The External Game Theory of Cryptocurrencies
Cryptocurrencies and Game Theory go hand-in-hand, but most of the time the Game Theory parameters are focused only in the internal aspect. This tends to leave multiple attack vectors wide open and that's what I'll be expanding on in this post.
The two games
At any given time, there are two "Games" being played, regarding any cryptocurrency.
1) The internal game
2) The external game
These games do have a degree of overlap, so the distinction is not always clear...
1. Internal Game Theory
The internal game theory deals with how the players of the system are incentivized and disincentivized for certain actions within the system. Bad behavior has to be disincentivized in order for a system to be sustainable.
For example, in Bitcoin, if a miner decides to double spend some transactions, he will then lose his mined Bitcoins when he gets "orphaned" in the next blocks by the the legitimate nodes and miners. If multiple miners collude to do double spend (a 51% attack), then they'll collectively lose by devaluing their mining investment and by crashing the value of all their mined and double-spent coins.
This type of framework is usually developed to a sufficient degree in most cryptocurrencies, whether it is Bitcoin, or altcoins. Steem has its own incentives and disincentives that try to preserve a harmonious level in its internal operations: For example, if someone posts abusive content, they get flagged and lose reputation.
2. External Game Theory
The external game theory is the least focused aspect and the one through which most cryptocurrencies are most vulnerable. It deals with how a cryptocurrency defends itself not from misbehaving actors from within the system, but from enemies of the system that reside externally.
For example, the banking sector stands to lose by the wide adoption of cryptocurrency. They are an external enemy of the system. Their attack vectors could range from lobbying to outlaw cryptocurrency, to hiring trolls to divide cryptocurrency communities, to bribing miners, or to even paying transaction fees to render a blockchain unusable from bloat.
Similar scenarios can play out in altcoins. Let's say we have altcoins competing in the same space (whether smart contracts, anonymity, social networking, etc). Altcoin X could gain if they attacked Altcoin Z, because coin X perceives that if coin Z goes down then coin X can increase in value being the more "viable" option when contrasted to the attacked coin.
That's why we see phenomena like bloating/spam attacks, whether they involve Ethereum, Monero or others. Bloating a blockchain doesn't make sense from within a cryptocurrency ecosystem. Why would any user pay transactions fees just to create useless transactions which bloat the transaction ledger? A blockchain requires disk space, bandwidth, ram, processing resources, etc, etc, so ideally a user would want the blockchain to be as light as possible and it would make no sense (in terms of internal game theory) to pay money just to bloat the system.
So there is nothing to gain within the context of a particular coin ecosystem (internal game theory) in doing so - one will actually lose money. But we see such attacks happening, so we know that those who perpetrate them are applying external game theory attacks.
Forms of External Game Theory attack
Any type of attack that originates from outside the ecosystem of a particular cryptocurrency, can be classified as an external attack.
The attacks can cover a broad spectrum: DDOS, mining attacks, trolling campaigns, hatchet job articles, a combination of trigger events with market-attacks that short the coin, blockchain spamming, etc.
The more insidious attacks are those that act like a trojan horse, with "bad actors" from inside a given community. They are not unlike what we've seen happen in politics (Democrats admitting hiring "bad actors" to disrupt Republican supporter groups).
Cryptocurrencies are algorithmic -and thus silently and efficiently do their work- but communities are social. The moment a community exists, a potential divisive split is always a risk over ANY issue, trivial or not. Any issue that can be supported either way, can be blown out of proportion to create catastrophic divisions.
By inserting bad actors inside a community, one can cultivate toxicity, animosity, concerned trolling, and so on. In fact, it would be extremely cheap to perform such attacks - and Bitcoin has been experiencing them for several years.
Making cryptocurrencies robust against external attacks
There is a lot of wishful thinking going on in altcoin-land as well as bitcoin-land, regarding the dangers involved in external attacks. Some people want to make security assumptions that pretty much involve the expectation that various attack vectors will never be deployed. But that's the recipe of creating a "Joke-coin" that can be shut down or disrupted the moment others choose to attack it.
Part of the reason for these assumptions, is the effort to increase the feature-set by making tradeoffs which are more "favorable" in terms of what to expect in terms of a hostile environment. For example, some say, OK, let's make Bitcoin blocks large - like 4-8-16-32MB large. What's the problem? Disks are cheap. Oh and ...nobody is going to attack it.
Well, and what's stopping an attacker to fill these 4-8-16-32MB blocks? They'll say that "fees have a cost" and an attacker wouldn't do that because that doesn't make sense. Yes, that's true from the Internal Game Theory perspective. It isn't true from the External Game Theory perspective.
If your attacker is a bank, will they care for a few bitcoins in fees every day, if that allows them to make the blockchain bloated to Terabyte-levels? The answer is no. The gains are far larger, and it is also a form of economic amplification attack, in the sense that the nodes will have to pay multiple times the cost of the fees that the banks paid. These costs will be paid in storage, bandwidth, and processing costs over a long period of time that the nodes will be asked to serve useless bloat to other nodes and P2P wallets. There is also a centralization cost, which then compounds the problem because the remaining nodes become even more expensive to run, even more vulnerable to DDOS, and then even more expensive in order to counter the DDOS due to their vulnerabilities.
Thinking like an attacker
Monero found out the hard way how an adaptable-size blockchain wasn't a panacea. In fact the system was exploitable through a spamming attack - presumably an attack originating from rival Bytecoin. The problem was "solved" by raising transaction fees. Now Ethereum is getting spammed and they have to fork (or already forked I think) in order to raise their fees. Why are these attacks possible since they don't make sense from an Internal Game-Theory perspective? Because it makes sense to do so from the External Attack perspective.
Interestingly, despite the fact that such attacks are known, Ethereum wasn't prepared. They wanted to sell the "feature" of being able to create cheap contracts, so they traded off some cost for that, which allowed attackers to exploit it (willingly paying the dirt-cheap fees to do so).
Another reason for becoming vulnerable to devastating attacks is the lack of thinking like an attacker. Some developers may be pretty talented in developing new features but they also have to think like hackers, they also have to think like script-kiddies, they also have to think like banks, governments, etc. They have to ask themselves: "If I were a bank, a government, a hacker, a script-kiddie, etc, then what would I do to disrupt or even kill this cryptocurrency system that I am designing?" At that point several answers will come to them - because they know the system they've created and also know possible weaknesses. Some times they won't be able to find all the answers because their mind-set does not cover the full "tool-kit" that their opponents have. That's OK. Over time, some people who are talented in their "attacker mentality" will point out possible defects in dealing with various attack scenarios.
Patching those weaknesses, before they become a problem, is what separates "Joke-coins" from serious projects. Even if functionality is reduced, robustness should be a priority - because one of the essential properties that a currency should have, is that of being safe from attacks that can diminish its value.
The difficult scenarios
There are definitely scenarios which are difficult to cover. For example, let's say the US Government has a multi-trillion vested interest in protecting the USD. Their position is such, that buying a 100mn mining farm to disrupt Bitcoin seems trivial as an attack-cost. If they've spent billions manipulating alternative currencies like Gold and Silver, why wouldn't they spend a fraction of that in order to have several possible "kill-switch" options? Why wouldn't they pursue some low-cost disruptive options like trolling (overt or covert / "concerned trolling"), putting moles in the developer and user community, cultivating fake divisions, using exploits against Exchanges to steal their bitcoins and create instability, asking journalists to write negative stuff, passing restrictive legislation and so on.
Obviously, not everything can be covered - but the degree of robustness can always be improved. Some times it's possible to guard against technological attacks with further algorithmic layers of safe-guards. And by making worse-case assumptions, developers should be more ready to deal with them, making their blockchains as robust as possible. But in terms of social attacks, that's a different issue altogether.
How do you protect yourself against a social attack, a sybil-attack on the community, etc? This seems to be the more problematic aspect: The only way I can think of is to set solid rules since the start, so that room for deviations is extremely small. But even that can be attacked, saying "ah, when the rules were made, this or that had not been foreseen, so we need to take measures, like ...fork the currency into two currencies".
The moment people will try to put out the fires from the bad-actor attacks that cultivate division in the community, then the accusations of "censorship" will follow. So there is a binary choice between "censorship" and toxicity, unless someone can think of alternative ways to deal with such issues.
What the future holds
I believe that as cryptocurrencies gain in popularity, the more they will have to secure themselves against possible attack vectors. The most difficult element to tackle will be the social-engineered attacks, the cultivation of internal division etc. While a DDOS, a 51% attack, a bloat attack, and things like that have a clear and distinct enemy that developers can focus on, moles in a community are "invisible".
Bad-actor behaviors can be misidentified as misguided actions of normal individuals. At the same time normal but "suspect" behaviors could be perceived (under a more "paranoid" mind-set) as the action of moles within the community.
With lack of hard facts about who is who, eventually what's left is the modus operandi of people and what their contribution is in terms of being positive or negative. But even that can be problematic to measure because a mole can pretend to be a positive contributor for a few months and then use that as a leverage to maximize the damage they want to incur at some critical point. So there will have to be a way to "isolate" or "sandbox" what a cryptocurrency does (in the algorithmic level) to what a community appears to "want" or "argue about".
If social pressure, or even market pressure (the markets aren't entirely free, so those controlling the markets can indirectly control where the algorithms will go) can be exerted to influence how a cryptocurrency should conduct itself algorithmically, then the game is lost.
We'll have to see how this evolves over the next few years and how communities are able to overcome obstacles like these.
It is interesting to look at some of the "Steemit is a Scam" and "Steemit is going to tank" posts could be coming from. I realize that there are some legitimate concerns that users are expressing, but a lot of the posts seem to be ignoring logic and just trying to spread malice and dissatisfaction with the platform.
Exactly.
This post and a lot of the other ones I've been seeing has had me thinking a lot about how to combat all the negativity that is being posted. I created an "attack vector defense" post :)
https://steemit.com/steemit/@timcliff/attention-sharks-there-is-blood-in-the-water-are-you-ready-to-invest
Just a small historical correction here. The reason for the spamming was to raise the block size to trigger a coding bug that occurred at 512 transactions. Only with a larger block size was it possible to have 512 transactions in a block. The first attack that was "fixed" with higher fees was a week or two before the bug-triggering attack and appeared to be a "trial run".
I'm not aware of a purely bloat-oriented spam attack that has occurred on any blockchain with significant transaction fees. The history is that that several coins with absurdly low transaction fees (such as 1 satoshi) have had to raise them or introduce other anti-spam measures, but outside of that, bloating doesn't seem very attractive as a method of attack. As I understand it the Ethereum spam/fork is also not bloat oriented, it aims to DoS nodes processing power because some virtual machine operations are severely underpriced.
I think there are some good external game theory reasons for this, for example if you spam then the coin developers will just introduce more anti-spam measures. You won't be able to successfully spam it all the way up the point where the blockchain is terabytes in size and it causes real harm, even if you pay the fees, so paying the fees doesn't accomplish much. This doesn't entirely apply in the case of Ethereum, because the fork to needed to change fees is going to break some existing contracts, causing real lasting harm.
Good post overall.
Most altcoins aren't even worth attacking so that's not surprising. But there are vectors wide open for doing so. For example, when I transact with Dash I don't even put a tx fee and it has conf within the next block. My "evil" self says "wtf? This is exploitable". As is running sybils to unmask mixing parties due to low darksend mixing costs. For a dash user it doesn't make sense to pay more fees than necessary. From Monero's perspective it makes sense to pay the costs to perform a sybil attack on the mixing parties of DASH to anonymize a few txs and then use it as a negative publicity against DASH. The mixing fees paid (perhaps a few bitcoins over a few days - until some mixing parties with only few-rounds of mixing are identified) would be worth it because then Monero can claim undisputed superiority in the field.
Coins which are "evolving" have both an advantage and disadvantage in that regard. The disadvantage is that evolution is directed by developers and hence a degree of centralization is necessary. The advantage is the quicker response during attacks. More "solidified" coins would be much slower to respond and they could also have a lot of users lagging to catch up with forks and stuff.
Crytocurrencies will gain in popularity, if they are stable and there is trust against attackers or thieves. Good article, thank you :-)
Really good read thanks.
Hopefully Steem is one that survives! :)
Great article, friend. Upvoted and followed.
Great article! I am new to blockchains and mainly only thought of them from the internal perspective. I really enjoyed learning about the external and how that relates.
NEVERDIE ICO is LIVE.
The first block chain based Virtual Reality gaming crypto! NEVERDIE coin will allow monetizing the game items in real cash economy game Entropia Universe. NOW game player can cash out their in-game money earned by playing game and can exchange NEVERDIE coin with other ERC20 tokens such as Gnosis, Golem, and Frist Blood.
https://neverdie.io/