dob
commented
5 years ago Clarifying that the practical execution of W would be something like:
- O is working with B within a given time window, and increments an accumulator with the value of all tickets that win.
- O would theoretically bound the maximum amount of this accumulator, and then stop doing business with B within the time window if it reached the bound.
Given the offline nature of probabilistic payments (parties do not wait for transactions to confirm on-chain to ensure global consensus on state), double spends cannot be completely prevented. However, double spends can be deterred using sender penalty escrows.
Chiesa et. al. have provided a formal economic analysis on double spending with probabilistic payments which the description below draws from.
In order for a penalty escrow to effectively deter double spends, its value must be greater than the additional utility a sender can gain from double spending across multiple recipients. If we consider an unlimited set of recipients without any limits on the value transacted for each recipient then a sender essentially has unbounded additional utility from double spending. As a result, a probabilistic payment system needs to implement restrictions on the following parameters in order to bound the additional utility gained from double spends:
T: The time required for a double spend to be detected.N: The maximum number of recipients.A: The cumulative value of probabilistic payments (expected values) sent before a double spend is detected.W: The cumulative value of macropayments (face value of winning tickets) sent before a double spend is detected.Aaffects the average case utility gain from double spends andWaffects the worse case utility gain from double spends. For simplicity let's just considerWand the worst case utility gain from double spends.All of these parameters should be considered on a per penalty escrow basis - bounds on the values of these parameters can be used to derive the additional utility gained from double spends which can be used to derive the required value for a particular sender's penalty escrow which must cover the maximum amount of financial activity that a sender can take part in during the time required to detect double spends.
Why do we need to bound these particular parameters?
Tis unbounded, then recipients never detect double spends which means double spending senders have unbounded additional utility.Nis unbounded, then recipients can double spend across an unlimited number of recipients which means double spending senders have unbounded additional utility.Wis unbounded, then there is > 0 recipients that are accepting an unlimited number of payments so a double spending sender can work with those recipients to gain unbounded additional utility.Related:
5
6