IACR News item: 16 July 2015
Loi Luu, Jason Teutsch, Raghav Kulkarni, Prateek Saxena
ePrint Reportcomputational devices that maintain the robutness and correctness of the
computation done in the network. Cryptocurrency protocols, including Bitcoin and the
more recent Ethereum system, offer an additional feature that allows
currency users to specify a ``script\'\' or contract which is executed
collectively (via a consensus protocol) by the network. This feature
can be used for many new applications of cryptocurrencies
beyond simple cash transaction. Indeed, several efforts to develop decentralized applications
are underway and recent experimental efforts have proposed to port a
Linux OS to such a decentralized computational platform.
In this work, we study the security of computations on a cryptocurrency
network. We explain why the correctness of such computations is susceptible to
attacks that both waste network resources of honest miners as well as lead to
incorrect results. The essence of our arguments stems from a deeper
understanding of the incentive-incompatibility of maintaining a correct
blockchain. We explain this via a ill-fated choice called the {\\em verifier\'s
dilemma}, which suggests that rational miners are well-incentivized to accept
an unvalidated blockchain as correct, especially in next-generation
cryptocurrencies such as Ethereum that are Turing-complete. To explain which
classes of computation can be computed securely, we formulate a model of
computation we call the consensus verifiability. We propose a solution that
reduces the adversary\'s advantage substantially, thereby achieving near-ideal
incentive-compatibility for executing and verifying computation in our
consensus verifiability model. We further propose two different but
complementary approaches to implement our solution in real cryptocurrency
networks like Ethereum. We show the feasibility of such approaches for a set of
practical outsourced computation tasks as case studies.
Additional news items may be found on the IACR news page.