skip to main content
10.1145/2976749.2978408acmconferencesArticle/Chapter ViewAbstractPublication PagesccsConference Proceedingsconference-collections
research-article
Public Access

On the Instability of Bitcoin Without the Block Reward

Published: 24 October 2016 Publication History

Abstract

Bitcoin provides two incentives for miners: block rewards and transaction fees. The former accounts for the vast majority of miner revenues at the beginning of the system, but it is expected to transition to the latter as the block rewards dwindle. There has been an implicit belief that whether miners are paid by block rewards or transaction fees does not affect the security of the block chain.
We show that this is not the case. Our key insight is that with only transaction fees, the variance of the block reward is very high due to the exponentially distributed block arrival time, and it becomes attractive to fork a "wealthy" block to "steal" the rewards therein. We show that this results in an equilibrium with undesirable properties for Bitcoin's security and performance, and even non-equilibria in some circumstances. We also revisit selfish mining and show that it can be made profitable for a miner with an arbitrarily low hash power share, and who is arbitrarily poorly connected within the network. Our results are derived from theoretical analysis and confirmed by a new Bitcoin mining simulator that may be of independent interest.
We discuss the troubling implications of our results for Bitcoin's future security and draw lessons for the design of new cryptocurrencies.

References

[1]
Calibrated learning and correlated equilibrium. Games and Economic Behavior, 21(1):40--55, 1997.
[2]
A simple adaptive procedure leading to correlated equilibrium. Econometrica, 68(5):1127--1150, 2000.
[3]
E. Androulaki, G. O. Karame, M. Roeschlin, T. Scherer, and S. Capkun. Evaluating user privacy in bitcoin. In Proceedings of Financial Cryptography, 2013.
[4]
S. Arora, E. Hazan, and S. Kale. The multiplicative weights update method: a meta-algorithm and applications. Theory of Computing, 8(1):121--164, 2012.
[5]
P. Auer, N. Cesa-Bianchi, Y. Freund, and R. E. Schapire. The nonstochastic multiarmed bandit problem. SIAM Journal of Computing, 32(1):48--77, 2002.
[6]
A. Blum and Y. Mansour. From external to internal regret. Journal of Machine Learning Research, 8:1307--1324, 2007.
[7]
N. T. Courtois and L. Bahack. On subversive miner strategies and block withholding attack in bitcoin digital currency. CoRR, abs/1402.1718, 2014.
[8]
I. Eyal. The miner's dilemma. In Security and Privacy (SP), 2015 IEEE Symposium on, pages 89--103. IEEE, 2015.
[9]
I. Eyal and E. G. Sirer. Majority is not enough: Bitcoin mining is vulnerable. In Financial Cryptography and Data Security, pages 436--454. Springer, 2014.
[10]
K. Hill. Bitcoin is not broken. Forbes, 2013. http://www.forbes.com/sites/kashmirhill/2013/11/06/bitcoin-is-not-broken/#55d4a8812568.
[11]
N. Houy. The economics of bitcoin transaction fees. Working Paper GATE 2014-07. halshs-00951358., 2014.
[12]
B. Johnson, A. Laszka, J. Grossklags, M. Vasek, and T. Moore. Game-theoretic analysis of ddos attacks against bitcoin mining pools. In Proceedings of the First Workshop on Bitcoin Research, 2014.
[13]
J. A. Kroll, I. C. Davey, and E. W. Felten. The economics of bitcoin mining, or bitcoin in the presence of adversaries. In Proceedings of the Twelfth Annual Workshop on the Economics of Information Security (WEIS), 2013.
[14]
N. Littlestone and M. K. Warmuth. The weighted majority algorithm. Inf. Comput., 108(2):212--261, 1994.
[15]
L. Luu, J. Teutsch, R. Kulkarni, and P. Saxena. Demystifying incentives in the consensus computer. In Proceedings of the ACM Conference on Computer and Communications Security (CCS), 2015.
[16]
A. Miller and R. Jansen. Shadow-bitcoin: scalable simulation via direct execution of multithreaded applications. In Proceedings of the eighth workshop on Cybersecurity Experimentations and Test (CSET), 2015.
[17]
M. Moser and R. Bohme. Trends, tips, tolls: A longitudinal study of bitcoin transaction fees. In Workshop on Bitcoin Research, pages 19--33, 2015.
[18]
S. Nakamoto. Bitcoin: A peer-to-peer electronic cash system, 2008.
[19]
K. Nayak, S. Kumar, A. Miller, and E. Shi. Stubborn mining: Generalizing selfish mining and combining with an eclipse attack. In IEEE European Symposium on Security and Privacy (EuroS&P), 2016.
[20]
R. Peter. A transaction fee market exists without a block size limit. 2015.
[21]
M. Rosenfeld. Analysis of bitcoin pooled mining reward systems. CoRR, abs/1112.4980, 2011.
[22]
A. Sapirshtein, Y. Sompolinsky, and A. Zohar. Optimal selfish mining strategies in bitcoin. In Financial Cryptography and Data Security, 2016.
[23]
M. Vasek, M. Thornton, and T. Moore. Empirical analysis of denial-of-service attacks in the bitcoin ecosystem. In Proceedings of the First Workshop on Bitcoin Research, 2014.

Cited By

View all

Recommendations

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences
CCS '16: Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security
October 2016
1924 pages
ISBN:9781450341394
DOI:10.1145/2976749
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].

Sponsors

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 24 October 2016

Permissions

Request permissions for this article.

Check for updates

Author Tags

  1. bitcoin
  2. cryptocurrencies
  3. equilibrium
  4. game theory
  5. learning
  6. selfish mining
  7. simulator

Qualifiers

  • Research-article

Funding Sources

Conference

CCS'16
Sponsor:

Acceptance Rates

CCS '16 Paper Acceptance Rate 137 of 831 submissions, 16%;
Overall Acceptance Rate 1,261 of 6,999 submissions, 18%

Upcoming Conference

CCS '25

Contributors

Other Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

  • Downloads (Last 12 months)656
  • Downloads (Last 6 weeks)89
Reflects downloads up to 09 Jan 2025

Other Metrics

Citations

Cited By

View all
  • (2025)BitcoinEncyclopedia of Cryptography, Security and Privacy10.1007/978-3-030-71522-9_1670(270-273)Online publication date: 8-Jan-2025
  • (2025)Incentives for Distributed LedgersEncyclopedia of Cryptography, Security and Privacy10.1007/978-3-030-71522-9_1666(1189-1191)Online publication date: 8-Jan-2025
  • (2024)Efficient Algorithm for Proportional Lumpability and Its Application to Selfish Mining in Public BlockchainsAlgorithms10.3390/a1704015917:4(159)Online publication date: 15-Apr-2024
  • (2024)SoK: MEV CountermeasuresProceedings of the Workshop on Decentralized Finance and Security10.1145/3689931.3694911(21-30)Online publication date: 19-Nov-2024
  • (2024)EverForest: A More-Than-AI Sustainability Manifesto from an On-Chain Artificial LifeProceedings of the Halfway to the Future Symposium10.1145/3686169.3686209(1-6)Online publication date: 21-Oct-2024
  • (2024)Computing Optimal Manipulations in Cryptographic Self-Selection Proof-of-Stake ProtocolsProceedings of the 25th ACM Conference on Economics and Computation10.1145/3670865.3673602(676-702)Online publication date: 8-Jul-2024
  • (2024)Undetectable Selfish MiningProceedings of the 25th ACM Conference on Economics and Computation10.1145/3670865.3673485(1017-1044)Online publication date: 8-Jul-2024
  • (2024)A Game Theoretical Analysis of Non-linear Blockchain SystemDistributed Ledger Technologies: Research and Practice10.1145/36071953:1(1-24)Online publication date: 18-Mar-2024
  • (2024)A Detection Method Against Selfish Mining-Like Attacks Based on Ensemble Deep Learning in IoTIEEE Internet of Things Journal10.1109/JIOT.2024.336768911:11(19564-19574)Online publication date: 1-Jun-2024
  • (2024)GasTrace: Detecting Sandwich Attack Malicious Accounts in Ethereum2024 IEEE International Conference on Web Services (ICWS)10.1109/ICWS62655.2024.00181(1409-1411)Online publication date: 7-Jul-2024
  • Show More Cited By

View Options

View options

PDF

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Login options

Media

Figures

Other

Tables

Share

Share

Share this Publication link

Share on social media