Abstract
The Bitcoin protocol requires nodes to quickly distribute newly created blocks. Strong nodes can, however, gain higher payoffs by withholding blocks they create and selectively postponing their publication. The existence of such selfish mining attacks was first reported by Eyal and Sirer, who have demonstrated a specific deviation from the standard protocol (a strategy that we name SM1).
In this paper we investigate the profit threshold – the minimal fraction of resources required for a profitable attack. Our analysis provides a bound under which the system can be considered secure against such attacks. Our techniques can be adapted to protocol modifications to assess their susceptibility to selfish mining, by computing the optimal attack under different variants. We find that the profit threshold is strictly lower than the one induced by the SM1 scheme. The policies given by our algorithm dominate SM1 by better regulating attack-withdrawals. We further evaluate the impact of some previously suggested countermeasures, and show that they are less effective than previously conjectured.
We then gain insight into selfish mining in the presence of communication delays, and show that, under a model that accounts for delays, the profit threshold vanishes, and even small attackers have incentive to occasionally deviate from the protocol. We conclude with observations regarding the combined power of selfish mining and double spending attacks.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsNotes
- 1.
Growth is achieved either by buying more hardware, in the case of a single attacker, or by attracting more miners, in the case of a pool.
- 2.
This is justified by Bitcoin’s 10 min block creation interval which is far greater than the propagation time of blocks in the network. This assumption is later removed when we consider networks with delay.
- 3.
See Sect. 6 for the implication of delayed broadcasting.
- 4.
Another possible motivation for this is the re-targeting mechanism in Bitcoin. When the block creation rate in the network is constant, the adaptive re-targeting implies that the attacker will also increase its absolute payoff, in the long run.
- 5.
Indeed, in networks without delays, honest mining is equivalent to the policy \(\left\{ \begin{array}{ccc} adopt \quad&\text {if}~({l_a},{l_h})=(0,1) ~;~ override \quad&\text {if}~({l_a},{l_h})=(1,0) \end{array} \right\} \), as these are the only reachable states.
- 6.
The equivalence of this formalization of the value function and alternatives in which the order of expectation and limit is reversed is discussed in [3].
- 7.
The error parameter \(\epsilon \) was set to be \(10^{-5}\) and the truncation was set to \(T=75\). See full version.
- 8.
After \(2\cdot d_{a,h}\) we are guaranteed that the link from the attacker to the honest network is empty.
- 9.
In the worst case, the attacker is frequently engaged in “real” transactions anyways, hence suffers no loss from them being occasionally confirmed, when attacks fail.
References
https://bitcointalk.org/index.php?topic=2227 (2008). Accessed 07 July 2015
Babaioff, M., Dobzinski, S., Oren, S., Zohar, A.: On Bitcoin and red balloons. In: Proceedings of the 13th ACM Conference on Electronic Commerce, pp. 56–73. ACM (2012)
Bierth, K.-J.: An expected average reward criterion. Stochas. Processes Their Appl. 26, 123–140 (1987)
Bonneau, J., Miller, A., Clark, J., Narayanan, A., Kroll, J.A., Felten, E.W.: Research perspectives and challenges for Bitcoin and cryptocurrencies, SoK (2015)
Chadès, I., Chapron, G., Cros, M.-J., Garcia, F., Sabbadin, R.: MDPtoolbox: a multi-platform toolbox to solve stochastic dynamic programming problems. Ecography 37(9), 916–920 (2014)
Courtois, N.T., Bahack, L.: On subversive miner strategies and block withholding attack in Bitcoin digital currency. arXiv preprint: arXiv:1402.1718 (2014)
Decker, C., Wattenhofer, R.: Information propagation in the Bitcoin network. In: 2013 IEEE Thirteenth International Conference on Peer-to-Peer Computing (P2P), pp. 1–10. IEEE (2013)
Eyal, I.: The miner’s dilemma. arXiv preprint: arXiv:1411.7099 (2014)
Eyal, I., Sirer, E.G.: Majority is not enough: bitcoin mining is vulnerable. In: Christin, N., Safavi-Naini, R. (eds.) FC 2014. LNCS, vol. 8437, pp. 436–454. Springer, Heidelberg (2014). doi:10.1007/978-3-662-45472-5_28
Göbel, J., Keeler, P., Krzesinski, A.E., Taylor, P.G.: Bitcoin blockchain dynamics: the selfish-mine strategy in the presence of propagation delay. arXiv preprint: arXiv:1505.05343 (2015)
Heilman, E.: One weird trick to stop selfish miners: fresh bitcoins, a solution for the honest miner (poster abstract). In: Böhme, R., Brenner, M., Moore, T., Smith, M. (eds.) FC 2014. LNCS, vol. 8438, pp. 161–162. Springer, Heidelberg (2014). doi:10.1007/978-3-662-44774-1_12
Kroll, J.A., Davey, I.C., Felten, E.W.: The economics of Bitcoin mining, or Bitcoin in the presence of adversaries. In: Proceedings of WEIS, vol. 2013 (2013)
Lewenberg, Y., Bachrach, Y., Sompolinsky, Y., Zohar, A., Rosenschein, J.S.: Bitcoin mining pools: a cooperative game theoretic analysis. In: Proceedings of the 2015 International Conference on Autonomous Agents and Multiagent Systems, pp. 919–927. International Foundation for Autonomous Agents and Multiagent Systems (2015)
Lewenberg, Y., Sompolinsky, Y., Zohar, A.: Inclusive block chain protocols. In: Böhme, R., Okamoto, T. (eds.) FC 2015. LNCS, vol. 8975, pp. 528–547. Springer, Heidelberg (2015). doi:10.1007/978-3-662-47854-7_33
Nakamoto, S.: Bitcoin: a peer-to-peer electronic cash system. Consulted 1(2012), 28 (2008)
Nayak, K., Kumar, S., Miller, A., Shi, E.: Stubborn mining: generalizing selfish mining and combining with an eclipse attack
Rosenfeld, M.: Analysis of hashrate-based double spending. arXiv preprint: arXiv:1402.2009 (2014)
Sompolinsky, Y., Zohar, A.: Secure high-rate transaction processing in Bitcoin. In: Böhme, R., Okamoto, T. (eds.) FC 2015. LNCS, vol. 8975, pp. 507–527. Springer, Heidelberg (2015). doi:10.1007/978-3-662-47854-7_32
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2017 International Financial Cryptography Association
About this paper
Cite this paper
Sapirshtein, A., Sompolinsky, Y., Zohar, A. (2017). Optimal Selfish Mining Strategies in Bitcoin. In: Grossklags, J., Preneel, B. (eds) Financial Cryptography and Data Security. FC 2016. Lecture Notes in Computer Science(), vol 9603. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-662-54970-4_30
Download citation
DOI: https://doi.org/10.1007/978-3-662-54970-4_30
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-662-54969-8
Online ISBN: 978-3-662-54970-4
eBook Packages: Computer ScienceComputer Science (R0)