1 of 79

Robust Incentive Mechanisms �for Blockchain and AI Systems

Talk for TAU IISE

January 2026

Yotam Gafni

Weizmann Institute of Science

2 of 79

Change

1

3 of 79

We Can Believe In?

2

“A more serious issue is collusion between the proposer and some transaction senders.

[Vitalik Buterin, “Blockchain Resource Pricing” 2018]

Frequent exchanges of information that facilitate a better common understanding of the market and monitoring of deviations increase the risks of a collusive outcome.“

[European Commission Guidelines to Horizontal Cooperation Agreements 2023]

Change

4 of 79

New�Technology

3

🡪

New�Assumptions

New�Mechanisms

🡪

5 of 79

4

Security

Align Incentives

with System Goals

Fairness

Make the System Work

for Everyone

Optimality

Tune the System

to Maximize Objectives

Robustness to Collusion

Safety of Data-Sharing Protocols

Weak Identity & Recourse

Consumer Effects of Learning

Fair Exploration & Allocation

Centralization Dynamics

Minority Rights

Prizes in Data Science Contests

Outsourcing

Priority under Time-Sensitivity

6 of 79

5

Security

Align Incentives

with System Goals

Fairness

Make the System Work

for Everyone

Optimality

Tune the System

for Max Performance

Robustness to Collusion

[GY EC’24 Revision@GEB,

FGR TLDR’24 🏭,

GY MARBLE’24, G’25]

Safety of Data-Sharing Protocols

[GT EC’22]

Weak Identity & Recourse

[GLT AAAI’20, GT TARK’23]

[GLT IJCAI’21, JAIR’22]

Prizes in Data Science Contests

[DGLLL AAAI’23, GEB’25]

Outsourcing

[FG’26]

Priority under Time-Sensitivity

[GY’22]

Consumer Effects of Learning

[GGT SAGT’24, Revision@TEAC]

Fair Exploration & Allocation

[BP-GM’25, GHLT-C TEAC’23]

Centralization Dynamics

[G’25]

Minority Rights

[GG’24 🏆]

7 of 79

Blockchains are Permissionless

6

🡪

No Trust in Miners

Collusion-Robust Mechanisms

🡪

8 of 79

7

Mechanisms for Data Workflows

Mechanisms for Blockchain Transactions

Mechanisms for Decentralized Governance

Blockchain Transaction

Fees

Robustness to Collusion [Gafni & Yaish EC’24, Revision@GEB]

Security

Align Incentives

with System Goals

9 of 79

Blockchains: A Soft Intro

  • A decentralized financial transaction system
  • Growing adoption since their inception in 2008
  • Not only Bitcoin… Some example of market caps
  • Bitcoin: $1.8T, Ethereum: $380B, USDC $75B, UNISWAP $3.5B

8

Total Blockchain Market Cap

Blockchain Market Cap Partition

$6T

$4T

$2T

$0

‘14 ’15 ‘16 ’17 ‘18 ‘19 ‘20 ‘21 ‘22 ‘23 ‘24 ‘25

‘14 ’15 ‘16 ’17 ‘18 ‘19 ‘20 ‘21 ‘22 ‘23 ‘24 ‘25

100%

75%

50%

25%

0%

Bitcoin

Ethereum

Stablecoins

Other

10 of 79

Blockchains: A Soft Intro

  • A decentralized financial transaction system
  • Growing adoption since their inception in 2008 (~3T USD market cap today)
  • Not just Bitcoin:
  • Bitcoin: $1.8T, Ethereum: $380B, USDC $75B, UNISWAP $3B

9

11 of 79

Blockchains: Why?

Why not traditional transaction systems?

10

Competition among service providers within the platform and free entry imply no entity can profitably affect the level of fees paid by users.”

Huberman, Leshno & Moallemi, REStud ‘21

“Competition among service providers within the platform and free entry imply no entity can profitably affect the level of fees paid by users.”

Huberman, Leshno & Moallemi, REStud ‘21

But it comes with its own set of challenges…

Cost to Send USD Internationally

$44 via International Wire Transfer

$12 via USDC on Ethereum, ’21 avg

$1 via USDC on Ethereum, Sep ’24 avg

<$0.01 via USDC on Base L2,Sep’24 avg

[a16z crypto, State of Crypto 2024 Report]

12 of 79

Blockchains: Technical Primer

Users

Miners

Block

Block

Transaction

Blockchain

Block

Block

A Random Miner is Given Temporary Monopoly Power

Block

Reward

Fees

To prevent Sybil Attacks, the random choice depends on a finite resource

In Bitcoin, transactions allow payments. In Ethereum, they are Turing-Complete and can encode any logic.

13 of 79

Transaction Fees

  • Blockchain throughput is limited
  • Demand ≫ supply
  • Goal 1: allocate block-space efficiently

12

Users

Block

Miner

TX

TX

TX

Max size:

2 TXs

Max Eth

Block

Source: mempool.jhoenicke.de

Pending TXs

Date

14 of 79

Bitcoin’s Transaction Fee Mechanism

  • Allocation rule: miners choose which transactions to include in their block
  • Payment rule: transactions pay their bid (if allocated)

  • Effectively, a first-price auction.
  • Not truthful, bid determination is hard

  • Goal 2: simple for users

13

15 of 79

EIP-1559: Ethereum’s New TFM

  • Users pay a pre-determined base fee, and can add tips
  • Allocation rule: miners can choose the highest-tipping bids that pay the base fee
  • Payment rule: transactions pay the base fee and tip
  • Burn rule: The base fee is burnt for each transaction
  • Effectively, a first-price auction with burnt reserve
  • Tips are still not truthful
  • How to determine base fee?

Goal 3: Understand whether burning matters

14

Tip

Base

Tip

Base

Ethereum fees before and after EIP-1559 [LLNZZZ CCS’22]

TX

New Block of Size 2

Base Fee

A total of >4m ETH were burned since EIP-1559

16 of 79

Transaction Fee Mechanisms (TFMs)�

  • Treat TFMs as auctions [Lavi, Sattath & Zohar ‘17], [Yao ‘18]
  • [Roughgarden ’21] put forward collusion as a primary concern
    • Simple for Users: Truthful Bidding
    • Robust to Miners: No Omission or Shill-Bidding
    • Robust to Miner-User Collusion

15

The foundational open problem of TFMs:

Existence of a simple for users, miner non-manipulable, and robust to collusion TFM?

17 of 79

16

No deterministic mechanism satisfies all desiderata.

A gap in welfare exists for randomized mechanisms.

[Gafni & Yaish EC’24, Minor revision at Games and Economic Behavior]

18 of 79

1st and 2nd price auctions

17

 

1st-price auction

 

 

 

 

2nd-price auction

 

 

 

Pays its own bid

 

 

We focus on single-item auctions in the talk.

The paper characterizes the multi-item setting.

Highest bidder wins

Pays second highest bid

Highest bidder wins

19 of 79

Collusion in Auctions

“The most important features of an auction are its robustness against collusion and its attractiveness to potential bidders. Failure to attend to these issues can lead to disaster.“

[Paul Klemperer, “What Really Matters in Auction Design” 2002]

”The FCC and others conducting similar auctions should think carefully about the tradeoff between more informed price discovery and the risk of collusive bidding.”

[Cramton & Schwarz,

“Collusive Bidding: Lessons from the FCC Spectrum Auctions” 2000]

All the more relevant for Blockchains’ anonymous environments!

18

20 of 79

 

 

 

 

Simple for Users ✅

Robust to Miner manipulation ✅

Pays set price (1.5)

Ok, bidder 1, just say you’re willing to pay 1.5, and I’ll cash you back 1

 

1.5

1

 

The true value for bidder 1

Bidder 1’s payment

Miner’s transfer

Arbitrary winner above a set price

Problem?

Hint: Bad price discovery, which motivates collusion

21 of 79

Some Notations…

  •  

20

22 of 79

The Desiderata

  •  

21

23 of 79

 

22

 

”Myerson’s Lemma” [Myerson ‘81] :

UIC <=> monotone allocation, payment uniquely determined by allocation.

24 of 79

 

23

 

 

 

 

 

 

 

 

 

No revenue…

 

 

25 of 79

What if we only have Global-SCP?

  • Same burn whenever allocating.

24

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Less burn, same value.

Bidder and Miner can balance using transfers.

26 of 79

What if we only have Global-SCP?

  • Whenever the highest bid is below the constant burn,

do not allocate (individual rationality constraint)

  • Whenever the highest bid is above the constant burn, allocate

25

 

 

 

 

 

 

 

 

 

 

 

 

 

27 of 79

Adding UIC and MIC into the mix…

Our characterization of Global-SCP:

Constant burn, highest-bidder allocated if and only if higher than the burn.

26

Achieving all together is impossible.

With UIC:

Second-price auctions with a reserve that is burned.

With MIC:

“Generalized first-price” auctions

A slightly generalized EIP-1559/Bitcoin Mechanism!

28 of 79

Randomized Mechanisms

So far, we discussed only deterministic mechanisms.

We always assumed a specific bidder is allocated.

What if we allow a random choice of who is allocated?

27

29 of 79

Randomized Scale-invariant Mechanisms

  •  

28

30 of 79

Randomized Scale-invariant Mechanisms

  •  

29

31 of 79

Randomized Scale-invariant Mechanisms

  •  

30

32 of 79

General Randomized Mechanisms

  • We show a tension between the two-bidder and single-bidder cases.

  • By MIC, (P1) the burn for two bidders surpasses the high-bidder payment.

Proof-sketch: We have 0 revenue with a single bidder (burn=payment).

Without (P1), miner would create a shill bidder.

  • By Global-SCP, a marginally high burn for the second bidder pushes low bidder to drop.

31

33 of 79

General Randomized Mechanisms

  •  

32

34 of 79

Takeaways

  • We can not have it all: We need to compromise on either security (MIC, Global-SCP), or simplicity (UIC)

  • The fee design of Bitcoin and EIP-1559 is exactly right, if we stick to security

  • There was no security need to move away from Bitcoin’s mechanism to EIP-1559

  • If we can get randomized mechanisms on-chain, this reopens the impossibility
    • [GTW ITCS’26] show a non-trivial randomized construction, while we show gaps from optimality. Still a huge gap between the two!

33

35 of 79

34

Mechanisms for Data Workflows

Mechanisms for Blockchain Transactions

Mechanisms for Decentralized Governance

Data-Sharing Protocols

Exclusivity Attacks [Gafni & Tennenholtz EC’22]

Security

Align Incentives

with System Goals

36 of 79

Emergence of Data-Sharing Protocols

35

🡪

Exclusivity Attacks

🡪

Robust Protocols

37 of 79

�A growing interest in building shared models…

36

$1.8B USD Data Marketplace Revenue

~24% Expected Annual Growth

SNSInsider, December 2025

38 of 79

Building Shared Models

  • Two real estate marketplaces want to predict house prices
  • Users randomly go to each
  • They want to run linear regression of the price vs. square feet
  • They want to keep updating the model as more data is added (‘continual learning’)

37

39 of 79

Federated Learning: THIS SHOULD BE A SLIDE, WHERE I SHOW HOW FL WORKS, WITH ANIMATIONS, AND THEN A SLIDE ABOUT FREE RIDING

38

Known Issue: Free-Riding

40 of 79

39

Coordinator Server

Client 1

Client 2

Client 3

Local Data 1

Local Data 2

Local Data 3

Model

Federated Learning

41 of 79

40

Coordinator Server

Client 1

Client 2

Client 3

Local Data 1

Local Data 2

Local Data 3

Model

Model

Model

Federated Learning

42 of 79

41

Coordinator Server

Client 1

Client 2

Client 3

Local Data 1

Local Data 2

Local Data 3

Local Gradients 1

Local Gradients 2

Local Gradients 3

+

+

3

Updated Model

Federated Learning

43 of 79

42

Coordinator Server

Client 1

Client 2

Client 3

Local Data 1

Local Data 2

Local Data 3

Model

Free-Riding is a threat!

44 of 79

43

Coordinator Server

Client 1

Client 2

Client 3

Local Data 1

Local Data 2

Local Data 3

Model

Model

Model

Free-Riding is a threat!

45 of 79

44

Coordinator Server

Client 1

Client 2

Client 3

Local Data 1

Local Data 2

Local Data 3

Local Gradients 1

Local Gradients 2

Local Gradients 3

+

2

Updated Model

Free-Riding is a threat!

46 of 79

45

Client 1

Client 2

Client 3

Updated Model

Updated Model

Coordinator Server

Local Data 1

Local Data 2

Local Data 3

Updated Model

Local Gradients 3

Free-Riding is a threat!

47 of 79

46

“For Federated Learning, incentive mechanism design for honest participation is an important practical research question […] particularly relevant in the cross-silo setting, where participants may at the same time be business competitors.“

[Kairouz et al., “Advances and Open Problems in Federated Learning” 2021]

48 of 79

A General Concept:�Exclusivity Attacks

  • by sending distorted data, a firm can learn the best model, while also misleading the other firms.

  • Given a communication protocol and learning algorithm,

where all other agents report truthfully and accept the model,

can an attacker launch a successful exclusivity attack?

47

49 of 79

Example: The one-shot function SUM

48

20

10

+

=

30

50 of 79

Example: The one-shot function SUM

49

30

30

51 of 79

A successful attack on one-shot SUM

50

20

 

10

+

=

 

52 of 79

A successful attack on one-shot SUM

51

 

 

30

53 of 79

A failed attack on one-shot MAX

52

 

20

 

10

,

)=

max(

54 of 79

A failed attack on one-shot MAX

53

 

 

??

55 of 79

54

We consider a long-term interaction

Continuous Protocol:

Conditionally Vulnerable

Universally vulnerable

Linear Regression in d features

(d-LR)

k-Center Clustering

Yes

Yes

 

 

 

No

Periodic Protocol: d-LR, k-Center are not vulnerable.

56 of 79

Formal model – Continuous Protocol

  •  

55

57 of 79

A failed attack on continuous MAX

56

Ledger update:

120

Ledger update:

90

Nature

Agent 1

Agent 2

Ledger

True update:

90

User update:

90

Ledger update:

90

User update:

120

Ledger update:

120

True update:

90<X<120

User update:

90<X<120

Ledger update:

120

Ledger update:

120

58 of 79

Observed history, Strategy and Vulnerability

57

Ledger update:

120

Ledger update:

90

Nature

Agent 1

Agent 2

Ledger

True update:

90

User update:

90

Ledger update:

90

User update:

120

Ledger update:

120

True update:

90<X<120

User update:

90<X<120

Ledger update:

120

Ledger update:

120

Observed History: All the messages agent j sees.

Update Strategy: Mapping from observed histories to user updates.

Truthful: a user updates U iff the user received true update U

59 of 79

Observed history, Strategy and Vulnerability

58

Ledger update:

120

Ledger update:

90

Nature

Agent 1

Agent 2

Ledger

True update:

90

User update:

90

Ledger update:

90

User update:

120

Ledger update:

120

True update:

90<X<120

User update:

90<X<120

Ledger update:

120

Ledger update:

120

 

60 of 79

Observed history, Strategy and Vulnerability

59

Ledger update:

120

Ledger update:

90

Nature

Agent 1

Agent 2

Ledger

True update:

90

User update:

90

Ledger update:

90

User update:

120

Ledger update:

120

True update:

90<X<120

User update:

90<X<120

Ledger update:

120

Ledger update:

120

 

61 of 79

Linear regression

  •  

60

Challenge for the Attacker:

How to ‘reverse’ effects of fake points submitted?

62 of 79

A temporary omission conditional attack

  • What if the line of the last output and the new update (by itself) are the same?

61

63 of 79

A Universal Attack

  •  

62

64 of 79

A Universal Attack

  •  

63

65 of 79

Example of a universal attack on �Linear Regression with one feature.

64

Truthful

Universal Attack

66 of 79

Example of a universal attack on �Linear Regression with two features.

65

67 of 79

Takeaways

  •  

66

68 of 79

Future Directions

  •  

67

69 of 79

Future research preview: �What happens when we introduce noise?��Idea: Return the LR estimator with small additive noise

68

70 of 79

Concurrent Work on Incentives in Learning

69

  • Fair Exploration [B-PGM’25]:
  • ‘The Waze Problem’: To know the best route, we need to ask drivers to try less promising routes.
  • How do we do it fairly?

71 of 79

Concurrent Work on Incentives in Learning

70

  • Desigining Data-Science Competitions [DGLLL AAAI’23, GEB’25]:
  • How to optimally set prizes in platforms like Kaggle,

where many competitions compete for user attention?

72 of 79

Looking Forward…

  • Blockchains in need of better, rigorously studied, systems.
  • AI in need of better understanding for economic & strategic effects.

71

73 of 79

  • A systematic effort for refined collusion and miner manipulation notions
    • Cryptographic primitives, colluder-infighting [FGR’24 🏭], reductions [G’25]

72

UNISWAP Foundation Fellowship!

Robust TFM Design

Blockchains Beyond TFMs

  • My current focus: Decentralized Autonomous Organization (DAOs)
  • Voting Tokens are used to decide billions of dollars in treasuries.
  • Suffer from rage-quitting [GG’24 🏆], centralization [G’25]

74 of 79

  • Implications of a ”multi-polar” AI landscape:
    • Division of Labor
    • Guaranteeing consumer outcome diversity [GGT SAGT’24, Revision TEAC]

73

Incentives & Economics of AI

Fair Allocation: Theory to Practice

  • A big literature on fair allocation (“cake-cutting”)
  • Takes a normative rather than descriptive approach. What do people really think?
  • What if we can sell / outsource? Create copies [GHLT-C TEAC’23]?

75 of 79

Thanks for listening!�

Email: yotam.gafni@gmail.com

Website: https://www.yotamgafni.com

76 of 79

Follow-up and Ongoing Work

  • [G’25]:
  • Considers SCP, a stricter collusion notion than Global-SCP (as we show in [GY’24])
  • Characterizes EIP-1559 as exactly the class of SCP mechanisms (!)
  • Shows 2-SCP = SCP: a mechanism is robust to general collusion if and only if it is robust to a collusion of the miner and two bidders.
  • It is not true that 1-SCP = SCP, so this is quite a curious result, that greatly simplifies the discussion.

75

77 of 79

Follow-up and Ongoing Work

  • [Ongoing Work]:
  • MIC assumes the miner can see / use the bid.
  • We can use cryptography to protect the bids (non-malleable encryption, timed-commitments)
  • We get a “MIC in the Dark” weakened notion
  • The Myerson auction is UIC+ “MIC in the Dark”
  • Is it the only such auction? Can we do better in terms of welfare? (Spoiler: No, and Yes!)

76

78 of 79

Follow-up and Ongoing Work

  • [FGR’24 🏭]:
  • Collusion notions like Global-SCP, SCP assume trust between colluders.
  • What if there is “no honor among thieves”?
  • This weakens the collusion notions and opens-up possibilities.

    • AND ALSO WAY BEYOND: THE DAO WORKS, CENTRALIZATION

77

Uniswap Foundation Fellowship!

79 of 79

Follow-up and Ongoing Work

  • Beyond Blockchain TFMs [GG’24 🏆,G’25]:
  • Blockchain Decentralized Autonomous Organizations (DAOs)
  • Voting Tokens are used to decide billions of dollars.
  • Suffer from rage-quitting, centralization.

78