a primer on economics for cryptocurrencies
play

A Primer on Economics for Cryptocurrencies School on Security & - PowerPoint PPT Presentation

Feb 17, 2024 •177 likes •657 views

A Primer on Economics for Cryptocurrencies School on Security & Privacy for Blockchains and Distributed Ledger Technologies Rainer Bhme Motivation We have tried quite some time ago to explain Bitcoin to economists: Bhme, R.,

  1. A Primer on Economics for Cryptocurrencies School on Security & Privacy for Blockchains and Distributed Ledger Technologies Rainer Böhme

  2. Motivation We have tried – quite some time ago – to explain Bitcoin to economists: • Böhme, R., Christin, N., Edelman, B., and Moore, T. Bitcoin: Economics, Technology, and Governance. Journal of Economic Perspectives , 29, 2 (2015), 213–238 • Today I am trying to do the opposite. Rainer Böhme, Vienna, 2 September 2019 4

  3. Outline 1. Rational Agents and Adversaries 2. Efficient Markets 3. Market Concentration Rainer Böhme, Vienna, 2 September 2019 6

  4. Economics predict behavior model Illustration: xkcd.com Rainer Böhme, Vienna, 2 September 2019 7

  5. Game Theory A mathematical approach to model strategic behavior Interpretation as generalizations of . . . a. Probability theory – replace uncertainty with rationality assumption b. Optimization – objective function anticipates optimal response Mechanism design (MD) “Reverse game theory”: define payouts to incentivize intended behavior The protocol is the mechanism. Users are agents – “players”. Rainer Böhme, Vienna, 2 September 2019 9

  6. Classification of Security Games Attacker vs Defender • for security investment and tactics • often zero sum Defender vs Defender • for security policy • often non-zero sum • attackers are “nature”, i. e., stochastic but not strategic Attacker vs Protocol Designer (less common) • “rational” protocol design inspired from “rational cryptography” • defenders are “nature” Garay, J. et al. Rational Protocol Design: Cryptography Against Incentive-driven Adversaries , 2013. Rainer Böhme, Vienna, 2 September 2019 11

  7. Weak Identities Games without central identity provider: Douceur, J. R. The Sybil Attack. In P . Druschel, F . Kaashoek und A. Rowstron (eds.), Peer-to-peer Systems . LNCS 2429, Springer, Berlin Heidelberg, 2002, 251–260. Rainer Böhme, Vienna, 2 September 2019 12

  8. Weak Identities Games without central identity provider: Douceur, J. R. The Sybil Attack. In P . Druschel, F . Kaashoek und A. Rowstron (eds.), Peer-to-peer Systems . LNCS 2429, Springer, Berlin Heidelberg, 2002, 251–260. Rainer Böhme, Vienna, 2 September 2019 12

  9. Weak Identities Games without central identity provider: Douceur, J. R. The Sybil Attack. In P . Druschel, F . Kaashoek und A. Rowstron (eds.), Peer-to-peer Systems . LNCS 2429, Springer, Berlin Heidelberg, 2002, 251–260. Rainer Böhme, Vienna, 2 September 2019 12

  10. Behavior-regulating Assumptions Building a bridge between distributed systems and economics: strong identities distributed systems textbook economics “Byzantine” rational blockchain systems weak identities Rainer Böhme, Vienna, 2 September 2019 13

  11. Principles of Economics Rational choice • Autonomous decision makers – agents – take actions to maximize their objective function – utility. u i ( a i ) Externality • Actions taken by one agent affect the utility of other agents. u j ( . . . , a i , . . . ) Social welfare – protocol objective • Global outcome from all local decisions. � u i ( . . . , a i , . . . ) i Rainer Böhme, Vienna, 2 September 2019 14

  12. Types of Goods Excludable Non-excludable (access control) Rivalrous Private good Common good (externality) blockchain read access Non-rivalrous Club good Public good Rainer Böhme, Vienna, 2 September 2019 15

  13. Technology Stack weak identities Pseudonyms (public keys) Execution Application environment State machine Ledger Consensus protocol Infrastructure Network weak identities · · · Nodes · · · (IP hosts) Rainer Böhme, Vienna, 2 September 2019 16

  14. Public Blockchains Need Cryptocurrencies A public distributed ledger has characteristics of a public good . • Cost: maintenance, in particular proof-of-work, born by nodes • Benefit: depends on application, enjoyed by pseudonyms • Mismatch in value, time, and parties ! Cross-layer incentive mechanism Blockchain systems need a payment method, so that pseudonyms can pay nodes. T wo common schemes (also in combination): 1. Money creation (“minting”) → all accounts pay by devaluation 2. Transaction tax (“fee”) → individuals pay for write access Note: Minting is often prescribed in the protocol, while fees are set (in principle) by market mechanisms at runtime. Rainer Böhme, Vienna, 2 September 2019 17

  15. Bitcoin Minting Rewards Nodes pay pseudonyms for the provision of a public good upper bound of money supply: 21 million BTC | | | 6.25 Bitcoin in circulation | 12.5 25 BTC/block | 50 BTC/block Blocks 0 210 K 420 K 630 K 840 K 1050 K 1260 K Time 2009 2013 2017 2021 2025 2029 2033 Rainer Böhme, Vienna, 2 September 2019 18

  16. Different Roles of Network Participants Satoshi’s likely working assumption network relay saver miner receiving paying party party Rainer Böhme, Vienna, 2 September 2019 19

  17. Different Roles of Network Participants Specialization in the real world wallets & pool network exchanges operators relay saver miner receiving paying party party payment services Rainer Böhme, Vienna, 2 September 2019 19

  18. The Enemy of Decentralization Proof-of-work Economies of scale force to concentration “fair” share of block rewards total cost progressive output fraction of mining cost The area under the diagonal (progressive) is not achievable with weak identities . Rainer Böhme, Vienna, 2 September 2019 20

  19. Incentive Compatibility w ( P ) > w ( P ) + s ( P ) (1) ∞ ∞ � E [ w t ( P )] δ t − t 0 > � � � δ t − t 0 w t ( P ) E (2) t = t 0 t = t 0 u P ( w ( P )) − c ( P ) > u P ( w ( P )) − c ( P ) + s ( P ) (3) P follow protocol w wealth in protocol coins P worst of all other actions (attacks) u utility, reflecting real-world preferences c cost in units of utility discount factor < 1, e.g., δ = . 97 δ s side-payment (“bribe”, in varying units) Rainer Böhme, Vienna, 2 September 2019 21

  20. The Fallacy’s Origin “The incentive may help encourage nodes to stay honest. If a greedy attacker is able to assemble more CPU power than all the honest nodes, he would have to choose between using it to defraud people [ . . . ], or using it to generate new coins. He ought to find it more profitable to play by the rules, [. . . ] than to undermine the system and the validity of his own wealth.” Satoshi Nakamoto 2008, p. 4 Rainer Böhme, Vienna, 2 September 2019 22

  21. Fallacy Continued “[I]n in our PoS based protocol, malicious slot leaders [ . . . ] not only risk to forego any potential profit they would earn from behaving honestly but may also risk to lose equity. Notice that slot leaders must have money invested in the system in order to be able to generate blocks and if an attack against the system is observed it might bring currency value down. [ . . . ] Currently our rationality model does not formally encompass this attack strategy [ . . . ].” A. Kiayias et al. CRYPTO 2017 (Ouroboros), p. 47 Rainer Böhme, Vienna, 2 September 2019 23

  22. Behavior-regulating Assumptions Building a bridge between distributed systems and economics: “Byzantine” rational attackers with payments and contracts Rainer Böhme, Vienna, 2 September 2019 25

  23. Secure Capacity Under the Longest Chain Rule λ bribe loading > 1 r block reward to miner (against one type of economic attack ⇒ lower bound) v double-spendable value v 0 v 1 v k . . . r 0 r 1 r k . . . 1’ k’ k+1’ Security condition: k − 6 k � � λ ( 1 + k − 1 ) v k < r i i = 1 i = 1 Bonneau, J. Why Buy When You Can Rent? FC Workshops, 2016; Gervais, A. et al. On the Security and Performance of Proof of Work Blockchains . ACM CCS, 2016; Budish, E. The Economic Limits of Bitcoin and the Blockchain . 2018; Auer, R. Beyond the Doomsday Economics of “Proof-of- Work” in Cryptocurrencies . BIS, 2019. (and others) Rainer Böhme, Vienna, 2 September 2019 27

  24. Types of Goods Excludable Non-excludable (access control) blockchain secure capacity Rivalrous Private good Common good (externality) Non-rivalrous Club good Public good Rainer Böhme, Vienna, 2 September 2019 28

  25. Outline 1. Rational Agents and Adversaries 2. Efficient Markets 3. Market Concentration Rainer Böhme, Vienna, 2 September 2019 29

  26. Motivation 28 October 2016: Zcash launched Source: coinwarz.com, accessed on 23 January 2017 Rainer Böhme, Vienna, 2 September 2019 30

  27. Mining Resource Allocation as a Game T wo chains with compatible proof-of-work puzzles and fixed solving capacity: Chain A Chain B expected utility 1 per period expected utility δ < 1 per period Player i allocates mining power a i ∈ [ 0 , 1 ] . Player i allocates mining power 1 − a i . Payoff function for two homogeneous and risk neutral miners i and ¬ i δ · ( 1 − a i ) a i y i = + a i + a ¬ i ( 1 − a i ) + ( 1 − a ¬ i ) utility = return in fiat currency; expectations over realizations of r. v. and in anticipation of difficulty adjustments Rainer Böhme, Vienna, 2 September 2019 31

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

A Primer on Asymptotics Eric Zivot Department of Economics University of Washington September

A Primer on Asymptotics Eric Zivot Department of Economics University of Washington September

A Primer on Asymptotics Eric Zivot Department of Economics University of Washington September 30, 2003 Revised: January 7, 2013 1 Introduction The two main concepts in asymptotic theory covered in these notes are Consistency

514 views • 34 slides
Attacks on Mining Protocol Yujin Kwon KAIST 2018.03.22 1 Cryptocurrencies Cryptocurrencies

Attacks on Mining Protocol Yujin Kwon KAIST 2018.03.22 1 Cryptocurrencies Cryptocurrencies

Attacks on Mining Protocol Yujin Kwon KAIST 2018.03.22 1 Cryptocurrencies Cryptocurrencies Increa rease! se! Cryptocurrencies Increa rease! se! 1 BTC $8.5K 1 ETH $180 Proof-of-Work Mining They use blockcha kchain to run

992 views • 64 slides
Table S2. Gene-specific PCR primer pairs for all validated SBSs. Forward primer Reverse primer

Table S2. Gene-specific PCR primer pairs for all validated SBSs. Forward primer Reverse primer

Table S2. Gene-specific PCR primer pairs for all validated SBSs. Forward primer Reverse primer Gene Name Aaed1 CGAAGCCTATAGGTGGCATT CCTAGCTTTCTGCCAAGGAG Aarsd1 GCCTCCCTTAGAGGCTTTTC CTGTGGCCCTTACCTGAATG Abcg3 CAGAGTGGGGTGACAGTTCC

91 views • 5 slides
A Primer on Relativity and CANDI Presentation to OMA Council, October 21, 2018 Presented by

A Primer on Relativity and CANDI Presentation to OMA Council, October 21, 2018 Presented by

A Primer on Relativity and CANDI Presentation to OMA Council, October 21, 2018 Presented by Jasmin Kantarevic, OMA Economics, Policy and Research 1 Overview 1. Overview of relativity and OMA past initiatives 2. Primer on CANDI More

155 views • 15 slides
Welcome and First Lecture Department of Government London School of Economics and Political

Welcome and First Lecture Department of Government London School of Economics and Political

Background/Context Experimental Primer Introductions Administrative Stuff Welcome and First Lecture Department of Government London School of Economics and Political Science Background/Context Experimental Primer Introductions

949 views • 71 slides
Environmental Law Primer Adapted from Vermont Law Schools Environmental Law Primer for

Environmental Law Primer Adapted from Vermont Law Schools Environmental Law Primer for

Environmental Law Primer Adapted from Vermont Law Schools Environmental Law Primer for Journalists General Categories Command and Control Liability Disclosure Ecosystem and Place-based Programs Marketable Permits,

426 views • 14 slides
Intro to Cryptography and Cryptocurrencies Cryptographic Hash Functions Hash Pointers and

Intro to Cryptography and Cryptocurrencies Cryptographic Hash Functions Hash Pointers and

Cryptocurrency Technologies Cryptography and Cryptocurrencies Intro to Cryptography and Cryptocurrencies Cryptographic Hash Functions Hash Pointers and Data Structures Block Chains Merkle Trees Digital Signatures Public

489 views • 27 slides
Feasibility of Cryptocurrencies on Mobile devices Anas Younis &amp; Sander Lentink University of

Feasibility of Cryptocurrencies on Mobile devices Anas Younis &amp; Sander Lentink University of

Feasibility of Cryptocurrencies on Mobile devices Anas Younis &amp; Sander Lentink University of Amsterdam MSc System and Network Engineering RP1 06-02-2018 1 Disclaimer Assumed knowledge; Cryptocurrencies The principle of

618 views • 28 slides
Incentives in cryptocurrencies Joseph Bonneau Recap: Bitcoin miners Bitcoin depends on miners to:

Incentives in cryptocurrencies Joseph Bonneau Recap: Bitcoin miners Bitcoin depends on miners to:

ECRYPT Workshop on Cryptocurrencies Incentives in cryptocurrencies Joseph Bonneau Recap: Bitcoin miners Bitcoin depends on miners to: Store and broadcast the block chain Validate new transactions Vote (by hash power) on consensus

939 views • 68 slides
Cryptocurrencies Outline and Distributed Electronic payments Consensus Secure transactions

Cryptocurrencies Outline and Distributed Electronic payments Consensus Secure transactions

Cryptocurrencies and Distributed Consensus May 2019 Cryptocurrencies Outline and Distributed Electronic payments Consensus Secure transactions Secure execution: contracts PROF. DR. IR. BART PRENEEL COSIC KU LEUVEN, BELGIUM AND IMEC

248 views • 21 slides
Cryptocurrencies bitcoin, blockchain &amp; beyond Roger Wattenhofer ETH Zurich Distributed

Cryptocurrencies bitcoin, blockchain &amp; beyond Roger Wattenhofer ETH Zurich Distributed

Cryptocurrencies bitcoin, blockchain &amp; beyond Roger Wattenhofer ETH Zurich Distributed Computing Group Cryptocurrencies What is Bitcoin? = + + Technology The Bank of Bitcoin The Bank of Bitcoin User Balance A 2 B 5 C 8

1.25k views • 104 slides
Cryptocurrencies Dr. Mohammad Abu Omar Head of CIS Department Faculty of Technology Al-Quds

Cryptocurrencies Dr. Mohammad Abu Omar Head of CIS Department Faculty of Technology Al-Quds

Information Technology behinds the Cryptocurrencies Dr. Mohammad Abu Omar Head of CIS Department Faculty of Technology Al-Quds Open University Nov.29.2018 Information Technology is behind the Cryptocurrencies In the previous era, no one can

326 views • 14 slides
My Kitchen Table PCR Sophomore Year of High School PCR Primer Primer-Defined Changes to the PCR

My Kitchen Table PCR Sophomore Year of High School PCR Primer Primer-Defined Changes to the PCR

My Kitchen Table PCR Sophomore Year of High School PCR Primer Primer-Defined Changes to the PCR Copies + Copying DNA with Polymerase Chain Reaction Creating the Chromophore Colorwheel Chromophore ConservedSimilarDivergent Acropora

692 views • 43 slides
Green Mining: toward a less energe1c impact of cryptocurrencies

Green Mining: toward a less energe1c impact of cryptocurrencies

Green Mining: toward a less energe1c impact of cryptocurrencies Philippe Jacquet (Nokia Bell Labs) Bernard Mans (Macquarie University) Cryblock Infocom 2019

197 views • 19 slides
Impact Fee Primer Impact Fee Primer James B. Duncan, FAICP President Duncan Associates

Impact Fee Primer Impact Fee Primer James B. Duncan, FAICP President Duncan Associates

Impact Fee Primer Impact Fee Primer James B. Duncan, FAICP President Duncan Associates Austin, TX Arthur C. Nelson, Ph.D., FAICP Presidential Professor University of Utah, Salt Lake City, UT Carson Bise, AICP President

320 views • 6 slides
Who Am I? Secure Identity Registration on Distributed Ledgers Sarah Azouvi Mustafa Al-Bassam

Who Am I? Secure Identity Registration on Distributed Ledgers Sarah Azouvi Mustafa Al-Bassam

Who Am I? Secure Identity Registration on Distributed Ledgers Sarah Azouvi Mustafa Al-Bassam Sarah Meiklejohn (University College London) 1 Cryptocurrencies 2 Cryptocurrencies Pseudonyms 2 Cryptocurrencies Pseudonyms tx(pk A pk B ) 2

719 views • 43 slides
Second Generation Model-based Testing Provably Strong Testing Methods for the Certification of

Second Generation Model-based Testing Provably Strong Testing Methods for the Certification of

CyPhyAssure Spring School Second Generation Model-based Testing Provably Strong Testing Methods for the Certification of Autonomous Systems Part II of III Provably Strong Testing Methods for Autonomous Systems Jan Peleska University of Bremen

634 views • 51 slides
Infinite disorder renormalization fixed point: the big picture and one specific result

Infinite disorder renormalization fixed point: the big picture and one specific result

Infinite disorder renormalization fixed point: the big picture and one specific result Giambattista Giacomin Universit e Paris Diderot and Laboratoire Probabilit es, Statistiques et Mod elisation November 23 rd 2018 Second part (on the

700 views • 59 slides
Object Contour Tracking Using Multi-feature Fusion based Particle Filter Xiaofeng Lu [1][3] , Li

Object Contour Tracking Using Multi-feature Fusion based Particle Filter Xiaofeng Lu [1][3] , Li

Object Contour Tracking Using Multi-feature Fusion based Particle Filter Xiaofeng Lu [1][3] , Li Song [1][2] , Songyu Yu [1] , Nam Ling [2] [1] Institute of Image Communication and Information Processing, SJTU, China. [2] Department of Computer

502 views • 20 slides
CSCI 3210: Computational Game Theory Market Equilibria: An Algorithmic Perspective Ref: Ch 5

CSCI 3210: Computational Game Theory Market Equilibria: An Algorithmic Perspective Ref: Ch 5

4/5/18 CSCI 3210: Computational Game Theory Market Equilibria: An Algorithmic Perspective Ref: Ch 5 [AGT] Ch 7 [Kleinberg-Tardos] Mohammad T . Irfan Email: mirfan@bowdoin.edu Web: www.bowdoin.edu/~mirfan Many of the slides are adapted from

790 views • 42 slides
Diffractive production of mesons Rainer Schicker Phys. Inst., Heidelberg may 29, 2014 Rainer

Diffractive production of mesons Rainer Schicker Phys. Inst., Heidelberg may 29, 2014 Rainer

Introduction to Diffraction Diffraction in Regge phenomenology - QCD Interest in Central Diffraction Experimental results from COMP Diffractive production of mesons Rainer Schicker Phys. Inst., Heidelberg may 29, 2014 Rainer Schicker

433 views • 26 slides
Mannheim Medical Technology Cluster Dr. Elmar Bourdon Head of Healthcare Industry, City of

Mannheim Medical Technology Cluster Dr. Elmar Bourdon Head of Healthcare Industry, City of

15.07.2019 Mannheim Medical Technology Cluster Dr. Elmar Bourdon Head of Healthcare Industry, City of Mannheim Head of Project MMT-Campus PREMIUM HIGHWAY ACCESS PREMIUM HIGHSPEED-TRAIN ACCESS 0:31h ICE to FRA AIRPORT 2:58h ICE to MUNICH

275 views • 8 slides
Full-speed ahead all-electric proton EDM ring Richard Talman Laboratory for Elementary-Particle

Full-speed ahead all-electric proton EDM ring Richard Talman Laboratory for Elementary-Particle

1 Full-speed ahead all-electric proton EDM ring Richard Talman Laboratory for Elementary-Particle Physics Cornell University 15 January, 2018, Juelich 2 Outline Extending historical force field symmetry studies Experiments that could not

854 views • 39 slides
(Typed) -Calculi ` a la de Bruijn Fairouz Kamareddine (Heriot-Watt University) Tuesday 17

(Typed) -Calculi ` a la de Bruijn Fairouz Kamareddine (Heriot-Watt University) Tuesday 17

(Typed) -Calculi ` a la de Bruijn Fairouz Kamareddine (Heriot-Watt University) Tuesday 17 April 2014 Beihang-17-april-2014 De Bruijns typed -calculi started with his Automath In 1967, an internationally renowned mathematician called

1.49k views • 87 slides

More recommend