International Association for Cryptologic Research

International Association
for Cryptologic Research

IACR News item: 16 July 2015

Loi Luu, Jason Teutsch, Raghav Kulkarni, Prateek Saxena
ePrint Report ePrint Report
Bitcoin and similar cryptocurrencies are a massive network of

computational devices that maintain the robutness and correctness of the

computation done in the network. Cryptocurrency protocols, including Bitcoin and the

more recent Ethereum system, offer an additional feature that allows

currency users to specify a ``script\'\' or contract which is executed

collectively (via a consensus protocol) by the network. This feature

can be used for many new applications of cryptocurrencies

beyond simple cash transaction. Indeed, several efforts to develop decentralized applications

are underway and recent experimental efforts have proposed to port a

Linux OS to such a decentralized computational platform.

In this work, we study the security of computations on a cryptocurrency

network. We explain why the correctness of such computations is susceptible to

attacks that both waste network resources of honest miners as well as lead to

incorrect results. The essence of our arguments stems from a deeper

understanding of the incentive-incompatibility of maintaining a correct

blockchain. We explain this via a ill-fated choice called the {\\em verifier\'s

dilemma}, which suggests that rational miners are well-incentivized to accept

an unvalidated blockchain as correct, especially in next-generation

cryptocurrencies such as Ethereum that are Turing-complete. To explain which

classes of computation can be computed securely, we formulate a model of

computation we call the consensus verifiability. We propose a solution that

reduces the adversary\'s advantage substantially, thereby achieving near-ideal

incentive-compatibility for executing and verifying computation in our

consensus verifiability model. We further propose two different but

complementary approaches to implement our solution in real cryptocurrency

networks like Ethereum. We show the feasibility of such approaches for a set of

practical outsourced computation tasks as case studies.

Expand

Additional news items may be found on the IACR news page.