Recently, a dire prediction came out from a couple of computer science researchers about bitcoin's security. Game theory says 'We're all Doomed' or so they claim.
This is eerily similar to what happened when game theory was first applied to the study of nuclear war. Early researchers modeled nuclear war as a winner take all game. In this story, once a nuke drops, one of players is erased from the map. Game over for them. If you face certain and immediate obliteration, the only workable strategy turns out to be a pre-emptive strike. The CIA found this quite alarming!
Later, as the study of games became more advanced, the model was tweaked to add a bit of realism. Instead of obliterating the enemy, the nuke just harms them and they have an opportunity to strike back in the next round. With this simple twist, the game becomes like "Groundhog Day"; there is never any end to it.
When we play a game over and over again new kinds of strategies emerge. The most familiar one is tit for tat retaliation. "If I got nuked last year, I'll nuke back this year. If I didn't get nuked, then I won't nuke back this year." This strategy is both familiar in everyday life and famous in theory. That's because it works. Under tit for tat, you can avoid getting nuked by maintaining an arsenal, but never using it.
Okay, so what about bitcoin. The authors of "Majority is not enough..." analyze bitcoin as a static one-off game just like early researchers considering nuclear war. Unsurprisingly, they issue dire predictions. In their one-off world, there is never any way of retaliating against bad actors. Players just pick between "attack" and "honest." It should be no surprise that the unconditional pacifist strategy is never successful. Indeed, always attack is the only possible equilibrium in a one-off setting. Most people can see this intuitively, even if they have never studied game theory.
Let's add in some realism. In particular, let's think about mining every day instead of just as a one-off event. This allows for retaliation. Suppose instead we play, "if some anonymous guy fucked us by playing selfish yesterday, then we will also play selfish because it makes no sense to keep getting fucked." and "if no one played selfish yesterday, then we will play honest."
This strategy (where we condition actions on previous play) is an [i]incentive compatible subgame perfect nash equilibrium[/i]. Yes, you heard it, the authors' claimed key contribution is erroneous and stems from a fundamental and elementary misunderstanding of game theory. Cooperation is sustainable as long as we retaliate against the bad guys.
Now, wait you say, we don't know who the bad guys are. How can we retaliate? This is the magic point. We don't need to know who the bad guys are to hurt them. If 25% of hashing power is doing selfish mining, we may not know who the bad guys are, but we do know that they own an ASIC (unless you think 25% of ASICs can be simultaneously liquidated within a single day at fair market value). The ASIC they own is valuable. When we play selfish, we turn into a paperweight. And that is how retaliation works. Players respond to selfish play by turning selfish and this causes all ASIC owners to take capital losses. The market value of their equipment depreciates with bitcoin prices. Ownership of ASICs means that miners cannot help but have a permanent stake in the system.
Now, wait you say, this will also hurt innocent players who were not involved in the attack. Even though retaliation harms innocent people, it is still the best option for people who have been attacked. War hurts innocent people. But fighting back is the only possible equilibrium response after an attack occurs (one can set a threshold for a response, but there's always a tipping point where rational people have had enough and choose to fight back.)
Okay, so let's review and make things more concrete. Let's see. Say there is some consensus threshold for a 'successful attack.' You can ask Gavin exactly what the threshold is. Maybe we'd allow him to determine this. I would guess it is around the level that makes a short-term attack earn positive profit.
Consider a miner's options:
If I join an attack and the attack succeeds, tomorrow and the day after that and possibly for all days following we will have selfish mining. Should I care? Yes, today, my ASIC is expensive. Not worth a day of profits, if tomorrow all I have left are a day's worth of selfish mining income in USD and a brand new paperweight.
If I join an attack and the attack fails, then tomorrow we will still have happy days, but I will not have gained any short-term profit from participation. In fact I will have lost revenue. So clearly this is also a no go.
That leaves us with the last option: honest mining. Assume that everyone else approached the problem like me. You can see by reading most comments that they do (even if they don't formally understand why).
If I do not join an attack, then I will earn a fair profit and, as long as everyone else has approached the problem rationally, then tomorrow we will have more happy days of honest mining. And the next day too and the day after...
So what's my dominant strategy? Be honest until someone attacks me and then retaliate as necessary. There are many different sustainable ways of organizing retaliation besides tit for tat. Norms on how to retaliate vary across societies. I trust that the community, and Gavin in particular, could make reasonable judgements on this front. And that is all we need to succeed.
tl;dr bitcoin only has to worry about terrorists; rational miners will never attack, ever*. *(as long as there is modest mining reward)
If you'd like to see some math on this topic, then check out: http://www.scribd.com/doc/182399858/Cunicula-s-game-theory-primer-pdf
PS. I could use help on the authors' site, hackingdistributed.com
The author is aware of my critique, but is refusing to respond. In fact, he deleted the link to my pdf the first time I posted it. As a community, I'd appreciate help in demanding a response from him. Go to the blog and ask questions about how repeated play and retaliation affect his results. When you see these questions, upvote them.
If the community will not help, then I will have to go the long route of posting a formal academic comment on arxiv. This is time consuming. Because I am an economist, arxiv has no positive benefits for my reputation or career. I'm asking for some help so that we can get this addressed in the media and blogosphere without a prolonged academic back and forth.
With Bitcoin, the cost of switching is marginal; existing infrastructure would need only minor adjustments to support alternatives. I think the focus on Bitcoin’s internal incentive structure needs to be directed outward. cunicula says: November 12, 2013 at 2:47 am. By the way, sorry for accidently posting twice. Also, I am a hothead and Joint post with Andrew Miller, University of Maryland.. Bitcoin is broken, claims a new paper by Cornell researchers Ittay Eyal and Emin Gun Sirer. No it isn’t, respond Bitcoiners.Yes it is, say the authors. Our own Ed Felten weighed in with a detailed analysis, refuting the paper’s claim that a coalition of “selfish miners” will grow in size until it controls the whole currency. Cunicula为计算机科学家们准备的博弈论初级读物 屈兆翔 2013-11-16 09:36 发布在 比特币 22908 摘要：最近，有两个不称职的计算机科学家发表了一份叫做《获得大多数人支持仍然不够：比特币挖矿容易受到攻击》的白皮书。 Proof-of-stake (of the "Cunicula variety", I mean) is in fact arguably already an example of such a task. It feels awfully expensive, to a miner, to save up a lot of bitcoins and become a big stakeholder; but from a whole-economy viewpoint, this is a swapping of assets' ownership labels around, it's not a burning of electricity or the like. Bitcoin is the first and most popular decentralized cryptocurrency to date. In this work, we extract and analyze the core of the Bitcoin protocol, which we term the Bitcoin backbone, and prove two
Gentem, esse nascimento é mais do que especial é o nascimento da minha coelha a qual fiz inseminação artificial e deu certo, 29 dias depois da inseminação na... Text: Aieressera, oì Nanninè, me ne sagliette, tu saie addò tu saie addò Addò 'stu core 'ngrato cchiù dispietto Farme nun pò! Addò lo fuoco coce, ma si fuie te lassa sta! E nun te corre ...