Optimal Strategic Mining Against Cryptographic Self-Selection in Proof-of-Stake
Authors: 
Matheus V.X. Ferreira, Ye Lin Sally Hahn, S. Matthew Weinberg, Catherine YuAuthors Info & Claims
Matheus V.X. Ferreira, Ye Lin Sally Hahn, S. Matthew Weinberg, Catherine YuAuthors Info & ClaimsPages 89 - 114
Abstract
Cryptographic Self-Selection is a subroutine used to select a leader for modern proof-of-stake consensus protocols. In cryptographic self-selection, each round r has a seed Qr. In round r, each account owner is asked to digitally sign Qr, hash their digital signature to produce a credential, and then broadcast this credential to the entire network. A publicly-known function scores each credential in a manner so that the distribution of the lowest scoring credential is identical to the distribution of stake owned by each account. The user who broadcasts the lowest-scoring credential is the leader for round r, and their credential becomes the seed Qr+1. Such protocols leave open the possibility of manipulation: a user who owns multiple accounts that each produce low-scoring credentials in round r can selectively choose which ones to broadcast in order to influence the seed for round r+1. Indeed, the user can pre-compute their credentials for round r+1 for each potential seed, and broadcast only the credential (among those with low enough score to be leader) that produces the most favorable seed.
We consider an adversary who wishes to maximize the expected fraction of rounds in which an account they own is the leader. We show such an adversary always benefits from deviating from the intended protocol, regardless of the fraction of the stake controlled. We characterize the optimal strategy; first by proving the existence of optimal positive recurrent strategies whenever the adversary owns last than 3-5/2 ~38% of the stake. Then, we provide a Markov Decision Process formulation to compute the optimal strategy.
References
[1]
2021. URL https://ccaf.io/cbeci/index. Accessed: 2022--1--10.
[2]
N. Arnosti and S. M. Weinberg. Bitcoin: A natural oligopoly. Management Science, 2022.
[3]
J. Brown-Cohen, A. Narayanan, A. Psomas, and S. M. Weinberg. Formal barriers to longest-chain proof-of-stake protocols. In Proceedings of the 2019 ACM Conference on Economics and Computation, pages 459--473, 2019.
[4]
C. Cachin, K. Kursawe, F. Petzold, and V. Shoup. Secure and efficient asynchronous broadcast protocols. In Annual International Cryptology Conference, pages 524--541. Springer, 2001.
[5]
M. Carlsten, H. Kalodner, S. M. Weinberg, and A. Narayanan. On the instability of bitcoin without the block reward. In Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security, pages 154--167, 2016.
[6]
J. Chen and S. Micali. Algorand: A secure and efficient distributed ledger. Theoretical Computer Science, 777: 155--183, 2019.
[7]
I. Eyal and E. G. Sirer. Majority is not enough: Bitcoin mining is vulnerable. In International conference on financial cryptography and data security, pages 436--454. Springer, 2014.
[8]
M. V. Ferreira and S. M. Weinberg. Proof-of-stake mining games with perfect randomness. In Proceedings of the 22nd ACM Conference on Economics and Computation, pages 433--453, 2021.
[9]
M. V. Ferreira, D. J. Moroz, D. C. Parkes, and M. Stern. Dynamic posted-price mechanisms for the blockchain transaction-fee market. In Proceedings of the 3rd ACM Conference on Advances in Financial Technologies, pages 86--99, 2021.
[10]
Y. Gilad, R. Hemo, S. Micali, G. Vlachos, and N. Zeldovich. Algorand: Scaling byzantine agreements for cryptocurrencies. In Proceedings of the 26th symposium on operating systems principles, pages 51--68, 2017.
[11]
K. Karantias, A. Kiayias, and D. Zindros. Proof-of-burn. In International conference on financial cryptography and data security, pages 523--540. Springer, 2020.
[12]
Peralta, and Booth]kelsey2019referenceJ. Kelsey, L. T. Brand ao, R. Peralta, and H. Booth. A reference for randomness beacons: Format and protocol version 2. Technical report, National Institute of Standards and Technology, 2019.
[13]
A. Kiayias, A. Russell, B. David, and R. Oliynykov. Ouroboros: A provably secure proof-of-stake blockchain protocol. In Annual international cryptology conference, pages 357--388. Springer, 2017.
[14]
S. Micali, M. Rabin, and S. Vadhan. Verifiable random functions. In 40th annual symposium on foundations of computer science (cat. No. 99CB37039), pages 120--130. IEEE, 1999.
[15]
S. Nakamoto. Bitcoin: A peer-to-peer electronic cash system. Decentralized Business Review, page 21260, 2008.
[16]
M. O. Rabin. Transaction protection by beacons. Journal of Computer and System Sciences, 27 (2): 256--267, 1983.
[17]
L. Ren and S. Devadas. Proof of space from stacked expanders. In Theory of Cryptography Conference, pages 262--285. Springer, 2016.
[18]
T. Roughgarden. Transaction fee mechanism design. ACM SIGecom Exchanges, 19 (1): 52--55, 2021.
[19]
A. Sapirshtein, Y. Sompolinsky, and A. Zohar. Optimal selfish mining strategies in bitcoin. In International Conference on Financial Cryptography and Data Security, pages 515--532. Springer, 2016.
[20]
H. W. Watson and F. Galton. On the probability of the extinction of families. The Journal of the Anthropological Institute of Great Britain and Ireland, 4: 138--144, 1875.
Index Terms
- Optimal Strategic Mining Against Cryptographic Self-Selection in Proof-of-Stake
Recommendations
Proof-of-Stake Mining Games with Perfect Randomness
EC '21: Proceedings of the 22nd ACM Conference on Economics and ComputationProof-of-Stake blockchains based on a longest-chain consensus protocol are an attractive energy-friendly alternative to the Proof-of-Work paradigm. However, formal barriers to "getting the incentives right" were recently discovered, driven by the desire ...
Proof-of-stake at stake: predatory, destructive attack on PoS cryptocurrencies
CryBlock '20: Proceedings of the 3rd Workshop on Cryptocurrencies and Blockchains for Distributed SystemsThere have been several 51% attacks on Proof-of-Work (PoW) blockchains recently, including Verge and GameCredits, but the most noteworthy has been the attack that saw hackers make off with up to $18 million after a successful double-spend was executed ...
Proof-of-Stake Longest Chain Protocols: Security vs Predictability
ConsensusDay '22: Proceedings of the 2022 ACM Workshop on Developments in ConsensusThe Nakamoto longest chain protocol is remarkably simple and has been proven to provide security against any adversary with less than 50% of the total hashing power. Proof-of-stake (PoS) protocols are an energy efficient alternative; however existing ...
Comments
Information & Contributors
Information
Published In
July 2022
1269 pages
ISBN:9781450391504
DOI:10.1145/3490486
- General Chair:
- David M. Pennock,
- Program Chairs:
- Ilya Segal,
- Sven Seuken
Copyright © 2022 ACM.
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].
Sponsors
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
Published: 13 July 2022
Check for updates
Author Tags
Qualifiers
- Research-article
Conference
EC '22
Sponsor:
Acceptance Rates
Overall Acceptance Rate 664 of 2,389 submissions, 28%
Contributors
Other Metrics
Bibliometrics & Citations
Bibliometrics
Article Metrics
- 0Total Citations
- 141Total Downloads
- Downloads (Last 12 months)32
- Downloads (Last 6 weeks)5
Reflects downloads up to 09 Nov 2024
Other Metrics
Citations
Cited By
View allView Options
Get Access
Login options
Check if you have access through your login credentials or your institution to get full access on this article.
Sign in