[bitcoin-dev] MAD-HTLC

ZmnSCPxj ZmnSCPxj at protonmail.com
Sat Jul 4 20:58:57 UTC 2020

Good morning Ittay,

> The analysis in our MAD-HTLC paper shows that when all players are rational (i.e., make the best decisions), and have the greater strategy space (which is easy to achieve, 150 Loc), the subgame-perfect-equilibrium strategy (this is like Nash-equilibrium for dynamic games https://en.wikipedia.org/wiki/Subgame_perfect_equilibrium) for even relatively-small fee is to support the attack. Putting it in game-theory terms -- strategy "exclude-Alice-until-timeout-then-include-Bob" results with higher utility than strategy "include-Alice-Tx-now" (and by definition, "include-Alice-Tx-now" does not dominante  "exclude-Alice-until-timeout-then-include-Bob").

It may be helpful to think in terms of Prisoner Dilemma.

               | cooperate | betray
    cooperate  | -1, -1    | 0, -3
    betray     | -3, 0     | -2, -2

"include-Alice-Tx-now" imposes a greater cost on those playing "exclude-Alice-until-timeout-then-include-Bob" players, than the benefit that both miners play "exclude-Alice-until-timeout-then-include-Bob".

Basically, "cooperate" == "exclude-Alice-until-timeout-then-include-Bob", "betray" == "include-Alice-Tx-now".

One way to get around this is to invoke Iterated Prisoner Dilemma, but that requires that miners can identify other miners and to be able to act accordingly to how those other miners have acted in the past.
The entire point of Bitcoin mining is to allow strong anonymity of miners (not that this commonly happens in practice, given the habit of putting identifying information in coinbases).

Another way would be to have a higher system that polices its constituents and ensures that every miner plays "exclude-Alice-until-timeout-then-include-Bob", and punishes "include-Alice-Tx-now".
But that would be equivalent to a centralized cartel, and would be the death of Bitcoin anyway, at which point, all Bitcoin tokens will be worthless.


More information about the bitcoin-dev mailing list