Computing Optimal Manipulations in Cryptographic Self-Selection Proof-of-Stake Protocols

Cryptographic Self-Selection is a paradigm employed by modern Proof-of-Stake consensus protocols to select a block-proposing “leader.” Algorand [Chen and Micali, 2019] proposes a canonical protocol, and Ferreira et al. [2022] establish bounds f (α, β) on the maximum fraction of rounds a strategic player can lead as a function of their stake α and a network connectivity parameter β. While both their lower and upper bounds are non-trivial, there is a substantial gap between them (for example, they establish f (10%, 1) ∈ [10.08%, 21.12%]), leaving open the question of how significant of a concern these manipulations are. We develop computational methods to provably nail f (α, β) for any desired (α, β) up to arbitrary precision, and implement our method on a wide range of parameters (for example, we confirm f (10%, 1) ∈ [10.08%, 10.15%]). Methodologically, estimating f (α, β) can be phrased as estimating to high precision the value of a Markov Decision Process whose states are countably-long lists of real numbers. Our methodological contributions involve (a) reformulating the question instead as computing to high precision the expected value of a distribution that is a fixed-point of a non-linear sampling operator, and (b) provably bounding the error induced by various truncations and sampling estimations of this distribution (which appears intractable to solve in closed form). One technical challenge, for example, is that natural sampling-based estimates of the mean of our target distribution are not unbiased estimators, and therefore our methods necessarily go beyond claiming sufficiently-many samples to be close to the mean.