Incentives in Security Protocols

  • Sarah Azouvi
  • Alexander Hicks
  • Steven J. MurdochEmail author
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 11286)


Real world protocols often involve human choices that depend on incentives, including when they fail. We look at three example systems (the EMV protocol, consensus in cryptocurrencies, and Tor), paying particular attention to the role that incentives play in fail-safe and fail-deadly situations. In this position paper we argue that incentives should explicitly be taken into account in the design of security protocols, and discuss general challenges in doing so.



We thank the attendees of the workshop for the discussion. Alexander Hicks is supported by OneSpan ( and UCL through an EPSRC Research Studentship; Steven J. Murdoch is supported by The Royal Society [grant number UF160505].


  1. 1.
  2. 2.
    Abraham, I., Dolev, D., Gonen, R., Halpern, J.: Distributed computing meets game theory: robust mechanisms for rational secret sharing and multiparty computation. In: Proceedings of the Twenty-fifth Annual ACM Symposium on Principles of Distributed Computing, pp. 53–62, PODC 2006. ACM, New York (2006).
  3. 3.
    Abraham, I., Dolev, D., Halpern, J.Y.: Lower bounds on implementing robust and resilient mediators. In: Canetti, R. (ed.) TCC 2008. LNCS, vol. 4948, pp. 302–319. Springer, Heidelberg (2008). Scholar
  4. 4.
    Abraham, I., Malkhi, D., Nayak, K., Ren, L., Spiegelman, A.: Solidus: an incentive-compatible cryptocurrency based on permissionless Byzantine consensus. CoRR abs/1612.02916 (2016).
  5. 5.
    Abraham, I., Malkhi, D., Nayak, K., Ren, L., Spiegelman, A.: Solida: A blockchain protocol based on reconfigurable Byzantine consensus. In: OPODIS (2017).
  6. 6.
    Acquisti, A., Dingledine, R., Syverson, P.: On the economics of anonymity. In: Wright, R.N. (ed.) FC 2003. LNCS, vol. 2742, pp. 84–102. Springer, Heidelberg (2003). Scholar
  7. 7.
    Aiyer, A.S., Alvisi, L., Clement, A., Dahlin, M., Martin, J.P., Porth, C.: BAR fault tolerance for cooperative services. SIGOPS Oper. Syst. Rev. 39(5), 45–58 (2005). Scholar
  8. 8.
    Anderson, R.: Why information security is hard - an economic perspective. In: Annual Computer Security Applications Conference, pp. 358–365 (2001)Google Scholar
  9. 9.
    Anderson, R., Murdoch, S.J.: EMV: why payment systems fail. Commun. ACM 57(6), 24–28 (2014). Scholar
  10. 10.
    Badertscher, C., Garay, J., Maurer, U., Tschudi, D., Zikas, V.: But why does it work? A rational protocol design treatment of Bitcoin. Technical report, Cryptology ePrint Archive, Report 2018/138 (2018). Scholar
  11. 11.
    Bentov, I., Pass, R., Shi, E.: Snow white: provably secure proofs of stake. IACR Cryptol. ePrint Arch. 2016, 919 (2016)Google Scholar
  12. 12.
    Bonneau, J.: Why buy when you can rent? In: Clark, J., Meiklejohn, S., Ryan, P.Y.A., Wallach, D., Brenner, M., Rohloff, K. (eds.) FC 2016. LNCS, vol. 9604, pp. 19–26. Springer, Heidelberg (2016). Scholar
  13. 13.
    Caballero-Gil, P., Hernández-Goya, C., Bruno-Castañeda, C.: A rational approach to cryptographic protocols. CoRR abs/1005.0082 (2010).
  14. 14.
    Carlsten, M., Kalodner, H., Weinberg, S.M., Narayanan, A.: On the instability of Bitcoin without the block reward. In: Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security, pp. 154–167, CCS 2016. ACM, New York (2016).
  15. 15.
    CoinMarketCap: Cryptocurrency market capitalizations. Accessed 15 Jan 2018
  16. 16.
    “Johnny” Ngan, T.-W., Dingledine, R., Wallach, D.S.: Building incentives into tor. In: Sion, R. (ed.) FC 2010. LNCS, vol. 6052, pp. 238–256. Springer, Heidelberg (2010). Scholar
  17. 17.
    Eyal, I.: The miner’s dilemma. In: IEEE Symposium on Security and Privacy (2015)Google Scholar
  18. 18.
    Eyal, I., Sirer, E.G.: Majority is not enough: Bitcoin mining is vulnerable. In: Financial Cryptography and Data Security (2013)Google Scholar
  19. 19.
    Garay, J., Katz, J., Maurer, U., Tackmann, B., Zikas, V.: Rational protocol design: cryptography against incentive-driven adversaries. Cryptology ePrint Archive, Report 2013/496 (2013).
  20. 20.
    Ghosh, M., Richardson, M., Ford, B., Jansen, R.: A TorPath to TorCoin: proof of bandwidth altcoins for compensating relays. Technical report NRL (2014)Google Scholar
  21. 21.
    Gneezy, U., Rustichini, A.: A fine is a price. J. Legal Stud. 29(1), 1–17 (2000)CrossRefGoogle Scholar
  22. 22.
    Halpern, J.Y.: Beyond Nash equilibrium: solution concepts for the 21st century. CoRR abs/0806.2139 (2008).
  23. 23.
    Halpern, J.Y., Pass, R.: Game theory with costly computation. arXiv preprint arXiv:0809.0024 (2008)
  24. 24.
    Jansen, R., Hopper, N.: Shadow: running Tor in a box for accurate and efficient experimentation. In: Proceedings of the 19th Symposium on Network and Distributed System Security (NDSS). Internet Society, February 2012Google Scholar
  25. 25.
    Jansen, R., Miller, A., Syverson, P., Ford, B.: From onions to shallots: rewarding Tor relays with TEARS. Technical report NRL (2014)Google Scholar
  26. 26.
    Kahneman, D., Tversky, A.: Prospect theory: an analysis of decision under risk. In: Handbook of the fundamentals of financial decision making: Part I, pp. 99–127. World Scientific (2013)Google Scholar
  27. 27.
    Kiayias, A., Russell, A., David, B., Oliynykov, R.: Ouroboros: a provably secure proof-of-stake blockchain protocol. In: Katz, J., Shacham, H. (eds.) CRYPTO 2017. LNCS, vol. 10401, pp. 357–388. Springer, Cham (2017). Scholar
  28. 28.
    Kothapalli, A., Miller, A., Borisov, N.: SmartCast: an incentive compatible consensus protocol using smart contracts. In: Brenner, M., et al. (eds.) FC 2017. LNCS, vol. 10323, pp. 536–552. Springer, Cham (2017). Scholar
  29. 29.
    Kroll, J.A., Davey, I.C., Felten, E.W.: The economics of Bitcoin mining, or Bitcoin in the presence of adversaries. In: WEIS (2013)Google Scholar
  30. 30.
    Luu, L., Teutsch, J., Kulkarni, R., Saxena, P.: Demystifying incentives in the consensus computer. In: Computer and Communications Security, CCS 2015, pp. 706–719. ACM, New York (2015).
  31. 31.
    Murdoch, S.J.: Reliability of chip & PIN evidence in banking disputes. Digital Evid. Electron. Signat. Law Rev. 6, 98 (2009)Google Scholar
  32. 32.
    Murdoch, S.J., Anderson, R.: Security protocols and evidence: where many payment systems fail. In: Christin, N., Safavi-Naini, R. (eds.) Financial Cryptography and Data Security, vol. 8437, pp. 21–32. Springer, Heidelberg (2014). Scholar
  33. 33.
    Park, S., Pietrzak, K., Kwon, A., Alwen, J., Fuchsbauer, G., Gai, P.: SpaceMint: a cryptocurrency based on proofs of space. Cryptology ePrint Archive, Report 2015/528 (2015).
  34. 34.
    Pass, R., Shi, E.: Fruitchains: a fair blockchain. In: Proceedings of the ACM Symposium on Principles of Distributed Computing, pp. 315–324. ACM (2017)Google Scholar
  35. 35.
    Poon, J., Dryja, T.: The Bitcoin lightning network: scalable off-chain instant payments. Technical Report (draft) (2015)Google Scholar
  36. 36.
    Sapirshtein, A., Sompolinsky, Y., Zohar, A.: Optimal selfish mining strategies in bitcoin. In: Grossklags, J., Preneel, B. (eds.) Financial Cryptography and Data Security, pp. 515–532. Springer, Berlin Heidelberg, Berlin, Heidelberg (2017)CrossRefGoogle Scholar
  37. 37.
    Siegel, D.: Understanding the DAO attack, June 2016.

Copyright information

© Springer Nature Switzerland AG 2018

Authors and Affiliations

  • Sarah Azouvi
    • 1
  • Alexander Hicks
    • 1
  • Steven J. Murdoch
    • 1
    Email author
  1. 1.University College LondonLondonUK

Personalised recommendations