Optimal Selfish Mining Strategies in Bitcoin (1507.06183v2)

Abstract: Bitcoin is a decentralized crypto-currency, and an accompanying protocol, created in 2008. Bitcoin nodes continuously generate and propagate blocks---collections of newly approved transactions that are added to Bitcoin's ledger. Block creation requires nodes to invest computational resources, but also carries a reward in the form of bitcoins that are paid to the creator. While the protocol requires nodes to quickly distribute newly created blocks, strong nodes can in fact gain higher payoffs by withholding blocks they create and selectively postponing their publication. The existence of such selfish mining attacks was first reported by Eyal and Sirer, who have demonstrated a specific deviation from the standard protocol (a strategy that we name SM1). In this paper we extend the underlying model for selfish mining attacks, and provide an algorithm to find $\epsilon$-optimal policies for attackers within the model, as well as tight upper bounds on the revenue of optimal policies. As a consequence, we are able to provide lower bounds on the computational power an attacker needs in order to benefit from selfish mining. We find that the profit threshold -- the minimal fraction of resources required for a profitable attack -- is strictly lower than the one induced by the SM1 scheme. Indeed, the policies given by our algorithm dominate SM1, by better regulating attack-withdrawals. Using our algorithm, we show that Eyal and Sirer's suggested countermeasure to selfish mining is slightly less effective than previously conjectured. Next, we gain insight into selfish mining in the presence of communication delays, and show that, under a model that accounts for delays, the profit threshold vanishes, and even small attackers have incentive to occasionally deviate from the protocol. We conclude with observations regarding the combined power of selfish mining and double spending attacks.

• The paper introduces a novel algorithm to compute ε-optimal selfish mining strategies that outperform the SM1 model.
• The research demonstrates that lower computational power thresholds enable profitable attacks, challenging previous security assumptions.
• It evaluates protocol modifications and reveals that network delays can eliminate profit margins, increasing vulnerability to double spending.

Analysis of Optimal Selfish Mining Strategies in Bitcoin

The paper "Optimal Selfish Mining Strategies in Bitcoin" by Sapirshtein, Sompolinsky, and Zohar explores the vulnerabilities within the Bitcoin protocol, particularly focusing on the exploitative potential of selfish mining strategies. This research builds upon the initial findings by Eyal and Sirer that introduced the SM1 strategy, highlighting its non-optimality and proposing enhanced approaches.

Overview of Key Contributions

This paper extends the model of selfish mining, employed by Bitcoin nodes, to consider a range of potential deviations from the standard protocol. The aim is to uncover $\epsilon$-optimal policies that maximize the attacker's revenue, while also determining the lower bounds of computational power required for these strategies to be beneficial.

1. Algorithm Development: The authors present a novel algorithm that computes $\epsilon$-optimal selfish mining strategies. This algorithm expands on the SM1 model by allowing finer control over attack-withdrawals, thereby outperforming SM1.
2. Profitability Threshold: The research finds that the computational power required for an attack to be profitable is lower than previously predicted by SM1. This marks a significant shift in understanding the minimal resources necessary for profitable selfish mining.
3. Protocol Modification Evaluation: The authors evaluate existing protocol modifications that aim to mitigate selfish mining. Notably, they analyze a countermeasure suggested by Eyal and Sirer and demonstrate its reduced effectiveness compared to previous assumptions, revealing that attackers possessing less than 25% computational power can still profit.
4. Impact of Communication Delays: By integrating a model accounting for block propagation delays, the paper reveals that the profit threshold may vanish entirely. This implies that even minor players may deviate from the protocol advantageously under certain network conditions.
5. Interaction with Double Spending Attacks: The synergy between selfish mining and double spending is examined, illustrating that any entity profiting from selfish mining can execute double spending attacks without incurring additional costs. This finding challenges previous security analyses of the Bitcoin protocol.

Numerical Insights and Implications

The authors provide quantitative results showcasing the revenue differences between honest mining, SM1, and the proposed optimal strategies across varying conditions. For instance, when $\gamma=1$, the optimal policies closely approach the theoretical upper bound of revenue, achieving {\bold significant} improvements over SM1.

Moreover, the implications on the Bitcoin network's security are notable. A successful adoption of these optimal strategies by attackers could lead to the consolidation of mining power, eventually leading to a 50% attack scenario where one entity controls the majority of the network's resources. This highlights a critical need for revising the protocol to prevent such vulnerabilities.

Future Developments

The research sets the stage for further investigations into blockchain protocols, suggesting a need for robust countermeasures against strategic deviations in mining behaviors. The results also call for a reevaluation of existing blockchain protocols in light of potential exploitative strategies that may become increasingly viable with network changes, such as increased block sizes or altered confirmation times.

In conclusion, this paper provides a thorough analysis of selfish mining strategies, challenging the perceived resilience of the Bitcoin protocol by demonstrating the ease with which attackers could potentially exploit the system under specific conditions. As blockchain technology continues to evolve, this work serves as a critical reminder of the ongoing need to anticipate and mitigate strategic risks.