-
Deploying Fair and Efficient Course Allocation Mechanisms
Authors:
George Bissias,
Cyrus Cousins,
Paula Navarrete Diaz,
Yair Zick
Abstract:
Universities regularly face the challenging task of assigning classes to thousands of students while considering their preferences, along with course schedules and capacities. Ensuring the effectiveness and fairness of course allocation mechanisms is crucial to guaranteeing student satisfaction and optimizing resource utilization. We approach this problem from an economic perspective, using formal…
▽ More
Universities regularly face the challenging task of assigning classes to thousands of students while considering their preferences, along with course schedules and capacities. Ensuring the effectiveness and fairness of course allocation mechanisms is crucial to guaranteeing student satisfaction and optimizing resource utilization. We approach this problem from an economic perspective, using formal justice criteria to evaluate different algorithmic frameworks. To evaluate our frameworks, we conduct a large scale survey of university students at University of Massachusetts Amherst, collecting over 1,000 student preferences. This is, to our knowledge, the largest publicly available dataset of student preferences. We develop software for generating synthetic student preferences over courses, and implement four allocation algorithms: the serial dictatorship algorithm used by University of Massachusetts Amherst; Round Robin; an Integer Linear Program; and the Yankee Swap algorithm. We propose improvements to the Yankee Swap framework to handle scenarios with item multiplicities. Through experimentation with the Fall 2024 Computer Science course schedule at University of Massachusetts Amherst, we evaluate each algorithm's performance relative to standard justice criteria, providing insights into fair course allocation in large university settings.
△ Less
Submitted 14 February, 2025;
originally announced February 2025.
-
Tailstorm: A Secure and Fair Blockchain for Cash Transactions
Authors:
Patrik Keller,
Ben Glickenhaus,
George Bissias,
Gregory Griffith
Abstract:
Proof-of-work (PoW) cryptocurrencies rely on a balance of security and fairness in order to maintain a sustainable ecosystem of miners and users. Users demand fast and consistent transaction confirmation, and in exchange drive the adoption and valuation of the cryptocurrency. Miners provide the confirmations, however, they primarily seek rewards. In unfair systems, miners can amplify their rewards…
▽ More
Proof-of-work (PoW) cryptocurrencies rely on a balance of security and fairness in order to maintain a sustainable ecosystem of miners and users. Users demand fast and consistent transaction confirmation, and in exchange drive the adoption and valuation of the cryptocurrency. Miners provide the confirmations, however, they primarily seek rewards. In unfair systems, miners can amplify their rewards by consolidating mining power. Centralization however, undermines the security guarantees of the system and might discourage users.
In this paper we present Tailstorm, a cryptocurrency that strikes this balance. Tailstorm merges multiple recent protocol improvements addressing security, confirmation latency, and throughput with a novel incentive mechanism improving fairness. We implement a parallel proof-of-work consensus mechanism with $k$ PoWs per block to obtain state-of-the-art consistency guarantees. Inspired by Bobtail and Storm, we structure the individual PoWs in a tree which, by including a list of transactions with each PoW, reduces confirmation latency and improves throughput. Our proposed incentive mechanism discounts rewards based on the depth of this tree. Thereby, it effectively punishes information withholding, the core attack strategy used to reap an unfair share of rewards.
We back our claims with a comprehensive analysis. We present a generic system model which allows us to specify Bitcoin, $B_k$, and Tailstorm from a joint set of assumptions. We provide an analytical bound for the fairness of Tailstorm and Bitcoin in honest networks and we confirm the results through simulation. We evaluate the effectiveness of dishonest behaviour through reinforcement learning. Our attack search reproduces known optimal strategies against Bitcoin, uncovers new ones against $B_k$, and confirms that Tailstorm's reward discounting makes it more resilient to incentive layer attacks.
△ Less
Submitted 21 June, 2023;
originally announced June 2023.
-
Pricing Security in Proof-of-Work Systems
Authors:
George Bissias,
Rainer Böhme,
David Thibodeau,
Brian N. Levine
Abstract:
A key component of security in decentralized blockchains is proof of opportunity cost among block producers. In the case of proof-of-work (PoW), currently used by the most prominent systems, the cost is due to spent computation. In this paper, we characterize the security investment of miners in terms of its cost in fiat money. This enables comparison of security allocations across PoW blockchains…
▽ More
A key component of security in decentralized blockchains is proof of opportunity cost among block producers. In the case of proof-of-work (PoW), currently used by the most prominent systems, the cost is due to spent computation. In this paper, we characterize the security investment of miners in terms of its cost in fiat money. This enables comparison of security allocations across PoW blockchains that generally use different PoW algorithms and reward miners in different cryptocurrency units. We prove that there exists a unique allocation equilibrium, depending on market prices only, that is achieved by both strategic miners (who contemplate the actions of others) and by miners seeking only short-term profit. In fact, the latter will unknowingly compensate for any attempt to deliberately shift security allocation away from equilibrium.
Our conclusions are supported analytically through the development of a Markov decision process, game theoretical analysis, and derivation of no arbitrage conditions. We corroborate those results with empirical evidence from more than two years of blockchain and price data. Overall agreement is strong. We show that between January 1, 2018 and August 1, 2020, market prices predicted security allocation between Bitcoin and Bitcoin Cash with error less than 0.6%. And from the beginning of October 2019, until August 1, 2020, market prices predicted security allocation between Bitcoin and Litecoin with error of 0.45%. These results are further corroborated by our establishment of Granger-causality between change in market prices and change in security allocation.
To demonstrate the practicality of our results, we describe a trustless oracle that leverages the equilibrium to estimate the price ratios of PoW cryptocurrencies from on-chain information only.
△ Less
Submitted 7 December, 2020;
originally announced December 2020.
-
Radium: Improving Dynamic PoW Targeting
Authors:
George Bissias
Abstract:
Most PoW blockchain protocols operate with a simple mechanism whereby a threshold is set for each block and miners generate block hashes until one of those values falls below the threshold. Although largely effective, this mechanism produces blocks at a highly variable rate and also leaves a blockchain susceptible to chain death, i.e. abandonment in the event that the threshold is set too high to…
▽ More
Most PoW blockchain protocols operate with a simple mechanism whereby a threshold is set for each block and miners generate block hashes until one of those values falls below the threshold. Although largely effective, this mechanism produces blocks at a highly variable rate and also leaves a blockchain susceptible to chain death, i.e. abandonment in the event that the threshold is set too high to attract any miners. A recent innovation called real-time block rate targeting, or RTT, fixes these problems by reducing the target throughout the mining interval. RTT exhibits much less variable block times and even features the ability to fully adjust the target after each block. However, as we show in this paper, RTT also suffers from a critical vulnerability whereby miners deviate form the protocol to increase their profits. We introduce the Radium protocol, which mitigates this vulnerability in RTT while retaining lower variance block times, responsive target adjustment, and lowering the risk of chain death. We also show that Radium's susceptibility to the doublespend attack and orphaned blocks remains similar to Bitcoin.
△ Less
Submitted 12 July, 2020;
originally announced July 2020.
-
Greedy but Cautious: Conditions for Miner Convergence to Resource Allocation Equilibrium
Authors:
George Bissias,
Brian N. Levine,
David Thibodeau
Abstract:
All public blockchains are secured by a proof of opportunity cost among block producers. For example, the security offered by proof-of-work (PoW) systems, like Bitcoin, is due to spent computation; it is work precisely because it cannot be performed for free. In general, more resources provably lost in producing blocks yields more security for the blockchain. When two blockchains share the same me…
▽ More
All public blockchains are secured by a proof of opportunity cost among block producers. For example, the security offered by proof-of-work (PoW) systems, like Bitcoin, is due to spent computation; it is work precisely because it cannot be performed for free. In general, more resources provably lost in producing blocks yields more security for the blockchain. When two blockchains share the same mechanism for providing opportunity cost, as is the case when they share the same PoW algorithm, the two chains compete for resources from block producers. Indeed, if there exists a liquid market between resource types, then theoretically all blockchains will compete for resources. In this paper, we show that there exists a resource allocation equilibrium between any two blockchains, which is essentially driven by the fiat value of reward that each chain offers in return for providing security. We go on to prove that this equilibrium is singular and always achieved provided that block producers behave in a greedy, but cautious fashion. The opposite is true when they are overly greedy: resource allocation oscillates in extremes between the two chains. We show that these results hold both in practice and in a block generation simulation. Finally, we demonstrate several applications of this theory including a trustless price-ratio oracle, increased security for blockchains whose coins have lower fiat value, and a quantification of cost to allocating resources away from the equilibrium.
△ Less
Submitted 26 August, 2019; v1 submitted 19 July, 2019;
originally announced July 2019.
-
Bonded Mining: Difficulty Adjustment by Miner Commitment
Authors:
George Bissias,
David Thibodeau,
Brian N. Levine
Abstract:
Proof-of-work blockchains must implement a difficulty adjustment algorithm (DAA) in order to maintain a consistent inter-arrival time between blocks. Conventional DAAs are essentially feedback controllers, and as such, they are inherently reactive. This approach leaves them susceptible to manipulation and often causes them to either under- or over-correct. We present Bonded Mining, a proactive DAA…
▽ More
Proof-of-work blockchains must implement a difficulty adjustment algorithm (DAA) in order to maintain a consistent inter-arrival time between blocks. Conventional DAAs are essentially feedback controllers, and as such, they are inherently reactive. This approach leaves them susceptible to manipulation and often causes them to either under- or over-correct. We present Bonded Mining, a proactive DAA that works by collecting hash rate commitments secured by bond from miners. The difficulty is set directly from the commitments and the bond is used to penalize miners who deviate from their commitment. We devise a statistical test that is capable of detecting hash rate deviations by utilizing only on-blockchain data. The test is sensitive enough to detect a variety of deviations from commitments, while almost never misclassifying honest miners. We demonstrate in simulation that, under reasonable assumptions, Bonded Mining is more effective at maintaining a target block time than the Bitcoin Cash DAA, one of the newest and most dynamic DAAs currently deployed. In this preliminary work, the lowest hash rate miner our approach supports is 1% of the total and we directly consider only two types of fundamental attacks. Future work will address these limitations.
△ Less
Submitted 5 August, 2019; v1 submitted 29 June, 2019;
originally announced July 2019.
-
An Algorithm for Bounding the Probability of r-core Formation in k-uniform Random Hypergraphs
Authors:
George Bissias
Abstract:
We present an algorithm for bounding the probability of r-core formation in k-uniform hypergraphs. Understanding the probability of core formation is useful in numerous applications including bounds on the failure rate of Invertible Bloom Lookup Tables (IBLTs) and the probability that a boolean formula is satisfiable.
We present an algorithm for bounding the probability of r-core formation in k-uniform hypergraphs. Understanding the probability of core formation is useful in numerous applications including bounds on the failure rate of Invertible Bloom Lookup Tables (IBLTs) and the probability that a boolean formula is satisfiable.
△ Less
Submitted 15 January, 2019;
originally announced January 2019.
-
Ektelo: A Framework for Defining Differentially-Private Computations
Authors:
Dan Zhang,
Ryan McKenna,
Ios Kotsogiannis,
George Bissias,
Michael Hay,
Ashwin Machanavajjhala,
Gerome Miklau
Abstract:
The adoption of differential privacy is growing but the complexity of designing private, efficient and accurate algorithms is still high. We propose a novel programming framework and system, Ektelo, for implementing both existing and new privacy algorithms. For the task of answering linear counting queries, we show that nearly all existing algorithms can be composed from operators, each conforming…
▽ More
The adoption of differential privacy is growing but the complexity of designing private, efficient and accurate algorithms is still high. We propose a novel programming framework and system, Ektelo, for implementing both existing and new privacy algorithms. For the task of answering linear counting queries, we show that nearly all existing algorithms can be composed from operators, each conforming to one of a small number of operator classes. While past programming frameworks have helped to ensure the privacy of programs, the novelty of our framework is its significant support for authoring accurate and efficient (as well as private) programs.
After describing the design and architecture of the Ektelo system, we show that Ektelo is expressive, allows for safer implementations through code reuse, and that it allows both privacy novices and experts to easily design algorithms. We demonstrate the use of Ektelo by designing several new state-of-the-art algorithms.
△ Less
Submitted 24 May, 2019; v1 submitted 10 August, 2018;
originally announced August 2018.
-
Using Economic Risk to Model Miner Hash Rate Allocation in Cryptocurrencies
Authors:
George Bissias,
Brian N. Levine,
David Thibodeau
Abstract:
Abrupt changes in the miner hash rate applied to a proof-of-work (PoW) blockchain can adversely affect user experience and security. Because different PoW blockchains often share hashing algorithms, miners face a complex choice in deciding how to allocate their hash power among chains. We present an economic model that leverages Modern Portfolio Theory to predict a miner's allocation over time usi…
▽ More
Abrupt changes in the miner hash rate applied to a proof-of-work (PoW) blockchain can adversely affect user experience and security. Because different PoW blockchains often share hashing algorithms, miners face a complex choice in deciding how to allocate their hash power among chains. We present an economic model that leverages Modern Portfolio Theory to predict a miner's allocation over time using price data and inferred risk tolerance. The model matches actual allocations with mean absolute error within 20% for four out of the top five miners active on both Bitcoin (BTC) and Bitcoin Cash (BCH) blockchains. A model of aggregate allocation across those four miners shows excellent agreement in magnitude with the actual aggregate as well a correlation coefficient of 0.649. The accuracy of the aggregate allocation model is also sufficient to explain major historical changes in inter-block time (IBT) for BCH. Because estimates of miner risk are not time-dependent and our model is otherwise price-driven, we are able to use it to anticipate the effect of a major price shock on hash allocation and IBT in the BCH blockchain. Using a Monte Carlo simulation, we show that, despite mitigation by the new difficulty adjustment algorithm, a price drop of 50% could increase the IBT by 50% for at least a day, with a peak delay of 100%.
△ Less
Submitted 19 June, 2018;
originally announced June 2018.
-
Bobtail: A Proof-of-Work Target that Minimizes Blockchain Mining Variance (Draft)
Authors:
George Bissias,
Brian Neil Levine
Abstract:
Blockchain systems are designed to produce blocks at a constant average rate. The most popular systems currently employ a Proof of Work (PoW) algorithm as a means of creating these blocks. Bitcoin produces, on average, one block every 10 minutes. An unfortunate limitation of all deployed PoW blockchain systems is that the time between blocks has high variance. For example, 5% of the time, Bitcoin'…
▽ More
Blockchain systems are designed to produce blocks at a constant average rate. The most popular systems currently employ a Proof of Work (PoW) algorithm as a means of creating these blocks. Bitcoin produces, on average, one block every 10 minutes. An unfortunate limitation of all deployed PoW blockchain systems is that the time between blocks has high variance. For example, 5% of the time, Bitcoin's inter-block time is at least 40 minutes. This variance impedes the consistent flow of validated transactions through the system. We propose an alternative process for PoW-based block discovery that results in an inter-block time with significantly lower variance. Our algorithm, called Bobtail, generalizes the current algorithm by comparing the mean of the k lowest order statistics to a target. We show that the variance of inter-block times decreases as k increases. If our approach were applied to Bitcoin, about 80% of blocks would be found within 7 to 12 minutes, and nearly every block would be found within 5 to 18 minutes; the average inter-block time would remain at 10 minutes. Further, we show that low-variance mining significantly thwarts doublespend and selfish mining attacks. For Bitcoin and Ethereum currently (k=1), an attacker with 40% of the mining power will succeed with 30% probability when the merchant sets up an embargo of 8 blocks; however, when k>=20, the probability of success falls to less than 1%. Similarly, for Bitcoin and Ethereum currently, a selfish miner with 40% of the mining power will claim about 66% of blocks; however, when k>=5, the same miner will find that selfish mining is less successful than honest mining. The cost of our approach is a larger block header.
△ Less
Submitted 13 August, 2019; v1 submitted 25 September, 2017;
originally announced September 2017.
-
Estimation of Miner Hash Rates and Consensus on Blockchains (draft)
Authors:
A. Pinar Ozisik,
George Bissias,
Brian Levine
Abstract:
We make several contributions that quantify the real-time hash rate and therefore the consensus of a blockchain. We show that by using only the hash value of blocks, we can estimate and measure the hash rate of all miners or individual miners, with quanti able accuracy. We apply our techniques to the Ethereum and Bitcoin blockchains; our solution applies to any proof-of-work-based blockchain that…
▽ More
We make several contributions that quantify the real-time hash rate and therefore the consensus of a blockchain. We show that by using only the hash value of blocks, we can estimate and measure the hash rate of all miners or individual miners, with quanti able accuracy. We apply our techniques to the Ethereum and Bitcoin blockchains; our solution applies to any proof-of-work-based blockchain that relies on a numeric target for the validation of blocks. We also show that if miners regularly broadcast status reports of their partial proof-of- work, the hash rate estimates are signi cantly more accurate at a cost of slightly higher bandwidth. Whether using only the blockchain, or the additional information in status reports, merchants can use our techniques to quantify in real-time the threat of double-spend attacks.
△ Less
Submitted 30 June, 2017;
originally announced July 2017.
-
Securing the Assets of Decentralized Applications using Financial Derivatives (DRAFT)
Authors:
George Bissias,
Brian Levine,
Nikunj Kapadia
Abstract:
Ethereum contracts can be designed to function as fully decentralized applications called DAPPs. Many DAPPs have already been fielded, including an online marketplace, a role playing game, a prediction market, and an Internet service provider. Unfortunately, DAPPs can be hacked, and the assets they control can be stolen. A recent attack on an Ethereum decentralized application called The DAO demon…
▽ More
Ethereum contracts can be designed to function as fully decentralized applications called DAPPs. Many DAPPs have already been fielded, including an online marketplace, a role playing game, a prediction market, and an Internet service provider. Unfortunately, DAPPs can be hacked, and the assets they control can be stolen. A recent attack on an Ethereum decentralized application called The DAO demonstrated that smart contract bugs are more than an academic concern. Ether worth tens of millions of US dollars was extracted by an attacker from The DAO, sending the value of its tokens and the overall exchange price of ether tumbling.
We present a market-based technique for insuring the ether holdings of a DAPP using futures contracts indexed by the trade price of ether for DAPP tokens. Under fairly general circumstances, our technique is capable of recovering the majority of ether lost from theft with high probability even when all of the ether holdings are stolen; and the only cost to DAPP token holders is an adjustable ether withdrawal fee. If the probability of a margin call in $d$ days is $p$ for a futures contract with 20 times leverage, then our approach will allow for the recovery of half the stolen ether with probability $p$ and a withdrawal fee of 5%. A higher withdrawal fee of 25% allows for more than 80% of the ether to be recovered with probability $p$.
△ Less
Submitted 14 January, 2017;
originally announced January 2017.
-
An Analysis of Attacks on Blockchain Consensus
Authors:
George Bissias,
Brian Neil Levine,
A. Pinar Ozisik,
Gavin Andresen
Abstract:
We present and validate a novel mathematical model of the blockchain mining process and use it to conduct an economic evaluation of the double-spend attack, which is fundamental to all blockchain systems. Our analysis focuses on the value of transactions that can be secured under a conventional double-spend attack, both with and without a concurrent eclipse attack. Our model quantifies the importa…
▽ More
We present and validate a novel mathematical model of the blockchain mining process and use it to conduct an economic evaluation of the double-spend attack, which is fundamental to all blockchain systems. Our analysis focuses on the value of transactions that can be secured under a conventional double-spend attack, both with and without a concurrent eclipse attack. Our model quantifies the importance of several factors that determine the attack's success, including confirmation depth, attacker mining power, and any confirmation deadline set by the merchant. In general, the security of a transaction against a double-spend attack increases roughly logarithmically with the depth of the block, made easier by the increasing sum of coin turned-over (between individuals) in the blocks, but more difficult by the increasing proof of work required. In recent blockchain data, we observed a median block turnover value of 6 BTC. Based on this value, a merchant requiring a single confirmation is protected against only attackers that can increase the current mining power by 1% or less. However, similar analysis shows that a merchant that requires a much longer 72 confirmations (~12 hours) will eliminate all potential profit for any double-spend attacker adding mining power less than 40% of the current mining power.
△ Less
Submitted 20 November, 2016; v1 submitted 25 October, 2016;
originally announced October 2016.