Cornell researchers teach Bitcoin attack lesson in selfish mining

Nov 06, 2013 by Nancy Owano weblog
Pool revenue using the Selfsh-Mine strategy for different propagation factors, compared to the honest Bitcoin protocol. Simulation matches the theoretical analysis, and both show that Selfsh-Mine results in higher revenues than the honest protocol above a threshold. Credit: arXiv:1311.0243 [cs.CR] .

(Phys.org) —Bitcoin is a digital currency that has, well, gained currency, as a medium of exchange. Now two computer science researchers from Cornell find that this extensive ecosystem can be undermined and they outline how in a paper that they have posted on arXiv.

The paper, "Majority is not Enough: Bitcoin Mining is Vulnerable," is by Ittay Eyal, a postdoc member of the Computer Sciences department at Cornell and Emin Gun Sirer, associate professor at Cornell. According to the two researchers, "Empirical evidence shows that Bitcoin miners behave strategically and form pools. Specifically, because rewards are distributed at infrequent, random intervals miners form mining pools in order to decrease the variance of their income rate. Within such pools, all members contribute to the solution of each cryptopuzzle, and share the rewards proportionally to their contributions. To the best of our knowledge, so far such pools have been benign and followed the protocol." Nonetheless, they describe a strategy that could be used by a minority pool to obtain more revenue than the pool's fair share, that is, more than its ratio of the total mining power. "The key idea behind this strategy, called Selfish Mining, is for a pool to keep its discovered blocks private, thereby intentionally forking the chain," they wrote. This selfishness can come out of people getting together to siphon off more money than a fair share for mining activities.

The authors wrote that central to Bitcoin operations is a public log called the blockchain where all transactions are recorded. The security of the blockchain is established by a chain of cryptographic puzzles solved by a loosely organized network of participants called miners. The two researchers present an attack with which colluding miners obtain a revenue larger than their fair share. "This attack can have significant consequences for Bitcoin," they warned, where rational miners join selfish miners and the colluding group increases increase in size until it becomes a majority. At this point, they said, the Bitcoin system ceases to be a decentralized currency.

A Scientific American report on their findings further explained how damage might occur: Instead of releasing solutions to solved cryptopuzzles. The selfish crew can mine a branch in secret, hiding it from honest miners. The group would then get a higher share of coins than is fair for the resources they have contributed because they have forced other miners to waste computing power on the original chain. The problem gets worse as the selfish group recruits extra members.

Elsewhere, the two were asked if they were trying to take Bitcoin down with their sober warning. "We're Bitcoin supporters," they blogged, " and are working to make the currency stronger against a broader set of possible misbehaviors than what has been considered so far." They proposed in their paper a practical modification to the Bitcoin protocol that protects against selfish mining pools. Can Bitcoin remain a viable currency? Sirer said, "Probably. We have shown that as long as selfish miners are below a certain threshold, they will not succeed."

Explore further: New fund launched for bitcoin investors

More information: Majority is not Enough: Bitcoin Mining is Vulnerable, arXiv:1311.0243 [cs.CR]: arxiv.org/abs/1311.0243
hackingdistributed.com/2013/11… /faq-selfish-mining/
www.newscientist.com/article/d… irtual-currency.html

Related Stories

New fund launched for bitcoin investors

Sep 26, 2013

Bitcoin Thursday got a lift with the arrival of a new investment vehicle that lets wealthy and professional investors bet on the virtual currency.

Tor and Bitcoin promise online stealth

Oct 02, 2013

The Silk Road website that was shut down by US authorities, who branded it a black market for drugs and other illicit wares, relied on Tor and Bitcoins to protect the anonymity of users. ...

US seizes Bitcoin operator accounts

May 18, 2013

US authorities seized the accounts of a Bitcoin digital currency exchange operator, claiming it was functioning as an "unlicensed money service business," court documents showed Friday.

Recommended for you

How to secure the cloud

19 hours ago

For many of us, the primary reason we use "the cloud" is for storage—whether it's storing email through services like Gmail and Yahoo!, photos on Flickr, or personal documents on Dropbox. Many organizations ...

Berkeley team explores sound for indoor localization

23 hours ago

The global positioning system, or GPS, has its limitations—namely, it cannot work indoors. Potential solutions for indoor positioning continue to fire up the imaginations of scientists. The latest news ...

Taking great ideas from the lab to the fab

Jul 31, 2014

A "valley of death" is well-known to entrepreneurs—the lull between government funding for research and industry support for prototypes and products. To confront this problem, in 2013 the National Science ...

User comments : 4

Adjust slider to filter visible comments by rank

Display comments: newest first

grondilu
1 / 5 (1) Nov 06, 2013
Why would the chain mined in secret be stronger than the public chain?? Can't it only happen if the selfish miners have more processing power than the rest of the miners? Therefore I don't see the difference there is with the well-known 51% attack.
klintus_fang
not rated yet Nov 07, 2013
I know next to nothing about how bitcoin works but it sounds like agreement on the progress of the "mining" operation is distributed rather than centralized, and that this technique might be taking advantage of the inevitable lack at atomicity in the process. But that's an utterly random guess.
Technophebe
not rated yet Nov 07, 2013
I think the idea is that it's possible for a group of miners with enough processing power to get far enough ahead that they can force other groups' work to be discarded by keeping their block discoveries secret until the right time. This means they generate more profit per processing hour than other groups that share discoveries immediately.

Once they can do that, it follows that other rational miners will join their group because they can guarantee them a larger return on their investment, and the effect snowballs until you have one mining conglomerate with absolute control over the production of Bitcoins and the system is no longer distributed, it's centralized.

Basically you don't need 51% of the muscle to completely control Bitcoin, only 25% (if following this strategy), so Bitcoin is more vulnerable to a monopoly/takeover than previously thought.
klintus_fang
not rated yet Nov 07, 2013
I didn't mean to suggest that it should be centralized. Just pointing out that such a strategy appears to be exploiting a loop hole in how the distributed algorithm distributes the decision of which paths to discard. They have found a strategy that enables those executing the strategy to bias that decision to favor themselves.