ABSTRACT
In the Bitcoin system, participants are rewarded for solving cryptographic puzzles. In order to receive more consistent rewards over time, some participants organize mining pools and split the rewards from the pool in proportion to each participant's contribution. However, several attacks threaten the ability to participate in pools. The block withholding (BWH) attack makes the pool reward system unfair by letting malicious participants receive unearned wages while only pretending to contribute work. When two pools launch BWH attacks against each other, they encounter the miner's dilemma: in a Nash equilibrium, the revenue of both pools is diminished. In another attack called selfish mining, an attacker can unfairly earn extra rewards by deliberately generating forks.
In this paper, we propose a novel attack called a fork after withholding (FAW) attack. FAW is not just another attack. The reward for an FAW attacker is always equal to or greater than that for a BWH attacker, and it is usable up to four times more often per pool than in BWH attack. When considering multiple pools --- the current state of the Bitcoin network -- the extra reward for an FAW attack is about 56% more than that for a BWH attack. Furthermore, when two pools execute FAW attacks on each other, the miner's dilemma may not hold: under certain circumstances, the larger pool can consistently win. More importantly, an FAW attack, while using intentional forks, does not suffer from practicality issues, unlike selfish mining. We also discuss partial countermeasures against the FAW attack, but finding a cheap and efficient countermeasure remains an open problem. As a result, we expect to see FAW attacks among mining pools.
Supplemental Material
- [1500 TH] p2pool: Decentralized, DoS-resistant, Hop-Proof pool. https://bitcointalk.org/index.php?topic=18313.14900. (2017) [Online; accessed 3-May-2017].Google Scholar
- Moshe Babaioff, Shahar Dobzinski, Sigal Oren, and Aviv Zohar. 2012. On Bitcoin and Red Balloons. In Conference on electronic commerce. ACM. Google ScholarDigital Library
- Lear Bahack. 2013. Theoretical Bitcoin Attacks with Less than Half of the Computational Power (draft). arXiv preprint arXiv:1312.7013 (2013).Google Scholar
- Bitcoin Mining Pools. https://bitcoinchain.com/pools. (2017). [Online; accessed 03-May-2017].Google Scholar
- Eligius: 0% Fee BTC, 105% PPS NMC, No registration, CPPSRB. (2014). https://bitcointalk.org/?topic=441465.msg7282674. [Online; accessed 28-Oct-2016].Google Scholar
- BITNODES. https://bitnodes.21.co/. (2016). [Online; accessed 30-Sep-2016].Google Scholar
- Blockchain Market Price. https://blockchain.info/ko/charts/market-price?timespan=all. (2016). [Online; accessed 30-Sep-2016].Google Scholar
- Joseph Bonneau, Andrew Miller, Jeremy Clark, Arvind Narayanan, Joshua A Kroll, and Edward W Felten. 2015. SoK: Research Perspectives and Challenges for Bitcoin and Cryptocurrencies. In Symposium on Security and Privacy. IEEE.Google Scholar
- Danny Bradbury. 2013. The Problem with Bitcoin. Computer Fraud & Security 2013, 11 (2013). Google ScholarCross Ref
- Vitalik Buterin. Selfish Mining: A 25% Attack Against the Bitcoin Network. (2013). https://bitcoinmagazine.com/articles/selfish-mining-a-25-attack-against-the-bitcoin-network-1383578440/. [Online; accessed 31-Oct-2016].Google Scholar
- Miles Carlsten, Harry Kalodner, S Matthew Weinberg, and Arvind Narayanan. 2016. On the Instability of Bitcoin ithout the Block Reward. In Conference on Computer and Communications Security. ACM.Google ScholarDigital Library
- Nicolas T Courtois and Lear Bahack. 2014.On Subversive Miner Strategies and Block Withholding Attack in Bitcoin Digital Currency. arXiv preprint arXiv:1402.1718 (2014).Google Scholar
- Christian Decker and Roger Wattenhofer. 2013. Information Propagation in the Bitcoin Network. In International Conference on Peer-to-Peer Computing. IEEE. Google ScholarCross Ref
- DOGECOIN. http://dogecoin.com/. (2016). [Online; accessed 30-Sep-2016].Google Scholar
- Ittay Eyal. 2015. The Miner's Dilemma. In Symposium on Security and Privacy. IEEE. Google ScholarDigital Library
- Ittay Eyal, Adem Efe Gencer, Emin Gün Sirer, and Robbert Van Renesse. 2016. Bitcoin-NG: A Scalable Blockchain Protocol. In Symposium on Networked Systems Design and Implementation. Usenix.Google Scholar
- Ittay Eyal and Emin Gün Sirer. How to Disincentivize Large Bitcoin Mining Pools. (2014). [Online; accessed 1-May-2017].Google Scholar
- Ittay Eyal and Emin Gün Sirer. 2014. Majority Is Not Enough: Bitcoin Mining Is Vulnerable. In International Conference on Financial Cryptography and Data Security. Springer.Google Scholar
- Arthur Gervais, Ghassan O Karame, Karl Wüst, Vasileios Glykantzis, Hubert Ritzdorf, and Srdjan Capkun. 2016. On the Security and Performance of Proof of Work blockchains. In Conference on Computer and Communications Security. ACM. Google ScholarDigital Library
- Ghassan O Karame, Elli Androulaki, and Srdjan Capkun. 2012. Double-spending Fast Payments in Bitcoin. In Conference on Computer and Communications Security. ACM.Google Scholar
- Eleftherios Kokoris Kogias, Philipp Jovanovic, Nicolas Gailly, Ismail Khoffi, Linus Gasser, and Bryan Ford. 2016. Enhancing Bitcoin Security and Performance with Strong Consistency via Collective Signing. In Security Symposium. Usenix.Google Scholar
- Litecoin. https://litecoin.info/Litecoin. (2016). [Online; accessed 30-Sep-2016].Google Scholar
- Loi Luu, Viswesh Narayanan, Chaodong Zheng, Kunal Baweja, Seth Gilbert, and Prateek Saxena. 2016. A Secure Sharding Protocol for Open Blockchains. In Conference on Computer and Communications Security. ACM. Google ScholarDigital Library
- Loi Luu, Ratul Saha, Inian Parameshwaran, Prateek Saxena, and Aquinas Hobor. 2015. On Power Splitting Games in Distributed Computation: The Case of Bitcoin Pooled Mining. In Computer Security Foundations Symposium (CSF). IEEE. Google ScholarDigital Library
- Loi Luu, Yaron Velner, Jason Teutsch, and Prateek Saxena. SMART POOL: Practical Decentralized Pooled Mining. (2017).Google Scholar
- Ralph C Merkle. 1980. Protocols for Public Key Cryptosystems. In Symposium on Security and privacy. IEEE.Google Scholar
- Andrew Miller, Ari Juels, Elaine Shi, Bryan Parno, and Jonathan Katz. 2014. Permacoin: Repurposing bitcoin work for data preservation. In Symposium on Security and Privacy. IEEE. Google ScholarDigital Library
- Andrew Miller, James Litton, Andrew Pachulski, Neal Gupta, Dave Levin, Neil Spring, and Bobby Bhattacharjee. Discovering Bitcoin's Public Topology and Influential Nodes. (2015).Google Scholar
- Satoshi Nakamoto. Bitcoin: A peer-to-peer electronic cash system. (2008).Google Scholar
- Kartik Nayak, Srijan Kumar, Andrew Miller, and Elaine Shi. 2016. Stubborn Mining: Generalizing Selfish Mining and Combining with an Eclipse Attack. In European Symposium on Security and Privacy. IEEE. Google ScholarCross Ref
- Double Spending Risk Remains After July 4th Bitcoin Fork. https://www.coindesk.com/double-spending-risk-bitcoin-network-fork/. (2016). [Online; accessed 30-Sep-2016].Google Scholar
- Proof of Work. https://en.bitcoin.it/wiki/Proof_of_work. (2016). [Online; accessed 30-Sep-2016].Google Scholar
- J Ben Rosen. 1965. Existence and Uniqueness of Equilibrium Points for Concave n-person Games. Econometrica: Journal of the Econometric Society (1965).Google Scholar
- Meni Rosenfeld. 2011. Analysis of Bitcoin Pooled Mining Reward Systems. arXiv preprint arXiv:1112.4980 (2011).Google Scholar
- Ayelet Sapirshtein, Yonatan Sompolinsky, and Aviv Zohar. 2015. Optimal Selfish Mining Strategies in Bitcoin. arXiv preprint arXiv:1507.06183 (2015).Google Scholar
- Yonatan Sompolinsky} and Aviv Zohar. 2015. Secure high-rate transaction processing in Bitcoin. In International Conference on Financial Cryptography and Data Security. Springer.Google Scholar
- Stratum Mining Protocol. https://en.bitcoin.it/wiki/Stratum_mining_protocol. (2016). [Online; accessed 30-Sep-2016].Google Scholar
- Gavin Wood. 2014. Ethereum: A secure decentralised generalised transaction ledger. Ethereum Project Yellow Paper 151 (2014).Google Scholar
- Ren Zhang and Bart Preneel. 2017. Publish or Perish: A Backward-Compatible Defense Against Selfish Mining in Bitcoin. In Cryptographers' Track at the RSA Conference. Springer. Google ScholarCross Ref
Index Terms
- Be Selfish and Avoid Dilemmas: Fork After Withholding (FAW) Attacks on Bitcoin
Recommendations
Power Adjusting and Bribery Racing: Novel Mining Attacks in the Bitcoin System
CCS '19: Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications SecurityMining attacks allow attackers to gain an unfair share of the mining reward by deviating from the honest mining strategy in the Bitcoin system. Among the most well-known are block withholding (BWH), fork after withholding (FAW), and selfish mining. In ...
An Eye for an Eye: Economics of Retaliation in Mining Pools
AFT '19: Proceedings of the 1st ACM Conference on Advances in Financial TechnologiesCurrently, miners typically join mining pools to solve cryptographic puzzles together, and mining pools are in high competition. This has led to the development of several attack strategies such as block withholding (BWH) and fork after withholding (FAW)...
If You Can’t Beat Them, Pay Them: Bitcoin Protection Racket is Profitable
ACSAC '22: Proceedings of the 38th Annual Computer Security Applications ConferencePooled mining has become the most popular mining approach in the Bitcoin system, which can effectively reduce the variance of the block generation reward of participants. The security of pooled mining depends on whether it is incentive compatible, that ...
Comments