SlideShare uses cookies to improve functionality and performance, and to provide you with relevant advertising. If you continue browsing the site, you agree to the use of cookies on this website. See our User Agreement and Privacy Policy.
SlideShare uses cookies to improve functionality and performance, and to provide you with relevant advertising. If you continue browsing the site, you agree to the use of cookies on this website. See our Privacy Policy and User Agreement for details.
Successfully reported this slideshow.
Activate your 14 day free trial to unlock unlimited reading.
Vitalik Buterin: Cryptoeconomic Protocols In the Context of Wider Society
Vitalik Buterin: Cryptoeconomic Protocols In the Context of Wider Society
1.
Nothing New under the Sun
Exploring the parallels between
Cryptocurrency and Society
2.
Introduction
● We often like to say Bitcoin is a fundamentally
new economic paradigm
● Common theory:
○ Commodity money
○ Commodity-backed money
○ Fiat money
○ Cryptocurrency (obviously)
● Self-executing contracts, DACs, Skynet
● Reality: everything here has existed before
3.
Prisoner’s Dilemma and Nash Equilibria
● Everyone has two
moves: cooperate
or defect
(left, top) C D
C 5, 5 0, 7
D 7, 0 2, 2
● Generalized prisoner’s dilemma:
○ N players
○ Can cooperate (+1, +1) or cheat (+2, -5)
● Nash equilibrium: everyone defects
4.
Punishment
● Idea: spend effort to
to punish defectors
(-0.5, -5)
(left, top) C D
C 5, 5 0, 2
D 2, 0 -3, -3
● Seems wasteful, but changes the incentives
● Problem: what’s the incentive to punish
● Solution: non-punishment is punishable
● Tax-funded police, social ostracism
5.
Schelling Points
● Two prisoners in separate rooms both see:
59049 71245 80764 92145
97621 100000 123875 161924
● If prisoners give same number, they go free,
otherwise they die
6.
Hawk/Dove Game
● Everyone has two
moves: attack or
retreat
● Equilibria:
○ A attacks, B retreats
○ B attacks, A retreats
● Bourgeois equilibrium: A/R based on tag
○ Property rights
(left, top) A R
A 0, 0 6, 2
R 2, 6 4, 4
7.
Coordination problems
● How to get from (A, A) to
(B,B)?
● Example: spelling reform
(left, top) A B
A 2, 2 0, 0
B 0, 0 4, 4
● Everyone spells English words weirdly (“cough”, “enough”,
“freight”, “height”): +1 all
● Reformed spelling (“coff”, “enuff”, “frate”, “hite”): +2 all (eezier
tu lurn, mor efishent)
● You reform, others don’t: +0.99 others, +0 you
● Others reform, you don’t: +1.99 others, +0 you
8.
Revolution
● No one participates: +1 all
● Everyone participates: +2 all
(yay democracy)
● You participate, others don’t:
-100 you, +0.99 others
● Others participate, you don’t: +1.5 you, 1.99
others (you have lower status in new society)
9.
Revolution 2: Hamlet Edition
● Norm exists against killing the king and
usurping the throne
● If the current king is killed, the norm
disappears, so everyone will repeatedly try
to take power
● Fearing this, no one kills the king
● Grim trigger equilibrium
10.
Bounded rationality
● People have a bias toward selecting a
relatively simple strategy and consistently
following it
● Heuristics (eg. guy in suit == this guy got
business skillz bro)
● David Friedman on virtue:
○ http://www.daviddfriedman.com/Libertarian/Virtue1.html
11.
Stones of Rai
● Small tribe on the island of
Yap, ~1900
● Rai Stones used as money
● Stones never moved,
ownership changed via collective agreement
● Ownership very secure
○ Stone at bottom of ocean
○ German invasion
12.
Markets as a Punishment System
● Cooperative strategy: act as if dollar is worth X
● Defection 1: undervalue dollar
○ Result: you work too hard and enjoy less products and
services
● Defection 2: overvalue dollar
○ Result: you exhaust money before exploring all
opportunities
● Both consequences occur because people
value a dollar at X
13.
Reputation
● Doing certain things increases your
reputation
● Incentive: trust reputable people more
○ Predictable pattern of honest behavior
○ They have “more to lose”
● Incentive: be more reputable so people trust
you more
● Incentives work with any set of rules
14.
Courts
● Hierarchical system of increasing attention
● Normally: go about your business
○ Low attention
● In case of a dispute: go to court
○ Medium attention
● Contested dispute: go to higher and
eventually Supreme Court
○ High attention
15.
Courts 2
● Problem: how to obtain estimate of
community norms
● Solution: pick 12 random people to
adjudicate
16.
Courts 3
● Incentive to deter crime proportional to
● Problem: if crime ~= 0, ~= 0, so no
one would bother catching criminals
● Result: sorry, no crime-free utopia for you
17.
Blockchains
● Idea: a blockchain is a distributed database
with:
○ a state
○ a meaning assigned to the state
○ a state transition rule
■ APPLY(S, TX) -> S' or INVALID
19.
Blockchains
● Namecoin
○ S = { domain: owner … }
○ Meaning = look up website names here
○ APPLY = { if !S[tx.value]: S[tx.value] = tx.sender }
● Land registry
○ S = { (lat, long): owner … }
○ Meaning = if someone does something at (lat, long)
without owner’s permission, whack them
○ APPLY = ?
20.
Blockchains
● A blockchain is a
series of blocks,
each block containing
a hash of the previous
● Scoring function
○ score(genesis) = 0
○ score(block) = score(block.parent) + PoWdiff(block)
○ current state = block with highest score
21.
Mining
● Miners spend computational effort producing
blocks, get rewarded 25 btc/block
● Miners have 4 ways to deviate:
Include an invalid TX giving themselves extra BTC
Not bother with PoW
Mine on top of an invalid block that favors them
Mine on top of a suboptimally scoring block
● Question: why act honestly?
22.
Mining as Recursive Punishment
● Idea: if you create an invalid block, other
miners will not mine on it, because a block
dependent on an invalid block is an invalid
block, and miners do not want to produce
invalid blocks
● Similar logic for low-scoring blocks
23.
Valuation Equilibria
● Question: why do users pay attention to the
top-scoring chain?
● Answer 1: it’s a Schelling point
● Answer 2: it is more difficult to attack than
the top chain along any other metric
24.
Concept: Smart Contracts
● Regular contract: I agree to give you $300 if
you perform task X
● Smart contract: I put $300 into a box, which
are automatically assigned to you if you do X
● Verifiability
○ Pure math (eg. prove a theorem)
○ Global fact (eg. temperature in San Francisco)
○ Local fact (eg. did you wash my car?)
25.
Factum Law
● Decentralised consensus lets us create
cryptographic systems that control internal
assets with emergent value
● This provides a door from the world of
cryptography into the real world
● Idea: we can enforce rules without needing
real-world “enforcement” by using crypto-subsidies
26.
Proof of Work: Takeover Attack
● Ethereum contract
○ Any miner can join, sending deposit into contract
○ To avoid losing deposit, miners must regularly send
shares to prove their hashpower
○ Before 60% PoW joins, miners can leave at any time
○ At 60% PoW, deposit locked until a 20+ block-deep
fork succeeds
● Incentive to join: possible reward, no risk
● Incentive to follow through: deposit
27.
Grim Trigger Argument
● Fails if miners are fungible, works if miners
are bound
● Specialized ASIC-friendly algo: good
● CPU algo: bad
○ Unless (1) it’s a monopoly chain or (2) grim trigger
spreads across chains
● CPU algo + bonding: good
○ Another kind of PoS?
28.
Software
● Altruistic actions in Bitcoin protocol prevalent
○ eg. responding to getblock messages
● Not explainable by general altruism
○ eg. core dev horribly underfunded
● Correct model: 2 kinds of agents
○ Software (= heuristics)
○ Users (download and run software, stick to defaults)
29.
Software
● Model defaults as friction:
○
○
● “One currency to rule them all” may be flawed
○ | f | > benefit of liquidity
30.
Why not delete the FBI’s Silk Road wallet?
● Argument 1: grim trigger equilibrium
● Argument 2: new valuation equilibrium more
“complex” to calculate
● Idea: a consensus system is a way of
creating a complex valuation equilibrium, and
protecting it with:
○ Coordination problem
○ Grim trigger equilibrium
○ Bounded rationality
31.
Scalability
● Problem: at 1000000 tx/sec no node can
process every transaction
● Solution: split into consensus groups
● Problem: if split into N groups, attacker can
take over with 1/N power/stake
● Solution: if substantial disagreement
detected, suddenly increase attention
32.
Scalability
● Solution 2: randomly select consensus
groups per transaction
● General problem: who waves the flashlight?
○ Subsidize via penalty
○ Privatize (ie. potential victims look out for themselves)
● Problem: failure rate ends up nonzero
○ Dependency on altruism
33.
Scalability
● Solution 2: randomly select consensus
groups per transaction
● General problem: who waves the flashlight?
○ Subsidize via penalty
○ Privatize (ie. potential victims look out for themselves)
● Problem: failure rate ends up nonzero
○ Dependency on altruism
34.
Conclusion
● Cryptoeconomic protocols are social
protocols
● Everything has already done before
● The main benefits we have are:
○ Opportunity for computationally complex equilibria
○ Low-cost communication