On the Instability of Bitcoin Without the Block Reward

Authors:
Miles Carlsten

Princeton, Princeton, USA

Princeton, Princeton, USA
View Profile

,
Harry Kalodner

Princeton, Princeton, USA

Princeton, Princeton, USA
View Profile

,
S. Matthew Weinberg

Princeton, Princeton, USA

Princeton, Princeton, USA
View Profile

,
Arvind Narayanan

Princeton, Princeton, USA

Princeton, Princeton, USA
View Profile

CCS '16: Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications SecurityOctober 2016Pages 154–167https://doi.org/10.1145/2976749.2978408

Published:24 October 2016Publication History

CCS '16: Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security

Pages 154–167

ABSTRACT

Bitcoin provides two incentives for miners: block rewards and transaction fees. The former accounts for the vast majority of miner revenues at the beginning of the system, but it is expected to transition to the latter as the block rewards dwindle. There has been an implicit belief that whether miners are paid by block rewards or transaction fees does not affect the security of the block chain.

We show that this is not the case. Our key insight is that with only transaction fees, the variance of the block reward is very high due to the exponentially distributed block arrival time, and it becomes attractive to fork a "wealthy" block to "steal" the rewards therein. We show that this results in an equilibrium with undesirable properties for Bitcoin's security and performance, and even non-equilibria in some circumstances. We also revisit selfish mining and show that it can be made profitable for a miner with an arbitrarily low hash power share, and who is arbitrarily poorly connected within the network. Our results are derived from theoretical analysis and confirmed by a new Bitcoin mining simulator that may be of independent interest.

We discuss the troubling implications of our results for Bitcoin's future security and draw lessons for the design of new cryptocurrencies.

References

Calibrated learning and correlated equilibrium. Games and Economic Behavior, 21(1):40--55, 1997.Google Scholar
A simple adaptive procedure leading to correlated equilibrium. Econometrica, 68(5):1127--1150, 2000.Google ScholarCross Ref
E. Androulaki, G. O. Karame, M. Roeschlin, T. Scherer, and S. Capkun. Evaluating user privacy in bitcoin. In Proceedings of Financial Cryptography, 2013.Google ScholarCross Ref
S. Arora, E. Hazan, and S. Kale. The multiplicative weights update method: a meta-algorithm and applications. Theory of Computing, 8(1):121--164, 2012.Google Scholar
P. Auer, N. Cesa-Bianchi, Y. Freund, and R. E. Schapire. The nonstochastic multiarmed bandit problem. SIAM Journal of Computing, 32(1):48--77, 2002. Google ScholarDigital Library
A. Blum and Y. Mansour. From external to internal regret. Journal of Machine Learning Research, 8:1307--1324, 2007. Google ScholarDigital Library
N. T. Courtois and L. Bahack. On subversive miner strategies and block withholding attack in bitcoin digital currency. CoRR, abs/1402.1718, 2014.Google Scholar
I. Eyal. The miner's dilemma. In Security and Privacy (SP), 2015 IEEE Symposium on, pages 89--103. IEEE, 2015. Google ScholarDigital Library
I. Eyal and E. G. Sirer. Majority is not enough: Bitcoin mining is vulnerable. In Financial Cryptography and Data Security, pages 436--454. Springer, 2014.Google Scholar
K. Hill. Bitcoin is not broken. Forbes, 2013. http://www.forbes.com/sites/kashmirhill/2013/11/06/bitcoin-is-not-broken/#55d4a8812568.Google Scholar
N. Houy. The economics of bitcoin transaction fees. Working Paper GATE 2014-07. halshs-00951358., 2014.Google Scholar
B. Johnson, A. Laszka, J. Grossklags, M. Vasek, and T. Moore. Game-theoretic analysis of ddos attacks against bitcoin mining pools. In Proceedings of the First Workshop on Bitcoin Research, 2014.Google ScholarCross Ref
J. A. Kroll, I. C. Davey, and E. W. Felten. The economics of bitcoin mining, or bitcoin in the presence of adversaries. In Proceedings of the Twelfth Annual Workshop on the Economics of Information Security (WEIS), 2013.Google Scholar
N. Littlestone and M. K. Warmuth. The weighted majority algorithm. Inf. Comput., 108(2):212--261, 1994. Google ScholarDigital Library
L. Luu, J. Teutsch, R. Kulkarni, and P. Saxena. Demystifying incentives in the consensus computer. In Proceedings of the ACM Conference on Computer and Communications Security (CCS), 2015. Google ScholarDigital Library
A. Miller and R. Jansen. Shadow-bitcoin: scalable simulation via direct execution of multithreaded applications. In Proceedings of the eighth workshop on Cybersecurity Experimentations and Test (CSET), 2015. Google ScholarDigital Library
M. Moser and R. Bohme. Trends, tips, tolls: A longitudinal study of bitcoin transaction fees. In Workshop on Bitcoin Research, pages 19--33, 2015.Google ScholarCross Ref
S. Nakamoto. Bitcoin: A peer-to-peer electronic cash system, 2008.Google Scholar
K. Nayak, S. Kumar, A. Miller, and E. Shi. Stubborn mining: Generalizing selfish mining and combining with an eclipse attack. In IEEE European Symposium on Security and Privacy (EuroS&P), 2016.Google ScholarCross Ref
R. Peter. A transaction fee market exists without a block size limit. 2015.Google Scholar
M. Rosenfeld. Analysis of bitcoin pooled mining reward systems. CoRR, abs/1112.4980, 2011.Google Scholar
A. Sapirshtein, Y. Sompolinsky, and A. Zohar. Optimal selfish mining strategies in bitcoin. In Financial Cryptography and Data Security, 2016.Google Scholar
M. Vasek, M. Thornton, and T. Moore. Empirical analysis of denial-of-service attacks in the bitcoin ecosystem. In Proceedings of the First Workshop on Bitcoin Research, 2014.Google ScholarCross Ref

Index Terms

On the Instability of Bitcoin Without the Block Reward
1. Security and privacy
  1. Human and societal aspects of security and privacy
    1. Economics of security and privacy
2. Theory of computation
  1. Theory and algorithms for application domains
    1. Algorithmic game theory and mechanism design
      1. Algorithmic game theory

Recommendations

Double-spending fast payments in bitcoin
CCS '12: Proceedings of the 2012 ACM conference on Computer and communications security

Bitcoin is a decentralized payment system that relies on Proof-of-Work (PoW) to verify payments. Nowadays, Bitcoin is increasingly used in a number of fast payment scenarios, where the time between the exchange of currency and goods is short (in the ...
Read More
The effects of individual-level espoused national cultural values on the willingness to use Bitcoin-like blockchain currencies
Abstract
Some have called bitcoin a real bubble, while, according to others, it is the most radical invention of the twenty-first century. Nevertheless, there is a consensus regarding the disruptive potential of blockchain technology, which is ...
Highlights
- Espoused national cultural values affect the use of blockchain currencies.
- ...
Read More
Redesigning Bitcoin's fee market
WWW '19: The World Wide Web Conference

The Bitcoin payment system involves two agent types: Users that transact with the currency and pay fees and miners in charge of authorizing transactions and securing the system in return for these fees. Two of Bitcoin's challenges are (i) securing ...
Read More

Comments

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

Published in
CCS '16: Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security
October 2016
1924 pages
ISBN:9781450341394
DOI:10.1145/2976749
General Chairs:
Edgar Weippl
SBA Research, Austria
,
Stefan Katzenbeisser
TU Darmstadt, CYSEC, Germany
,
Program Chairs:
Christopher Kruegel
University of California, Santa Barbara, USA
,
Andrew Myers
Cornell University, USA
,
Shai Halevi
IBM Research, USA
Copyright © 2016 ACM
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].
Sponsors
In-Cooperation
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
- Published: 24 October 2016
Permissions
Request permissions about this article.
Request Permissions

Check for updates
Author Tags
bitcoin
cryptocurrencies
equilibrium
game theory
learning
selfish mining
simulator
Qualifiers
- research-article
Conference

Acceptance Rates
CCS '16 Paper Acceptance Rate137of831submissions,16%Overall Acceptance Rate1,261of6,999submissions,18%
More
Upcoming Conference
CCS '24

Sponsor:

sigsac

ACM SIGSAC Conference on Computer and Communications Security

October 14 - 18, 2024

Salt Lake City , UT , USA
Funding Sources
Other Metrics
View Article Metrics

Article Metrics
- 204
  Total Citations
  View Citations
- 6,154
  Total Downloads
- Downloads (Last 12 months)920
- Downloads (Last 6 weeks)102
Other Metrics
View Author Metrics
Cited By
View all

PDF Format

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

On the Instability of Bitcoin Without the Block Reward

CCS '16: Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security

ABSTRACT

References

Cited By

Index Terms

Recommendations

Double-spending fast payments in bitcoin

The effects of individual-level espoused national cultural values on the willingness to use Bitcoin-like blockchain currencies

Redesigning Bitcoin's fee market