Multi-Layered Blockchain Governance Game

Abstract

The research designs a new integrated system for the security enhancement of a decentralized network by preventing damages from attackers, particularly for the 51 percent attack. The concept of multiple layered design based on Blockchain Governance Games frameworks could handle multiple number of networks analytically. The Multi-Layered Blockchain Governance Game is an innovative analytical model to find the best strategies for executing a safety operation to protect whole multiple layered network systems from attackers. This research fully analyzes a complex network with the compact mathematical forms and theoretically tractable results for predicting the moment of a safety operation execution are fully obtained. Additionally, simulation results are demonstrated to obtain the optimal values of configuring parameters of a blockchain-based security network. The Matlab codes for the simulations are publicly available to help those whom are constructing an enhanced decentralized security network architecture through this proposed integrated theoretical framework.

1. Introduction

The blockchain is a hashed digital ledger by accomplishing authenticity of all nodes in a typical peer-to-peer decentralized network which could remove various security threats caused by a centralized network [1,2,3]. The basic blockchain data structure could evaluate data transactions in each chain which grows in an append-only permission on the top of latest verified blocks [1,4]. This mechanism is secure because a single node cannot govern more than half of the computational power in the network [5,6,7,8]. Through the distributed consensus of networks nodes, the blockchain network security is enhanced. If an attacker invests more than 50 percent of the computational power (i.e., governs more than half of the total nodes), he could conquer a whole blockchain network. To avoid majority matters, Verifiable Random Functions (VRFs) are adapted into blockchain-based security applications to remove heavy computation power for mining [9,10]. The VRF is capable to select a miner randomly, and each node has the same chance to be a miner [9]. This technique has been adapted for selecting a miner to map inputs to verifiable pseudorandom outputs [10].

Blockchain technologies have been widely adapted into cyber-security matters including the Internet of Things [11,12], the Internet of Vehicles [13,14,15,16,17,18,19] and Edge-Fog computing [20,21,22] because blockchain-based network architectures (i.e., decentralized networks) are secured to avoid practically any attacks which are dedicated on conventional network architectures (i.e., centralized networks). These attacks on centralized networks include DoS (Denial-of-Service), phishing, spoofing and server hacking attacks. Therefore, the securities based on the blockchain protocol level have been widely studied [2,4,23], but these studies are limited because the configuring parameters for security protocols are arbitrarily chosen. Hence, the Blockchain Governance Game (BGG) and the Strategic Alliance for Blockchain Governance Game (SABGG) are alternatively designed to break through the limitations by constructing a new network architecture. On the other hand, game theoretic approaches for improving securities have also been widely applied into various telecommunication networks [24,25], communication protocols [26] and trustworthy data [27,28]. It is even applied into designing blockchain-based services and securities [29]. The stochastic game executes stochastic transitions among the states of the game, and players in a stochastic game could change their strategies based on the past actions and randomness of behaviors of the other players. Several kinds of stochastic games have been adapted to avoid the 51 percent attack, and a stochastic game has been used for analyzing the selection between honest mining and making the decision of the proper time for adding and releasing mined blocks [2]. The BGG and the SABGG are the mixed model of the fluctuation and the mixed strategy game for analyzing a single layered network to provide the decision making moment for taking preliminary security actions before attacks [30,31]. The SABGG is a variant of BGG, which is designed for strategically allying nodes instead of keeping hidden nodes [31]. These BGG frameworks find optimal decision-making parameters and the strategic choices of a defender are either taking a preliminary action (i.e., a safety mode) or doing nothing. Taking a preliminary action for security operations shall not be optimal until the game reaches one step prior to pass the Nash equilibrium [29]. Once corrupted blocks are generated, all models independently predict the number of blocks to be generated and the moment until more than half of the total nodes are corrupted by an attacker. The techniques deliver the results under a composition of the $\mathcal{D}$–operator and its inverse $\mathfrak{D}$–operator, which have been introduced in the BGG models [30,31]. In this paper, the extended blockchain governance game framework is newly designed for improving complex decentralized network securities. The Multi-Layered Blockchain Governance Game (MLBGG) is a combined stochastic game model based on the BGG frameworks. The main contributions of this research are the following:

• Mathematically analyzing a complex network management;
• An analytical solution that can support optimal values of configuring parameters for network securities;
• A complicated decentralized network can be securely designed and managed by using this innovative theoretical framework.

The layer 1 is a set of multiple BGG-based networks, and the other layer (i.e., layer 0) is single SABGG-based network (see Figure 1). This multiple layer framework makes the BGG more flexible to applying various hierarchical system architectures, including Edge-Fog computing [20,21], hierarchical network systems [18,22] and IoT-Server networks (see Section 3).

The paper is organized as follows: Stochastic models of MLBGG architecture with some key analytical techniques are introduced in Section 2. This section also explains how the multi-layered model is connected with the BGG for layer 1 and the SABGG for layer 0. The modeled processes of the accumulated corrupted blocks of each node mathematically predict both the time and size of the nodes and which are governed by attackers. In Section 3, the MLBGG framework is applied into a practical IoT (Internet of Things) network architecture. This section shows how the MLBGG could be adapted into an IoT-Server combined network system. This is a typical way to construct a blockchain-based network architecture by adapting the MLBGG. Various simulations for the MLBGG determine configuring parameters in Section 4. Although theoretical approaches without simulated results still helps computer programming, these simulation are practically optimizing configuring parameters of an IoT-Server combined network system.

2. Multi-Layered Blockchain Governance Game

A multi-layered blockchain governance game (MLBGG) combines a set of multiple BGG networks and single SABGG network which are hierarchically connected. Each system in layer 1 is exactly mapped with the BGG, and layer 0 is mapped with the SABGG (see Figure 2).

2.1. Layer 1: BGG Stochastic Modelling

Layer 1 is a set of $\eta +1$ BGG networks, and the l-th BGG network has $M_l$ nodes with $B^0$ ($\le \eta$) reserved nodes for executing a safety operation. In layer 1 (i.e., the second layer), each BGG network between an attacker and a defender are described the antagonistic game. Two players (A: an attacker, H: a defender) in the l-th BGG network in layer 1 compete to build the blocks either for honest or false ones. It is noted that one particular BGG network in layer 1 (i.e., l-th network) is firstly analyzed and combining whole BGG networks as a single set will be covered later in this section.

Let ($\Omega ,\mathcal{F}\left(\Omega \right),P)$ be probability space ${\mathcal{F}}_{A^l},$ ${\mathcal{F}}_{H^l},{\mathcal{F}}_{\tau }\subseteq \mathcal{F}\left(\Omega \right)$ and layer 1 be independent $\sigma$-subalgebras in the l-th network ($l=0,1\dots ,\eta$). Let us consider ${\mathcal{F}}_{A^l}$-measurable and ${\mathcal{F}}_{H^l}$-measurable marked Poisson processes as follows:

$${\mathcal{A}}^l:=\sum _{k\ge 0}{X}_k^l{\epsilon }_{s_k^l},s_0^l\left(=0\right)<s_1^l<s_2^l<\cdots ,$$

(1)

$${\mathcal{H}}^l:=\sum _{j\ge 0}{Y}_j^l{\epsilon }_{t_j^l},t_0^l\left(=0\right)<t_1^l<t_2^l<\cdots ,$$

(2)

where $l=0,1,\dots ,\eta$ with respective intensities ${\lambda }_A^l$ and ${\lambda }_H^l$ of l-th network in layer 1 and ${\epsilon }_a$ is a point mass at a. These two values are related with block generating performances of an attacker and a defender [30]. In the l-th BGG network in layer 1, the processes ${\mathcal{A}}^l$ and ${\mathcal{H}}^l$ are specified by their transforms:

$$\mathbb{E}\left[g^{{\mathcal{A}}^l\left(s\right)}\right]=e^{{\lambda }_A^l\left(s\right)\left(g-1\right)},l=\{0,1,\dots ,\eta \},$$

(3)

$$\mathbb{E}\left[z^{{\mathcal{H}}^l\left(t\right)}\right]=e^{{\lambda }_H^l\left(t\right)\left(z-1\right)},l=\{0,1,\dots ,\eta \},$$

(4)

where $\eta$ is the total number of allied nodes in layer 0, and the observation process for all systems in layer 1 is:

$$\mathcal{T}:=\sum _{i\ge 0}{\epsilon }_{{\tau }_i},{\tau }_0\left(>0\right),{\tau }_1,\dots ,$$

(5)

which is assumed to be delayed renewal process. If

$$\left(A^l\left(t\right),H^l\left(t\right)\right):={\mathcal{A}}^l\otimes {\mathcal{H}}^l\left(\left[0,{\tau }_k^l\right]\right),k=0,1,\dots ,$$

(6)

forms an observation process upon ${\mathcal{A}}^l\otimes {\mathcal{H}}^l$ embedded over $\mathcal{T},$ with respective increments

$$\left(X_k^l,Y_k^l\right):={\mathcal{A}}^l\otimes {\mathcal{H}}^l\left(\left[{\tau }_{k-1},{\tau }_k\right]\right),k=1,2,\dots ,$$

(7)

and

$$X_0^l=A_0^l,Y_0^l=H_0^l,l=\{0,1,\dots ,\eta \}.$$

(8)

The observation process of the l-th BGG network could be formalized as

$${\mathcal{A}}_{\tau }^l\otimes {\mathcal{H}}_{\tau }^l:=\sum _{k\ge 0}\left(X_k^l,Y_k^l\right){\epsilon }_{{\tau }_k},l=\{0,\dots \eta \},$$

(9)

with position-dependent marking in the l-th blockchain network and with $X_k^l$ and $Y_k^l$ could be defined with the notation

$${\Delta }_k:={\tau }_k-{\tau }_{k-1},k=0,1,\dots ,{\tau }_{-1}=0,$$

(10)

and

$${\gamma }^l\left(g,z\right)=\mathbb{E}\left[g^{X_k^l}·z^{Y_k^l}\right],\parallel g\parallel \le 1,\parallel z\parallel \le 1.$$

(11)

Due to the double expectation,

$${\gamma }^l\left(g,z\right)=\delta \left({\lambda }_a^l\left(1-g\right)+{\lambda }_h^l\left(1-z\right)\right),l=\{0,1,\dots ,\eta \},$$

(12)

and

$${\gamma }_0^l\left(g,z\right)={\delta }_0\left({\lambda }_a^l\left(1-g\right)+{\lambda }_h^l\left(1-z\right)\right),$$

(13)

where

$$\delta \left(\theta \right)=\mathbb{E}\left[e^{-\theta {\Delta }_1}\right],{\delta }_0\left(\theta \right)=\mathbb{E}\left[e^{-\theta {\tau }_0}\right]$$

(14)

are the marginal transform of increments ${\Delta }_1,{\Delta }_2,\dots$. In the l-th system, the stochastic process ${\mathcal{A}}_{\tau }^l\otimes {\mathcal{H}}_{\tau }^l$ analyzes a conflict between players with an observation process for the l-th system in the layer 1. This game is over when the collateral building blocks by either one of player exceeds the threshold (>$\frac{M_l}{2}$) on the k-th observation epoch ${\tau }_k$. The exit indices for each network are:

$${\nu }^l:=inf\left\{k:A_k^l=A_0^l+X_1^l+\cdots +X_k^l\ge \left(\frac{M_l}{2}\right)\right\},$$

(15)

$${\mu }^l:=inf\left\{j:H_j^l=H_0^l+Y_1^l+\cdots +Y_j^l\ge \left(\frac{M_l}{2}\right)\right\},$$

(16)

where $l=\{0,1,\dots ,\eta \}$, and $\eta$ is the number of backup nodes, which are equivalent with the number of nodes in layer 0. Player A (an attacker) wins at time ${\tau }_{{\nu }^l}$; otherwise, player H (a defender) generates the correct blocks. At this moment, the confined game in the view point of player A${}^l$ for each BGG network in layer 1 is targeted. The Formula (6) will be modified as:

$$\overline{{\mathcal{A}}_{\tau }^l}\otimes \overline{{\mathcal{H}}_{{}_{\tau }}^l}:=\sum _{k\ge 0}^{{\nu }^l}\left(X_k^l,Y_k^l\right){\epsilon }_{{\tau }_k}$$

(17)

which is the path of the game from $\mathcal{F}\left(\Omega \right)\cap \left\{{\nu }^l<{\mu }^l\right\}$, which gives an exact definition of the model observed until ${\tau }_{{\nu }^l}$. The joint functional of the l-th BGG model in layer 1 is as follows:

$$\begin{array}{cc}\hfill {\Phi }_{⌈\frac{M_l}{2}⌉}^l& ={\Phi }_{⌈\frac{M_l}{2}⌉}^l\left(\xi ,g_0,g_1,z_0,z_1\right)\hfill \\ \hfill & =\mathbb{E}\left[{\xi }^{{\nu }^l}·g_0^{A_{{\nu }^l-1}^l}·g_1^{A_{{\nu }^l}^l}·z_0^{H_{{\nu }^l-1}^l}·z_1^{H_{{\nu }^l}^l}{\mathbf{1}}_{\left\{{\nu }^l<{\mu }^l\right\}}\right],l=\{0,\dots ,\eta \}.\hfill \end{array}$$

(18)

This functional represents the status of an attacker and honest nodes upon the exit time ${\tau }_{\nu }^l,$$l=\{0,1,\dots ,\eta \}$. For the BGG-1 theorem [30], the operators for the first exceed model [32,33] are defined as follows:

$${\mathcal{D}}_{\left(x,y\right)}\left[f\left(x,y\right)\right]\left(u,v\right):=\left(1-u\right)\left(1-v\right)\sum _{x\ge 0}\sum _{y\ge 0}f\left(x,y\right)u^x{v}^y,\left|\right|u\left|\right|<1,\left|\right|v\left|\right|<1,$$

(19)

where $\left\{f\left(x,y\right)\right\}$ is a sequence, with the inverse:

$${\mathfrak{D}}_{\left(u,v\right)}^{\left(m,n\right)}\left(•\right)=\left(\frac{1}{m!·n!}\right)\underset{\left(u,v\right)\to 0}{lim}\frac{{\partial }^m{\partial }^n}{\partial u^m\partial v^n}\frac{1}{\left(1-u\right)\left(1-v\right)}\left(•\right),m\ge 0,n\ge 0.$$

(20)

Additionally, the new operators for dealing with the matrix calculations are introduced. Let us consider the matrix of a function set ${\mathit{f}}_{\left(x,y\right)}$ as follows:

$${\mathit{f}}_{\left(x,y\right)}=\left[\begin{array}{c}{f}_0\left(x,y\right)\\ f_1\left(x,y\right)\\ ⋮\\ ⋮\\ f_n\left(x,y\right)\end{array}\right]$$

(21)

and the matrix operations for ${\mathcal{D}}_{\left(x,y\right)}\left\{•\right\}$ and ${\mathfrak{D}}_{\left(u,v\right)}^{\left(m,n\right)}\left\{•\right\}$ are defined as follows:

$$\mathbb{D}\odot {\mathit{f}}_{\left(x,y\right)}:={\mathcal{D}}_{\left(x,y\right)}\left\{\mathit{f}\right\}=\left[\begin{array}{c}\left(1-u\right)\left(1-v\right)\sum \sum f_0\left(x,y\right)u^x{v}^y\\ \left(1-u\right)\left(1-v\right)\sum \sum f_1\left(x,y\right)u^x{v}^y\\ ⋮\\ \left(1-u\right)\left(1-v\right)\sum \sum f_l\left(x,y\right)u^x{v}^y\\ ⋮\\ \left(1-u\right)\left(1-v\right)\sum \sum f_n\left(x,y\right)u^x{v}^y\end{array}\right]$$

(22)

and

$${\mathbb{D}}_{{\mathit{M}}_{\mathit{r}}}^{-\mathbf{1}}\odot {\mathit{G}}_{\left(u,v\right)}:=\left[\begin{array}{c}{\mathfrak{D}}_{\left(u,v\right)}^{\left(m_0,n_0\right)}\left\{G_0\left(u,v\right)\right\}\\ {\mathfrak{D}}_{\left(u,v\right)}^{\left(m_1,n_0\right)}\left\{G_1\left(u,v\right)\right\}\\ ⋮\\ {\mathfrak{D}}_{\left(u,v\right)}^{\left(m_l,n_l\right)}\left\{G_l\left(u,v\right)\right\}\\ ⋮\\ {\mathfrak{D}}_{\left(u,v\right)}^{\left(m_n,n_n\right)}\left\{G_r\left(u,v\right)\right\}\end{array}\right],$$

(23)

where

$${\mathit{M}}_{\mathit{r}}=\left[\begin{array}{cc}{m}_0& n_0\\ m_1& n_1\\ ⋮& ⋮\\ ⋮& ⋮\\ m_r& n_r\end{array}\right]$$

(24)

From the BGG-1 Theorem [30], we can set up the matrix of the functional and the functional matrix for all blockchain networks in layer 1 as follows:

$${\mathbf{\Phi }}_{{\mathit{M}}_{\mathit{\eta }}}^{\mathbf{1}}={\mathbb{D}}_{{\mathit{M}}_{\mathit{\eta }}}^{-\mathbf{1}}\odot {\mathit{G}}_{\left(u,v\right)},$$

(25)

where

$${\mathit{G}}_{\left(u,v\right)}=\left[\begin{array}{c}{G}_0\left(u,v\right)\\ ⋮\\ G_l\left(u,v\right)\\ ⋮\\ G_{\eta }\left(u,v\right)\end{array}\right],{\mathit{M}}_{\mathit{\eta }}=\left\{\begin{array}{cc}⌈\frac{M_0}{2}⌉& ⌈\frac{M_0}{2}⌉\\ ⋮& ⋮\\ ⌈\frac{M_l}{2}⌉& ⌈\frac{M_l}{2}⌉\\ ⋮& ⋮\\ ⌈\frac{M_{\eta }}{2}⌉& ⌈\frac{M_{\eta }}{2}⌉\end{array}\right\},$$

(26)

and ${\mathit{M}}_{\mathit{\eta }}$ indicates the vector form of all blockchain networks in layer 1. From (18):

$${\Phi }_{⌈\frac{M_l}{2}⌉}^l={\mathfrak{D}}_{\left(u,v\right)}^{\left(⌈\frac{M_l}{2}⌉,⌈\frac{M_l}{2}⌉\right)}\left[G_l\left(u,v\right)\right],l=\{0,\dots ,\eta \},$$

(27)

where

$$G_l\left(u,v\right)=\left[{\Gamma }_0^1-{\Gamma }_0+\frac{\xi ·{\gamma }_0}{1-\xi \gamma }\left({\Gamma }^1-\Gamma \right)\right],$$

and

$$\begin{array}{ccc}\hfill \gamma & :=& {\gamma }^l\left(g_0{g}_{1}u,z_0{z}_{1}v\right),\hfill \end{array}$$

(28)

$$\begin{array}{ccc}\hfill {\gamma }_0& :=& {\gamma }_0^l\left(g_0{g}_{1}u,z_0{z}_{1}v\right),\hfill \end{array}$$

(29)

$$\begin{array}{ccc}\hfill \Gamma & :=& {\gamma }^l\left(g_{1}u,z_{1}v\right),\hfill \end{array}$$

(30)

$$\begin{array}{ccc}\hfill {\Gamma }_0& :=& {\gamma }_0^l\left(g_{1}u,z_{1}v\right),\hfill \end{array}$$

(31)

$$\begin{array}{ccc}\hfill {\Gamma }^1& :=& {\gamma }^l\left(g_1,z_{1}v\right),\hfill \end{array}$$

(32)

$$\begin{array}{ccc}\hfill {\Gamma }_0^1& :=& {\gamma }_0^l\left(g_1,z_{1}v\right).\hfill \end{array}$$

(33)

From (18) and (27), the probability generating functions (PGFs) for $A_{{\nu }^l-1}^l$ (and also $A_{{\nu }^l}^l$) and the exit index ${\nu }^l$ of the l-th BGG network in the layer 1 are determined as follows:

$$\mathbb{E}\left[{\xi }^{{\nu }^l}\right]={\Phi }_{⌈\frac{M_l}{2}⌉}^l\left(\xi ,1,1,1,1\right),$$

(34)

$$\mathbb{E}\left[g_0^{A_{{\nu }^l-1}^l}\right]={\Phi }_{⌈\frac{M_l}{2}⌉}^l\left(1,g_0,1,1,1\right),$$

(35)

$$\mathbb{E}\left[g_1^{A_{{\nu }^l}^l}\right]={\Phi }_{⌈\frac{M_l}{2}⌉}^l\left(1,1,g_1,1,1\right),l=\{0,\dots ,\eta \}.$$

(36)

From (5), (10) and (34), the moments of making a decision ${\tau }_{\nu -1}$ are:

$$\mathbb{E}\left[{\nu }^l\right]=\frac{\partial }{\partial \xi }{\Phi }_{⌈\frac{M}{2}⌉}^l\left(\xi ,1,1,1,1\right){|}_{\xi =1},$$

(37)

$$\mathbb{E}\left[{\tau }_{{\nu }^l-1}\right]=\mathbb{E}\left[{\tau }_0\right]+\mathbb{E}\left[{\Delta }_1\right]\left(\mathbb{E}\left[{\nu }^l\right]-1\right),l=\{1,\dots ,\eta \}.$$

(38)

In a conventional BGG [30], the probability of bursting the l-th blockchain network $q^l\left(s_H\right)$ is determined as follows:

$$q^l\left(s_H\right)=\left\{\begin{array}{cc}\mathbb{E}\left[{\mathbf{1}}_{\left\{A_{\nu }^l\ge \frac{M}{2}\right\}}\right],\hfill & s_H=\left\{\mathrm{DoNothing}\right\},\hfill \\ \mathbb{E}\left[{\mathbf{1}}_{\left\{A_{\nu }^l\ge \left(\frac{M}{2}+B^1\right)\right\}}\right],\hfill & s_H=\left\{\mathrm{Action}\right\}\hfill \end{array}\right.$$

(39)

where $B^1(\le \eta )$ is the number of backup nodes, which are hooked as in layer 0 (see Figure 2), and the reserved nodes depend on the availability of other blockchain networks in the same layer. When the reserved nodes are realized during a safety mode, the bursting probability of the l-th blockchain network in the layer 1 is revised as follows:

$$\mathbb{E}\left[{\mathbf{1}}_{\left\{A_{\nu }^l\ge \left(\frac{M_l}{2}+B^1\right)\right\}}\right]=\mathbb{E}\left[\mathbb{E}\left[{\mathbf{1}}_{\left\{A_{\nu }\ge \left(\frac{M_l}{2}+B^1\right)\right\}}|B^1\right]\right]$$

(40)

where

$$P\left\{B_{\eta }^1=j\right\}=\left(\begin{array}{c}\eta \\ j\end{array}\right){\left({\rho }^{\mathbf{1}}\right)}^j{\left(1-{\rho }^{\mathbf{1}}\right)}^{\eta -j},$$

(41)

$${\rho }^{\mathbf{1}}=\left(\frac{1}{\eta +1}\right)\mathbb{E}\left[\sum _{k=0}^{\eta }{\mathbf{1}}_{\left\{H_{\nu }^k\ge \frac{M_k}{2}\right\}}\right].$$

(42)

2.2. Layer 0: SABGG Stochastic Modelling

The SABGG network with $\eta +1$ nodes are considered in the layer 0 (i.e., the first layer) and two persons (called “Corrupted” and “Genuine”) play a game by governing blocks which are either genuine or corrupted ledgers. For layer 0, let us assume:

$$\mathcal{C}:=\sum _{j\ge 0}{J}_j{\epsilon }_{u_j},u_0\left(=0\right)<u_1<u_2<\cdots ,$$

(43)

$$\mathcal{G}:=\sum _{k\ge 0}{K}_k{\epsilon }_{v_k},v_0\left(=0\right)<v_1<v_2<\cdots ,$$

(44)

are also marked Poisson processes (i.e., $\mathcal{F}c$ and ${\mathcal{F}}_g$ measures) and position-independent marking with respective intensities ${\lambda }_c$ and ${\lambda }_g$. Similar to (5), a third-party observation point process is determined as follows:

$$\mathcal{U}:=\sum _{i\ge 0}{\epsilon }_{t_i},t_0\left(>0)\right),t_1,\dots .$$

(45)

Similarly, player C (corrupted; a layer 0 attacker) builds the blocks which contain false transactions at the times $u_1,$$u_2,\dots$. In the other hand, player G (genuine; a layer 0 defender) generates the blocks which contain the correct transactions. The transforms of the processes $\mathcal{C}$ and $\mathcal{G}$ are:

$$\mathbb{E}\left[y^{\mathcal{C}\left(u\right)}\right]=e^{{\lambda }_c\left(u\right)\left(y-1\right)},\mathbb{E}\left[z^{\mathcal{G}\left(v\right)}\right]=e^{{\lambda }_g\left(v\right)\left(z-1\right)}.$$

(46)

Unlike layer 1, layer 0 has one single SABGG network. The observation process upon $\mathcal{C}\otimes \mathcal{G}$ with respective increments:

$$\left(J_i,K_i\right):=\mathcal{C}\otimes \mathcal{G}\left(\left[t_{i-1},t_i\right]\right),i=1,2,\dots ,$$

(47)

and

$$J_0=C_0,K_0=G_0.$$

(48)

The observation process of layer 0 is formalized as:

$${\mathcal{C}}_t\otimes {\mathcal{G}}_t:=\sum _{i\ge 0}\left(J_i,K_i\right){\epsilon }_{t_i},$$

(49)

where

$${\mathcal{C}}_t=\sum _{i\ge 0}{J}_i{\epsilon }_{t_i},{\mathcal{G}}_t=\sum _{i\ge 0}{K}_i{\epsilon }_{t_i},$$

(50)

with position-dependent marking. We can find the functional

$$\alpha \left(y,z\right)=\mathbb{E}\left[y^{J_i}·z^{K_i}\right],\parallel y\parallel \le 1,\parallel z\parallel \le 1$$

(51)

with the notation

$$U_i:=t_i-t_{i-1},i=\{0,1,\dots \},t_{-1}=0.$$

(52)

Similarly, from the previous section, we have:

$$\alpha \left(y,z\right)=\alpha \left({\lambda }_c\left(1-y\right)+{\lambda }_g\left(1-z\right)\right),$$

(53)

$${\alpha }_0\left(y,z\right)={\alpha }_0\left({\lambda }_c\left(1-y\right)+{\lambda }_g\left(1-z\right)\right),$$

(54)

where

$$\alpha \left(\theta \right)=\mathbb{E}\left[e^{-\theta U_1}\right],{\alpha }_0\left(\theta \right)=\mathbb{E}\left[e^{-\theta t_0}\right].$$

(55)

The exit indices are formalized as follows:

$$\nu :=inf\left\{j:C_j(=C_0+J_1+\cdots +J_j)\ge \left(\frac{\eta }{2}\right)\right\},$$

(56)

$${\nu }_2:=inf\left\{j:C_j(=C_0+J_1+\cdots +J_j)-B^0\ge \left(\frac{\eta }{2}\right)\right\},$$

(57)

$$\mu :=inf\left\{l:G_l(=G_0+K_1+\cdots +K_l)\ge \left(\frac{\eta }{2}\right)\right\},$$

(58)

where $B^0$ ($\le \eta$) is the number of available nodes by the strategic alliance. The game in the layer 0 is over at min$\left\{\nu ,{\nu }_2,\mu \right\}$. The first passage time $t_{\nu }$ is the associated exit time from the confined game, and Formula (49) is modified as:

$$\overline{\mathcal{C}{}_t}\otimes \overline{\mathcal{G}{}_t}:=\sum _{n\ge 0}^{\nu }\left(J_n,K_n\right){\epsilon }_{t_n},$$

(59)

which gives an exact definition of the model observed until $t_{\nu }$ without the strategic alliance action. The explicit formula of the SABGG [31] is as follows:

$$\begin{array}{cc}\hfill {\Theta }_{\frac{\eta }{2}}& ={\Theta }_{\left\{\nu ,{\nu }_2,\mu \right\}}\left(\zeta ,y_0,y_1,b,z_0,z_1\right)\hfill \\ \hfill & =\mathbb{E}\left[{\zeta }^{\nu }·y_0^{C_{\nu -1}}·y_1^{C_{\nu }}·b^{C_{\nu }-B_{\eta }}·z_0^{G_{\mu -1}}·z_1^{G_{\mu }}{\mathbf{1}}_{\left\{\nu <{\nu }_2<\mu \right\}}\right],\hfill \end{array}$$

(60)

and the extended first exceed theory [32,33] has been applied, and the operator ${\mathcal{D}}_{\left(a,b,c\right)}^{\left(q,r,s\right)}$ is defined as:

$${\mathcal{D}}_{\left(a,b,c\right)}^{\left(q,r,s\right)}\left[g\left(a,b,c\right)\right]:=\left(1-q\right)\left(1-r\right)\left(1-s\right)·\left\{\sum _{a\ge 0}\sum _{b\ge 0}\sum _{c\ge 0}g\left(a,b,c\right)q^a{r}^b{s}^c\right\},$$

(61)

and $\left|\right|q\left|\right|<1,$$\left|\right|r\left|\right|<1,$$\left|\right|s\left|\right|<1.$ Then, we have:

$$g\left(a,b,c\right)={\mathfrak{D}}_{\left(q,r,s\right)}^{\left(a,b,c\right)}\left[{\mathcal{D}}_{\left(a,b,c\right)}\left\{g\left(a,b,c\right)\right\}\left(q,r,s\right)\right],$$

(62)

where $\left\{g\left(a,b,c\right)\right\}$ is a sequence, with the inverse:

$${\mathfrak{D}}_{\left(q,r,s\right)}^{\left(a,b,c\right)}\left(•\right)=\left(\frac{1}{a!·b!·c!}\right)\underset{\left(q,r,s\right)\to 0}{lim}\left\{\frac{{\partial }^a{\partial }^b{\partial }^c}{\partial q^a\partial r^b\partial s^c}\frac{1}{\left(1-q\right)\left(1-r\right)\left(1-s\right)}\left(•\right)\right\}.$$

(63)

From the BGG-2 Theorem [31]:

$${\Theta }_{⌈\frac{N}{2}⌉}={\mathfrak{D}}_{\left(q,r,s\right)}^{\left(⌈\frac{\eta }{2}⌉,⌈\frac{\eta }{2}⌉,⌈\frac{\eta }{2}⌉\right)}\left\{{\sigma }_{\eta }·\beta \left(\frac{1-{\beta }^1}{1-\beta }\right)·\left({\alpha }_0^1-{\alpha }_0+\frac{\zeta {\Phi }_0}{1-\zeta \Phi }\left({\alpha }^1-\alpha \right)\right)\right\},$$

(64)

where

$$\begin{array}{ccc}\hfill \Phi & :=& \alpha \left(y_0{y}_{1}bqr,z_0{z}_{1}s\right),\hfill \end{array}$$

(65)

$$\begin{array}{ccc}\hfill {\Phi }_0& :=& {\alpha }_0\left(y_0{y}_{1}bqr,z_0{z}_{1}s\right),\hfill \end{array}$$

(66)

$$\begin{array}{ccc}\hfill \alpha & :=& \alpha \left(y_{1}bq,z_1\right),\hfill \end{array}$$

(67)

$$\begin{array}{ccc}\hfill {\alpha }_0& :=& {\alpha }_0\left(y_{1}bq,z_1\right),\hfill \end{array}$$

(68)

$$\begin{array}{ccc}\hfill {\alpha }^1& :=& \alpha \left(y_{1}b,z_1\right),\hfill \end{array}$$

(69)

$$\begin{array}{ccc}\hfill {\alpha }_0^1& :=& {\alpha }_0\left(y_{1}b,z_1\right),\hfill \end{array}$$

(70)

$$\begin{array}{ccc}\hfill \beta & :=& \alpha \left(br,s\right),\hfill \end{array}$$

(71)

$$\begin{array}{ccc}\hfill {\beta }^1& :=& \alpha \left(r,1\right),\hfill \end{array}$$

(72)

$$\begin{array}{ccc}\hfill {\sigma }_{\eta }& :=& \mathbb{E}\left[b^{-B_{\eta }}\right].\hfill \end{array}$$

(73)

The moment of making a decision $t_{\nu -1}$ could be found as follows:

$$\mathbb{E}\left[\nu \right]=\frac{\partial }{\partial \zeta }{\Theta }_{⌈\frac{\eta }{2}⌉}\left(\zeta ,1,1,1,1,1\right){|}_{\zeta =1},$$

(74)

$$\mathbb{E}\left[t_{\nu -1}\right]=\mathbb{E}\left[t_0\right]+\mathbb{E}\left[U_1\right]\left(\mathbb{E}\left[\nu \right]-1\right).$$

(75)

In layer 0, the probability of bursting the blockchain network $q^0\left(s_H\right)$ is determined as follows:

$$q^0\left(s_g\right)=\left\{\begin{array}{cc}\mathbb{E}\left[{\mathbf{1}}_{\left\{C_{\nu }\ge \frac{\eta }{2}\right\}}\right],\hfill & s_g=\left\{\mathrm{DoNothing}\right\},\hfill \\ \mathbb{E}\left[{\mathbf{1}}_{\left\{C_{\nu }\ge \frac{\eta \left(1+\alpha \right)}{2}\right\}}\right],\hfill & s_g=\left\{\mathrm{Action}\right\}.\hfill \end{array}\right.$$

(76)

where $\alpha$ is an overhead portion for protecting the layer 0 (i.e., $B^0=\left(\frac{\eta }{2}\right)·\alpha$). The probability of bursting a SABGG network by an attacker is as follows:

$$q\left(s_g\right)=\left\{\begin{array}{cc}\sum _{k>\frac{\eta }{2}}\mathbb{E}\left[{\mathbf{1}}_{\left\{C_{\nu }=k\right\}}\right],\hfill & s_g=\left\{\mathrm{DoNothing}\right\},\hfill \\ \mathbb{E}\left[\sum _{k>\frac{\eta }{2}+B^0}\mathbb{E}\left[{\mathbf{1}}_{\left\{C_{\nu }=k\right\}}\right]\right],\hfill & s_g=\left\{\mathrm{Action}\right\},\hfill \end{array}\right.$$

(77)

where

$$\mathbb{E}\left[{\mathbf{1}}_{\left\{C_{\nu }=k\right\}}\right]=\mathbb{E}\left[\mathbb{E}\left[\frac{{\left({\lambda }_c{t}_{\nu }\right)}^k}{k!}·e^{-{\lambda }_c{t}_{\nu }}|t_{\nu }\right]\right].$$

(78)

3. Multiple Layered IoT-Server Network Design

The MLBGG framework is suitable to adapt any type of hierarchical networks, including computer networks and management systems. A typical IoT-Server network architecture is connected cars (i.e., IoT connection) which are controlled by agent servers which are decentralized and equally contributed. The Internet of Vehicles or EBIoV (Enhanced Blockchain-based Internet of Vehicles) [19] are widely known frameworks for connecting smart components in each car. Although the application in this paper deals with smart components in a connected car as IoT elements, this model could be applied to drones as IoT elements for improving their security. Basically, any IoT component could consider the MLBGG model for enhancing its security without centralized authentication systems.

3.1. Multiple Layered IoT-Server Network Architecture

The networks which combines IoT networks and a server network could adapt the MLBGG. The set of IoT networks is one layer and one set with management servers is the other layer. The BGG is adapted into IoT networks as layer 1 and the SABGG is applied into the network of management servers (see Figure 3).

Layer 1 contains $\eta +1$ IoT systems, and each IoT system has $M_l,l=\{0,1,\dots ,\eta \}$ components which are fully connected. The l-th IoT system should have at least one (agent) server as a component within $M_l$ components. These servers, which have higher control levels, become the components in layer 0, and the $\eta +1$ elements in layer 0 are the backup nodes for all IoT systems in layer 0 (i.e., shared backup nodes). Since $\eta +1$ servers in layer 0 can keep multiple ledgers, each server has all ledgers from the IoT systems in layer 0. It is noted that up to $\eta$ nodes might allay one node in layer 0. The blockchain ledger for the agent system (i.e., layer 0) is different than the ledgers for IoT systems (i.e., layer 1) and is only shared within layer 0.

3.2. Stochastic Optimization

In layer 1, the reserving costs for backup nodes (i.e., “Action” strategy of a defender in layer 1) should be cheaper than the network bursting costs; otherwise, player H would choose the other strategy (“DoNothing” strategy). The number of nodes for protecting $\eta +1$ BGG networks in layer 1 depends on the cost function. Available reserved nodes are equally applied to every BGG networks in layer 1, and the optimal portion for the blockchain governance $B^1$ could be found as follows:

$$B^1=\inf \left\{\eta \ge 0:{\mathfrak{C}}^{\mathbf{1}}\left(B^1\right)\right\},B^1\le \eta ,$$

(79)

where

$${\mathfrak{C}}^{\mathbf{1}}\left(B^1\right)=\sum _{l=0}^{\eta }\mathbb{E}\left[{\mathfrak{C}}_{\mathbf{1}}^l{\left(B_{\eta }^1\right)}_{\mathrm{Total}}\right].$$

(80)

The governance cost function for governance for the l-th BGG networks in the layer 1 is as follows:

$${\mathfrak{C}}_{\mathbf{1}}^l{\left(B\right)}_{\mathrm{Total}}={\mathfrak{C}}_{\mathrm{Act}}^l\left(B\right)·\mathbb{E}\left[{\mathbf{1}}_{\left\{A_{\nu -1}^l<\frac{M_l}{2}\right\}}\right]+{\mathfrak{C}}_{\mathrm{NoA}}^l·\mathbb{E}\left[{\mathbf{1}}_{\left\{A_{\nu -1}^l\ge \frac{M_l}{2}\right\}}\right]$$

(81)

and

$${\rho }^{\mathbf{1}}=\left(\frac{1}{\eta +1}\right)\mathbb{E}\left[\sum _{l=0}^{\eta }{\mathbf{1}}_{\left\{H_{\nu }^l\ge \frac{M_l}{2}\right\}}\right],l=\{0.\dots ,\eta \}.$$

(82)

For each blockchain network in layer 1, no action for the l-th blockchain network will be taken until the moment ${\tau }_{{\nu }^l-1}$. If the attacker catches less than half of all nodes at ${\tau }_{\nu -1}^l$ (i.e., $\left\{A_{\nu -1}^l<\frac{M_l}{2}\right\}$), then the defender could take the action to avoid the attack at ${\tau }_{\nu }^l,$$l=0,1,\dots ,\eta$.

In layer 0, the acceptance rate of a strategic alliance in a blockchain network $\alpha$ depends on the cost function and the optimal portion ${\alpha }^{\mathbf{0}}$ for the SABGG could be found as follows (where $B:=B_{\eta }^0=\left(\frac{\eta }{2}\right)·\alpha$):

$${\alpha }^{\mathbf{0}}=\inf \left\{\alpha \ge 0:{\mathfrak{C}}_{\mathrm{NoA}}^0\left(r^0\right)\ge {\mathfrak{C}}_{\mathrm{Act}}^0\left(\alpha \right)\right\},$$

(83)

where (at the moment $t_{\nu -1}$)

$${\mathfrak{C}}_{\mathrm{NoA}}^{\mathbf{0}}\left(r^0\right)=U_0·r^0,$$

(84)

$${\mathfrak{C}}_{\mathrm{Act}}^{\mathbf{0}}\left(\alpha ,\eta \right)=c_{\eta }^0\left(\alpha \right)\left(1-r_{\alpha }^1\right)+\left(c_{\eta }^0\left(\alpha \right)+U_0\right)r_{\alpha }^1,$$

(85)

$$r^0=\mathbb{E}\left[{\mathbf{1}}_{\left\{C_{\nu }\ge \frac{\eta }{2}\right\}}\right],r_{\alpha }^1=\mathbb{E}\left[{\mathbf{1}}_{\left\{C_{\nu }\ge \frac{\eta }{2}+B\right\}}\right].$$

(86)

From (82) and (83), the optimal acceptance rate for layer 0 is determined as follows:

$${\alpha }^{*}=\min \left\{{\rho }^{\mathbf{1}},{\alpha }^{\mathbf{0}}\right\},$$

(87)

and the defender will not take any action until the time $t_{\nu -1}$ for layer 0. If the attacker catches less than half of all nodes at $t_{\nu -1}$ (i.e., $C_{\nu -1}<⌈\frac{\eta }{2}⌉$), then the defender could take the action to avoid the attack at $t_{\nu }$. The total cost for developing the enhanced blockchain network is as follows:

$${\mathfrak{C}}^{\mathbf{0}}{\left(\alpha ,\eta \right)}_{\mathrm{Total}}={\mathfrak{C}}_{\mathrm{Act}}^{\mathbf{0}}\left(B\right)·\mathbb{E}\left[{\mathbf{1}}_{\left\{C_{\nu -1}<\frac{\eta }{2}\right\}}\right]+{\mathfrak{C}}_{\mathrm{NoA}}^{\mathbf{0}}·\mathbb{E}\left[{\mathbf{1}}_{\left\{C_{\nu -1}\ge B\right\}}\right],$$

(88)

and the optimal portion for the blockchain governance ${\eta }^{\mathbf{0}}$ could be found as follows:

$${\eta }^0=\inf \left\{\eta \ge 0:{\mathfrak{C}}^{\mathbf{0}}\left(\eta \right)\right\}.$$

(89)

Since ${\Theta }_{⌈\frac{\eta }{2}⌉}\left(1,y_0,1,1,1,1\right)$ from (2.64) is the probability generating function of $C_{\nu -1},$ the probability mass could be found as follows:

$$\mathit{P}\left\{C_{\nu -1}=k\right\}=\underset{y_0\to 0}{lim}\frac{1}{k!}\frac{{\partial }^k}{\partial y_0^k}{\Theta }_{⌈\frac{N}{2}⌉}\left(1,y_0,1,1,1,1\right),k=0,\dots ,⌊\frac{\eta }{2}⌋.$$

(90)

From (79) and (89), the optimal number of the reserved nodes for layer 0 in layer 1 could be found as follows:

$${\eta }^{*}=\max \left\{B^1,{\eta }^0\right\}.$$

(91)

Based on the conditions, the LP (Linear Programming) model could be described as follows:

Objective:

$$min\mathit{G}=\mathbb{E}\left[{\mathfrak{C}}^{\mathbf{0}}{\left(B^0\right)}_{\mathrm{Total}}+{\mathfrak{C}}^{\mathbf{1}}{\left(B^1\right)}_{\mathrm{Total}}\right]$$

(92)

Subject to:

$${\alpha }^{*}\ge \frac{c_{\eta }}{U_0·r^0-c_{\eta }}.$$

(93)

4. Model Simulations

The safety mode is considered for protecting a network. Theoretically, the BGG-based network takes a preliminary action to avoid a 51 percent attack by an attacker. The simulations in this section are targeted to find optimal values of the configuring parameters, including an optimal number of reserved nodes in the layer 1 and the acceptance rate for the SABGG-based network in layer 0. The first simulation is finding the optimal value of reserved nodes for IoT networks in layer 1 (Section 4.2). The second one is designed to evaluate the optimal acceptance rate of the SABGG which is adapted in layer 0 (Section 4.3). Lastly, an overall cost comparison with a conventional network without adapting the BGG is discussed on Section 4.4.

4.1. Preliminaries

The safety mode is considered for protecting a multi-layered network. Theoretically, a BGG based network takes a preliminary action to avoid a 51 percent attack by an attacker. The action may actually happen before governing more than half of the nodes by an attacker or after. Two points of the Proof-Of-Work (POW) are considered as action points: One is the moment that passes more than a half of the nodes in the networks which are more than $\frac{M_l}{2},l=0,1,\dots \eta$ for layer 1 and more than $\frac{\eta }{2}$ for the layer 0. The other is one step prior to passing more than half the nodes in both layers. The best situation shall be that the safety mode is executed when an attacker takes more than half of the nodes, but the network is protected by releasing additional backup nodes. However, it is noted that attempting to govern more than a half of the nodes may happen even after exiting the safety mode (see Figure 4).

The simulation is processed by the following strategies:

• Two cases (one is with the BGG, the other is without the BGG) per each layer are simulated;
• Simulating the 51 percent attack to evaluate whether the nodes in the network are protected by the BGG or not;
• If the number of nodes governed by the attack is more than half at ${\tau }_{\nu }^l$ (i.e., $A_{\nu }^l\ge \frac{M_l}{2},$$l=\{0,1,\dots ,\eta \}$), the networks in layer 1 are burst;
• If the number of nodes governed by the attack is more than half at $t_{\nu }$ (i.e., $C_{\nu }\ge \frac{\eta }{2}$), the network of layer 0 is burst;
• The safety modes for each layer are randomly executed based on the Binomial random variables;
• The observation (i.e., the duration of the proof-of-work) are the same within the same layer.

The strategy for protecting each network in layer 1 is for supporting the additional nodes to give the less chance that an attacker catches blocks with false control requests. The IoT-connected network is considered as a BGG network in the layer, and the estimated mean value of each network in layer 1 is around USD 10,000 each. The reserved nodes for a safety mode are the same for main nodes in the layer 0. All nodes in the layer 0 contains multiple ledgers of all network in the layer 1 (i.e., the number of reserved nodes $\eta$ for a safety mode is same for all network in the layer 1). The details of other setups are described in

Table 1. Initial conditions for layer 1.

Name	Value	Description
$\mathbb{E}\left[M^l\right]$	250	Average number of nodes of each network in layer 1 $(l=\{1,\dots ,N\left\}\right)$
$\mathbb{E}\left[V_l\right]$	10,000 [USD]	Average value of each network in layer 1
$c_1\left(B\right)$	−	The cost for reserving nodes to avoid attacks in layer 1
${\lambda }_A^l$	−	The rate of attacking in layer 1
B	−	The number of backup nodes supported from layer 0 ($B\le \eta$)

.

The setups for layer 0 could be similarly described in

Table 2. Initial conditions for layer 0.

Name	Value	Description
$\alpha$ (or p)	−	Acceptance rate for strategic alliance in layer 0
$U_0$	120,000 [USD]	Total value of the layer 0 network
$c_0\left(\alpha \right)$	−	The cost for reserving nodes to avoid attacks in layer 0
${\lambda }_c$	−	The rate of governing nodes by attackers in layer 0
N	41 [Nodes]	Total number of nodes in layer 0 $(N=\eta +1)$

. It is noted that the overall loss value by the burst layer 0 network is higher than the average loss values of networks in layer 1 because the components in layer 1 are mainly IoT sensors, which are cheaper than the components in layer 0, which are typically servers and workstations.

4.2. Optimizing Backup Nodes for the Layer 1

This simulation considers that 41 (i.e., $\eta +1$) IoT networks (as layer 1) are hooked up as a single network (as layer 0), and each IoT network has up to 40 backup nodes for security modes. The simulation goes for 1000 trials and finds the optimal number of backup nodes based on the cost efficiency. It has been executed 4 times with 1000 trials, and the optimal values vary (see Figure 5).

It shows that the optimal number of backup nodes are ranged between 35 and 45 nodes. The cost efficiency is around 46 percent, which indicates 250 BGG-based IoT networks are 46 percents cheaper than conventional IoT networks in terms of overall operating costs.

4.3. Acceptance Rate of Strategic Alliance in the Layer 0

In layer 0, the acceptance rate is a vital matter because the layer 0 network adapts the SABGG [31]. This simulation robustly finds the optimal acceptance rate with correspond to number of nodes in layer 0. The simulation shows that around a 46 percent acceptance rate will give the best effort regardless of the number of nodes in layer 0 (see Figure 6).

4.4. Overall Performance Discussion of a Multi-Layered BGG

This session shows the comparison between a Multi-Layered BGG (MLBGG) and a blockchain network without BGG. The simulation calculates the average operating costs of both networks (layer 0 and 1) based on 1000 trials with the given conditions (Table 1 and Table 2). The result shows that the average operating costs for the safety mode are USD 286,916 for the MLBGG adapted network (USD 115,400 in layer 0 and USD 171,516 in layer 1) and the network without the MLBGG costs USD 520,000 (i.e., USD 120,000 + USD 400,000).

The average cost efficiency of the MLBGG-adapted network $\epsilon$ that compares to the safety operation cost of conventional IoT networks can be solved as follows [34]:

$$\epsilon =\frac{|C_b-C_r|}{C_r}$$

(94)

where $C_b$ (=USD 286,916) is the average safety operation costs with the MLBGG and $C_r$ (=USD 520,000) is the cost of an atypical IoT network without the BGG adaptation. From (94), the MLBGG cost efficiency is 0.4482 (in Figure 7), which means that about 45 percent of the costs are saved by adapting an MLBGG. Since the testing values are randomly generated in each simulation, the results from other trials might not be the same as the current ones in this section.

5. Conclusions

The major target of this paper has established explicit formulas of the Multi-Layered Blockchain Governance Game, and the set of IoT networks are combined with secure management network systems as a higher hierarchy. This hybrid network architecture directly adapts the blockchain governance game for enhancing the security. An analytic approach supports the theoretical background of decision-making factors to design the enhanced network architecture. The several simulations are executed to find various hyper-parameters, which also impacts the network performance. This innovative architecture is targeted to improve the security only based on network architectural perspectives. This new proposed model is still theoretical, and actual implementations on real blockchain networks shall be developed to see how this theory is actually working. Other technical perspectives for improving blockchain security are out of scope in this paper, but combining these technical perspectives and the MLBGG might be considered as future research topics. The MLBGG model shall be extended to various blockchain-based cybersecurity network frameworks for connected cars and smart drone swarms.