Cryptoeconomics is the study of mechanism design using cryptographically secure incentive distribution. It is based on principles of cryptography and economics. The cryptography in these systems makes the P2P communication inside the network secure, and the political economy is used to incentivize contributors in the network. Thus, the network can develop over time.
Before the advent of Bitcoin, it was believed that it was not possible to establish Byzantine fault tolerance and attack resistant accord among nodes in a P2P network. This drawback was resolved in the Bitcoin study printed in 2008. However, blockchain was not the first time that a decentralized peer-to-peer system was used. Kazaa and BitTorrent were created before Bitcoin, but they lacked the incentive layer for coordination of the network participants.
In a torrent system, a file can be shared within a decentralized network. The idea was that people would download the files and share the file with others to download. The whole plan worked on the honour system. It was not practical as without economic incentives no one would keep seeding a file which used up space in their computers.
Cryptoeconomics rests on two pillars-
The blockchain is different from other decentralized peer-to-peer systems as it provides financial and economic incentives to get some work done. In a stable economic system, there should be rewards for getting the work done and also a punishment system for those who do not act ethically.
Active participants get rewarded with cryptocurrencies for their efforts. Miners who mine a new block become the temporary decision makers of the block and decide which transaction go in.
Why do Cryptocurrencies have value?
Cryptocurrencies have value as they have been trusted with value. In the manner, fiat and gold have value, as they have been trusted as a commodity. The value changes in accordance with demand and supply.
Demand and Supply
The demand for a commodity is inversely proportional to its supply. The coordinate where the graphs meet is the equilibrium.
Bitcoin has a fixed supply of 21 million. Consequently, several things need to be considered regarding the supply of Bitcoin. Thus, it should be progressively harder to mine Bitcoin. In case these steps are not taken miners will indiscriminately pump Bitcoins and decrease its worth. As a result, a new block is added to the chain only at the interval of 10 mins which is rewarded by 25 bitcoins.
The time is fixed to ensure that miners don’t add blocks indiscriminately. Secondly, the Bitcoin protocol constantly increases the difficulty level. The nonce along with hash needs to be less than the “ difficulty level”. It usually comes with a number of zeroes. With an increase in difficulty level, the number of zeroes increases as well. Thus, the supply of Bitcoins is kept in check.
Game theory in Blockchain
An unregulated system like Blockchain is prone to crimes. In order to ensure the system is honest and transparent, the concept of “ Nash Equilibrium” is used.
A Nash equilibrium is a condition where an entity utilizes the most optimal strategy keeping in mind the actions of the other party. The other party cannot gain anything by changing their approach.
|B Takes Action||B Doesn’t take Action|
|A takes Action||(4,4)||(4,0)|
|A Doesn’t take Action||(0,4)||(0,0)|
The table is called a “Payoff Matrix”. The numbers symbolize the payoff a person will get for taking actions.
If A Takes Action-
In case A takes action, B obtains a payoff of 4 if B also takes action. B has 0 payoffs for no action. The ideal strategy for B is to take action.
If A Doesn’t take Action-
In case A doesn’t take action, B has a payoff of 4 for taking action and 0 for not taking action. Irrespective of A’s actions B’s optimal strategy is to take action.
If B takes Action-
If B takes action A has a payoff of 0 for not taking action and 4 for taking action. The best strategy for A is to take action.
If B doesn’t take Action-
In case B doesn’t take action A has a payoff of 0 for inaction and 4 for taking action. Regardless of what B does, A’s best strategy is to take action.
The best way for A and B both is to take action.
In the above blockchain, if a malicious miner mines a block 2A and attempts a hard fork for personal gains, he will be left empty-handed. The miners will ignore the new block and mine on the old chain. Moreover, mining is an expensive process. It is not practical that anyone will waste resources on a block that is invalid. Also, due to the vast network of the blockchain, a coordinated attack is next to impossible. Thus, most miners will take a path where they obtain maximum payoff. As a result, the Nash equilibrium of the chain is maintained.
Punishment in Blockchain
In an economic system, the good actions are rewarded similarly negative actions should be punished. Let us examine a payoff matrix where the payoff for the participants is high.
|B doesn’t commit crime||B commits a crime|
|A doesn’t commit a crime||(1,1)||(1,4)|
|A commits crime||(4,1)||(4,4)|
If there are two people A and B and they are both about to commit a crime. According to the matrix, the payoff is higher when both of them commit a crime. But, this has a bad implication on society. Thus the society introduced the concept of punishment. The addition of punishment factor changes the table.
|B doesn’t commit crime||B commits crime|
|A doesn’t commit crime||(1,1)||(1,-1)|
|A commits crime||(-1,1)||(-1,-1)|
The payoffs change drastically as Nash equilibrium changes to (1,1). A utility of -0.5 is taken from society. Anyone who doesn’t join the punishment game is also punished. The police can punish the criminals, but taxes are taken from the public. Anyone who doesn’t pay the tax is punished accordingly.
In a blockchain, miners who mine illegal blocks are punished, and their privileges are taken away. The punishment is more severe when proof-of-stake is involved. Thus, by simple game theory and punishment system, the equilibrium of the system is maintained.
Incentives for Miners
When a miner mines a block successfully, he becomes the temporary dictator of the block. It is entirely under his control to decide which transactions go in the block and also the speed of the decided transactions. To include the transactions, a transaction fee is charged. This leads to miners being incentivized as they acquire additional financial awards. This is in addition to the gains from mining block. In order to make the system fair and ensure that not the same miners mine new blocks and collect rewards each time, the mining difficulty is adjusted periodically. Miners who get to mine a new block is completely random. It can be said that mining is a zero sum gain as the profits from mining a new block get adjusted because of the costs of mining.
Bribing Attacker Model
In an uncoordinated model, if the attacker enters the system and bribes the miners to coordinate with each other, it is known as the bribing attacker model.
However, if the attacker decides to attack the blockchain, the “ p+epsilion attack” comes into action.
|You vote 0||You vote 1|
|Others vote 0||P||0|
|Others vote 1||0||P|
In a simple election, if people vote for a particular person, they get a payoff, but otherwise, they don’t. In the event, when briber enters a system and lays a condition if you vote and the other don’t vote you get a payoff of “P+e”, the payoff matrix looks like this:
|You vote 0||You vote 1|
|Others vote 0||P||P+e|
|Others vote 1||0||P|
In case everyone votes, they might get a payoff. If they don’t vote there is a 50-50 chance of acquiring a payoff. Now, the players will vote to get a guaranteed payoff. The briber needs to only pay “e” when the person votes and others don’t.
The Nash equilibrium shifts to-:
|You vote 0||You vote 1|
|Others vote 0||P||P+e|
|Others vote 1||0||P|
The briber doesn’t even need to pay the bribe. This is a win-win situation for the briber as he convinced the group and didn’t even have to pay the bribe.
If the briber attempts a hard fork and declares a bribe of “e” for joining the chain, it will incentivize the entire mining community to join the chain. In the bribing attacker model, the attacker won’t even need to pay the bribe. Thus the proof-of-work system is susceptible to P+epsilon attack.
In the proof-of-stake system, miners have to put a portion of their fortune and then invest in blocks. It is much better than punishment as there is a risk of losing personal fortunes. If you have invested inside a block to be added in the main chain and a briber assures you of extra payoff, then there is a huge risk of the block not being approved. Consequently, you could lose all the money. There would be no extra payoff as you don’t get the bribe.
Blockchain technology uses cryptographical functions for its operations. The main functions which run the blockchain are-:
- Rules of Consensus
- Zero-knowledge Proof
Hashing involves taking out an input string of any length and providing an input of fixed length.SHA-256 is used by Bitcoin to take an input string of any length and giving out a hash of 256 bits.
A cryptographic hash function will have the following properties-
Puzzle Friendly: For every input x and hash output Y. It is difficult to find a value k, which gives h (k|x) = Y.
Deterministic: An input A will always give the same output, irrespective of the number of times it is passed through the same function.
Quick Computation: A function should give the hash of an input as quickly as possible.
Pre-Image resistance: If the output of a hash function is h(A), then its input A should be infeasible to determine.
Collision resistance: If there are two inputs A and B and their hash outputs are h(A) and h(B), then it should be infeasible for h(A)=h(B)
Small changes: A minor change in the input should drastically change the output.
The cryptographic hash functions help with security and mining in the blockchain.
The important data structures used in blockchain are linked lists and hash pointers. Linked lists are blocks of data connected one after another. In a blockchain, every block in the list points to other via a hash pointer. The hash pointer comprises not only the address of other variables but also the hash of the data in that variable.
Blockchain and Immutability
In the above diagram if someone tampers with the data in block 1, then according to properties of a cryptographic hash function, the output hash will drastically change. It would subsequently lead to change in all hash outputs. This would freeze the chain which is impossible, and the chain is rendered tamper-proof. Moreover, each block also has its own Merkle root. If the transactions are to be stored linearly, it would require a painstaking effort to go through all transactions to find a particular one.
In a Merkle tree, all the individual transactions are distilled into one root by hashing. If someone wants to access a particular data in a block, they can simply navigate using the hashes in Merkle tree to acquire the data.
To mine new blocks hashing is critical. A difficulty level is set, after that, a random string called “nonce” is attached to the hash of the new block, and it is hashed again. It is checked if it is less than the difficulty level or not. In case, it is less than the new block it is added to the chain and reward is given to the miner. If it is not less than the difficulty, the miner keeps changing the nonce and waits for the value less than the difficulty.
Rules of Consensus
A significant drawback of distributed computing is attaining overall system response. It requires entities to agree on the same price which is required throughout the computation. The protocols needed to reach consensus might fail or may be unreliable in different ways. Thus the protocols should be fault tolerant, collusion and attack resistant.
The five major rules of consensus are-:
Proof of Work(PoW)
The bitcoin blockchain creates a national economy where the ability to participate is solely dependent on Proof of Work(PoW). This is done to obtain a reward. If you pay cash and play true to the foundations, a refund is acquired. In case you cheat, you lose. This is the basis of Bitcoin’s accord rules.
The term “ Proof of Work” was formalized in a paper by Markus Jacobson and Ari Juels. A key feature of the schemes was asymmetry. The work should be moderately laborious for the requester yet simple for the service supplier.
Proof of Stake (PoS)
Proof of stake chooses the creator of new block depending on the coins held. This is also known as stake. In a PoS system, there is no block reward, so the miners take the transaction fees. The first digital currency to use PoS was Peercoin, together with ShadowCash, Nxt, BlackCoin, NuShares/NuBits, Qora and Nav Coin.
The Ethereum community wanted to do a hard fork of Ethereum to transition from PoW to PoS. In a distributed consensus-based on the proof of Work miners require a lot of energy. One Bitcoin transaction uses the same amount of electricity needed to power 1.57 American households. Since the energy costs are paid in fiat currencies, it would lead to a constant pressure on the digital currency value.
Experts argued that Bitcoin transactions would consume exorbitant amounts of electricity. Ethereum community wants to utilize proof of stake for a cheaper and viable distributed form of consensus.
Delegated Proof of Stake
DPoS exploits a naming system and a time period to attain consensus. Trust must be established with all members eligible to form blocks and eliminate non-trusted parties form collaborating. The parties accountable for making blocks, the delegates cannot alter group action details. Yet, they can stop certain transactions from being enclosed in the next block. However, any group action which is not enclosed in the block can result in the future block being double the scale.
This prevents intent to bound transactions or blocks being created within the assigned fundamental measure. Community members of the DPoS-capable currencies can vote to remove a person as a delegate altogether.
Proof of Burn
Proof of burn follows the principle of “burning” or destroying coins held by miners which grant them mining rights. The power of the miner is determined by the number of coins he burns. In order to burn the coins, the miner sends them to a valid but un-spendable address.
Thus, not many resources are consumed other than the burned coins, and the network remains active. Miners can burn the native currency or currency of an alternative chain. They receive a reward in tokens.
The POB has implemented a mechanism that promotes only periodic burning of coins in order to maintain mining power. The power of burnt coins reduces partially each time a new block is mined. This prevents any undue advantages for early adopters.
Proof of Authority (PoA)
In PoA based network, transactions and blocks are verified by approved accounts, known as validators. Validators have automated software which allows them to put transactions in blocks. Thus the validators need not constantly monitor their computers. With PoA individuals thus earn the right to become validators, thus there is an incentive to retain the position they have gained.
PoA can be a viable option as compared to PoS and PoW. In PoS, the stake between two parties is even, but it does not take into account the total holdings of both the parties. It means the incentives can be unbalanced. PoW uses exorbitant computing power, which lowers the incentives. Moreover, it is prone to a 51% attack. However, PoA allows non-consecutive block approval from a validator thus the risk is centralised to authority node. Thus it is suitable for both private and public networks.
One of the most important tools in cryptography are signatures. In cryptography, they verify the signatures and provide verification. Thus we can say the cryptographic signature is unforgeable. However, in the real world, the signatures are prone to forging, and they cannot be verified using simple visual aids. Cryptography realises this issue by using the concept of public and private key.
Suppose there are two people Alex and Roy. If Alex wants to send some confidential data, Roy needs to authenticate the data if it actually came from Alex. This is achieved by using Alan’s public and private key.
If Alex sends a message”m”. Alex has a private key KA and a public key KB. When he sends the message, he encrypts the message with his private key, so the message becomes KA-. When Tyrone receives the message, he retrieves the message using Alex’s public key and obtains the original message”m”.If the message is decrypted using Alex’s public key, it is verified that Alex sent the message.
If someone else intercepts the message and sends his own message with his private key, Alex’s public key cannot decrypt it. Alex’s public key can only decrypt messages encrypted with his private key. Thus they keys are unforgeable.
In case Alex says he didn’t get the message, yet Roy can decrypt the message using Alan’s public key, it shows that Alan is lying. Thus, he can’t take back the message and blame anyone else. Thus the keys are non-repudiable.
If Alex sends a transaction “m” to Roy, he will hash the function and then encrypt it using his private key. Roy decrypts the message using Alex’s public key and compares the hashes of both. Thus, Roy can determine the transaction and ensure that no malpractice was involved.
Zero Knowledge Proofs
Using ZKP a person A can prove to a person B, that possess the knowledge of a particular piece of information without explicitly telling them what the information is. A is the prover and B is the verifier. It is of extreme importance in cryptography, as it provides an extra layer of privacy for the prover.
In the diagram, the prover (P) tells the verifier that they know the password of the secret door. The prover wants to prove this without actually telling them the password. The prover goes down any path A and B. Suppose path A is taken, the verifier comes with no knowledge of the path the prover actually took. The verifier declares that the prover appears from B. The prover can come from path B as is shown in the diagram. However, it can be sheer luck also. Thus, the experiment is done multiple times. In case the prover can choose the correct path every time, it is proved to the verifier that password is known to the prover, even if the verifier doesn’t know the actual password.
ZKP and Blockchain
Many blockchain based technologies and cryptocurrencies like Monero and Zcash are utilising ZK-snarks(Zero-Knowledge Succinct Non-Interactive Argument of Knowledge” ). It proves a computational fact about the data without actually revealing the data. A simple snapshot of each transaction is enough to prove that the transaction was done without revealing the transaction. Thus the privacy and integrity of transaction are maintained. The system maintains abstraction which makes it much simpler to use.
Cryptography and economics have combined in an interesting manner for the creation of blockchain technology. Blockchain has varied applications and organisations are tapping its prowess for efficient and transparent systems. The growth blockchain technology has witnessed will continue for the years to come and will radically transform the technological landscape.