But Why Does It Work? A Rational Protocol Design Treatment of Bitcoin

Christian Badertscher; Juan Garay; Ueli Maurer; Daniel Tschudi; Vasileios Zikas

doi:10.1007/978-3-319-78375-8_2

But Why Does It Work? A Rational Protocol Design Treatment of Bitcoin

Christian Badertscher, Juan Garay, Ueli Maurer, Daniel Tschudi, Vasileios Zikas

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Abstract

An exciting recent line of work has focused on formally investigating the core cryptographic assumptions underlying the security of Bitcoin. In a nutshell, these works conclude that Bitcoin is secure if and only if the majority of the mining power is honest. Despite their great impact, however, these works do not address an incisive question asked by positivists and Bitcoin critics, which is fuelled by the fact that Bitcoin indeed works in reality: Why should the real-world system adhere to these assumptions?

In this work we employ the machinery from the Rational Protocol Design (RPD) framework by Garay et al. [FOCS 2013] to analyze Bitcoin and address questions such as the above. We show that under the natural class of incentives for the miners’ behavior—i.e., rewarding them for adding blocks to the blockchain but having them pay for mining—we can reserve the honest majority assumption as a fallback, or even, depending on the application, completely replace it by the assumption that the miners aim to maximize their revenue.

Our results underscore the appropriateness of RPD as a “rational cryptography” framework for analyzing Bitcoin. Along the way, we devise significant extensions to the original RPD machinery that broaden its applicability to cryptocurrencies, which may be of independent interest.

Original language	English
Title of host publication	Advances in Cryptology – EUROCRYPT 2018
Publisher	Springer
Pages	34-65
Number of pages	32
ISBN (Electronic)	978-3-319-78375-8
ISBN (Print)	978-3-319-78374-1
DOIs	https://doi.org/10.1007/978-3-319-78375-8_2
Publication status	Published - 31 Mar 2018
Event	EUROCRYPT 2018 - Tel Aviv, Israel Duration: 29 Apr 2018 → 3 May 2018 https://eurocrypt.iacr.org/2018/

Publication series

Name	Lecture Notes in Computer Science (LNCS)
Publisher	Springer, Cham
Volume	10821
ISSN (Print)	0302-9743
ISSN (Electronic)	1611-3349

Conference

Conference	EUROCRYPT 2018
Abbreviated title	EUROCRYPT 2018
Country/Territory	Israel
City	Tel Aviv
Period	29/04/18 → 3/05/18
Internet address	https://eurocrypt.iacr.org/2018/

Access to Document

10.1007/978-3-319-78375-8_2

Vassilis Zikas
- School of Informatics - UoE Honorary staff
Person: Affiliated Independent Researcher

Cite this

@inproceedings{22fbef3f0888479f871d030f2fa8a434,

title = "But Why Does It Work? A Rational Protocol Design Treatment of Bitcoin",

abstract = "An exciting recent line of work has focused on formally investigating the core cryptographic assumptions underlying the security of Bitcoin. In a nutshell, these works conclude that Bitcoin is secure if and only if the majority of the mining power is honest. Despite their great impact, however, these works do not address an incisive question asked by positivists and Bitcoin critics, which is fuelled by the fact that Bitcoin indeed works in reality: Why should the real-world system adhere to these assumptions?In this work we employ the machinery from the Rational Protocol Design (RPD) framework by Garay et al. [FOCS 2013] to analyze Bitcoin and address questions such as the above. We show that under the natural class of incentives for the miners{\textquoteright} behavior—i.e., rewarding them for adding blocks to the blockchain but having them pay for mining—we can reserve the honest majority assumption as a fallback, or even, depending on the application, completely replace it by the assumption that the miners aim to maximize their revenue.Our results underscore the appropriateness of RPD as a “rational cryptography” framework for analyzing Bitcoin. Along the way, we devise significant extensions to the original RPD machinery that broaden its applicability to cryptocurrencies, which may be of independent interest.",

author = "Christian Badertscher and Juan Garay and Ueli Maurer and Daniel Tschudi and Vasileios Zikas",

year = "2018",

month = mar,

day = "31",

doi = "10.1007/978-3-319-78375-8_2",

language = "English",

isbn = "978-3-319-78374-1",

series = "Lecture Notes in Computer Science (LNCS)",

publisher = "Springer",

pages = "34--65",

booktitle = "Advances in Cryptology – EUROCRYPT 2018",

note = "EUROCRYPT 2018, EUROCRYPT 2018 ; Conference date: 29-04-2018 Through 03-05-2018",

url = "https://eurocrypt.iacr.org/2018/",

}

TY - GEN

T1 - But Why Does It Work? A Rational Protocol Design Treatment of Bitcoin

AU - Badertscher, Christian

AU - Garay, Juan

AU - Maurer, Ueli

AU - Tschudi, Daniel

AU - Zikas, Vasileios

PY - 2018/3/31

Y1 - 2018/3/31

N2 - An exciting recent line of work has focused on formally investigating the core cryptographic assumptions underlying the security of Bitcoin. In a nutshell, these works conclude that Bitcoin is secure if and only if the majority of the mining power is honest. Despite their great impact, however, these works do not address an incisive question asked by positivists and Bitcoin critics, which is fuelled by the fact that Bitcoin indeed works in reality: Why should the real-world system adhere to these assumptions?In this work we employ the machinery from the Rational Protocol Design (RPD) framework by Garay et al. [FOCS 2013] to analyze Bitcoin and address questions such as the above. We show that under the natural class of incentives for the miners’ behavior—i.e., rewarding them for adding blocks to the blockchain but having them pay for mining—we can reserve the honest majority assumption as a fallback, or even, depending on the application, completely replace it by the assumption that the miners aim to maximize their revenue.Our results underscore the appropriateness of RPD as a “rational cryptography” framework for analyzing Bitcoin. Along the way, we devise significant extensions to the original RPD machinery that broaden its applicability to cryptocurrencies, which may be of independent interest.

AB - An exciting recent line of work has focused on formally investigating the core cryptographic assumptions underlying the security of Bitcoin. In a nutshell, these works conclude that Bitcoin is secure if and only if the majority of the mining power is honest. Despite their great impact, however, these works do not address an incisive question asked by positivists and Bitcoin critics, which is fuelled by the fact that Bitcoin indeed works in reality: Why should the real-world system adhere to these assumptions?In this work we employ the machinery from the Rational Protocol Design (RPD) framework by Garay et al. [FOCS 2013] to analyze Bitcoin and address questions such as the above. We show that under the natural class of incentives for the miners’ behavior—i.e., rewarding them for adding blocks to the blockchain but having them pay for mining—we can reserve the honest majority assumption as a fallback, or even, depending on the application, completely replace it by the assumption that the miners aim to maximize their revenue.Our results underscore the appropriateness of RPD as a “rational cryptography” framework for analyzing Bitcoin. Along the way, we devise significant extensions to the original RPD machinery that broaden its applicability to cryptocurrencies, which may be of independent interest.

U2 - 10.1007/978-3-319-78375-8_2

DO - 10.1007/978-3-319-78375-8_2

M3 - Conference contribution

SN - 978-3-319-78374-1

T3 - Lecture Notes in Computer Science (LNCS)

SP - 34

EP - 65

BT - Advances in Cryptology – EUROCRYPT 2018

PB - Springer

T2 - EUROCRYPT 2018

Y2 - 29 April 2018 through 3 May 2018

ER -

But Why Does It Work? A Rational Protocol Design Treatment of Bitcoin

Abstract

Publication series

Conference

Access to Document

Fingerprint

Profiles

Vassilis Zikas

Cite this