Published on: 2020-07-06T11:13:47+00:00
In a recent email conversation, Itay Tsabary discussed the token amount required for the collateral contract in a collateralized contract. He mentioned that the required token amount is low and independent of the deposit tokens. He argued that a relatively small incentive is enough to encourage honest behavior from participants. However, this does result in slightly larger transactions with another UTXO. The recipient of the email questioned whether the collateral had to be at least the same size as the deposit, expressing concerns about the potential for bribery attacks. The discussion between Ittay and ZmnSCPxj on the Bitcoin-dev mailing list focused on myopic and non-myopic miners. Non-myopic miners optimize transaction selection for multiple future blocks, while myopic miners only optimize for the next block. The term "dominates" refers to a strategy in game theory that consistently outperforms another strategy. Myopic strategies tend to beat non-myopic strategies because they impose costs on non-myopic miners. Currently, no miner is non-myopic, but it is possible to implement non-myopia in Bitcoin Core. However, implementing non-myopia is considered pointless since myopic strategies dominate over non-myopic strategies. The MAD-HTLC (Miner-Activated Delayed Hash Time-Locked Contract) consists of two contracts: Deposit and Collateral. The Deposit has three redeem paths, while the Collateral serves as a fidelity bond and has two redeem paths. The MAD-HTLC has three cases, each determining the distribution of BTC based on specific conditions. However, these contracts may not be safe if the counterparty is a miner, as it could incentivize competing miners to reorganize the chain and redirect funds. The analysis of the MAD-HTLC paper shows that, in a scenario where all players are rational, the dominant strategy is to support an attack. This situation can be compared to the Prisoner's Dilemma game. One way to address this is through Iterated Prisoner's Dilemma, but it requires miners to identify each other and act accordingly. Another approach is to have a higher system that enforces a specific strategy and punishes deviations. However, this would lead to a centralized cartel, which would be detrimental to Bitcoin.In another email thread, ZmnSCPxj responded to a post about myopic and non-myopic miners in a mixed population. They argued that myopic strategies dominate over non-myopic ones because myopic miners deduct fees from non-myopic miners by preventing certain transactions from being confirmed. The probability of a bribery attack failing decreases exponentially based on the number of blocks until timeout and the percentage of hashrate controlled by myopic miners. Even with a small amount of myopic hashrate and long timeouts or modest amounts of hashrate and short timeouts, the attack is unlikely to succeed. The discussion also touched on the safety of MAD-HTLC and potential vulnerabilities in the Lightning Network. Concerns were raised about the assumption that the mempool is a shared resource and the possibility of double-spending attacks. Various disincentives for attackers were proposed to mitigate these risks. The overall discussions revolved around the dominance of myopic miners, the likelihood of bribery attacks succeeding, and potential vulnerabilities in different contract models.
Updated on: 2023-08-02T02:25:21.896054+00:00