Cryptology ePrint Archive: Report 2015/702

Demystifying incentives in the consensus computer

Loi Luu and Jason Teutsch and Raghav Kulkarni and Prateek Saxena

Abstract: Bitcoin and similar cryptocurrencies are a massive network of computational devices that maintain the robutness and correctness of the computation done in the network. Cryptocurrency protocols, including Bitcoin and the more recent Ethereum system, offer an additional feature that allows currency users to specify a ``script'' or contract which is executed collectively (via a consensus protocol) by the network. This feature can be used for many new applications of cryptocurrencies beyond simple cash transaction. Indeed, several efforts to develop decentralized applications are underway and recent experimental efforts have proposed to port a Linux OS to such a decentralized computational platform.

In this work, we study the security of computations on a cryptocurrency network. We explain why the correctness of such computations is susceptible to attacks that both waste network resources of honest miners as well as lead to incorrect results. The essence of our arguments stems from a deeper understanding of the incentive-incompatibility of maintaining a correct blockchain. We explain this via a ill-fated choice called the {\em verifier's dilemma}, which suggests that rational miners are well-incentivized to accept an unvalidated blockchain as correct, especially in next-generation cryptocurrencies such as Ethereum that are Turing-complete. To explain which classes of computation can be computed securely, we formulate a model of computation we call the consensus verifiability. We propose a solution that reduces the adversary's advantage substantially, thereby achieving near-ideal incentive-compatibility for executing and verifying computation in our consensus verifiability model. We further propose two different but complementary approaches to implement our solution in real cryptocurrency networks like Ethereum. We show the feasibility of such approaches for a set of practical outsourced computation tasks as case studies.

Category / Keywords: cryptographic protocols / Cryptocurrency, outsourced computation

Date: received 13 Jul 2015

Contact author: loiluu at comp nus edu sg

Available format(s): PDF | BibTeX Citation

Version: 20150714:044816 (All versions of this report)

Short URL: ia.cr/2015/702

Discussion forum: Show discussion | Start new discussion


[ Cryptology ePrint archive ]