In this series on Bitcoin and game theory, I’ve argued that Bitcoin’s stability is fundamentally a game-theoretic proposition and shown how we’ve had blind spots for years in our theoretical understanding of mining strategy. In this post, I’ll get to the question of the discrepancy between theory and practice. As I pointed out, even though there are many theoretical weaknesses in Bitcoin’s consensus mechanism, none of these ever appear to have been exploited. [Read more…]
In an earlier post I argued why Bitcoin’s stability is fundamentally a game-theoretic proposition, and ended with some questions:
Can we effectively model the system with all its interacting components in the language of strategies and payoff-maximization? Is the resulting model tractable — can we analyze it mathematically or using simulations? And most importantly, do its predictions match what we observe in practice?
Let’s look at those questions in the context of a “block withholding attack” between mining pools.
Recall that mining pools are groups of individual miners who pool their computing power as well as their rewards. Suppose two mining pools — let’s call them blue and red — are both seeking to maximize their mining rewards. Let’s say the manager of the red pool decides to infiltrate the blue pool and decrease their efficiency using some of the mining power that red (directly or indirectly) controls. This can be done by submitting shares (partial proofs of work) to earn a share of rewards, but withholding any valid blocks which are found and therefore not contributing any productive work to the blue pool. At first sight this seems like cutting off your nose to spite your face — sure, blue’s efficiency will be hurt, but red is wasting hash power as well.
Computer science research on re-identification has repeatedly demonstrated that sensitive information can be inferred even from de-identified data in a wide variety of domains. This has posed a vexing problem for practitioners and policy makers. If the absence of “personally identifying information” cannot be relied on for privacy protection, what are the alternatives? Joanna Huey, Ed Felten, and I tackle this question in a new paper “A Precautionary Approach to Big Data Privacy”. Joanna presented the paper at the Computers, Privacy & Data Protection conference earlier this year.
As promised, here are the final project presentations from the Bitcoin and cryptocurrency technologies class I taught at Princeton. I encouraged students to build something real, rather than toy class projects, and they delivered. I hope you’ll find these presentations interesting and educational, and that you build on the work presented here (I’ve linked to the projects on GitHub if the code is available).
If you haven’t already, you should sign up for the online version of this class we’re teaching starting in a couple of weeks. The class will prepare you to do projects just like these.
At Princeton I taught a course on Bitcoin and cryptocurrency technologies during the semester that just ended. Joe Bonneau unofficially co-taught it with me. Based on student feedback and what we accomplished in the course, it was extremely successful. Next week I’ll post videos of all the final project presentations.
The course was based on a series of video lectures. We’re now offering these lectures free to the public, online, together with homeworks, programming assignments, and a textbook. We’ve heard from computer science students at various institutions as well as the Bitcoin community about the need for structured educational materials, and we’re excited to fill this need.
The first several book chapters are already available. The course starts February 16, and we’ll start making the videos available closer to that date (
you’ll need to sign up to watch the videos Edit: we’ve changed this policy; the lectures are also publicly available). Each week there will be a Google hangout with that week’s lecturer. We’ll also answer questions on Piazza.
At a technical level, the Bitcoin protocol is a clever solution to the consensus problem in computer science. The idea of consensus is very general — a number of participants together execute a computation to come to agreement about the state of the world, or a subset of it that they’re interested in.
Because of this generality, there are different methods for analyzing and proving things about such consensus protocols, coming from different areas of applied math and computer science. These methods use different languages and terminology and embody different assumptions and views. As a result, they’re not always consistent with each other. This is a recipe for confusion; often people disagree because they’ve implicitly assumed one world-view or another. In this post I’ll explain the two main sets of models that are used to analyze the security of consensus in Bitcoin.
In the privacy technologies grad seminar that I taught last semester, Bitcoin proved to be the most popular topic among students. Two groups did very different and equally interesting final projects on Bitcoin and cryptocurrencies; more on that below.
More broadly, we’re seeing a huge demand for learning the computer science underlying Bitcoin, both at Princeton and elsewhere. But research papers on Bitcoin don’t make for great teaching materials. Identifying the core ideas, building them up in logical progression, and connecting them to other areas of computer science is a challenging task.
Over the summer, I teamed up with Joe Bonneau, Ed Felten, and Andrew Miller to do just that. We’ve produced a lecture series which will start going online soon. While we spend some time in the lectures on the specifics of Bitcoin, much of our discussion is about the underlying principles which apply to cryptocurrencies in general. Steven Goldfeder and other students are working with us to produce homeworks, programming assignments, and a textbook, which will together comprise a complete online course. We’ll announce it here when it launches.
Paul Ohm’s 2009 article Broken Promises of Privacy spurred a debate in legal and policy circles on the appropriate response to computer science research on re-identification techniques. In this debate, the empirical research has often been misunderstood or misrepresented. A new report by Ann Cavoukian and Daniel Castro is full of such inaccuracies, despite its claims of “setting the record straight.”
In a response to this piece, Ed Felten and I point out eight of our most serious points of disagreement with Cavoukian and Castro. The thrust of our arguments is that (i) there is no evidence that de-identification works either in theory or in practice and (ii) attempts to quantify its efficacy are unscientific and promote a false sense of security by assuming unrealistic, artificially constrained models of what an adversary might do. [Read more…]
As a computer scientist who studies Privacy-Enhancing Technologies, I remember my surprise when I first learned that some groups of people view and use them very differently than I’m used to. In computer science, PETs are used for protecting anonymity or confidentiality, often via application of cryptography, and are intended to be bullet-proof against an adversary who is trying to breach privacy.
By contrast, Helen Nissenbaum and others have developed a political and ethical theory of obfuscation , “a strategy for individuals, groups or communities to hide; to protect themselves; to protest or enact civil disobedience, especially in the context of monitoring, aggregated analysis, and profiling..” CV Dazzle and Ad Nauseam are good examples.
[This is a guest post by Wenley Tong, Sebastian Gold, Samuel Gichohi, Mihai Roman, and Jonathan Frankle, undergraduates in the Privacy Technologies seminar that I offered for the second time in Spring 2014. They did an excellent class project on the usability of email encryption.]
PGP and similar email encryption standards have existed since the early 1990s, yet even in the age of NSA surveillance and ubiquitous data-privacy concerns, we continue to send email in plain text. Researchers have attributed this apparent gaping hole in our security infrastructure to a deceivingly simple source: usability. Email encryption, although cryptographically straightforward, appears too complicated for laypeople to understand. In our project, we aimed to understand why this problem has eluded researchers for well over a decade and expand the design space of possible solutions to this and similar challenges at the intersection of security and usability.