Computation , 2013, TCC.

[48]  Sara Tucci Piergiovanni,et al.  On the Bitcoin Limitations to Deliver Fairness to Users , 2017, OTM Conferences.

[49]  Adi Shamir,et al.  Quantitative Analysis of the Full Bitcoin Transaction Graph , 2013, Financial Cryptography.

[50]  Jared Saia,et al.  Scalable rational secret sharing , 2011, PODC '11.

[51]  Joseph Y. Halpern,et al.  Game theory with costly computation: formulation and application to protocol security , 2010, ICS.

[52]  Yoad Lewenberg,et al.  Inclusive Block Chain Protocols , 2015, Financial Cryptography.

[53]  Ittai Abraham,et al.  Distributed computing meets game theory: combining insights from two fields , 2011, SIGA.

[54]  Ari Juels,et al.  $evwu Dfw , 1998 .

[55]  Ueli Maurer,et al.  Rational Protocol Design: Cryptography against Incentive-Driven Adversaries , 2013, 2013 IEEE 54th Annual Symposium on Foundations of Computer Science.

[56]  Michael Dahlin,et al.  BAR fault tolerance for cooperative services , 2005, SOSP '05.