TY - GEN
T1 - Optimal selfish mining strategies in bitcoin
AU - Sapirshtein, Ayelet
AU - Sompolinsky, Yonatan
AU - Zohar, Aviv
N1 - Publisher Copyright: © International Financial Cryptography Association 2017.
PY - 2017
Y1 - 2017
N2 - The Bitcoin protocol requires nodes to quickly distribute newly created blocks. Strong nodes can, however, gain higher payoffs by withholding blocks they create and selectively postponing their publication. The existence of such selfish mining attacks was first reported by Eyal and Sirer, who have demonstrated a specific deviation from the standard protocol (a strategy that we name SM1). In this paper we investigate the profit threshold – the minimal fraction of resources required for a profitable attack. Our analysis provides a bound under which the system can be considered secure against such attacks. Our techniques can be adapted to protocol modifications to assess their susceptibility to selfish mining, by computing the optimal attack under different variants. We find that the profit threshold is strictly lower than the one induced by the SM1 scheme. The policies given by our algorithm dominate SM1 by better regulating attack-withdrawals. We further evaluate the impact of some previously suggested countermeasures, and show that they are less effective than previously conjectured. We then gain insight into selfish mining in the presence of communication delays, and show that, under a model that accounts for delays, the profit threshold vanishes, and even small attackers have incentive to occasionally deviate from the protocol. We conclude with observations regarding the combined power of selfish mining and double spending attacks.
AB - The Bitcoin protocol requires nodes to quickly distribute newly created blocks. Strong nodes can, however, gain higher payoffs by withholding blocks they create and selectively postponing their publication. The existence of such selfish mining attacks was first reported by Eyal and Sirer, who have demonstrated a specific deviation from the standard protocol (a strategy that we name SM1). In this paper we investigate the profit threshold – the minimal fraction of resources required for a profitable attack. Our analysis provides a bound under which the system can be considered secure against such attacks. Our techniques can be adapted to protocol modifications to assess their susceptibility to selfish mining, by computing the optimal attack under different variants. We find that the profit threshold is strictly lower than the one induced by the SM1 scheme. The policies given by our algorithm dominate SM1 by better regulating attack-withdrawals. We further evaluate the impact of some previously suggested countermeasures, and show that they are less effective than previously conjectured. We then gain insight into selfish mining in the presence of communication delays, and show that, under a model that accounts for delays, the profit threshold vanishes, and even small attackers have incentive to occasionally deviate from the protocol. We conclude with observations regarding the combined power of selfish mining and double spending attacks.
UR - http://www.scopus.com/inward/record.url?scp=85019682167&partnerID=8YFLogxK
U2 - 10.1007/978-3-662-54970-4_30
DO - 10.1007/978-3-662-54970-4_30
M3 - منشور من مؤتمر
SN - 9783662549698
T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
SP - 515
EP - 532
BT - Financial Cryptography and Data Security - 20th International Conference, FC 2016, Revised Selected Papers
A2 - Preneel, Bart
A2 - Grossklags, Jens
PB - Springer Verlag
T2 - 20th International Conference on Financial Cryptography and Data Security, FC 2016
Y2 - 22 February 2016 through 26 February 2016
ER -