Advertisement

Majority Is Not Enough: Bitcoin Mining Is Vulnerable

  • Ittay Eyal
  • Emin Gün Sirer
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 8437)

Abstract

The Bitcoin cryptocurrency records its transactions in a public log called the blockchain. Its security rests critically on the distributed protocol that maintains the blockchain, run by participants called miners. Conventional wisdom asserts that the mining protocol is incentive-compatible and secure against colluding minority groups, that is, it incentivizes miners to follow the protocol as prescribed.

We show that the Bitcoin mining protocol is not incentive-compatible. We present an attack with which colluding miners obtain a revenue larger than their fair share. This attack can have significant consequences for Bitcoin: Rational miners will prefer to join the selfish miners, and the colluding group will increase in size until it becomes a majority. At this point, the Bitcoin system ceases to be a decentralized currency.

Unless certain assumptions are made, selfish mining may be feasible for any group size of colluding miners. We propose a practical modification to the Bitcoin protocol that protects Bitcoin in the general case. It prohibits selfish mining by pools that command less than \(1/4\) of the resources. This threshold is lower than the wrongly assumed \(1/2\) bound, but better than the current reality where a group of any size can compromise the system.

Keywords

Overlay Network Sybil Attack Honest Node Mining Power Mining Pool 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

Notes

Acknowledgements

We are grateful to Raphael Rom, Fred B. Schneider, Eva Tardos, and Dror Kronstein for their valuable advice on drafts of this paper, as well as our shepherd Rainer Böhme for his guidance.

References

  1. 1.
    andes: Bitcoin’s kryptonite: the 51% attack, June 2011. https://bitcointalk.org/index.php?topic=12435
  2. 2.
    Andresen, G.: March 2013 chain fork post-mortem. BIP 50. https://en.bitcoin.it/wiki/BIP_50. Accessed September 2013
  3. 3.
    Araoz, M.: Proof of existence. http://www.proofofexistence.com/. Accessed September 2013
  4. 4.
    Babaioff, M., Dobzinski, S., Oren, S., Zohar, A.: On Bitcoin and red balloons. In: ACM Conference on Electronic Commerce, pp. 56–73 (2012)Google Scholar
  5. 5.
    Barber, S., Boyen, X., Shi, E., Uzun, E.: Bitter to better — how to make Bitcoin a better currency. In: Keromytis, A.D. (ed.) FC 2012. LNCS, vol. 7397, pp. 399–414. Springer, Heidelberg (2012)Google Scholar
  6. 6.
    Bitcoin community: Bitcoin source. https://github.com/bitcoin/bitcoin. Accessed September 2013
  7. 7.
    Bitcoin community: protocol rules. https://en.bitcoin.it/wiki/Protocol_rules. Accessed September 2013
  8. 8.
    Bitcoin community: protocol specification. https://en.bitcoin.it/wiki/Protocol_specification. Accessed September 2013
  9. 9.
    bitcoincharts.com: Bitcoin network. http://bitcoincharts.com/bitcoin/. Accessed November 2013
  10. 10.
    blockchain.info: Bitcoin market capitalization. http://blockchain.info/charts/market-cap. Accessed January 2014
  11. 11.
    Chaum, D.: Blind signatures for untraceable payments. In: CRYPTO, vol. 82, pp. 199–203 (1982)Google Scholar
  12. 12.
    Decker, C., Wattenhofer, R.: Information propagation in the Bitcoin network. In: IEEE P2P (2013)Google Scholar
  13. 13.
    Eyal, I., Sirer, E.G.: Bitcoin is broken (2013). http://hackingdistributed.com/2013/11/04/bitcoin-is-broken/
  14. 14.
    Eyal, I., Sirer, E.G.: Majority is not enough: Bitcoin mining is vulnerable (2013). arXiv preprint arXiv:1311.0243
  15. 15.
    Felten, E.W.: Bitcoin research in Princeton CS, November 2013. https://freedom-to-tinker.com/blog/felten/bitcoin-research-in-princeton-cs/
  16. 16.
    Kelkar, A., Bernard, J., Joshi, S., Premkumar, S., Sirer, E.G.: Virtual notary. http://virtual-notary.org/. Accessed September 2013
  17. 17.
    King, S.: Primecoin: cryptocurrency with prime number proof-of-work (2013). http://primecoin.org/static/primecoin-paper.pdf
  18. 18.
    King, S., Nadal, S.: PPCoin: peer-to-peer crypto-currency with proof-of-stake (2012). https://archive.org/details/PPCoinPaper
  19. 19.
    Kroll, J.A., Davey, I.C., Felten, E.W.: The economics of Bitcoin mining or, Bitcoin in the presence of adversaries. In: Workshop on the Economics of Information Security (2013)Google Scholar
  20. 20.
    Lee, T.B.: Four reasons Bitcoin is worth studying, April 2013. http://www.forbes.com/sites/timothylee/2013/04/07/four-reasons-bitcoin-is-worth-studying/2/
  21. 21.
    Litecoin Project: Litecoin, open source P2P digital currency. https://litecoin.org. Accessed September 2013
  22. 22.
    Miers, I., Garman, C., Green, M., Rubin, A.D.: Zerocoin: anonymous distributed e-cash from Bitcoin. In: IEEE Symposium on Security and Privacy (2013)Google Scholar
  23. 23.
    Nakamoto, S.: Bitcoin: a peer-to-peer electronic cash system (2008)Google Scholar
  24. 24.
    Namecoin Project: Namecoin DNS - DotBIT project. https://dot-bit.org. Accessed September 2013
  25. 25.
    Narayanan, A., Miller, A.: Why the Cornell paper on Bitcoin mining is important, November 2013. https://freedom-to-tinker.com/blog/randomwalker/why-the-cornell-paper-on-bitcoin-mining-is-important/
  26. 26.
    Neighborhood Pool Watch: October 27th 2013 weekly pool and network statistics. http://organofcorti.blogspot.com/2013/10/october-27th-2013-weekly-pool-and.html. Accessed October 2013
  27. 27.
    Pacia, C.: Bitcoin mining explained like you’re five: part 1 - incentives, September 2013. http://chrispacia.wordpress.com/2013/09/02/bitcoin-mining-explained-like-youre-five-part-1-incentives/
  28. 28.
    RHorning, mtgox, btchris, ByteCoin: mining cartel attack, December 2010. https://bitcointalk.org/index.php?topic=2227
  29. 29.
    Ron, D., Shamir, A.: Quantitative analysis of the full Bitcoin transaction graph. In: Sadeghi, A.-R. (ed.) FC 2013. LNCS, vol. 7859, pp. 6–24. Springer, Heidelberg (2013)Google Scholar
  30. 30.
    Rosenfeld, M.: Analysis of Bitcoin pooled mining reward systems (2011). arXiv preprint arXiv:1112.4980
  31. 31.
    Swanson, E.: Bitcoin mining calculator. http://www.alloscomp.com/bitcoin/calculator. Accessed September 2013
  32. 32.
    Vishnumurthy, V., Chandrakumar, S., Sirer, E.G.: Karma: a secure economic framework for peer-to-peer resource sharing. In: Workshop on Economics of Peer-to-Peer Systems (2003)Google Scholar
  33. 33.
    Wikipedia: List of cryptocurrencies. https://en.wikipedia.org/wiki/List_of_cryptocurrencies. Accessed October 2013
  34. 34.
    Yang, B., Garcia-Molina, H.: PPay: micropayments for peer-to-peer systems. In: Proceedings of the 10th ACM Conference on Computer and Communications Security, pp. 300–310. ACM (2003)Google Scholar

Copyright information

© International Financial Cryptography Association 2014

Authors and Affiliations

  1. 1.Department of Computer ScienceCornell UniversityIthacaUSA

Personalised recommendations