In this work, we study the security of computations on a cryptocurrency network. We explain why the correctness of such computations is susceptible to attacks that both waste network resources of honest miners as well as lead to incorrect results. The essence of our arguments stems from a deeper understanding of the incentive-incompatibility of maintaining a correct blockchain. We explain this via a ill-fated choice called the {\em verifier's dilemma}, which suggests that rational miners are well-incentivized to accept an unvalidated blockchain as correct, especially in next-generation cryptocurrencies such as Ethereum that are Turing-complete. To explain which classes of computation can be computed securely, we formulate a model of computation we call the consensus verifiability. We propose a solution that reduces the adversary's advantage substantially, thereby achieving near-ideal incentive-compatibility for executing and verifying computation in our consensus verifiability model. We further propose two different but complementary approaches to implement our solution in real cryptocurrency networks like Ethereum. We show the feasibility of such approaches for a set of practical outsourced computation tasks as case studies.
Category / Keywords: cryptographic protocols / Cryptocurrency, outsourced computation Date: received 13 Jul 2015 Contact author: loiluu at comp nus edu sg Available format(s): PDF | BibTeX Citation Version: 20150714:044816 (All versions of this report) Short URL: ia.cr/2015/702 Discussion forum: Show discussion | Start new discussion