(Im)possibility of Incentive Design for Challenge-based Blockchain Protocols

TL;DR

This paper investigates the incentive mechanisms in challenge-based blockchain protocols, revealing that single-winner designs cannot simultaneously ensure honest participation and fraud deterrence, while multi-winner designs can under certain conditions.

Contribution

It provides a formal model analyzing incentive compatibility in challenge-based protocols and identifies conditions where both honest behavior and fraud deterrence are achievable.

Findings

Single-winner incentive designs are fundamentally limited.

Multi-winner designs can achieve both honest participation and fraud deterrence.

Explicit conditions for successful incentive design in multi-winner protocols.

Abstract

Blockchains offer a decentralized and secure execution environment strong enough to host cryptocurrencies, but the state-replication model makes on-chain computation expensive. To avoid heavy on-chain workloads, systems like Truebit and optimistic rollups use challenge-based protocols, performing computations off-chain and invoking the chain only when challenged. This keeps normal-case costs low and, if at least one honest challenger exists, can catch fraud. What has been less clear is whether honest challengers are actually incentivized and a dishonest proposer is properly damaged under the worst case environment. We build a model with a colluding minority, heterogeneous costs, and three ordering modes. We then ask whether two goals can be met together: honest non-loss and fraud deterrence. Our results are clear: in single-winner designs, the incentive design is impossible or limited in scale. By contrast, in multi-winner designs, we obtain simple, explicit conditions under which both goals hold.