- No Comments
What is cryptoeconomics? Vlad Zamfir, an Ether community developer, explains: “It is an independent discipline that aims to study the protocols in decentralized digital economics that are used to manage the production, distribution, and consumption of goods and services. It is also a practical science that focuses on the design and definition of methods for these protocols.”
Cryptoeconomics comes from two terms: cryptography and economics.
is often overlooked for its “economics” component, which is what gives blockchain its uniqueness.
Blockchain is not the first technology to use a “decentralized peer-to-peer system”; torrent sites have been using this technology for a long time for file sharing.
Blockchain is not the first technology to use a “decentralized peer-to-peer system”; torrent sites have been using this technology for a long time for file sharing.
However, in a sense, this is a failed application.
Why is peer-to-peer file sharing a failure?
“In a torrent system, anyone can share files through a decentralized network.”
“In a torrent system, anyone can share files through a decentralized network.
The idea is to allow each downloader to download while keeping the seeds (uploading downloaded data) available to other downloaders in the network.”
The problem with
is that the logic of the system is based on an honor system. If you download a file, the system expects you to provide the seeds as well.
But in the absence of a financial incentive, people see no point in continuously uploading seeds, especially when the act will also take up more storage space on their computers.
Satoshi Nakamoto and Blockchain Technology
In October 2008, Satoshi Nakamoto (an anonymous man, woman, or organization) published a paper that laid the groundwork for the subsequent development of Bitcoin (Bitcoin).
This paper would shake the foundations of the online community because for the first time ever, we had a working model based on cryptoeconomics as a theoretical basis.
Unlike previous peer-to-peer decentralized systems, people now have a financial incentive to “follow the rules”.
Not only that, but the real genius of blockchain technology is that it overcomes the Byzantine General problem and creates a perfect consensus system (see below).
Cryptoeconomics Properties of Bitcoin
So what are the properties of a cryptocurrency like Bitcoin, which is based on the theory of cryptoeconomics?
Let’s elaborate on each one:
It is a cryptocurrency based on blockchain technology. In it, each block contains the hash of the previous block, thus forming a continuous chain. Each block contains multiple transactions. Newly generated transactions cause the specific state of all blocks to be updated. For example, if A has 50 bitcoins and wants to send 20 of them to B, the new state will show that A has only 30 bitcoins left, while B has 20 new bitcoins. The blockchain must be immutable. Only new blocks may be added, and old blocks may not be tampered with. Only valid transactions are allowed. The blockchain should be downloadable, so that anyone, anywhere can easily access and query a particular transaction. Transactions can be added to the blockchain on the fly if a high enough transaction fee is paid.
As the name suggests, cryptoeconomics has two main pillars:
Several cryptographic functions are used in the operation of blockchain technology. Let’s take a look at some of the main functions:
Several cryptographic functions are used in the operation of blockchain technology. Let’s look at some of the main functions:
Hashing algorithm Signatures Workload proofs Zero-knowledge proofs Hashing algorithm
In short, a hashing algorithm maps a string of arbitrary length to a shorter fixed-length string. Bitcoin, on the other hand, uses the SHA-256 digest algorithm to give a 256-bit output for an arbitrary-length input.
So what are the applications of hash algorithms in cryptocurrencies?
Cryptographic hash functions Data structures Mining
Cryptographic hash functions:
A cryptographic hash function has the following properties:
Determinism: no matter how many times the same hash function is parsed in input the same A always gives the same output h(A). Efficient operation: the process of computing hash values is efficient. Resistant to original image attack (steganography): for a given output result h(A), it is computationally infeasible to try to reverse the input A. Collision resistance (weak collision resistance): For any given A and B, it is computationally infeasible to find B that satisfies B ≠ A and h(A) = h(B). Effect of small changes: Small changes in any input can have a drastic effect on the output result of the hash function. Puzzle friendliness: It is computationally infeasible to find a value of k that satisfies h(k|x) = Y for any given hash code Y and input value x. The
cryptographic hash functions are of great help for blockchain security and mining.
There are two data structures that are very important for understanding blockchains: chained tables and hash pointers.
Chained table: A chained table is a sequence of sequentially linked blocks of data, as shown in the following figure:
Each block in the chained table is pointed to another block by a pointer. Pointer: A pointer is a variable that contains the address of another variable. Thus, as the name suggests, a pointer is a variable that points to other variables. Hash pointer: A hash pointer has not only the address of another variable, but also the hash of the data in that variablevalue. So, how does this help the blockchain? The
blockchain is composed as shown in the following diagram:
The blockchain is essentially a chain table in which each new block contains a hash pointer. The pointer points to a hash of the previous block and all the data it contains.
By this feature, blockchains have the great quality of immutability.
How does the blockchain achieve its immutability?
Suppose in the above diagram, someone tries to tamper with the data in block 1. Remember that an important quality of the cryptographic hash function is that any small change in the input has a dramatic effect on the output of the hash function.
Then, even if someone tries to make a subtle rewrite of the data in block #1, it will cause a dramatic change in the hash value of block #1 stored in block #2.
Next, this will cause a change in the hash of block #2, which in turn will affect the hash stored in block #3. And so on, eventually the data on the entire blockchain will change.
This way of modifying the data by freezing the whole chain is almost impossible to do. Because of this, the blockchain is determined to be tamper-proof.” Each block of
has its own Merkle Root. Now, as you already know, each block contains multiple transactions.
If these transactions were stored linearly, the process of finding a specific transaction among all the transactions would be incredibly lengthy.
And that’s why we use Merkle trees.”
“That’s why we use Merkle trees.
In a Merkle tree, all individual transactions can be traced back up to the same root through a hashing algorithm. This makes searching very easy.
So, if we want to get a particular piece of data in a block, we can search directly through the hashes in the Merkle tree without having to do a linear access.
cryptographic puzzles are used to mine new blocks, so the hashing algorithm remains crucial. It works by adjusting the setting of the difficulty value.
A random string named “nonce” is then added to the hash value of the new block, which is then hashed again. Then, it is checked to see if it is below the set difficulty level.
If it is below, then the resulting new block is added to the chain and the miner responsible for mining is rewarded. If
does not fall below, the miner continues to modify the accompanying string “nouce” until a value below the difficulty level appears.
As you can see, hashing algorithms are a crucial part of blockchain and cryptoeconomics.
In cryptocurrencies, signatures are one of the most important cryptographic tools. What is the concept of a signature in real life? And what are its properties?
Imagine that you sign a piece of paper, how do you identify it as a good signature?
Verifiable. This signature has to be verifiable that it was indeed you who signed the paper. It cannot be forged. No one else can forge and copy your signature. Non-repudiation. If you sign with your own signature, you cannot take it back or claim that someone else signed in your place.
However, in real life, no matter how sophisticated a signature is, there is always the possibility that it can be forged. You can’t really verify the validity of a signature with simple visual aids; it would be neither efficient nor reliable.
Cryptography gives us a solution to the problem through public and private keys.
Let’s see how these two secret keys work and how they contribute to the cryptocurrency system. Suppose there are two people, Alan and Tyrone.
Alan wants to send some very important data, and Tyrone wants to identify that this data really came from Alan, and they can do this by using Alan’s public and private keys.”
One thing that must be pointed out is that it is not feasible to determine someone’s public key by their private key. A public key, as the name implies, is a public key that can be accessed by anyone.
A private key, on the other hand, is a key that is owned only by the individual and you cannot share it with others.
So, let’s go back to Alan and Tyrone. If they want to use a key to exchange information, how exactly do they do that?
Suppose Alan wants to send the message “m” and Alan has a private key Ka- and a public key Ka+. Then, when he sends the message to Tyrone, he encrypts the message with his private key, and the message becomes Ka-(m).
When Tyrone receives this message, he can use Alan’s public key to retrieve the message, Ka+(Ka-(m)), and he gets the original message “m”.
Alan has a message “m”, and when he encrypts it with his private key Ka-, he gets the encrypted message Ka-(m). Tyrone then uses Alan’s public key Ka+ to decrypt this encrypted message Ka+(Ka-(m)) to get the original message “m”.
A visual representation of the above process can be obtained by the following diagram:
Verifiability: If the encrypted message can be decrypted with Alan’s public key, then it is 100% certain that Alan sent the message.”
unforgeability: If someone else, e.g. Bob, intercepts the message and sends a message of his own with his private key, Alan’s public key cannot decrypt it, and Alan’s public key can only be used to decrypt messages that Alan has encrypted with his own private key.
non-repudiation: Similarly, if Alan claims, “I didn’t send the message, Bob did”, but Tyrone is able to decrypt the message with Alan’s public key, it proves that Alan is lying. In this way, Alan would not be able toRetract the message he sent earlier and attribute it to someone else.
cryptocurrency application: now, suppose Alan is sending a transaction “m” to Tyrone. first, he hashes the transaction with a hash function and then encrypts it with his private key.
Tyrone knows that he is receiving a transaction “m”, so he can decrypt it with Alan’s public key and compare the decrypted hash with the hash of the transaction “m” he already has. .
Since the hash function is deterministic and always gives the same output for the same input, then Tyrone can be directly sure that Alan did send the same transaction and that there is no evil in it.
Alan has a transaction “m”, and Tyrone knows that he is receiving that transaction. Alan hashes m to get h(m). Alan encrypts the hash result with his private key to get Ka-(h(m)). Alan sends the encrypted data to Tyrone. Tyrone uses Alan’s public key to decrypt, Ka+(Ka-(h(m))), and obtains the original hash result h(m). Tyrone uses the known “m” for hashing to obtain h(m). The deterministic character of the hash function determines that if h(m) = h(m), it means that the transaction is real and valid.
proof of workload
When miners “mine” to generate new blocks and add them to the blockchain, the consensus system involved in verifying and adding blocks is called “proof of workload “.
miners use huge amounts of computer power to solve this cryptographic puzzle, and the difficulty value determines the amount of computation needed to solve the puzzle. This is one of the most pioneering mechanisms in blockchain technology.
Early decentralized peer-to-peer digital currency systems failed because of the “Byzantine General Problem”, for which proof-of-work consensus systems provide a solution.
What is the Byzantine General Problem?
Image Courtesy: Medium
Well, let’s imagine that there is a group of Byzantine generals who want to attack a city and they will face two different problems:
Each general and his army are geographically distant from each other. far apart, so commanding through centralized authority was not feasible, making coordinated combat extremely difficult. The city being attacked had a large army, and the only way they could achieve victory was if all attacked together at the same moment.
In order to make the cooperation work, the army on the left side of the castle sent a messenger to the army on the right side of the castle with a message that read “Attack Wednesday”.
However, suppose that the army on the right is not ready to attack and has the messenger return with a message reading “No, attack on Friday”.
and the messenger needs to return to the army on the left by crossing the attacked city, then the problem arises. In this poor messenger, many things could have happened.
For example, he could have been captured, leaked information, or been killed by the city that was attacked and then replaced.
This would result in the army getting tampered information, which would make it impossible to agree on a battle plan and fail.
The above example has clear implications for the blockchain. Blockchain is a giant network, how do you trust them? If you want to send 4 ethers from your wallet to someone, how do you make sure that someone in the network won’t tamper with the information and change the 4 ethers to 40?
Satoshi Nakamoto invented the proof-of-work mechanism to get around the Byzantine General problem.
works as follows: suppose the army on the left wants to send a message to the army on the right that reads “Attack Monday”, they need to perform the following steps:
First, they add a “nonce” to the initial text. “nonce”, which can be any random hexadecimal value. Second, they hash the text with the “nonce” added to it to get a result. Suppose they decide to share information only when the first 5 bits of the hash result are zero. If the hash result satisfies the condition, they let the messenger depart with the hash result. Otherwise, they keep changing the value of the nonce randomly until they get the desired result. This process is not only lengthy and time-consuming, but also takes up a lot of computing power. If the enemy captures the messenger and tries to tamper with the message, the hash result will change drastically according to the nature of the hash function. If the general on the right side of the city sees that the message does not begin with the required number of zeros, then they will call off the attack.
However, it is possible that there is a loophole here.” The
hash function is not 100% collision free. So what if an enemy in the city gets the information and tampers with it, and by constantly changing the nonce value, obtains a result that starts with a specified number of zeros?
is extremely time consuming, but still feasible. For this situation, generals can use the power of numbers.
Suppose, instead of 1 left general sending a message to 1 right general, there are 3 left generals sending messages to the right generals.
To achieve the above, they can make their own messages and then hash the accumulated messages.”
Immediately afterwards, the hash result is hashed again after adding the nonce value. This time, they want to produce a message that starts with 6 zeros.
Obviously, this will be very time consuming. But this time, if the messenger is captured by the city, it will take an infinitely long time, possibly years, for the enemy to tamper with the message and find a nonce value that matches the result.
For example, if the generals send multiple messengers, the city could be attacked and destroyed halfway through the calculation.
What the generals on the right had to do was very simplesingle. They just add the correct nonce value they were given earlier to the message, hash it, and check the result against whether it matches.
It is very easy to hash a string. In essence, then, the workload proof process is:
Finding a nonce value that matches the hash target is a very difficult and time-consuming process. However, verifying that there is no nefarious behavior in the result is very simple.
Zero Knowledge Proof
What is Zero Knowledge Proof (ZKP)? ZKP means that A can prove to B that he knows specific information without having to tell the other person exactly what he knows.
In this example, A is the prover and B is the verifier. This is particularly useful in cryptography because it will provide an additional layer of privacy protection for the provers.
Run a ZKP with these parameters:
Integrity: if the statement is true, then the honest verifier can be convinced by the honest prover.
reliability: if the prover is dishonest, they cannot convince the verifier that the statement is reliable by lying.
zero knowledge: if the statement is true, then the verifier cannot know what the statement is about.
Take an example of a zero-knowledge proof. Let’s observe how the Alibaba cave works.
In this example, the prover (P) says to the verifier (V) that he knows the password to the secret door behind the cave and offers to prove it without revealing the password to the verifier. Then, the verification process is shown below:
Image courtesy: Scott Twombly (YouTube channel)
The provers can take either path A or path B, assuming they initially decide to reach the hidden door via path A.
Meanwhile, verifier V arrives at the entrance, not knowing which path the provers have chosen, and declares that they expect to see the provers appear on path B.
As shown, the provers do appear on path B, but what if this is just a coincidence?
It is also possible that the provers chose path B by luck when they left and got stuck at the gate because they didn’t know the password.
So, we need multiple trials to determine the validity of the test.
If the prover can appear on the correct path every time, then the prover can indeed prove that he knows the password without revealing it to the verifier.
How is zero-knowledge proof applied in blockchains?
Many blockchain-based technologies are using Zk-Snarks. in fact, ethereum plans to introduce Zk-Snarks in the metropolis phase and add it to ethereum’s feature library.
Zk-Snarks stands for “Zero-Knowledge Concise Non-Interactive Knowledge Authentication,” a type of zero-knowledge proof that proves certain data operations without revealing the data itself.
The above can be used to generate a proof by creating a simple snapshot of each transaction to verify its validity.
This is sufficient to prove the validity of a transaction to the recipient of the message without revealing the substance of the transaction.
This achieves both:
Achieves transaction integrity and privacy. Achieves abstraction of the system. The system is very easy to use since there is no need to show how the whole transaction works internally. So, these are some of the important cryptographic functions used by the blockchain. Now, let’s observe its second pillar, economics.
As mentioned in the opening paragraph, the difference between blockchain and other decentralized peer-to-peer systems is that it gives users financial and economic incentives to get something done.
Like other solid economic systems, we all need incentives and rewards to get people to do the work.
Likewise, if miners behave unethically or don’t do their jobs, then penalties should be applied to the miners.
Next, let’s look at how the blockchain incorporates all the basic principles of economics.
Must Read: Cryptocurrency Gaming:
Blockchain uses the following two incentive combinations:
The first incentive combination:
Tokens: cryptocurrencies are distributed as rewards to participants who are active and contribute to the blockchain. Privileges: Participants are given the right to make decisions, which will give them the right to collect rent. For example, miners who mine a new block can become the interim decision makers of the new block, will briefly be the dictator of the new block, and will have the right to decide which transactions to add to it. They can charge a fee for all transactions included in the block.
The second incentive combination:
Reward: Good participants can receive a monetary reward or be given decision-making power for doing their job. Penalty: bad participants must pay a monetary penalty or lose rights for doing evil.
How do cryptocurrencies realize value?
Cryptocurrencies have value for much the same reason as ordinary money, namely based on trust. When people trust a commodity and assign a value to it, it becomes a currency.
This is why fiat currencies and gold had value in the first place. Thus, when a given good has a given value, the value changes in response to supply and demand. Supply and demand is the oldest rule in economics.
What is supply and demand?
This is the supply and demand curve, one of the most common graphs in economics.
As shown above, the demand for a commodity is inversely related to the supply. The intersection of the two curves isThe point of equilibrium, and the sweet spot you want to reach.
So, let’s use this logic to look at cryptocurrencies, like Bitcoin.
The total number of bitcoins issued is fixed at 21 million. This is the market value of all bitcoins. Since the total amount is fixed, then there are a few things that must be considered when it comes to the supply of bitcoins.
First, some rules need to be put in place to make bitcoin mining progressively more difficult. Otherwise, miners will mine indiscriminately, mining out the remaining bitcoins and putting them on the market, thus reducing the overall value.
To ensure that miners don’t immediately mine all the remaining bitcoins, we need to employ the following:
First, a new block is added to the chain every 10 minutes, and each block added is rewarded with 25 bitcoins. The time interval must be fixed to ensure that miners do not keep adding blocks to the chain irregularly. Second, the Bitcoin protocol requires that the difficulty value must be constantly increased. As mentioned earlier, the hash value of a block and its nonce value need to fall below a certain value during the mining process. This value is called the “difficulty level” and usually starts with a number of zeros. As the difficulty level increases, the number of zeros also increases. “With the above two methods, the mining process becomes very professional and involves a lot of investment. The whole process ensures that the supply of all bitcoins on the market can be verified.
This also applies to other cryptocurrencies that are based on proof-of-work mechanisms.
There are many factors that determine the demand for cryptocurrencies:
What kind of history does the currency have? Has it been hacked recently? Is it able to produce results consistently? What is the strength of the development team behind it? Does it have the potential to get better? How strong is the publicity?
All of these factors determine how “hot” the currency is. The result is that the value fluctuates around the demand.
Game theory in the blockchain
So how does a disorderly, decentralized peer-to-peer system maintain its integrity? Miners have a lot of power and can easily do evil and get away with it. This is where previous attempts to build decentralized systems have failed.
After all, the users are humans, and humans have a tendency to do evil. So how do you build a decentralized system with human integrity? The answer lies in one of the most basic economic concepts: game theory.
Game theory is essentially the study of strategic decision making. At its core, it is about making decisions that are in your best interest and remembering your opponent’s decisions. One of the most fundamental concepts in game theory is the “Nash equilibrium.
Nash equilibrium is a state of affairs. In this state, the strategy of each participant is the optimal response to the strategies of the other participants. No one participant can increase the payoff by changing strategies alone. Let’s observe an example of a Nash equilibrium.
is shown in the table above, which we will call the “payoff matrix”. The numbers in the above table represent the number of benefits that the participants receive for taking (or not taking) action. Let’s analyze them one by one:
Suppose A takes action:
Then if B also takes action, the gain will be 4; otherwise, the gain will be 0. Therefore, the best strategy for B is to take action.
If A does not take action:
then if B does not take action, the gain will be 0; otherwise, the gain is 4.
Therefore, we can conclude that the best strategy for B is to take action, regardless of A’s choice. Now, in the same way, let’s observe what the best strategy for A is.
If B takes action:
If A does not take action, the gain will be 0; otherwise, the gain will be 4. Then, the best strategy for A is to take action.”
The best strategy for A is to take action.
If B does not take action:
If A does not take action, the gain will be 0; otherwise, the gain will be 4. Then, the best strategy for A is to take action, regardless of B’s choice.
Therefore, we can conclude that the best strategy for both A and B is to take action.
Thus the Nash equilibrium is:
-when both A and B take action-
So how does the blockchain use the Nash equilibrium? Because the chain itself is in a self-imposing Nash equilibrium, it is no exaggeration to say that the blockchain is real and the miners can maintain integrity.
Let’s take an example:
As shown above, the blue blocks 1, 2 and 3 are part of the main chain. Now, suppose a malicious miner mines a 2A block and attempts to satisfy his financial gain with a hard fork.
So what is used to stop other miners from joining him and mining behind the new block?
Actually, miners have a very difficult but quick identification rule, which is that any block mining on an invalid block is deemed invalid.
Therefore, other miners can simply ignore the invalid block and continue mining on the old chain.
Remember, all currencies are built on trust and perceived value. So why would anyone waste so many resources on a block whose validity can’t be confirmed?
Now you have to think about this: what if a lot of miners decide to join a new mining group and mine on its new blocks. The problem with this is that the blockchain network is a huge and widely distributed network, and it’s almost infeasible to communicate and collaborate in it.
Most miners will only choose the path that maximizes their returns, and because of this, the Nash equilibrium of the main chain is achieved.
The penalty in the blockchain
is like any other efficient economic system, there should be both positive and negative incentives. How is the penalty implemented in a game theory model? Imagine a payoffA matrix in which the benefits for the participants are high is also very high in terms of its impact on society. For example:
Suppose there are two people, A and B, who are both about to commit a crime. Now, according to the payoff matrix, when they commit a crime, they both have high payoffs. Therefore their Nash equilibrium point is that they both go on to commit crimes.
While this makes logical sense, it can have very bad social implications. Humans are mostly driven by personal greed, not altruism.
If this is true, then the world will become a very bad place. So how has humanity responded? The answer is to introduce a punishment mechanism.
Suppose we have a system where every time a public facility with a -0.5 factor is taken from the public, a penalty of -5 factors is recorded accordingly for anyone who commits a crime.
So, let’s add the penalty factor to the above payoff matrix and observe the change in the table below:
As shown in the table above, the payoff changes dramatically. The Nash equilibrium becomes (1,1) and not committing a crime is the optimal strategy.
Now, the punishment is costly, but society loses a 0.5 factor of public facilities after all.
So what motivates society to join this punishment game? The answer to this question is to make punishment mandatory for everyone, i.e., anyone who does not participate in the punishment game will also be punished.
Say, for example, a police force funded by taxes. The police may punish criminals, but the loss of public facilities is taken from the public in the form of taxes.
Anyone who participates in the game but doesn’t pay taxes is considered a criminal and is punished.
In the blockchain, any miner who does not follow the rules and mines illegally will be punished. They will be stripped of their privileges and risk social exclusion.
This penalty will become even more severe once proof-of-stake is adopted (more on that later). By using a simple game theory and penalty system, miners will be able to maintain their integrity.
More motivation for miners
When a miner(s) succeeds in mining a block, they become the interim decision maker for that block.
“They have full jurisdiction, whether it’s choosing which transactions to put in the block or increasing the speed of that transaction.”
They can charge a fee for included transactions. This is an incentive for miners because they get an additional financial reward in addition to the reward for mining a new block (the new block reward is 25 BTC for Bitcoin and 5 ETH for Ether).
To make the system fair, and also to ensure that not the same miners mine a new block and receive a reward each time, the system adjusts the difficulty level of mining in stages.
This ensures that the miners who dig a new block are completely random. In the long run, mining is a zero-sum game; in other words, the profit miners get by mining new blocks will eventually be adjusted according to the cost of mining.
However, a proof-of-work system is vulnerable to a special type of attack called “P+Epsilon attack”. In order to understand how this attack works, we must define the following terms in advance.
Non-collaborative choice model: In a non-coordinated choice model, all participants are not motivated to cooperate with others.
A group of participants may form, but at no time will the group be large enough to constitute a majority.
Collaborative choice model: In this model, all participants collaborate for a common incentive.
Now, suppose the blockchain is a non-coordinated choice model, but what if there is an incentive for miners to act to compromise the integrity of the blockchain?
What if bribes can be used to get miners to take a particular action? The bribery attacker model is invoked at this point.
Now, suppose the blockchain is an uncoordinated choice model, but what if there is an incentive for miners to act to compromise the integrity of the blockchain?
What if bribes can be used to get miners to take a particular action? The bribery attacker model is invoked at this point.
What is the bribe attacker model?
is like an uncoordinated choice model. Now, suppose an attacker enters the system and bribes the miners to collaborate with each other, what then?” The new model of
is the bribe attacker model. In order to successfully bribe the system, the attacker must have the following two resources:
Budget: the total amount of cash the attacker is willing to pay to the miners to perform a particular action Cost: the amount actually paid to the miners in the end. However, if an attacker decides to launch an attack on the blockchain, we get an interesting puzzle …. , at which point the “P+Epsilon attack” occurs.
We can refer to the following diagram:
Image courtesy: Vitalik Buterin Presentation. If people vote for someone and vote for the same person as everyone else, then they gain, otherwise they don’t.
Then imagine that a bribe taker accesses the system and makes the rules for a particular individual.
If you vote when no one else does, then you get a gain of “P + ε”. In addition to the normal gain P, there is an additional bribe gain ε.
So now, the gain matrix looks like this:
Image courtesy: Vitalik Buterin Presentation. “Now imagine this scenario where everyone in the game knows that assuming they vote, then all have the potential to gain, but asIf they don’t vote, then there is only a 50% probability of getting a gain.
What do you think the participants will do? Of course, they will vote to ensure a gain. This is where it gets interesting. As shown in the matrix, the bribers only pay a fee “ε” when someone votes and others do not.
However, in this case, because everyone voted, the Nash equilibrium point shifts to:
Yes, none of the bribers have to pay the bribe!
So let’s look at this from the bribers’ perspective:
Convince the group to vote a certain way. No bribe payment is required to achieve the goal.
This is a huge win-win situation for the bribers, and at the same time, it has significant implications for the blockchain, especially in proof-of-work based systems. Let’s take the previous virtual blockchain and put it to the test again:
Assuming that the bribers really want to hard fork the blockchain and at the same time announce a bribe fee for those miners who choose to join the new chain ε, this would incentivize the entire community of miners to collaborate and join the new chain.
Obviously, this would require an extremely high bribe fee to achieve the above scenario, but as we saw in the bribe attack model above, the attacker would not even have to give that amount.
According to Vitalik Buterin, this is one of the biggest problems with proof-of-work systems, namely their vulnerability to “P+Epsilon attacks.” The
solution lies in proof-of-stake
proof-of-stake mechanism is a solution to this type of incentive-driven attack. In this type of system, miners are required to withdraw a percentage of their private wealth and invest it in future blocks.
This would be a better economic system because of the harsher penalties involved. Miners would face the possibility of having their rights and wealth stripped away.
Instead of just being stripped of their rights or getting away with it after being blamed, as was the case before.
So, how does this combat the “P+Epsilon attack”? Let’s say you are a miner and you have a portion of your wealth invested in a block that is about to be added to the main chain.
Now comes a briber to tell you that you are able to get an additional gain if you add the block to the main chain.”
“Now comes a briber to tell you that you are able to get an additional gain if you add the block to the main chain.
However, if the new chain is not confirmed, then you run a high risk of losing all the money you have invested in the block. In addition, as described in the “P+Epsilon attack”, you won’t get additional revenue from the bribers.
It is obvious to a miner that once they have invested an interest, they will continue to work on the main chain and not participate in the evil.
As you can see, cryptography and economics have come together in a very wonderful and complex way to create blockchain technology.
The growth it has experienced in the last few years is incredible. In the future, it will become even more powerful and more widely used.