Ergodic mean-payo games for the analysis of attacks in crypto-currencies

Crypto-currencies are digital assets designed to work as a medium of exchange, e.g., Bitcoin, but they are susceptible to attacks (dishonest behavior of participants). A framework for the analysis of attacks in crypto-currencies requires (a) modeling of game-theoretic aspects to analyze incentives for deviation from honest behavior; (b) concurrent interactions between participants; and (c) analysis of long-term monetary gains. Traditional game-theoretic approaches for the analysis of security protocols consider either qualitative temporal properties such as safety and termination, or the very special class of one-shot (stateless) games. However, to analyze general attacks on protocols for crypto-currencies, both stateful analysis and quantitative objectives are necessary. In this work our main contributions are as follows: (a) we show how a class of concurrent mean-payo games, namely ergodic games, can model various attacks that arise naturally in crypto-currencies; (b) we present the first practical implementation of algorithms for ergodic games that scales to model realistic problems for crypto-currencies; and (c) we present experimental results showing that our framework can handle games with thousands of states and millions of transitions

KRNC: New Foundations for Permissionless Byzantine Consensus and Global Monetary Stability

This paper applies biomimetic engineering to the problem of permissionless Byzantine consensus and achieves results that surpass the prior state of the art by four orders of magnitude. It introduces a biologically inspired asymmetric Sybil-resistance mechanism, Proof-of-Balance, which can replace symmetric Proof-of-Work and Proof-of-Stake weighting schemes. The biomimetic mechanism is incorporated into a permissionless blockchain protocol, Key Retroactivity Network Consensus ("KRNC"), which delivers ~40,000 times the security and speed of today's decentralized ledgers. KRNC allows the fiat money that the public already owns to be upgraded with cryptographic inflation protection, eliminating the problems inherent in bootstrapping new currencies like Bitcoin and Ethereum. The paper includes two independently significant contributions to the literature. First, it replaces the non-structural axioms invoked in prior work with a new formal method for reasoning about trust, liveness, and safety from first principles. Second, it demonstrates how two previously overlooked exploits, book-prize attacks and pseudo-transfer attacks, collectively undermine the security guarantees of all prior permissionless ledgers.Comment: 104 page

A Game-theoretic Approach for Provably-Uniform Random Number Generation in Decentralized Networks

Many protocols in distributed computing rely on a source of randomness, usually called a random beacon, both for their applicability and security. This is especially true for proof-of-stake blockchain protocols in which the next miner or set of miners have to be chosen randomly and each party's likelihood to be selected is in proportion to their stake in the cryptocurrency. Current random beacons used in proof-of-stake protocols, such as Ouroboros and Algorand, have two fundamental limitations: Either (i)~they rely on pseudorandomness, e.g.~assuming that the output of a hash function is uniform, which is a widely-used but unproven assumption, or (ii)~they generate their randomness using a distributed protocol in which several participants are required to submit random numbers which are then used in the generation of a final random result. However, in this case, there is no guarantee that the numbers provided by the parties are uniformly random and there is no incentive for the parties to honestly generate uniform randomness. Most random beacons have both limitations. In this thesis, we provide a protocol for distributed generation of randomness. Our protocol does not rely on pseudorandomness at all. Similar to some of the previous approaches, it uses random inputs by different participants to generate a final random result. However, the crucial difference is that we provide a game-theoretic guarantee showing that it is in everyone's best interest to submit uniform random numbers. Hence, our approach is the first to incentivize honest behavior instead of just assuming it. Moreover, the approach is trustless and generates unbiased random numbers. It is also tamper-proof and no party can change the output or affect its distribution. Finally, it is designed with modularity in mind and can be easily plugged into existing distributed protocols such as proof-of-stake blockchains.Comment: 36 pages excluding reference. Game-theoretic Randomness for Proof-of-Stake in MARBLE (2023

The Miner’s Dilemma With Migration: The Control Effect of Solo-Mining

We consider the “block withholding attack” as introduced by Eyal, where mining pools may infiltrate others to decrease their revenues. However, when two mining pools attack each other and neither controls a strict majority, the so-called miner’s dilemma arises. Both pools are worse off than without an attack. Knowing this, pools may make implicit non-attack agreements. Having said this, the miner’s dilemma is known to emerge only if no pool controls the majority of the mining power. In this work, we allow for miner migration and show that the miner’s dilemma emerges even for pools whose mining power exceeds 50%. We construct a game, where two mining pools attack each other and use simulation analysis methods to analyze the evolution the pools’ mining power, infiltration preferences and revenue densities under the influence of different mining pool sizes and miner migration preferences. The results show that underlying game experiences a phase transition fueled by miners’ migration preference. Without migration, it is profitable for a large mining pool to attack the other pool. The higher the migration preference of the miners, the more the game transitions into the miner’s dilemma and attacking makes both pools worse off. In a second step, we introduce solo-mining into the system. Introducing solo-mining cannot prevent the miner’s dilemma, however, it improves the efficiency of the mining process as the infiltration preferences of the mining pools are lowered. Thus, solo-mining has a control effect on the miner’s dilemma by keeping the infiltration preference below a certain threshold

The Impatient May Use Limited Optimism to Minimize Regret

Discounted-sum games provide a formal model for the study of reinforcement learning, where the agent is enticed to get rewards early since later rewards are discounted. When the agent interacts with the environment, she may regret her actions, realizing that a previous choice was suboptimal given the behavior of the environment. The main contribution of this paper is a PSPACE algorithm for computing the minimum possible regret of a given game. To this end, several results of independent interest are shown. (1) We identify a class of regret-minimizing and admissible strategies that first assume that the environment is collaborating, then assume it is adversarial---the precise timing of the switch is key here. (2) Disregarding the computational cost of numerical analysis, we provide an NP algorithm that checks that the regret entailed by a given time-switching strategy exceeds a given value. (3) We show that determining whether a strategy minimizes regret is decidable in PSPACE

Hybrid Mining: Exploiting blockchain’s computational power for distributed problem solving

In today's cryptocurrencies, Hashcash proof of work is the most commonly-adopted approach to mining. In Hashcash, when a miner decides to add a block to the chain, she has to solve the difficult computational puzzle of inverting a hash function. While Hashcash has been successfully adopted in both Bitcoin and Ethereum, it has attracted significant and harsh criticism due to its massive waste of electricity, its carbon footprint and environmental effects, and the inherent lack of usefulness in inverting a hash function. Various other mining protocols have been suggested, including proof of stake, in which a miner's chance of adding the next block is proportional to her current balance. However, such protocols lead to a higher entry cost for new miners who might not still have any stake in the cryptocurrency, and can in the worst case lead to an oligopoly, where the rich have complete control over mining. In this paper, we propose Hybrid Mining: a new mining protocol that combines solving real-world useful problems with Hashcash. Our protocol allows new miners to join the network by taking part in Hashcash mining without having to own an initial stake. It also allows nodes of the network to submit hard computational problems whose solutions are of interest in the real world, e.g.~protein folding problems. Then, miners can choose to compete in solving these problems, in lieu of Hashcash, for adding a new block. Hence, Hybrid Mining incentivizes miners to solve useful problems, such as hard computational problems arising in biology, in a distributed manner. It also gives researchers in other areas an easy-to-use tool to outsource their hard computations to the blockchain network, which has enormous computational power, by paying a reward to the miner who solves the problem for them. Moreover, our protocol provides strong security guarantees and is at least as resilient to double spending as Bitcoin

The miner’s dilemma with migration : the control effect of solo-mining

We consider the “block withholding attack” as introduced by Eyal, where mining pools may infiltrate others to decrease their revenues. However, when two mining pools attack each other and neither controls a strict majority, the so-called miner’s dilemma arises. Both pools are worse off than without an attack. Knowing this, pools may make implicit non-attack agreements. Having said this, the miner’s dilemma is known to emerge only if no pool controls the majority of the mining power. In this work, we allow for miner migration and show that the miner’s dilemma emerges even for pools whose mining power exceeds 50%. We construct a game, where two mining pools attack each other and use simulation analysis methods to analyze the evolution the pools’ mining power, infiltration preferences and revenue densities under the influence of different mining pool sizes and miner migration preferences. The results show that underlying game experiences a phase transition fueled by miners’ migration preference. Without migration, it is profitable for a large mining pool to attack the other pool. The higher the migration preference of the miners, the more the game transitions into the miner’s dilemma and attacking makes both pools worse off. In a second step, we introduce solo-mining into the system. Introducing solo-mining cannot prevent the miner’s dilemma, however, it improves the efficiency of the mining process as the infiltration preferences of the mining pools are lowered. Thus, solo-mining has a control effect on the miner’s dilemma by keeping the infiltration preference below a certain threshold

Lazy Contracts: Alleviating High Gas Costs by Secure and Trustless Off-chain Execution of Smart Contracts

Smart contracts are programs that are executed on the blockchain and can hold, manage and transfer assets in the form of cryptocurrencies. The contract's execution is then performed on-chain and is subject to consensus, i.e. every node on the blockchain network has to run the function calls and keep track of their side-effects. In most programmable blockchains, such as Ethereum, the notion of gas is introduced to prevent DoS attacks by malicious parties who might try to slow down the network by performing heavy computations. A fixed cost to each atomic operation, and the initiator of a function call pays the total gas cost as a transaction fee. This helps prevent DoS attacks, but the resulting fees are extremely high. For example, in 2022, on Ethereum alone, there has been a total gas usage of 1.77 Million ETH ~ 4.3 Billion USD. This thesis proposes "lazy contracts" as a solution to alleviate these costs. Our solution moves most of the computation off-chain, ensuring that each function call incurs only a tiny amount of gas usage, while preserving enough data on-chain to guarantee an implicit consensus about the state of the contract variables and ownership of funds. A complete on-chain execution of the functions will only be triggered in case two parties to the contract are in disagreement about the current state, which in turn can only happen if at least one party is dishonest. In such cases, our protocol can identify the dishonest party and penalize them by having them pay for the entire gas usage. Hence, no rational party has an incentive to act dishonestly. Finally, we perform extensive experiments over 160,735 real-world Solidity contracts that were involved in 9,055,492 transactions in January 2022--January 2023 on Ethereum and show that our approach reduces the overall gas usage by 55.4%, which amounts to an astounding saving of 109.9 Million USD in gas fees.Comment: 60 pages, 10 figure