What is Cryptoeconomics? Ethereum community developer Vlad Zamfir explains:

“This is an independent discipline that looks at the protocols in a decentralised digital economy that are used to manage the production, distribution and consumption of goods and services. It is also a practical science that focuses on how these protocols are designed and defined.”

Blockchain technology is based on the theory of cryptoeconomics.

Let’s break this concept down. Cryptoeconomics comes from two words: Cryptography and Economics. What is often overlooked is the “economics” component that gives blockchain its uniqueness. Blockchain is not the first technology to use decentralized peer-to-peer systems; torrent sites have long used the technology for file-sharing. In a sense, however, it was a failure.

1

Why is peer-to-peer file sharing a failure?

In a Torrent system, anyone can share files through a decentralized network. The idea is that each downloader keeps a seed (uploading downloaded data) for others in the network while downloading. The problem is that the logic of the system is based on the honor system. If you download a file, the system expects you to provide the seed as well. But in the absence of financial incentives, it seems pointless to keep uploading the seed, especially if it takes up more storage space on your computer.

2

Satoshi Nakamoto and blockchain technology

In October 2008, Satoshi Nakamoto (an anonymous man, woman, or organization) published a paper that laid the foundation for the subsequent development of Bitcoin. This paper will shake the foundation of the online community, because for the first time ever, we have a working model based on the economics of cryptography. Unlike the previous peer-to-peer decentralized system, people now have a financial incentive to “play by the rules.” Not only that, but the real genius of blockchain technology is that it overcomes the Byzantine general problem and creates a perfect consensus system (see below).

3

The crypto economics of Bitcoin

So what are the properties of cryptocurrencies like Bitcoin, which are based on the theory of cryptoeconomics?

Let’s go through them all:

  • It’s a currency based on blockchain technology. Each block contains the hash of the previous block, forming a continuous chain.

  • Each block contains multiple transactions.

  • Newly generated transactions update the specific state of all blocks. For example, if A has 50 bitcoins and wants to send 20 of them to B, the new state will show that A has only 30 bitcoins left and B has 20 new bitcoins.

  • Blockchain must be immutable. It is only possible to add blocks, not to tamper with old blocks.

  • Only valid transactions are allowed.

  • Blockchains should be downloadable, making it easy for anyone, anywhere, to access and query a particular transaction.

  • If a high enough transaction fee is paid, transactions can be quickly added to the blockchain.

As the name suggests, crypto economics has two pillars:

  • cryptography

  • economics

Several cryptographic functions are used in the operation of blockchain technology. Let’s take a look at some of the main functions.

4

cryptography

Several cryptographic functions are used in the operation of blockchain technology. Let’s take a look at some of the main functions:

  • The hash algorithm

  • The signature

  • Proof of work

  • Zero knowledge proof

5

The hash algorithm

In short, a hash algorithm maps a string of arbitrary length to a shorter string of fixed length. Bitcoin uses the SHA-256 digest algorithm to produce 256bit output for any length of input. So, what are the applications of hashing algorithms in cryptocurrencies?

  • Encrypting hash functions

  • The data structure

  • dig

6

Encrypting hash functions

An encrypted hash function has the following properties:

  • Deterministic: Input the same A will always yield the same output H (A) no matter how many times it is parsed in the same hash function.

  • Efficient computation: The process of calculating the hash value is efficient.

  • Antigen image attack (occult) : For A given output h(A), it is computationally infeasible to inversely derive input A.

  • Collision resistance (weak collision resistance) : For any given A and B, it is computationally infeasible to find B where B≠A and h(A)=h(B).

  • Subtle change effect: Any subtle change in the input can have a dramatic effect on the output of the hash function.

  • Puzzle friendly: for any given Hash code in terms of x, Y, and the input value to find a satisfy h (k) | x = Y k value is not feasible in the calculation.

Cryptographic hash functions are a huge help for blockchain security and mining.

7

The data structure

There are two types of data structures that are important to understanding blockchain: linked lists and hash Pointers.

  • Linked lists: Linked lists are blocks of data that are connected in sequence, as shown below:

Each block in the linked list has a pointer to another block.

  • Pointers: Pointers are variables that contain the addresses of other variables. Thus, as the name suggests, a pointer is a variable that points to another variable.

  • Hash pointer: HASH pointer not only has the address of the other variable, but also the hash value of the data in that variable. So how does this help blockchain?

The composition of blockchain is shown below:

A blockchain is essentially a linked list in which each new block contains a hash pointer. The pointer points to the hash of the previous block and all the data it contains. This gives blockchain the great property of immutability.

8

How does blockchain achieve its immodification?

Suppose in the diagram above, someone tries to tamper with the data in block 1. Keep in mind that an important property of cryptographic hash functions is that any slight change in the input can dramatically affect the output of the hash function.

Then, even if someone tried to rewrite the data in block 1 slightly, it would cause a huge change in the hash value of block 1 stored in block 2. This, in turn, causes the hash value of block 2 to change, which in turn affects the hash value stored in block 3. And so on, and eventually the whole blockchain changes. It’s almost impossible to modify data by freezing the entire chain. Because of this, blockchains are considered immutable.

Each block has its own Merkle Root. Now, as you already know, each block contains multiple transactions. If these transactions are stored in a linear fashion, the process of finding a particular transaction among all transactions becomes infinitely tedious.

And that’s why we use a Merkel tree.

In a Merkel tree, all individual transactions can be hashed up to the same root. This makes searching very easy. Therefore, if we want to retrieve a particular piece of data in the block, we can search directly through the hash value in the Merkel tree without linear access.

9

dig

Cryptographic puzzles are used to mine new blocks, so hashing algorithms remain crucial. It works by adjusting the setting of the difficulty value. A random string named “nonce” is then added to the hash of the new block, which is then hashed again. Next, check to see if it is below the set difficulty level. If it falls below, new blocks are added to the chain and the miners who dig the mine are rewarded. If not, the miner continues to modify the random string “NOUce” until a value below the difficulty level appears.

As you can see, hashing algorithms are a crucial part of blockchain and cryptoeconomics.

10

The signature

In cryptocurrencies, signatures are one of the most important cryptographic tools. What is the concept of a signature in real life? What are the features? Imagine signing your name to a piece of paper. How can you tell if it’s a good signature?

  • Verifiable. The signature should prove that you actually signed the paper.

  • Unforgerable. No one else can forge and copy your signature.

  • Not to be denied. If you sign with your own signature, you cannot take it back or claim someone else to sign on your behalf.

However, in real life, no matter how complex a signature is, it can be forged. You can’t really verify the validity of a signature with a simple visual aid, which is neither efficient nor reliable.

Cryptography gives us a way to solve problems with public and private keys. Let’s take a look at how these two keys work and how they can facilitate cryptocurrency systems. So let’s say we have two people, Alan and Tyrone. Alan wants to send some very important data, and Tyrone wants to verify that this data really came from Alan, which they can do by using Alan’s public and private keys.

It is important to point out that it is not feasible to determine someone’s public key from their private key. A public key, as its name suggests, is a public key that can be accessed by anyone. A private key is a private key that you own only and you cannot share it with others.

So, back to Alan and Tyrone, what would they do if they were to use keys to exchange information?

Suppose Alan wants to send the message “M”, and Alan has a private key Ka- and a public key Ka+. So, when he sends a message to Tyrone, he encrypts it with his private key, so it becomes Ka-(m). When Tyrone receives this message, he can use Alan’s public key to retrieve the information, Ka+(Ka-(m)), thus obtaining the original message “M”.

To sum up:

  • Alan has a message “m”, and when he encrypts it with the private key Ka-, he gets the encrypted message Ka-(m).

  • Tyrone then uses Alan’s public key Ka+ to decrypt this encrypted message Ka+(Ka-(m)) to get the original message “M”.

A visual representation of the above process can be seen below:

Verifiability: If an encrypted message can be decrypted using Alan’s public key, it is 100% certain that Alan sent the message.

Unforgerability: If someone else, such as Bob, intercepts the message and sends a message of his own using his private key, Alan’s public key will not be able to decrypt it. Alan’s public key can only be used to decrypt information that Alan has encrypted with his private key.

Non-repudiation: Similarly, if Alan declares, “I didn’t send the message, Bob sent it,” Tyrone is able to decrypt the message using Alan’s public key, then Alan is lying. Alan cannot retract the message he sent and blame it on someone else.

Cryptocurrency application: Now, suppose Alan is sending a transaction “M” to Tyrone. First, he hashes the transaction with a hash function and encrypts it with a private key. Tyrone knows that he is receiving a transaction “M”, so he can decrypt it using Alan’s public key and compare the decrypted hash results with those of the transaction “M” that he already has. Since the hash function is deterministic and always gives the same output for the same input, Tyrone can be directly certain that Alan did indeed send the same transaction and that there is no evil involved.

To put it more simply:

  • Alan has a transaction “M” and Tyrone knows he is receiving it.

  • Alan hashes m to get h(m).

  • Alan encrypts the hash result with his private key, yielding Ka-(h(m)).

  • Alan sends encrypted data to Tyrone.

  • Tyrone uses Alan’s public key to decrypt Ka+(Ka-(h(m))) and get the original hash result h(m).

  • Tyrone hashes with a given “m” to get h(m).

  • The deterministic character of the hash function determines that if h(m)=h(m), it means that the transaction is real and valid.

11

Proof of work

When miners “mine” to create new blocks and add them to the blockchain, the consensus system involved in verifying and adding blocks is called “proof of work.” The miners use a huge amount of computer power to solve the cryptographic puzzle, and the difficulty value determines the number of calculations required. This is one of the most pioneering mechanisms in blockchain technology. The proof-of-work consensus system provides a solution to the Byzantine General problem that caused the failure of early decentralized peer-to-peer digital currency systems.

12

What is the Byzantine general problem?

Ok, let’s imagine that there are a group of Byzantine generals who want to attack a city, and they are faced with two different problems:

  • Each general and his army were geographically far apart, so centralized command was not feasible, making coordinated operations extremely difficult.

  • The city under attack has a large army, and the only way they can win is if everyone attacks at the same time.

To make this work, the army on the left of the castle sent a messenger to the army on the right with the message “Attack on Wednesday.” However, suppose the army on the right is not ready to attack and sends a messenger back with a message saying “No, attack on Friday”. And the messenger needs to get back to the army on the left by crossing the attacked city, so there’s a problem. A lot could have happened to the poor messenger. For example, he may have been captured, leaked information, or killed by an attacked city and replaced. This would result in the military gaining access to information that has been tampered with so that battle plans cannot be agreed upon and fail.

The above examples have obvious implications for blockchain. Blockchain is a huge network. How do you trust them? If you want to send 4 Ether to someone from your wallet, how do you make sure that someone in the network won’t tamper with the information and change 4 Ether to 40 ether? Satoshi nakamoto invented proof of work to get around the Byzantine general problem. Here’s how it works: Suppose the army on the left wants to send a message saying “Attack on Monday” to the army on the right. They need to do the following:

  • First, they add a “nonce” to the initial text, which can be any random hexadecimal value.

  • Second, they hash the text with “nonce” added to it to get a result. Let’s say they decide to share information only if the first five digits of the hash result are zero.

  • If the hash results meet the criteria, they send the messenger off with the hash results. Otherwise, they keep randomly changing the value of the Nonce until they get the desired result. This process is time-consuming and takes a lot of computing power.

  • If the enemy catches the messenger and tries to tamper with the message, the hash result will change dramatically due to the nature of the hash function. If the generals on the right of the city see that the message does not begin with the required number of zeros, they call off the attack.

There may be a loophole, however.

Hash functions are not 100% collision-free. So what if the enemy in the city took the information, tampered with it, and by changing the nonce value over and over again, got a result starting with a specified number of zeros? It’s extremely time consuming, but still doable. Against this, the generals can use the power of numbers.

Suppose, instead of one general on the left sending a message to one general on the right, there are three generals on the left sending a message to the generals on the right. To do this, they can make their own information and then hash the accumulated information. Next, after adding the nonce value to the hash result, the hash is performed again. This time, they want to produce a message that starts with six zeros.

Obviously, this would be very time-consuming. But this time, if the messenger is captured by the city, it will take an infinite amount of time, possibly years, for the enemy to tamper with the message and find a nonce value that matches the result. For example, if the generals send multiple couriers, the city may be attacked and destroyed halfway through the calculation.

The generals on the right have a very simple job to do. They simply add the correct nonce value that was given to them, hash it, and check to see if the result matches. It’s very easy to hash a string. So, essentially, the process of proof of work is:

  • Finding a nonce value that matches the hash target is a very difficult and time-consuming process.

  • Testing the results for wrongdoing, however, is simple.

13

Zero knowledge proof

What is Zero Knowledge Proof (ZKP)? ZKP means that A can prove to B that he knows certain information without having to tell the other party exactly what he knows. In this case, A is the prover and B is the verifier. This is particularly useful in cryptography, where it provides an additional layer of privacy for the prover.

To run a ZKP, satisfy the following parameters:

  • Integrity: An honest verifier can be persuaded by an honest verifier if the statement is true.

  • Reliability: If the prover is dishonest, they cannot lie to convince the verifier that the statement is reliable.

  • Zero knowledge: If the statement is true, the verifier has no way of knowing what the statement is.

Let’s take an example of a proof of zero knowledge. Let’s take a look at how Ali Baba cave works. In this example, the prover (P) tells the prover (V) that he knows the code to the secret door at the back of the cave and offers to prove it without revealing the code to the verifier. Then, the verification process is shown in the figure below:

The prover can take either path A or path B, assuming they decide to get to the secret door through path A in the first place. At the same time, prover V comes to the entrance, unaware of the path the prover has chosen, and declares that they want to see the prover in path B.

As you can see, the prover does appear on path B, but what if it’s just a coincidence? It is also possible that the witness chose route B by luck, but got stuck at the gate because he did not know the password.

So, we need multiple trials to determine the validity of the test. If the prover shows up on the right path every time, the prover can indeed prove that it knows the password without revealing it to the verifier.

How is zero-knowledge proof applied in blockchain?

Zk-snarks are used by many blockchain-based technologies. In fact, Ethereum planned to introduce ZK-snarks in the Metropolis phase and add them to ethereum’s library of features. Zk-snarks, short for “Zero-knowledge, concise, and Non-interactive Knowledge Authentication,” is a zero-knowledge proof that can prove certain data operations without compromising the data itself.

The above can be used to generate a proof that is validated by creating a simple snapshot of each transaction. This is sufficient to prove the validity of the transaction to the receiving party without disclosing the substance of the transaction.

This enables the following two situations:

  • To achieve the integrity and privacy of the transaction.

  • The abstractness of the system is realized. The system is easy to use because you don’t have to show the whole inner workings of a trade. Therefore, these are some of the important encryption functions used by blockchain. Now, let’s look at the second pillar, economics.

14

economics

As stated in the opening paragraph, blockchain differs from other decentralized peer-to-peer systems in that it provides users with financial and economic incentives to get a job done. Like any solid economic system, we need incentives and rewards to get work done. Similarly, if the miner acts unethically or does not do his job, then punitive action should be taken against the miner. Next, let’s take a look at how blockchain integrates all the basic principles of economics.

15

Blockchain uses the following two incentive combinations

The first incentive combination:

  • Tokens: Cryptocurrency is allocated as a reward to those who are active and contribute to the blockchain.

  • Privileges: Participants can gain decision-making power, which will give them the right to collect rent. For example, miners who dig a new block can become temporary decision-makers of the new block, temporarily becoming dictators of the new block and deciding which deals to add to it. They can charge a fee for all transactions that are included in the block.

The second incentive combination:

  • Rewards: Good participants can receive monetary rewards or decision-making power for their due diligence.

  • Punishment: Bad participants must pay monetary fines or forfeit their rights for wrongdoing.

16

How do cryptocurrencies achieve value?

Cryptocurrencies and regular currencies have value for much the same reason, based on trust. When people trust a commodity and assign value to it, it becomes a currency. That’s why fiat money and gold were valuable in the first place. Thus, when a given good has a given value, the value changes with supply and demand. Supply and demand is the oldest rule in economics.

What is supply and demand?

This is the supply and demand curve, and it’s one of the most common graphs in economics. As is shown in the chart above, the demand for goods is inversely proportional to the supply. Where the two curves meet is the equilibrium point, the sweet point you want to reach. So, let’s use this logic to look at cryptocurrencies like Bitcoin.

The total number of bitcoins issued is fixed at 21 million. That’s the market value of all bitcoins. Since the total amount is fixed, there are a few things that must be considered when it comes to the supply of Bitcoin. First, some rules need to be put in place to make it increasingly difficult to mine bitcoin. Otherwise, miners will go on a mining spree to extract the remaining bitcoins and release them into the market, lowering the overall value.

To ensure that miners don’t immediately mine all the remaining bitcoins, here’s what we need to do:

  • First, a new block is added to the chain every 10 minutes, and each block is rewarded with 25 Bitcoins. The time interval must be fixed to ensure that miners do not keep adding blocks to the chain irregularly.

  • Second, the bitcoin protocol requires that the difficulty value be constantly increased. As mentioned earlier, the block’s hash value and its Nonce value need to be below a certain value during mining. This number is called the “difficulty level” and is usually preceded by several zeros. As the difficulty increases, so does the number of zeros.

With these two methods, the mining process becomes very professional and expensive. The whole process ensures that the supply of all bitcoins on the market can be verified. The same applies to other proof-of-work based cryptocurrencies.

There are many determinants of cryptocurrency demand:

  • What is the history of the currency?

  • Have you been hacked recently?

  • Is it sustainable?

  • What is the strength of the development team behind it?

  • Does it have the potential to get better?

  • What about the publicity?

All these factors determine the currency’s “heat”. The result is that value fluctuates around demand.

17

Game theory in blockchain

So how does a disordered, decentralized peer-to-peer system maintain its integrity? Miners have a lot of power and can easily get away with it. This is where previous attempts to build decentralized systems have failed. After all, users are humans, and humans are prone to evil. So how do you build a decentralized system with human integrity? The answer lies in one of the most basic concepts of economics: game theory.

Game theory is essentially the study of strategic decision making. At its core, it is about making the decisions that are best for you and remembering the decisions of your opponent. One of the most basic concepts in game theory is the Nash equilibrium.

Nash equilibrium is a state of affairs. In this state, each participant’s policy is the optimal response to the other participant’s policy. No player can increase returns by changing strategies alone. Let’s look at an example of a Nash equilibrium.

As shown in the table above, we call this the “payoff matrix”. The figures in the table above represent the amount of money a participant would get for taking (or not taking) an action. Let’s break it down one by one:

Suppose A takes action:

So if B does the same thing, the payoff is 4; Otherwise, the payoff is 0. Therefore, the best strategy for B is to take action.

If A does not take action:

So if B doesn’t do anything, the payoff is going to be 0; Otherwise, the payoff is 4.

Therefore, we can come to the conclusion that whatever A chooses, the best strategy for B is to take action. Now, again, let’s look at what A’s best strategy is.

If B takes action:

If A doesn’t do anything, the payoff is going to be 0; Otherwise, the payoff is 4. So, the best strategy for A is to take action.

If B does not take action:

If A doesn’t do anything, the payoff is going to be 0; Otherwise, the payoff would be 4. So, whatever B chooses, A’s best strategy is to take action.

Therefore, we can conclude that the best strategy for both A and B is to take action.

So the Nash equilibrium is:

– When both A and B take action –

So how does blockchain use Nash Equilibrium? Because the chain itself is in a self-imposed Nash equilibrium, blockchain is literally real, and miners can maintain integrity.

Let’s take an example:

Blocks 1,2 and 3 in blue are part of the main chain, as shown above. Now, suppose a malicious miner dug up block 2A and attempted a hard fork to satisfy his financial gain. So what’s to stop other miners from joining him and digging behind the new block?

In fact, miners have a very difficult but quick identification rule, which is that any block that mines on an invalid block is considered invalid. As a result, other miners can simply ignore the invalid blocks and continue to mine on the old chain. Remember, all currencies are based on trust and perceived value. So why would anyone waste so many resources on a block whose validity cannot be confirmed?

Now you have to think about what if a lot of miners decide to join a new group of mines and dig in their new blocks. The problem is that blockchain networks are huge and widely distributed networks in which communication and collaboration are almost impossible. Most miners will only choose the path that maximizes their returns, and because of this, Nash equilibrium in the main chain is achieved.

18

Punishment in blockchain

Like any efficient economic system, there should be positive incentives and negative incentives. How is punishment implemented in a game theory model? Imagine a payoff matrix where the payoff to the participants is high and the social impact is high. Such as:

Suppose you have two people, A and B, and they’re both going to commit A crime. Now, according to the payoff matrix, when they committed a crime, their payoff was high. So their Nash equilibrium is that they both commit crimes. While this makes logical sense, it has very bad social consequences. Humans are more likely to be driven by personal greed than altruism. If that were true, the world would be a very bad place. So how do humans cope? The answer is to introduce penalties.

Suppose we had a system in which every time a public facility with a factor of -0.5 was taken from the public, a factor of -5 punishment would be recorded for anyone who committed a crime. So, let’s add the penalty factor to the payoff matrix above and see what happens in the following table:

As the table above shows, earnings have changed dramatically. The Nash equilibrium becomes (1,1), where not committing crime is the best strategy. Now, the price of punishment is high, but society has lost half a factor of utilities. So what motivates society to play the punishment game? The answer to this question is to make punishment mandatory for everyone, that is, anyone who does not participate in the punishment game will also be punished. For example, tax-funded police forces. The police can punish criminals, but the loss of utilities is taken away from the public in the form of taxes. Anyone who played the game and didn’t pay taxes was considered a criminal and punished.

In blockchain, any miner who breaks the rules and mines illegally is punished. They will be deprived of privileges and risk social exclusion. This penalty becomes more severe once the proof of entitlement is adopted (more on this later). Using simple game theory and punishment systems, the miners were able to stay honest.

19

More incentives for miners

When miners succeed in digging a block, they become the temporary decision makers of the block. They have complete jurisdiction over which transaction to place in the block and how quickly to speed up that transaction. They can charge a fee for the transactions they include. This is an incentive for miners, as they get an additional financial bonus in addition to the reward for a new block (25 BTC for Bitcoin and five ETH for Ethereum).

To make the system fair, and to ensure that not the same miners are rewarded each time they strike a new block, the system periodically adjusts the difficulty level. This ensures that the miners who strike the new blocks are completely random. In the long run, mining is a zero-sum game, in other words, the profits miners make from digging new blocks will eventually adjust to the cost of digging the mine.

20

P + Epsilon

A proof-of-work system, however, is vulnerable to a special type of attack called a P+Epsilon attack. To understand how this attack works, we must define the following terms.

Noncooperative selection model: In a noncooperative selection model, all participants are not motivated to cooperate with others. Participants may form groups, but at no time will the group be large enough to be a majority.

Collaborative selection model: In this model, all participants collaborate for a common incentive.

Now, suppose the blockchain is an uncoordinated choice model, but what if there was an incentive for miners to take action to compromise the integrity of the blockchain? What if the miners could be bribed into a particular action? At this point, the bribe attacker model is used.

Now, suppose the blockchain is an uncoordinated choice model, but what if there was an incentive for miners to take action to compromise the integrity of the blockchain? What if the miners could be bribed into a particular action? At this point, the bribe attacker model is used.

21

What is the bribe attacker model?

It’s like a discordant selection model. Now, what if an attacker got into the system and bribed the miners to cooperate? This new model is the bribe attacker model. In order to successfully bribe the system, an attacker must have two resources:

  • Budget: The amount of cash an attacker is willing to pay miners to perform a particular operation

  • Cost: The amount actually paid to the miners at the end.

However, if an attacker decides to launch an attack on the blockchain, we get an interesting puzzle… P+Epsilon attack occurs. We can refer to the following figure:

Imagine a simple game, such as an election. If people vote for someone, and vote for the same person as everyone else, then there’s a gain, otherwise there’s no gain. So imagine a briber accessing the system and making this rule for an individual. If you vote when no one else does, you get a “P + ε” payoff. In addition to ordinary income P, there is an additional bribe income ε.

So now, the payoff matrix looks like this:

Now imagine that everyone in the game knows that if they vote, there’s a chance that they’ll get a payoff, but if they don’t vote, there’s only a 50% chance that they’ll get a payoff.

What do you think the participants will do? Of course, they vote to ensure gains. This is where it gets interesting. As shown in the matrix, the briber only pays the fee “ε” when someone votes and the others do not. But, in this case, because everyone voted, the Nash equilibrium shifts to:

Yes, bribers don’t have to pay a bribe!

So let’s look at it from the perspective of the briber:

  • Persuade groups to vote a certain way.

  • You can achieve your goals without paying bribes.

This is a huge win-win situation for bribers, and it has significant implications for blockchains, especially in systems based on proof of work. Let’s put the previous virtual blockchain to the test again:

Assuming that the bribers really want to hard fork the blockchain and announce a bribe payment ε for those miners who choose to join the new chain, this will incentivise the entire mining community to collaborate and join the new chain. Obviously, this requires a very high bribe fee to achieve the above situation, but as we saw in the bribery attack model above, the attacker does not even have to give that amount. According to Vitalik Buterin, this is one of the biggest problems with proof-of-work systems, which are vulnerable to “P+Epsilon attacks”.

22

The solution lies in proof of interest

Proof-of-interest is a solution to these incentive-driven attacks. In such systems, miners take a percentage of their private wealth and invest it in future blocks. It would be a better economic system because the penalties are harsher. Miners will face the possibility of being stripped of their rights and wealth. Rather than just being disenfranchised or getting away with accusations, as before.

So how does this prevent a “P+Epsilon attack”? Let’s say you’re a miner and a portion of your wealth is invested in a block that’s going to be added to the main chain. Now, along comes a briber to tell you that you can get an extra profit if you add the block to the main chain. However, if the new chain is not confirmed, there is a high risk that you will lose all the money you have invested in the block. Also, as described in the “P+Epsilon attack”, you don’t get extra benefits from bribers. It is obvious to a miner that once they have invested in an equity, they will continue to work in the main chain rather than engage in evil.

23

conclusion

As you can see, cryptography and economics combine to create blockchain technology in a very beautiful and complex way. The growth it has undergone in the last few years has been incredible. In the future, it will become more powerful and more widely used.

Source: BlockGeeks

Translation: Nicole Yao

Collation: Blockchain brothers

Beijing Blockathon Review:

Blockathon (Beijing) : 48 hours geek development, block Pine 11 on-site delivery project ideas open

Chengdu Blockathon Review:

The closing of Blockathon2018 (chengdu) competition leaves us thinking about blockchain applications