Understanding Crypto-Economic Security through Game Theory
Game theory isn’t something you’d expect to come across while reading about cryptocurrencies. After all, is there really any “game” or any sort of “theories” involved? As it turns out, cryptocurrency game theory actually exists and is critical to understand. This is especially true if you are trying to analyze the security of these cryptocurrencies and how to optimally invest in them. Since the inception of Bitcoin in 2008 by Satoshi Nakamoto, the cryptocurrency space has continued to grow at a very rapid pace. Just one year short of a decade later, there are now 877 different cryptocurrencies (as of June 15th, 2017), each with their own unique quirks and value propositions. The magnitude with which the crypto-economy is evolving has made it almost impossible to keep up. In addition, with a large number of tokens worth millions of USD being traded daily, it is inevitable that many people question the security and incentives of each of these coins.
Each cryptocurrency requires some sort of incentive mechanism in order to encourage the broader cryptocurrency community to take part in its protocol and to verify transactions. In the context of tokens, crypto-economics can be defined as the cryptographic technology and the analysis of certain economic incentives that are needed to back a specific token. Crypto-economics isn’t so much economic theory applied to cryptography, as it is cryptography applied to economics.
Cryptocurrency Basics
In the Bitcoin blockchain protocol, in order to maintain a consistent and immutable ledger of transactions, every new block must contain a Proof-of-Work (PoW) such that when the block content is hashed along with a certain number (nonce), the result is numerically smaller than the network’s difficulty target. The miner that successfully finds that nonce, thereby completing the work, is rewarded with a certain amount of bitcoins (BTC). This is the token incentive, wherein an actor in a certain cryptocurrency protocol is rewarded with an amount of that protocol’s internal token. In the Bitcoin protocol, the miner receives 12.5 BTC as a reward. In the Ethereum protocol, the miner receives 5 Ether (ETH).
There also exists what is known as the privilege incentive. Upon successfully creating a block, a Bitcoin miner is given the privilege of choosing which transactions in that block to verify, and in what order. If a transaction is accompanied by an optional transaction fee (like tipping for a service), then the miner may choose to prioritize that transaction above others. In order to verify that the transaction is indeed legitimate, the network and the receiver of the transaction must wait for an additional number of confirmations, or blocks to be added to the blockchain. The flip side of this is that if a participant acts against the network, their privileges or token balances can be taken away, instituting punishment as another mechanism for motivating specific actors. In general, it is widely accepted that six confirmations represent enough security for the transaction to be validated. However, it is ultimately up to the community to decide that a transaction is actually valid. It is this idea of communal validation where we start to see possible security concerns.
SchellingCoin & Game Theory
Let’s step away from Bitcoin for a minute and look at a more theoretical example such as SchellingCoin. This theoretical cryptocurrency relies on an oracle system to determine the “true” answer to a question, or at least the answer that the community agrees upon. An example question would be something along the lines of: Did it rain in Berkeley today? Everyone either votes yes, or no, and the majority answer is taken to be the true answer. Those who voted with the majority receive a reward of P, while the others get nothing. If it is accepted that the majority of voters are honest and will vote honestly, then this model works flawlessly. Each voter will reason that they should vote for the truth because everybody else should also vote for the truth. That’s the only way that they can receive the reward of P. So, why should everybody else vote for the truth? Well, it’s because they are reasoning the same way that you would in a similar situation. In this way, there is a recursive logic that results in everybody voting for the true answer. Below is a chart that illustrates this theory.
Now, let’s introduce a malicious player into the scenario, a bribing attacker. The goal of this attacker is to corrupt the truth by encouraging some players to vote for the wrong answer for a bribe of P+ε. This can take the form of an Ethereum smart contract, or some other cryptographically enforced escrow. Let’s assume that the correct answer in this case is yes. Below is what the payout would look like after the attacker offers you the bribe.
If you vote no and the majority votes no, then you receive the normal payout of P. However, if you vote no and the majority votes yes, then you receive a payout of P+ε. According to this scheme, it is always in your benefit to vote for the wrong answer since you will always receive a reward. However, if the attacker successfully bribes all of the players in the game, the equilibrium will end up in the bottom right corner of the above chart, wherein the community has agreed upon the false answer, and the attacker has payed nothing. In this scenario, the bad actor only needed to be willing to pay P+ε, but ended up paying nothing.
Proof-of-Work (PoW) in Bitcoin has many of the same properties as the P+ε attack. If the miner creates a block in the longest valid chain, then they receive the 12.5 BTC reward. However, if the block does not attach to the main chain, then they receive nothing. An actor could theoretically bribe other miners in order to create blocks on a separate chain, and ultimately come out paying nothing.
Conclusion
This is just a single, low-level example of how a game-theoretical style attack on Bitcoin could be carried out. There are also many other common attacks, such as a 51% attack. A 51% attack occurs when a single entity contributes the majority of the network’s mining hash rate, essentially obtaining full control of the network and manipulating the public ledger (blockchain) at will. Although there are ways counteract some of these attacks, certain factors must be taken into account when looking at the crypto-economic security of a specific token. Some of these factors include various faults (protocol, actor, and network) or specific algorithms including Proof-of-Stake (PoS). In future articles published on the B@B blog, many of the aforementioned concepts will be further refined and examined. Until then, please feel free to leave a comment below on what ideas regarding crypto-economics and game theory you’d like to read about in the future.
