On the (De)centralization of FruitChains

One of the most important features of blockchain protocols is decentralization, as their main contribution is that they formulate a distributed ledger that will be maintained and extended without the need of a trusted party. Bitcoin has been criticized for its tendency to centralization, as very few pools control the majority of the hashing power. Pass et al. proposed FruitChain [PODC 17] and claimed that this blockchain protocol mitigates the formation of pools by reducing the variance of the rewards in the same way as mining pools, but in a fully decentralized fashion. Many follow up papers consider that the problem of centralization in Proof-of-Work (PoW) blockchain systems can be solved via lower rewards' variance, and that in FruitChain the formation of pools is unnecessary. Contrary to the common perception, in this work, we prove that lower variance of the rewards does not eliminate the tendency of the PoW blockchain protocols to centralization; miners have also other incentives to create large pools, and specifically to share the cost of creating the instance they need to solve the PoW puzzle. We abstract the procedures of FruitChain as oracles and assign to each of them a cost. Then, we provide a formal definition of a pool in a blockchain system, and by utilizing the notion of equilibrium with virtual payoffs (EVP) [AFT 21], we prove that there is a completely centralized EVP, where all the parties form a single pool controlled by one party called the pool leader. The pool leader is responsible for creating the instance used for the PoW procedure. To the best of our knowledge, this is the first work that examines the construction of mining pools in the FruitChain system.Comment: Full version of the IEEE CSF 2023 camera-ready versio

COMMON: Order Book with Privacy

Decentralized Finance (DeFi) has witnessed remarkable growth and innovation, with Decentralized Exchanges (DEXes) playing a pivotal role in shaping this ecosystem. As numerous DEX designs emerge, challenges such as price inefficiency and lack of user privacy continue to prevail. This paper introduces a novel DEX design, termed COMMON, that addresses these two predominant challenges. COMMON operates as an order book, natively integrated with a shielded token pool, thus providing anonymity to its users. Through the integration of zk-SNARKs, order batching, and Multiparty Computation (MPC) COMMON allows to conceal also the values in orders. This feature, paired with users never leaving the shielded pool when utilizing COMMON, provides a high level of privacy. To enhance price efficiency, we introduce a two-stage order matching process: initially, orders are internally matched, followed by an open, permissionless Dutch Auction to present the assets to Market Makers. This design effectively enables aggregating multiple sources of liquidity as well as helps reducing the adverse effects of Maximal Extractable Value (MEV), by redirecting most of the MEV profits back to the users

Incentives in blockchain protocols

Bitcoin is a digital cryptocurrency supported by the blockchain protocol proposed by Nakamoto in 2008. The blockchain protocol offers a public transaction ledger, organized as a sequence of blocks of transactions. The sequence of blocks is maintained in a distributed way by a set of peers called miners. The main novelty of the Nakamoto’s protocol is the use of a proof of work scheme in which miners expend computational power to get a chance to produce a new block and in turn they get a reward for each block they produce. The success of Bitcoin prompted a large variety of other blockchain protocols that attempt to improve on various aspects of the original protocol. Two examples that are related to the present thesis are (i) variants of the original proof of work, longest chain protocol that attempt to improve its resilience characteristics with respect to adversarial behavior and (ii) proof of stake blockchain protocols according to which each participant is elected to produce a block with probability proportional to its stake, rather than computational power. In this thesis we examine blockchain protocols from a game theoretic perspective. This means that we consider participants as rational utility maximizers as opposed to being divided between honestly behaving and adversarial. This thesis mainly focuses on answering the following three questions: (i) do miners have incentives to follow the blockchain protocol, when all the other participants do so (this is related to the notion of Nash equilibrium) (ii) how can we design a reward mechanism that promotes decentralisation, by disincentivising the formation of undesirable large pools in proof of stake blockchain protocols? (iii) given such a reward mechanism, how can we disincentivise existing pools to create a cartel and censor other pools’ registration in the blockchain with the aim to avoid competition? In order to answer the first question we propose a suitable notion of Nash equilibrium, called “coalition-safe equilibrium with virtual payoffs (EVP)”. This notion allows us to provide (i) a unified picture of the incentives in the Bitcoin blockchain protocol when the participants are rational and try to maximize various utilities based on the rewards and the costs, and (ii) novel results regarding incentives in a fair variant of the Bitcoin protocol called Fruitchain [PODC 2017, Rafael Pass et al.]. The motivation for the second question that this thesis answers is the following: although Bitcoin was designed to be executed in a decentralised way without a trusted party, participants tend to avoid participating directly in the protocol. Instead, they tend to create teams, called pools, which are managed usually by a single participant, called pool leader and they follow pool leader’s instructions in order to get paid. For example, very few pools may have collectively the majority of computational power, something that could be dangerous for the security of Bitcoin if the operators of these pools collude. In order to answer the second question we examine how participants in a proof of stake blockchain protocol should be rewarded so that in a Nash equilibrium they form k pools where k is a parameter. To be more specific, we define what a reward sharing scheme (RSS) is and we propose an RSS that achieves the following level of decentralization: (1) it incentivizes participants to form k pools and (2) it mitigates Sybil behavior [IPTPS 2002] that in our case is related to how many independent entities are the actual pool leaders of these k pools. In addition, we provide a formal analysis regarding the equilibria that arise from a system using this RSS. We discuss at some length also the deployment of such an RSS in a proof of stake system. We remark that the reward mechanism that was implemented in the incentivised testnet and the “Shelley update”’ launched by the company IOHK (Input Output) on the Cardano cryptocurrency was based on our results. The third question we answer thoroughly and formally in this thesis relates to a serious concern that arises in the deployment of an RSS and relates to censorship of transactions. In a proof of stake system in order for a pool to be registered it should create a special transaction and this transaction should become part of the ledger in order to be actionable. However, the existing pools that run the blockchain protocol may not be willing to add such a transaction, i.e., engage in censorship. We provide an anti-censorship mechanism and we prove the favorable equilibria that arise when such a mechanism is utilized