Spam resistant block creator selection via burn auction

Ah this is interesting. I think that burning is an under utilized tool in our cryptoeconomic toolbox.


Why an all pay auction instead of a second price auction? Is this to induce a form of sybil-resistance by requiring everyone to pay their bid price even if their bid isn’t the highest one?

Is it possible that everybody sends the same bid? If the input is the same, similar nodes will produce similar output, isn’t it?

In that case we can select the bidder who made that bid first. Or else we could flip a coin.

How would you flip a coin? If you had a source of unbiasable, unpredictable, verifiable randomness, then couldn’t you just…use that for leader selection?

There are many n-party coin flipping protocols. This paper by Ben-Or et al summarizes the method that some blockchain protocols like Polkadot uses.

1 Like

Unless I’m mistaken, that paper is basically RANDAO with output modulo 2 (i.e., \in \{F, T\}), no?

That would be a parity function. There’s a class of functions called “low-influence” functions that the paper talks about that try to go beyond what RANDAO and parity functions do by creating outputs that usually would not be influenced by any single bit. The simplest low-influence function is the “majority function”, f(x_1 ... x_n) = 1\ if\ \sum x_i \ge \frac{n}{2}\ else\ 0, where the probability that a single actor can flip an output is \frac{1}{\sqrt{n}} and the expected number of actors needed to flip the output is \sqrt{n}.

There are other low-influence functions but you have to make tradeoffs, eg. the first example function that they give (called TRIBES in a different paper) has the property that each individual actor has a very low (\frac{log(n)}{n}) probability of being influential, but if an attacker has a substantial fraction they can influence the result by flipping 1 \le b \le O(log(n)) of the bits that they control, so the cost of attack is very low.


We don’t need to have strong randomness here. Because we know that both bidders are either

  1. Bidding to make the same block
  2. One is burning some of their own funds in order to censor a transaction. And that this attack needs to be continued with that same burn per block in order to keep that transaction out.

Wouldn’t it then be quite cheap to censor a specific transaction for quite some time?

If you want to censor tx1. Then each block you need to burn tx1.fee. This is decided by the user so they can decide how much this costs. Also note that the attacker has to do this burn for every block. So this attack requires burning money constantly so over time it becomes quite expensive.

So thinking about this nice quote by Vitalik: “The Internet of Money should not cost 5 cents per transaction.” I assume the goal is to have quite low fees for simple transactions. How low? I’m not sure but let’s say around 0.05 cents (cheaper by a factor of 100).

With block times of 5 seconds it would only cost you around $8 per day to keep a specific transaction out of the blockchain. That sounds quite cheap to me.

The user who is censored also has the option to increase their fee in order to try and break the attack. If i broadcast at 0.05 cent transaction and i get censored the i can rebroadcast with the still quite reasonable 0.5 cent and that will cost $800 per day to censor.

It does get more complicated when we have the all pay auction. That would mean that you could include a higher price transaction but could still get censored because including your transaction would not give a real increase in the profit that the block creator gets. Because they have to charge the lowest price in a block to all transactions. I need to think more on this point.

When i say all pay auction i mean. That a block creator makes a block and charges everyone the fee of the lowest fee transaction in that block. I used that because i think its a reasonable way to price transactions in a block. But the two ideas are independent.

One slight thing to note about this, however, is that Tribes only achieves the worst case bounds when n is a power of 2.

In the case of Ethereum where we have inflation already, burning sounds like a viable option.

Miners can compete for 3 ETH(X ETH) reward and burn Y ETH(less than computational costs) till it’s economically profitable, that would help with free-market price and inflation control.

How do you guarantee that every block creator participating in the auction is calculating based on the exact same set of txes? Or does this matter?

It seems that if transactors are selecting an creator based on their submitted burn, you’d want to standardize this.

How would one compare the capital efficiency of burn-based selection with lockup-based selection? Wonder (but don’t know!) if there’s a tradeoff between that and the fee monopoly risk you describe in pos/pow

We have to make sure transactions are shared with as many block creators as possible. If a single tx is not shared with eveyone it gives a single coordinator an advantage.

How would one compare the capital efficiency of burn-based selection with lockup-based selection? Wonder (but don’t know!) if there’s a tradeoff between that and the fee monopoly risk you describe in pos/pow

So with proof of stake you pay with the oppertunity cost of your eth. That has two probelms

  1. Everyone has a different value for opportunity cost
  2. You have to put much more capital down in order to get a reasonable opportunity cost. If you look at interest markets eth interest is about 0.01% per year. So you need to put alot of capital in order to get to meaningful amounts risked.

Is this about a consensus algorithm that replaces PoS?
I’m curious that what is key difference of concept between this and Proof of Burn (PoB). In PoB, by burning the coin, nodes can prove their contribution/identity to the network, they can get the right to create block.