Incentives in blockchain protocols
Item statusRestricted Access
Embargo end date31/07/2022
Bitcoin is a digital cryptocurrency supported by the blockchain protocol proposed by Nakamoto in 2008. The blockchain protocol offers a public transaction ledger, organized as a sequence of blocks of transactions. The sequence of blocks is maintained in a distributed way by a set of peers called miners. The main novelty of the Nakamoto’s protocol is the use of a proof of work scheme in which miners expend computational power to get a chance to produce a new block and in turn they get a reward for each block they produce. The success of Bitcoin prompted a large variety of other blockchain protocols that attempt to improve on various aspects of the original protocol. Two examples that are related to the present thesis are (i) variants of the original proof of work, longest chain protocol that attempt to improve its resilience characteristics with respect to adversarial behavior and (ii) proof of stake blockchain protocols according to which each participant is elected to produce a block with probability proportional to its stake, rather than computational power. In this thesis we examine blockchain protocols from a game theoretic perspective. This means that we consider participants as rational utility maximizers as opposed to being divided between honestly behaving and adversarial. This thesis mainly focuses on answering the following three questions: (i) do miners have incentives to follow the blockchain protocol, when all the other participants do so (this is related to the notion of Nash equilibrium) (ii) how can we design a reward mechanism that promotes decentralisation, by disincentivising the formation of undesirable large pools in proof of stake blockchain protocols? (iii) given such a reward mechanism, how can we disincentivise existing pools to create a cartel and censor other pools’ registration in the blockchain with the aim to avoid competition? In order to answer the first question we propose a suitable notion of Nash equilibrium, called “coalition-safe equilibrium with virtual payoffs (EVP)”. This notion allows us to provide (i) a unified picture of the incentives in the Bitcoin blockchain protocol when the participants are rational and try to maximize various utilities based on the rewards and the costs, and (ii) novel results regarding incentives in a fair variant of the Bitcoin protocol called Fruitchain [PODC 2017, Rafael Pass et al.]. The motivation for the second question that this thesis answers is the following: although Bitcoin was designed to be executed in a decentralised way without a trusted party, participants tend to avoid participating directly in the protocol. Instead, they tend to create teams, called pools, which are managed usually by a single participant, called pool leader and they follow pool leader’s instructions in order to get paid. For example, very few pools may have collectively the majority of computational power, something that could be dangerous for the security of Bitcoin if the operators of these pools collude. In order to answer the second question we examine how participants in a proof of stake blockchain protocol should be rewarded so that in a Nash equilibrium they form k pools where k is a parameter. To be more specific, we define what a reward sharing scheme (RSS) is and we propose an RSS that achieves the following level of decentralization: (1) it incentivizes participants to form k pools and (2) it mitigates Sybil behavior [IPTPS 2002] that in our case is related to how many independent entities are the actual pool leaders of these k pools. In addition, we provide a formal analysis regarding the equilibria that arise from a system using this RSS. We discuss at some length also the deployment of such an RSS in a proof of stake system. We remark that the reward mechanism that was implemented in the incentivised testnet and the “Shelley update”’ launched by the company IOHK (Input Output) on the Cardano cryptocurrency was based on our results. The third question we answer thoroughly and formally in this thesis relates to a serious concern that arises in the deployment of an RSS and relates to censorship of transactions. In a proof of stake system in order for a pool to be registered it should create a special transaction and this transaction should become part of the ledger in order to be actionable. However, the existing pools that run the blockchain protocol may not be willing to add such a transaction, i.e., engage in censorship. We provide an anti-censorship mechanism and we prove the favorable equilibria that arise when such a mechanism is utilized.