טכניון מכון טכנולוגי לישראל
הטכניון מכון טכנולוגי לישראל - בית הספר ללימודי מוסמכים  
Ph.D Thesis
Ph.D StudentBentov Iddo
SubjectBitcoin and Secure Computation with Money
DepartmentDepartment of Computer Science
Supervisor Professor Eliyahu Ben Sasson
Full Thesis textFull thesis text - English Version


Abstract

Since its inception in 2009, the Bitcoin cryptocurrency has been running without major setbacks thus far, and has therefore attracted a significant amount of theoretical interest. Broadly speaking, the academic study of Bitcoin is two-fold. First, there are concrete concerns that portray the current Bitcoin protocol as an ill-thought-out experiment that is destined to fail, or at least as a deficient system in comparison to alternative designs. Hence, such concerns are often accompanied by proposals to improve or replace various aspects of the Bitcoin protocol, in an attempt to devise a digital currency system that is more likely to be sustainable over the long term. The second kind of academic interest in Bitcoin takes it as a given that an ideal Bitcoin system exists, and then investigates whether different constructions -- that might not have an obvious relation to digital money -- can benefit from an interaction with the Bitcoin system.

In this work we tackle these two kinds of examinations.

With regard to the future prospects of Bitcoin and similar cryptocurrencies, we examine whether Proof of Stake can be an improvement over Proof of Work, from the point of view of decentralized consensus systems. In our context, decentralization means that anyone who invests enough resources is able to participate in the decision-making process that updates the system. The term Proof of Work means that system updates are done by solving difficult computational problems, and the term Proof of Stake means that the power to perform system updates is given to the entities who possess the digital currency that circulates in the system. In Chapter 2, we present a hybrid protocol that combines Proof of Work and Proof of Stake, and analyze whether the combination can be superior to reliance on only one of these two elements. Then, in Chapter 3, we construct decentralized cryptocurrency systems that rely only on Proof of Stake, and investigate whether they can potentially work well.

Regarding constructions that make use of an ideal Bitcoin system, we focus on the benefits that a decentralized cryptocurrency network can provide for secure multiparty computation. Specifically, it is a well known fact that it is impossible to guarantee that all the honest parties will receive the output of the computation in standard models [Cleve, STOC 1986], and we design protocols that overcome this impossibility in the case of an adversary who does not wish to suffer a monetary penalty. Chapter 5 gives the most extensive variant of our fairness results, which we refer to as reactive secure cash distribution. The reactive aspect implies that our protocols allow for secure computation that delivers intermediate outputs during certain rounds, in a fair manner. The secure cash distribution functionality that we construct enables support for secure computation in which the inputs and outputs of the parties are comprised of both information and money. Thus, our protocols can capture real poker, as opposed to just ``mental'' poker.