Cryptology ePrint Archive: Report 2015/702

Demystifying incentives in the consensus computer

Loi Luu and Jason Teutsch and Raghav Kulkarni and Prateek Saxena

Abstract: Cryptocurrencies like Bitcoin and the more recent Ethereum system allow users to specify scripts in transactions and contracts to support applications beyond simple cash transactions. In this work, we analyze the extent to which these systems can enforce the correct semantics of scripts. We show that when a script execution requires nontrivial computation effort, practical attacks exist which either waste miners' computational resources or lead miners to accept incorrect script results. These attacks drive miners to an ill-fated choice, which we call the {\em verifier's dilemma}, whereby rational miners are well-incentivized to accept unvalidated blockchains. We call the framework of computation through a scriptable cryptocurrency a consensus computer and develop a model that captures incentives for verifying computation in it. We propose a resolution to the verifier's dilemma which incentivizes correct execution of certain applications, including outsourced computation, where scripts require minimal time to verify. Finally we discuss two distinct, practical implementations of our consensus computer in real cryptocurrency networks like Ethereum.

Category / Keywords: Bitcoin; Ethereum; cryptocurrency; incentive compatibility; verifiable computation; consensus computer

Original Publication (with minor differences): 22nd ACM Conference on Computer and Communications Security, CCS 2015

Date: received 13 Jul 2015, last revised 5 Nov 2015

Contact author: loiluu at comp nus edu sg

Available format(s): PDF | BibTeX Citation

Version: 20151105:080010 (All versions of this report)

Short URL:

Discussion forum: Show discussion | Start new discussion

[ Cryptology ePrint archive ]