Majority is not Enough: Bitcoin Mining is Vulnerable

The Bitcoin cryptocurrency records its transactions in a public log called the blockchain. Its security rests critically on the distributed protocol that maintains the blockchain, run by participants called miners. Conventional wisdom asserts that the protocol is incentive-compatible and secure against colluding minority groups, i.e., it incentivizes miners to follow the protocol as prescribed. We show that the Bitcoin protocol is not incentive-compatible. We present an attack with which colluding miners obtain a revenue larger than their fair share. This attack can have significant consequences for Bitcoin: Rational miners will prefer to join the selfish miners, and the colluding group will increase in size until it becomes a majority. At this point, the Bitcoin system ceases to be a decentralized currency. Selfish mining is feasible for any group size of colluding miners. We propose a practical modification to the Bitcoin protocol that protects against selfish mining pools that command less than 1/4 of the resources. This threshold is lower than the wrongly assumed 1/2 bound, but better than the current reality where a group of any size can compromise the system

Dragoon: Private Decentralized HITs Made Practical

With the rapid popularity of blockchain, decentralized human intelligence tasks (HITs) are proposed to crowdsource human knowledge without relying on vulnerable third-party platforms. However, the inherent limits of blockchain cause decentralized HITs to face a few "new" challenges. For example, the confidentiality of solicited data turns out to be the sine qua non, though it was an arguably dispensable property in the centralized setting. To ensure the "new" requirement of data privacy, existing decentralized HITs use generic zero-knowledge proof frameworks (e.g. SNARK), but scarcely perform well in practice, due to the inherently expensive cost of generality. We present a practical decentralized protocol for HITs, which also achieves the fairness between requesters and workers. At the core of our contributions, we avoid the powerful yet highly-costly generic zk-proof tools and propose a special-purpose scheme to prove the quality of encrypted data. By various non-trivial statement reformations, proving the quality of encrypted data is reduced to efficient verifiable decryption, thus making decentralized HITs practical. Along the way, we rigorously define the ideal functionality of decentralized HITs and then prove the security due to the ideal-real paradigm. We further instantiate our protocol to implement a system called Dragoon, an instance of which is deployed atop Ethereum to facilitate an image annotation task used by ImageNet. Our evaluations demonstrate its practicality: the on-chain handling cost of Dragoon is even less than the handling fee of Amazon's Mechanical Turk for the same ImageNet HIT.Comment: small differences from a version accepted to appear in ICDCS 2020 (to fix a minor bug

How to Incentivize Data-Driven Collaboration Among Competing Parties

The availability of vast amounts of data is changing how we can make medical discoveries, predict global market trends, save energy, and develop educational strategies. In some settings such as Genome Wide Association Studies or deep learning, sheer size of data seems critical. When data is held distributedly by many parties, they must share it to reap its full benefits. One obstacle to this revolution is the lack of willingness of different parties to share data, due to reasons such as loss of privacy or competitive edge. Cryptographic works address privacy aspects, but shed no light on individual parties' losses/gains when access to data carries tangible rewards. Even if it is clear that better overall conclusions can be drawn from collaboration, are individual collaborators better off by collaborating? Addressing this question is the topic of this paper. * We formalize a model of n-party collaboration for computing functions over private inputs in which participants receive their outputs in sequence, and the order depends on their private inputs. Each output "improves" on preceding outputs according to a score function. * We say a mechanism for collaboration achieves collaborative equilibrium if it ensures higher reward for all participants when collaborating (rather than working alone). We show that in general, computing a collaborative equilibrium is NP-complete, yet we design efficient algorithms to compute it in a range of natural model settings. Our collaboration mechanisms are in the standard model, and thus require a central trusted party; however, we show this assumption is unnecessary under standard cryptographic assumptions. We show how to implement the mechanisms in a decentralized way with new extensions of secure multiparty computation that impose order/timing constraints on output delivery to different players, as well as privacy and correctness

The Streisand effect and censorship backfire

Barbra Streisand\u27s attempt to restrict online views of her residence on a public website had the paradoxical effect of leading to many more views than if she had done nothing. Subsequently, attempts at censorship that end up being counterproductive have been dubbed the Streisand effect. To better understand the dynamics of the Streisand effect, we examine five tactics used by censors to reduce outrage from their actions: (1) hiding the existence of censorship; (2) devaluing targets of censorship; (3) reinterpreting actions by lying, minimizing consequences, blaming others, and using benign framing; (4) using official channels to give an appearance of justice; and (5) intimidating opponents. Within this framework, the Streisand effect can be understood as a special outcome of censorship attempts, one in which the methods used to reduce outrage did not succeed

Patenting in the Shadow of Independent Discoveries by Rivals

This paper studies the decision of whether to apply for a patent in a dynamic model in which firms innovate stochastically and independently. In the model, a firm can choose between patenting and maintaining secrecy to protect a successful innovation. I consider a legal environment characterized by imperfect patent protection and no prior user rights. Thus, patenting grants probabilistic protection, and secrecy is effectively maintained until rivals innovate. I show that (1) firms that innovate early are more inclined to choose secrecy, whereas firms that innovate late have a stronger tendency to patent; (2) the incentives to patent increase with the innovation arrival rate; and (3) an increase in the number of firms may cause patenting to occur earlier or later, depending on the strength of patent protection. The socially optimal level of patent protection, which balances the trade-off between the provision of patenting incentives and the avoidance of deadweight loss caused by a monopoly, is lower with a higher innovation arrival rate or a larger number of firms.Patenting decisions; Patents; Secrecy; Independent discoveries

Crowdsourcing atop blockchains

Traditional crowdsourcing systems, such as Amazon\u27s Mechanical Turk (MTurk), though once acquiring great economic successes, have to fully rely on third-party platforms to serve between the requesters and the workers for basic utilities. These third-parties have to be fully trusted to assist payments, resolve disputes, protect data privacy, manage user authentications, maintain service online, etc. Nevertheless, tremendous real-world incidents indicate how elusive it is to completely trust these platforms in reality, and the reduction of such over-reliance becomes desirable. In contrast to the arguably vulnerable centralized approaches, a public blockchain is a distributed and transparent global consensus computer that is highly robust. The blockchain is usually managed and replicated by a large-scale peer-to-peer network collectively, thus being much more robust to be fully trusted for correctness and availability. It, therefore, becomes enticing to build novel crowdsourcing applications atop blockchains to reduce the over-trust on third-party platforms. However, this new fascinating technology also brings about new challenges, which were never that severe in the conventional centralized setting. The most serious issue is that the blockchain is usually maintained in the public Internet environment with a broader attack surface open to anyone. This not only causes serious privacy and security issues, but also allows the adversaries to exploit the attack surface to hamper more basic utilities. Worse still, most existing blockchains support only light on-chain computations, and the smart contract executed atop the decentralized consensus computer must be simple, which incurs serious feasibility problems. In reality, the privacy/security issue and the feasibility problem even restrain each other and create serious tensions to hinder the broader adoption of blockchain. The dissertation goes through the non-trivial challenges to realize secure yet still practical decentralization (for urgent crowdsourcing use-cases), and lay down the foundation for this line of research. In sum, it makes the next major contributions. First, it identifies the needed security requirements in decentralized knowledge crowdsourcing (e.g., data privacy), and initiates the research of private decentralized crowdsourcing. In particular, the confidentiality of solicited data is indispensable to prevent free-riders from pirating the others\u27 submissions, thus ensuring the quality of solicited knowledge. To this end, a generic private decentralized crowdsourcing framework is dedicatedly designed, analyzed, and implemented. Furthermore, this dissertation leverages concretely efficient cryptographic design to reduce the cost of the above generic framework. It focuses on decentralizing the special use-case of Amazon MTurk, and conducts multiple specific-purpose optimizations to remove needless generality to squeeze performance. The implementation atop Ethereum demonstrates a handling cost even lower than MTurk. In addition, it focuses on decentralized crowdsourcing of computing power for specific machine learning tasks. It lets a requester place deposits in the blockchain to recruit some workers for a designated (randomized) programs. If and only if these workers contribute their resources to compute correctly, they would earn well-deserved payments. For these goals, a simple yet still useful incentive mechanism is developed atop the blockchain to deter rational workers from cheating. Finally, the research initiates the first systematic study on crowdsourcing blockchains\u27 full nodes to assist superlight clients (e.g., mobile phones and IoT devices) to read the blockchain\u27s records. This dissertation presents a novel generic solution through the powerful lens of game-theoretic treatments, which solves the long-standing open problem of designing generic superlight clients for all blockchains

States of Secrecy: An Introduction

International audienceSecrecy became a major research topic in the history of science only in the last twenty-five years. Historians have come to realize how suffused scientific practice is with issues of secrecy. Yet they too often consider secrecy simply as a manner of protecting intellectual property to gain economic or military advantage over competitors. With this special issue, we want to give a state of research on scientific secrecy, but we also want also to hint at the richness of historiographical work still to be done when the focus is shifted from secrets to secrecy as a dynamic social relation

SoK: MEV Countermeasures: Theory and Practice

Blockchains offer strong security guarantees, but they cannot protect the ordering of transactions. Powerful players, such as miners, sequencers, and sophisticated bots, can reap significant profits by selectively including, excluding, or re-ordering user transactions. Such profits are called Miner/Maximal Extractable Value or MEV. MEV bears profound implications for blockchain security and decentralization. While numerous countermeasures have been proposed, there is no agreement on the best solution. Moreover, solutions developed in academic literature differ quite drastically from what is widely adopted by practitioners. For these reasons, this paper systematizes the knowledge of the theory and practice of MEV countermeasures. The contribution is twofold. First, we present a comprehensive taxonomy of 28 proposed MEV countermeasures, covering four different technical directions. Secondly, we empirically studied the most popular MEV- auction-based solution with rich blockchain and mempool data. In addition to gaining insights into MEV auction platforms' real-world operations, our study shed light on the prevalent censorship by MEV auction platforms as a result of the recent OFAC sanction, and its implication on blockchain properties