The External Game Theory of Cryptocurrencies
Cryptocurrencies and Game Theory go hand-in-hand, but most of the time the Game Theory parameters are focused only in the internal aspect. This tends to leave multiple attack vectors wide open and that's what I'll be expanding on in this post.
The two games
At any given time, there are two "Games" being played, regarding any cryptocurrency.
1) The internal game
2) The external game
These games do have a degree of overlap, so the distinction is not always clear...
1. Internal Game Theory
The internal game theory deals with how the players of the system are incentivized and disincentivized for certain actions within the system. Bad behavior has to be disincentivized in order for a system to be sustainable.
For example, in Bitcoin, if a miner decides to double spend some transactions, he will then lose his mined Bitcoins when he gets "orphaned" in the next blocks by the the legitimate nodes and miners. If multiple miners collude to do double spend (a 51% attack), then they'll collectively lose by devaluing their mining investment and by crashing the value of all their mined and double-spent coins.
This type of framework is usually developed to a sufficient degree in most cryptocurrencies, whether it is Bitcoin, or altcoins. Steem has its own incentives and disincentives that try to preserve a harmonious level in its internal operations: For example, if someone posts abusive content, they get flagged and lose reputation.
2. External Game Theory
The external game theory is the least focused aspect and the one through which most cryptocurrencies are most vulnerable. It deals with how a cryptocurrency defends itself not from misbehaving actors from within the system, but from enemies of the system that reside externally.
For example, the banking sector stands to lose by the wide adoption of cryptocurrency. They are an external enemy of the system. Their attack vectors could range from lobbying to outlaw cryptocurrency, to hiring trolls to divide cryptocurrency communities, to bribing miners, or to even paying transaction fees to render a blockchain unusable from bloat.
Similar scenarios can play out in altcoins. Let's say we have altcoins competing in the same space (whether smart contracts, anonymity, social networking, etc). Altcoin X could gain if they attacked Altcoin Z, because coin X perceives that if coin Z goes down then coin X can increase in value being the more "viable" option when contrasted to the attacked coin.
That's why we see phenomena like bloating/spam attacks, whether they involve Ethereum, Monero or others. Bloating a blockchain doesn't make sense from within a cryptocurrency ecosystem. Why would any user pay transactions fees just to create useless transactions which bloat the transaction ledger? A blockchain requires disk space, bandwidth, ram, processing resources, etc, etc, so ideally a user would want the blockchain to be as light as possible and it would make no sense (in terms of internal game theory) to pay money just to bloat the system.
So there is nothing to gain within the context of a particular coin ecosystem (internal game theory) in doing so - one will actually lose money. But we see such attacks happening, so we know that those who perpetrate them are applying external game theory attacks.
Forms of External Game Theory attack
Any type of attack that originates from outside the ecosystem of a particular cryptocurrency, can be classified as an external attack.
The attacks can cover a broad spectrum: DDOS, mining attacks, trolling campaigns, hatchet job articles, a combination of trigger events with market-attacks that short the coin, blockchain spamming, etc.
The more insidious attacks are those that act like a trojan horse, with "bad actors" from inside a given community. They are not unlike what we've seen happen in politics (Democrats admitting hiring "bad actors" to disrupt Republican supporter groups).
Cryptocurrencies are algorithmic -and thus silently and efficiently do their work- but communities are social. The moment a community exists, a potential divisive split is always a risk over ANY issue, trivial or not. Any issue that can be supported either way, can be blown out of proportion to create catastrophic divisions.
By inserting bad actors inside a community, one can cultivate toxicity, animosity, concerned trolling, and so on. In fact, it would be extremely cheap to perform such attacks - and Bitcoin has been experiencing them for several years.
Making cryptocurrencies robust against external attacks
There is a lot of wishful thinking going on in altcoin-land as well as bitcoin-land, regarding the dangers involved in external attacks. Some people want to make security assumptions that pretty much involve the expectation that various attack vectors will never be deployed. But that's the recipe of creating a "Joke-coin" that can be shut down or disrupted the moment others choose to attack it.
Part of the reason for these assumptions, is the effort to increase the feature-set by making tradeoffs which are more "favorable" in terms of what to expect in terms of a hostile environment. For example, some say, OK, let's make Bitcoin blocks large - like 4-8-16-32MB large. What's the problem? Disks are cheap. Oh and ...nobody is going to attack it.
Well, and what's stopping an attacker to fill these 4-8-16-32MB blocks? They'll say that "fees have a cost" and an attacker wouldn't do that because that doesn't make sense. Yes, that's true from the Internal Game Theory perspective. It isn't true from the External Game Theory perspective.
If your attacker is a bank, will they care for a few bitcoins in fees every day, if that allows them to make the blockchain bloated to Terabyte-levels? The answer is no. The gains are far larger, and it is also a form of economic amplification attack, in the sense that the nodes will have to pay multiple times the cost of the fees that the banks paid. These costs will be paid in storage, bandwidth, and processing costs over a long period of time that the nodes will be asked to serve useless bloat to other nodes and P2P wallets. There is also a centralization cost, which then compounds the problem because the remaining nodes become even more expensive to run, even more vulnerable to DDOS, and then even more expensive in order to counter the DDOS due to their vulnerabilities.
Thinking like an attacker
Monero found out the hard way how an adaptable-size blockchain wasn't a panacea. In fact the system was exploitable through a spamming attack - presumably an attack originating from rival Bytecoin. The problem was "solved" by raising transaction fees. Now Ethereum is getting spammed and they have to fork (or already forked I think) in order to raise their fees. Why are these attacks possible since they don't make sense from an Internal Game-Theory perspective? Because it makes sense to do so from the External Attack perspective.
Interestingly, despite the fact that such attacks are known, Ethereum wasn't prepared. They wanted to sell the "feature" of being able to create cheap contracts, so they traded off some cost for that, which allowed attackers to exploit it (willingly paying the dirt-cheap fees to do so).
Another reason for becoming vulnerable to devastating attacks is the lack of thinking like an attacker. Some developers may be pretty talented in developing new features but they also have to think like hackers, they also have to think like script-kiddies, they also have to think like banks, governments, etc. They have to ask themselves: "If I were a bank, a government, a hacker, a script-kiddie, etc, then what would I do to disrupt or even kill this cryptocurrency system that I am designing?" At that point several answers will come to them - because they know the system they've created and also know possible weaknesses. Some times they won't be able to find all the answers because their mind-set does not cover the full "tool-kit" that their opponents have. That's OK. Over time, some people who are talented in their "attacker mentality" will point out possible defects in dealing with various attack scenarios.
Patching those weaknesses, before they become a problem, is what separates "Joke-coins" from serious projects. Even if functionality is reduced, robustness should be a priority - because one of the essential properties that a currency should have, is that of being safe from attacks that can diminish its value.
The difficult scenarios
There are definitely scenarios which are difficult to cover. For example, let's say the US Government has a multi-trillion vested interest in protecting the USD. Their position is such, that buying a 100mn mining farm to disrupt Bitcoin seems trivial as an attack-cost. If they've spent billions manipulating alternative currencies like Gold and Silver, why wouldn't they spend a fraction of that in order to have several possible "kill-switch" options? Why wouldn't they pursue some low-cost disruptive options like trolling (overt or covert / "concerned trolling"), putting moles in the developer and user community, cultivating fake divisions, using exploits against Exchanges to steal their bitcoins and create instability, asking journalists to write negative stuff, passing restrictive legislation and so on.
Obviously, not everything can be covered - but the degree of robustness can always be improved. Some times it's possible to guard against technological attacks with further algorithmic layers of safe-guards. And by making worse-case assumptions, developers should be more ready to deal with them, making their blockchains as robust as possible. But in terms of social attacks, that's a different issue altogether.
How do you protect yourself against a social attack, a sybil-attack on the community, etc? This seems to be the more problematic aspect: The only way I can think of is to set solid rules since the start, so that room for deviations is extremely small. But even that can be attacked, saying "ah, when the rules were made, this or that had not been foreseen, so we need to take measures, like ...fork the currency into two currencies".
The moment people will try to put out the fires from the bad-actor attacks that cultivate division in the community, then the accusations of "censorship" will follow. So there is a binary choice between "censorship" and toxicity, unless someone can think of alternative ways to deal with such issues.
What the future holds
I believe that as cryptocurrencies gain in popularity, the more they will have to secure themselves against possible attack vectors. The most difficult element to tackle will be the social-engineered attacks, the cultivation of internal division etc. While a DDOS, a 51% attack, a bloat attack, and things like that have a clear and distinct enemy that developers can focus on, moles in a community are "invisible".
Bad-actor behaviors can be misidentified as misguided actions of normal individuals. At the same time normal but "suspect" behaviors could be perceived (under a more "paranoid" mind-set) as the action of moles within the community.
With lack of hard facts about who is who, eventually what's left is the modus operandi of people and what their contribution is in terms of being positive or negative. But even that can be problematic to measure because a mole can pretend to be a positive contributor for a few months and then use that as a leverage to maximize the damage they want to incur at some critical point. So there will have to be a way to "isolate" or "sandbox" what a cryptocurrency does (in the algorithmic level) to what a community appears to "want" or "argue about".
If social pressure, or even market pressure (the markets aren't entirely free, so those controlling the markets can indirectly control where the algorithms will go) can be exerted to influence how a cryptocurrency should conduct itself algorithmically, then the game is lost.
We'll have to see how this evolves over the next few years and how communities are able to overcome obstacles like these.