Cryptoeconomics: Paving the Future of Blockchain Technology

There’s no point in being nuts if you can’t have some fun with it. — “John Nash”, A Beautiful Mind (2001) Page through the articles on today and you will see healthy discussions over its applications and endless debates over the future price action of someone’s favorite cryptocurrency. Yet rarely among all these topics is any mention of the most fascinating notion at the heart of the movement — blockchain as a novel means . blockchain to incentivize desired human behavior In many respects, the miracle of blockchain tech is that it allows us to grow crops in a desert and breed chickens in a foxhole. Using , the blockchain concept allows us to definitively prove what transactions actually happened . Through game theory and incorporated into the design of blockchain protocols, the system incentivizes stability and this common good to hold . All of this in an anonymous, hostile, and digital world filled with hackers, scammers, pirates, and trolls! cryptography in the past economics into the future This is , a term so that you’ll need to select “Add to Dictionary” when running spellcheck. When you dig deep enough into the concepts underlying blockchain technology and specific systems built on it, you will find that they heavily incorporate cryptoeconomic tools specifically designed to minimize the impact of evildoers and hostile actors. cryptoeconomics fresh While there are many definitions with slight variations floating out there, for the purposes of this article I will base our discussion on the . definition published on the Ethereum wiki Cryptoeconomics refers to the combinations of cryptography, computer networks and game theory which provide secure systems exhibiting some set of economic dis/incentives. In this article, I will discuss these as they relate to blockchain, explore some behind cryptoeconomics, and describe how the Ethereum platform’s new protocol was designed with these ideas in mind. economic incentives security assumptions Casper “the friendly ghost” Incentives and Byzantine Fault Tolerance Incentives are a central component to game theory and economics in shaping human behavior toward a common good. While cryptography, or the encryption and decryption of blocks in the chain to effectively create a provable past, is universally accepted, there is still some divergence and debate when it comes to to create successful cryptocurrencies or platforms. whether systems of incentives are actually needed We cannot go on without a brief discussion of an issue underpinning the decentralized digital economy, . the Byzantine Generals’ Problem The glorious Byzantine army has surrounded and set siege to a castle. The generals, physically separated and commanding different units of the army, realize that that they need to decide on a or . It is important that the to one or the other, as a mistimed or halfhearted attack would mean major losses and a far worse outcome for the Byzantines. coordinated attack coordinated retreat majority commits Unfortunately, there are an unknown number of in the Byzantine ranks who would like nothing more for the campaign to end disastrously. They may send conflicting messages to different generals in an attempt to sabotage the effort. Furthermore, since messages must be relayed by messenger, it is also impossible to tell if these messages are forged or authentic. traitorous generals The central question is this: in a system where consensus is absolutely necessary, how can a unanimous agreement be reached by good processes in the absence of trust? In other words, how can these generals overcome the traitors within and reach a coordinated, majority decision? In computer science, the capability of a system to resist failure from faulty components that prevent other critical components from reaching a necessary consensus is termed . So how is this relevant to blockchain and the discussion around incentives? Byzantine fault tolerance (BFT) In a cryptocurrency such as , in the absence of a protocol addressing BFT we would be completely in the dark without some centralized authority**.** Just like the generals, Bitcoin nodes (computers sharing and propagating the blockchain) need to know what transactions are valid. For instance, like the traitorous generals and their dubious messages, people could spend bitcoins and simply tell other nodes they had never spent them. The key problem in decentralized digital currency is that . Bitcoin no one knows who or what to trust Bitcoin’s answer to the Byzantine Generals’ Problem is the on top of the blockchain. As you’ll find plenty of discussion and about PoW out there, the general idea behind this protocol is that it makes it as difficult as possible for someone to manipulate a vote due to the significant expenditure of resources (time, electricity, and processing power) required. To log a vote, each “general” would have to complete a very difficult mathematical problem that would be instantly shared with the others, who would then have to solve another difficult problem on top of it. This chain of “work” creates an ironclad transaction history while making it prohibitively expensive and time-consuming for attackers to rig anything. proof-of-work (PoW) protocol other materials — Bitcoin “miners”, the people who log these transactions, are incentivized with a reward of 12.5 bitcoin and transaction fees every time they apply their computing power and successfully post verified transactions onto the blockchain. In this way, they are rewarded for performing a critical service to Bitcoin, the broadcasting of blocks filled with valid, verified transactions. Incentives come into play to encourage participants to maintain the protocol In the Ethereum platform, the proposed proof-of-stake (PoS) protocol goes further with a to disincentivize malevolent activity. In PoS, validators must put up a sizeable ante of Ethereum in lieu of electricity and computing power in order to participate in the system. In the event that validators do not act to the system’s benefit, they risk losing their entire stake, or deposit. punishment So are there any ? Since the protocols of the two major players in the crypto-scene have such a strong focus on cryptoeconomics, it would appear that well-designed incentive systems are critical to any blockchain tech’s success. MIT Professor Silvio Micali, a central authority in the world of cryptography, disagrees. drawbacks to incorporating incentives As reported in this , Micali believes that because they can lead to many negative externalities, and cites Bitcoin as an example. The incentives in the Bitcoin PoW system led to “industrial-scale mining pools”, where Bitcoin miners pool their resources together and split up the rewards. Observe the dominance of of these pools in the graphic below: Coindesk article incentives should be used as a last resort Incentives gone awry? , July 2017 Bitcoin Hashrate Distribution The advent of these massive mining pools and the consequent power bestowed on the organizations behind them really begin to while increasing the possibility of 51% attacks, which we’ll discuss later. In short, if the trend continues, we may reach a state where new bitcoin discovery is almost completely dominated by the largest miners. challenge the idea of Bitcoin as a decentralized cryptocurrency Micali instead proposes , an incentive-less public blockchain that attacks the Byzantine Generals’ Problem by swapping out the generals in each round through a randomization process. While I won’t discuss the mechanics in detail here, this approach avoids the amount of computation resources needed for proof-of-work and yields faster transactions as a result. Algorand The differing approaches revolve around the interesting philosophical question about as a whole. Proponents of Micali point to chronic, altruistic seeders on Bittorrent and distributed computing projects like as evidence that we do not always need incentives to promote altruistic behavior. Meanwhile, Vitalik Buterin and Vlad Zamfir of the Ethereum Foundation are firmly in the opposite camp, believing that without incentives and penalties, people can be at best apathetic (why even log on?) and at worst malicious. whether humans are dominated by their altruistic or selfish urges Genome@Home While the bulk of the blockchain movement embraces the idea of incentives and cryptoeconomics, it is definitely possible that Micali’s system and variants of it may take root in parallel. It is an open question of whether you need incentives or not, and I don’t think it can be determined in an academic model. It is actually going to be determined by evidence. You launch something and you see what happens. — Charles Hoskinson, Previous Ethereum CEO While Bitcoin’s PoW system is not perfect, the fact remains that the paradigm-shifting, cryptoeconomic principles it was built on (cryptography to secure the past, economics to ensure the future) have led to its survival and adoption for almost a decade. Cryptoeconomic Assumptions of Behavior The exciting thing about cryptoeconomics is that its terminology and theory are being by blockchain developers and thought leaders. To underscore the cutting-edge innovation within this field, some of the terms associated with cryptoeconomics have less than 100 results when googled at the time of writing! While many of the ideas in this area are very theoretical, rest assured that their application will have incredible consequences on the development and adoption of blockchain technology. pioneered day-by-day That said, the focus of cryptoeconomics is to that can govern decentralized P2P systems and digital economies. In other words, cryptoeconomic concepts and techniques should be applied to shape behavior leading to desired outcomes. design robust protocols Today, as a result of Satoshi Nakamoto’s innovations, Bitcoin runs on the back of a PoW incentive system that both nearly conquers the Byzantine Generals’ Problem and promotes participants’ efforts to maintain it. However, for the negative externalities Micali identified such as the push toward centralized mining pools with significant influence, the While Micali points toward this as evidence that incentive systems are detrimental overall, proponents of cryptoeconomics would instead PoW protocol cannot be considered cryptoeconomically efficient. suggest that the incentives or penalties do not go far enough and are not applied optimally. So through what kind of lenses should we assess a protocol? Developers at the Ethereum Foundation utilize the following security models in their analysis. These assumptions of participants’ behavior are the basis for protocol design. Security Models — the traditional fault-tolerance assumption that 51% or more of participants are fundamentally honest, “nice guys”. This model is largely rejected in the cryptoeconomic community and is often considered wishful thinking in a pseudonymous, decentralized digital landscape. Honest majority model Instead, in cryptoeconomic research, we are far more cynical. We obsess over assumptions regarding attackers — namely how they are, the they have to mount the attack, and the actual incurred by the attack) coordinated budget cost — assumption that all the protocol participants are united under the same coalition or agent. Coordinated choice model The large Bitcoin mining pools are a good example here. Since the majority of Bitcoin hashpower is controlled by a small handful of people, collusion is quite a realistic and threatening scenario. With the rise of mining pools, a , where a single agent (or colluding agents) is able to manipulate the Bitcoin blockchain by controlling over half of the mining hashrate, is in reality quite feasible. 51% attack While the agent would not be able to rewrite previous transactions, steal coins from wallets, or wreak any serious havoc, he or she would be able to prevent other miners from posting blocks and “double-spend” bitcoins using both chains. Overall, the deterrent seems to be the action’s own self-defeating implications — such a collusive or massive effort would only devalue Bitcoin as a whole since participants would lose trust in the system and refuse to acknowledge transactions during this time. Rare sighting of 90% of Bitcoin mining power in one room. — assumption that all protocol participants do not coordinate with each other, are smaller than a particular size, and have their own goals. Uncoordinated choice model This is the true idea behind “decentralization”. The Bitcoin protocol was built on the assumption of a universe of small, self-interested participants that do not or cannot coordinate. — this assumption builds on the uncoordinated choice model, but also assumes that an attacker exists with enough resources to incentivize other participants to take certain actions through conditional bribes. Bribing Attacker Model This model is already described at length in the SchellingCoin case brought forward by Vitalik and . For flavour purposes, I’ll provide a quick and abbreviated example: other writers Let’s say in the universe of the uncoordinated choice model there exists a . Participants in the game will vote on whether they want to sit on an iron throne or a styrofoam throne. game of thrones Everyone who voted in the majority will win $100, while everyone in the minority will get nothing. In this game, the assumption is you would vote to sit on the Iron Throne because you want to rule the Seven Kingdoms and because sitting on a styrofoam block sucks. You also believe the majority will do this for the same reasons. Since everyone else arrives at the same conclusion you do, the majority vote will go toward sitting on the Iron Throne and everyone will collect $100. However, let’s say a malicious styrofoam executive is out to promote his non-biodegradable wares. In a fit of cunning, he sends everyone a conditional offer: “ ”. Because he has a long history of always paying his debts, everyone knows that he is good for this commitment and has the to pay it. Vote for the styrofoam block, and if you’re in the minority I will personally give you $110! budget Diagrams showing your payout depending on the actions taken in the game of thrones Suddenly, the equilibrium shifts. Now it makes sense for you to vote for the styrofoam throne — if you’re in the majority, you collect $100, but if you’re in the minority, even better, you’ll walk home with $110. Since everyone else again arrived at the same conclusion you did, the majority will vote for the styrofoam and the executive will allow himself a hearty chuckle, not having to pay out at all and achieving his goal at . Truly, his was his masterstroke. zero cost threat of benevolence This is formally known as the and the Bitcoin protocol is just as susceptible to this strategy! Substitute the iron throne for the main blockchain and the styrofoam one for the attacker’s chain and you should be able to see the vulnerability — a malicious actor incentivizing the majority of other miners to accept a deviant chain. Nonetheless, due to the extensive budget an attacker must be able to credibly reveal in order to pursue such an attack, Bitcoin’s proof-of-work protocol has persisted despite this flaw. P + epsilon Attack, Ethereum’s Proof-of-Stake: The Next Experiment I want to impress upon you that the developments in blockchain tech are driven by the implications of these security models. As of writes, “Cryptoeconomics is the fundamental catalyst for this whole movement.” Nick Tomaino the Control To assess the design of protocol capability to mitigate these existing and theoretical flaws in these security models, developers utilize two concepts: The first is the , which measures the consequences (in dollars lost) of those violating a protocol guarantee. Theoretically, since the attacker can execute the P + epsilon attack at zero cost provided he or she has the budget, Bitcoin’s PoW system can be said to have a cryptoeconomic security margin of zero! cryptoeconomic security margin is somewhat similar; it is an assurance or message from a participant in the network that something is true. In the event that it turns out not to be true, that participant will lose a certain amount of money. Cryptoeconomic proof So let us examine the most ambitious project on blockchain tech today — the coming that attempts to drill to the heart of these problems by switching the platform proof-of-work to proof-of-stake. While a discussion about the intricacies of Casper’s is beyond the scope of this article, in short PoS seeks to provide a very large cryptoeconomic security margin by enforcing large security deposits of Ethereum in lieu of computing power in order to serve as a validator. This security deposit, or cryptoeconomic proof, acts as a potent deterrent. The message is clear — cause trouble and lose everything! Casper update to Ethereum Proof-of-Stake (PoS) system Casper forces participants to enter a SchellingCoin Game (as outlined by our iron-styrofoam throne example) where they are forced to bet their security deposits on what the majority will be. Using the same recursive logic we discussed in the iron throne game, the majority of participants will accurately vote on which transactions are valid because each participant expects everyone else to reach the same conclusion. As such, because the attacker will have to credibly show an enormous budget to subsidize the participants’ security deposits in the event that they end up voting in the minority. PoS is resistant to the P + epsilon attack In the context of the security models, we can see and from bribing attackers. Casper is also theoretically susceptible to the 51% attack stemming from the coordinated choice model. However, like Bitcoin, as Ethereum grows the costs of doing such an attack are so prohibitive as to almost completely discourage it. In Casper’s case, the . To read more about the development of Casper, check out ’s . Casper’s resilience in the uncoordinated choice model threat of losing the stakes of all involved is an even stronger deterrent Vlad Zamfir series While many elements of Casper are highly theoretical and the proof-of-stake protocol itself has , it is evident that this transition is almost entirely cryptoeconomically-minded and meant to address many of the shortcomings of the PoW system. Slowly but surely, thinkers in the blockchain space move the needle ever further in our understanding of what optimal protocol design looks like in a decentralized, digital economy. invoked its fair share of debate Some critics of blockchain technology as a whole are uncomfortable with the idea that there are so many attack vectors that are theoretically plausible today. I think it is worth noting that, . Cryptoeconomics stands as a critical bulwark that, at worst, endeavors to make these attacks as expensive, difficult, and undesirable as possible. given enough money and time, an attacker will always be able to do damage in any system As we move into an era of smart contracts, this field will surely grow even more complex and exciting. Turing-complete I hope this gives you an appreciation for the burgeoning and very fertile field of cryptoeconomics. As a consequence, there are not a lot of resources out there, so I wanted to share some links that were extremely edifying to me. by — one of the inspirations for this article. He’s got some great links as well. Cryptoeconomics 101 Nick Tomaino by — funny article on how to wrap your head around the subject. Cryptoeconomics for Dummies K — straight from the horse’s mouth. Vitalik Buterin spits fire. (Video) Introduction to Cryptoeconomics — article by on the intersection of cryptoeconomics and AI research. Why Cryptoeconomics and X-Risk Researchers Should Listen to Each Other More Vitalik Buterin — current shortlist of challenges in the Ethereum space. Contains some good discussion on cryptoeconomics. Fundamental problems in Ethereum : Related to by Buterin but is a great read on game theory in its own right. Nash Equilibira and Schelling Points this article — old but gold book on game theory by Thomas C. Schelling, Master Theorist of Nuclear Strategy (I’m serious!) The Strategy of Conflict Thanks to Ethfans for the translation: https://goo.gl/BxNaDn