The security of blockchain-based systems has attracted great interest in the research community following the initial financial success of Bitcoin. Several security notions for blockchain-based systems have been proposed, varying in degree of formality and applicability to real-world systems. However, a major blind spot remains about the environment surrounding blockchain-based systems. This environment is typically assumed to be static (irresponsive to activities of the blockchain system). This is a sound starting point for security analysis while the stakes involved are small compared to the environment (i. e., the global economic and political system). However, if blockchain-based systems truly offer compelling advantages over legacy systems, they may eventually become the dominant form of organizing certain social choice problems. This „scale change“ challenges the assumption that the blockchain-based system remains below the threshold of relevance for the parts of its environment that are vital for its security. One instance where this may already occur is the influence of mining puzzles on hardware design and electricity prices.

The purpose of this Dagstuhl Seminar is to bring together researchers with expertise in various subfields of blockchain-based systems to jointly revisit security foundations. The primary goal is to incorporate explicit consideration of reciprocity effects between properties of cryptocurrency protocols and their environment.

The primary intended outcome of this seminar is proposing a new principle of protocol design, viewing security as a key scalability property to consider in addition to performance and efficiency. Second, the seminar will aim to converge on standard terminology for security notions that are robust to scale. Third, we will apply this new methodology to Bitcoin specifically as a test case, producing a sort-of „break glass in case of rampant runaway growth“ security plan.

Specific questions are:

1. From micro-level to macro-level incentives: Bitcoin's ecosystem remains small relative to large multinational corporations. What happens to incentives when a cryptocurrency reaches a scale similar to large national economies?
2. Cryptographic agility: How does the ability to upgrade cryptographic algorithms might change in the future as cryptocurrency protocols become widely embedded in hardware and/or codified in the law?
3. Reciprocity effects on hardware design: How will the hardware industry be affected by the increasing importance of superior hardware for mining, and possibly trusted execution environments (TEE) in the future?
4. Mining economics at scale: How will mining economics change in the future, in particular, dynamics between miners at large-scale power consumption levels, with mass availability of cheap commodity mining hardware (including TEE-based), and with different incentives, e.g., in a high-valued fee-only revenue model.
5. Reconsidering non-monetary incentives: Can cryptocurrencies be resilient to disruptive nation-level attacks that are not due to monetary incentives?
6. Governance at scale: To date, cryptocurrencies largely rely on informal leadership from a small group of influential software developers. Can this be translated into a more democratic model? What does democratic control mean for a cryptocurrency when the demos is not clearly defined?

Creative Commons BY 3.0 DE

Rainer Böhme, Joseph Bonneau, and Ittay Eyal

• Svetlana Abramova (Universität Innsbruck, AT) [dblp]
• Sarah Azouvi (University College London, GB) [dblp]
• Foteini Baldimtsi (George Mason University - Fairfax, US) [dblp]
• Eli Ben-Sasson (Technion - Haifa, IL) [dblp]
• Alex Biryukov (University of Luxembourg, LU) [dblp]
• Rainer Böhme (Universität Innsbruck, AT) [dblp]
• Joseph Bonneau (New York University, US) [dblp]
• Mic Bowman (Intel - Hillsboro, US) [dblp]
• Dominic Breuker (solarisBank AG, DE) [dblp]
• Christian Cachin (IBM Research-Zurich, CH) [dblp]
• Nicolas Christin (Carnegie Mellon University - Pittsburgh, US) [dblp]
• Lisa Eckey (TU Darmstadt, DE) [dblp]
• Ittay Eyal (Technion - Haifa, IL) [dblp]
• Bryan Ford (EPFL Lausanne, CH) [dblp]
• Christina Garman (Purdue University - West Lafayette, US) [dblp]
• Arthur Gervais (Imperial College London, GB) [dblp]
• Philipp Jovanovic (EPFL Lausanne, CH) [dblp]
• Aljosha Judmayer (Secure Business Austria Research, AT) [dblp]
• Ghassan Karame (NEC Laboratories Europe - Heidelberg, DE) [dblp]
• Assimakis Agamemnon Kattis (New York, US)
• Stefan Katzenbeisser (TU Darmstadt, DE) [dblp]
• Patrik Keller (Universität Innsbruck, AT)
• Ron Lavi (Technion - Haifa, IL) [dblp]
• Patrick McCorry (King's College London, GB) [dblp]
• Ian Miers (Cornell Tech - New York, US) [dblp]
• Tyler W. Moore (University of Tulsa, US) [dblp]
• Malte Möser (Princeton University, US) [dblp]
• Neha Narula (MIT - Cambridge, US) [dblp]
• Tim Roughgarden (Stanford University, US) [dblp]
• Tim Ruffing (Universität des Saarlandes, DE) [dblp]
• Emin Gün Sirer (Cornell University - Ithaca, US) [dblp]
• Yonatan Sompolinsky (The Hebrew University of Jerusalem, IL) [dblp]
• Itay Tsabary (Technion - Haifa, IL) [dblp]
• Florian Tschorsch (TU Berlin, DE) [dblp]
• Marie Vasek (University of New Mexico, US) [dblp]
• Roger Wattenhofer (ETH Zürich, CH) [dblp]
• Edgar Weippl (Secure Business Austria Research, AT) [dblp]
• Aviv Zohar (The Hebrew University of Jerusalem, IL) [dblp]