Do P+epsilon Attacks Pose a Threat to Token-Curated Registries?

The P + epsilon Attack by Vitalik describes, “a simple Schelling game where users vote on whether or not some particular fact is true (1) or false (0); say in our example that it’s actually false. Each user can either vote 1 or 0. If a user votes the same as the majority, they get a reward of P; otherwise they get 0. Thus, the payoff matrix looks as follows:”

“The theory is that if everyone expects everyone else to vote truthfully, then their incentive is to also vote truthfully in order to comply with the majority, and that’s the reason why one can expect others to vote truthfully in the first place; a self-reinforcing Nash equilibrium.”

Comparing this simple Schelling game with the incentive system described in Mike Goldin’s Token- Curated Registries 1.0 paper, we can draw an obvious parallel. In TCR’s, token holders are economically and strategically incentivized to vote “good” listing candidates into the registry and vote “bad” listing candidates out, “Token holders realize a direct financial benefit for curating the list in an expert manner, and the degree of their benefit increases proportionally to the quality of their curation as consumer and candidate interest rise in lockstep.”

So, in theory, the Schelling game for TCR’s centers around a very similar truth-based consensus game as the one Vitalik describes. Namely, token holders must answer a simple question, “is this listing “good” or “bad” for consumers?” and then vote the equivalent of true or false (1 or 0) accordingly, with the goal being to vote with the winning or “majority” side to claim a reward, and to vote “truthfully”, whereas truthfully implies voting for “good” candidates instead of “bad” ones.

Now for the P + epsilon Attack

The attack as described by Vitalik is, “Suppose that an attacker credibly commits (eg. via an Ethereum contract, by simply putting one’s reputation at stake, or by leveraging the reputation of a trusted escrow provider) to pay out X to voters who voted 1 after the game is over, where X = P + ε if the majority votes 0, and X = 0 if the majority votes 1. Now, the payoff matrix looks like this:

Thus, it’s a dominant strategy for anyone to vote 1 no matter what you think the majority will do. Hence, assuming the system is not dominated by altruists, the majority will vote 1, and so the attacker will not need to pay anything at all. The attack has successfully managed to take over the mechanism at zero cost.”

Mike Goldin has stated publicly that potential P + epsilon attacks on TCR’s worry him a great deal. But does he really have anything to fear? Let’s have a look.

Diving into token-weighted voting and altruism

There is a major distinction between TCR’s and the Schelling game Vitalik describes, and it involves the voting mechanism TCR’s rely on; token-weighted voting. In Vitalik's Schelling game, “everyone expects everyone else to vote truthfully, then their incentive is to also vote truthfully in order to comply with the majority.” Vitalik's use of the word “majority,” is used here to describe a majority of individuals, where each individual is given ONE vote. This is diametric to a token-weighted voting where one token = one vote. This differentiation will bear fruit later on.

Then Vitalik goes on to say that, “assuming the system is not dominated by altruists, the majority will vote 1 and so the attacker will not need to pay anything at all. The attack has successfully managed to take over the mechanism at zero cost.”

The assumption that the majority of individuals in any crpytoeconomic system are NOT altruistic is a safe bet (sorry moon boys and scammers). Besides, logically we must assume the majority is not altruistic to be worried about a P+ ε attack to begin with, right? So it is safe to assume that a P + ε attack against a TCR would result in the contamination of said registry and/or total manipulation or control by the attacker, because the majority of TCR participants would always vote to ensure their guaranteed P + ε payout since they are NOT altruistic OR strategic (taking into consideration the long-term value of the registry).

But, can we at least assume there is ONE altruistic/strategic individual or subset of individuals in a cryptoeconomic system like a TCR? I think so. “Does that matter?” It doesn’t matter in the Schelling game Vitalik describes because the altruist would still be in the minority of individual voters and so would lose. But in a TCR that utilizes token-weighted voting, it absolutely matters, because a minority of individuals can possess a majority of tokens. The word “majority” when applying to TCR’s must shift to imply tokens rather than individuals.

This is due to the fact that in a token-weighted voting system, the outcome of a vote is non-corollary to the number of individuals that are voting on any given side. The outcome of a vote is dependent on the number of tokens that are committed to any given side. Therefore, altruism need not be dependent on a majority of individual voters, only on the number of tokens any ONE altruistic voter or group of voters have available to them.

As long as the amount of tokens held by any minority of altruistic voters is greater than the number of tokens susceptible to the P + ε attacker for any given poll, the TCR is game-theoretically safe from a P + ε attack. State channels using counterfactual instantiation rely on a similar game theoretic property where “The threat of being able to deploy an interpreter contract is enough to never have to, because both people know exactly what will happen if it does.” In a TCR, the threat of there being one altruistic individual with a majority of tokens (votes) is enough to thwart any potential P + epsilon attack.

But let’s assume the attacker doesn’t care about token-weighted voting and tries to execute the attack anyways. Well, now they have exposed themselves to a counterattack resembling what Vitalik describes as “counter-coordination, essentially, somehow coordinate, perhaps via credible commitments, on voting A (if A is the truth) with probability 0.6 and B with probability 0.4, the theory being that this will allow users to (probabilistically) claim the mechanism’s reward and a portion of the attacker’s bribe at the same time.”

It’s more straightforward in a TCR, essentially an altruistic individual(s) with superior token weight can strategically commit a smaller portion of votes (tokens) on the attackers side (in order to claim a portion of the attackers bribe) AND simultaneously commit a majority of votes on the altruistic (true) side.

Thus, the altruistic individual(s) will have successfully defended the integrity of the TCR by committing the majority of their token weight (votes) to reject the attackers “bad” listing AND will have earned themselves a nice cherry from the attacker by provably committing a minority of votes to support them on the losing side. Not bad.

“OK, but what if an attacker had superior token-weight? Then how would you stop them?” Well if an attacker had superior token-weight, they wouldn’t need to set up a P+ε attack in the first place. They could wield total control over the TCR to produce any outcome they desired through simply outvoting everyone. A P+ε attack would just be a redundancy.

“Fine! But what if the majority of individuals that are NOT altruistic also collectively possess superior token-weight? Then what!?” Well, in that case a “counter coordination” by the altruistic community would be required to acquire enough token to regain dominance, but admittedly this scenario is the most problematic. However, a TCR hijacked by a P+ε attacker would produce zero value for consumers which would likely result in zero interest from candidates. And without candidates to stake tokens during their application stage there is nothing for greedy P+ε bandwagoners to receive payouts from; since all rewards are paid out from Candidate (or Challenger) deposits.

When the theory rubber hits reality road

So back to our original question, “do P + epsilon attacks pose a threat to token-curated registries?” The answer, in my opinion, is no.

Regardless, all of this P+ epsilon stuff just is a giant exercise in theoretical thinking anyways, as Vitalik points out, “Schelling schemes may well simply end up working in practice, even if they are not perfectly sound in theory.” I would also add to that that Schelling games may end up not working in practice even if they are sound in theory.

In my opinion, there are far more pressing and practical concerns for TCR’s than P+ε attacks. They involve well-known dilemmas like the free rider problem and the 1% rule. In my next blog post, I will aim to address some of those concerns, primarily as they relate to adChain, and how we are planning to solve them.