TrueBit - How to Fool a Blockchain

Dr. Christian Reitwiessner

ÐΞVCON2 - Shanghai - 2016-09-19

Turing-Complete World Computer

Smart Contracts that can
  • verify Solidity source code!
  • analyze the stock market!
  • verify state transitions in private chains!
  • evaluate neural networks!
  • improve their own code!
  • do fully-homomorphic privacy-preserving elliptic curve zkSNARK mixer stuff!


TrueBit - the Verification Game

Cooperation with Loi Luu and Jason Teutsch, based on "How to verify computation with a rational network".

Interactive verification mechanism proposed by Canetti, Riva, Rothblum: "Practical delegation of computation using multiple servers", 2011

Similar trust level as on-chain execution at fragment of costs.


1 hour of computation on 4 GHz processor:
14400000000000 = 14.4 * 1012 steps
If all agree: Almost no strain on the chain
Disagreement: Cheater found in 10 rounds with 640 bytes messages
Commitment to root hashes plus evaluation of single step only on-chain actions.

Behaviour even better on large pre-Merkelized data (blockchain, data from swarm, ...)