Majority is not Enough: Bitcoin Mining is Vulnerable (1311.0243v5)

Abstract: The Bitcoin cryptocurrency records its transactions in a public log called the blockchain. Its security rests critically on the distributed protocol that maintains the blockchain, run by participants called miners. Conventional wisdom asserts that the protocol is incentive-compatible and secure against colluding minority groups, i.e., it incentivizes miners to follow the protocol as prescribed. We show that the Bitcoin protocol is not incentive-compatible. We present an attack with which colluding miners obtain a revenue larger than their fair share. This attack can have significant consequences for Bitcoin: Rational miners will prefer to join the selfish miners, and the colluding group will increase in size until it becomes a majority. At this point, the Bitcoin system ceases to be a decentralized currency. Selfish mining is feasible for any group size of colluding miners. We propose a practical modification to the Bitcoin protocol that protects against selfish mining pools that command less than 1/4 of the resources. This threshold is lower than the wrongly assumed 1/2 bound, but better than the current reality where a group of any size can compromise the system.

• The paper shows that selfish mining enables pools to earn revenue exceeding their fair share, challenging the assumed incentive compatibility in Bitcoin.
• The authors employ state machine modeling and detailed simulations to quantify revenue gains and establish threshold conditions for successful attacks.
• The paper recommends a backward-compatible protocol tweak, including random branch selection, to raise the attack threshold and mitigate centralization risks.

Analysis of "Majority is not Enough: Bitcoin Mining is Vulnerable"

The paper by Ittay Eyal and Emin Gün Sirer, titled "Majority is not Enough: Bitcoin Mining is Vulnerable," presents an in-depth investigation into the vulnerabilities inherent within the Bitcoin mining protocol. Crucially, the research demonstrates that Bitcoin’s current protocol is not incentive-compatible and thus susceptible to manipulation by selfish mining strategies. This summary outlines the paper’s core arguments, methodology, numerical findings, and implications for both practical deployment and future theoretical work.

Core Arguments and Methodology

The primary claim of the paper refutes the conventional wisdom that Bitcoin's protocol is incentive-compatible. Specifically, it challenges the belief that a rational minority of miners has no incentive to deviate from the protocol. Instead, the authors introduce the concept of Selfish Mining, an undercutting strategy whereby a mining pool can obtain revenue exceeding its fair share by selectively revealing blocks they find to control the creation of the blockchain.

Methodologically, the authors develop a state machine to describe the dynamics of selfish mining relative to honest mining. They assume miners are rational and aim to maximize utility, leading them to converge toward more profitable strategies. Using mathematical modeling coupled with rigorous simulations, the authors provide quantitative evidence to back their claims.

Key Findings

Several notable findings stem from the analysis:

1. Selfish Mining Strategy Effectiveness: For pool sizes above a certain threshold, self-mining increases pool revenue disproportionately to its mining power. Specifically, the paper finds that once a selfish pool's mining power exceeds a threshold (which depends on network propagation delays and partial adoption rates), the pool's revenue grows superlinearly. For high propagation factors (γ approaching 1), even small pools can benefit from selfish mining.
2. Empirical Validation: The simulation results match theoretical analyses, indicating a significant increase in revenue for pools employing selfish mining strategies. The numerical simulations conducted with a variety of parameters show that the threshold size can be as low as 0, indicating ubiquity for potential attacks.
3. Protocol Flaws and Suggested Fixes: The authors propose a backward-compatible modification to the Bitcoin protocol, suggesting that miners, upon detection of multiple branches of identical length, should propagate and mine on a randomly chosen branch. This change could elevate the attack threshold to 0.25, making the system more resilient against smaller selfish pools.

Implications

Practical Implications:

• Mining Pool Behavior: Rational miners, upon realizing better incomes through selfish mining, will most likely collude, thereby increasing the size of selfish pools. This dynamic could perpetuate until a pool controls the majority mining power, leading to centralization and effectively collapsing decentralized integrity of the Bitcoin network.
• Protocol Adjustments: To mitigate the described attack, immediate adoption of the suggested protocol modifications is crucial. Miners should uniformly implement these changes to reduce the risk of a single pool exploiting the current Bitcoin system’s vulnerabilities.

Theoretical Implications:

• Incentive-Compatibility in Blockchain Protocols: This paper sets a precedent for critically evaluating the incentive structures underpinning cryptocurrencies. The findings necessitate revisiting and possibly redesigning other blockchain protocols.
• Systemic Risks of Blockchain Networks: Analyzing selfish behaviors within distributed systems opens up broader research avenues into ensuring decentralized consensus mechanisms remain robust against strategic manipulations.

Future Directions

The conclusions drawn from this research promote further exploration into:

• Dynamic Incentive Mechanisms: Developing adaptive protocols that dynamically adjust incentives to maintain a decentralized structure.
• Deep Network Analysis: Broader empirical analyses across different blockchain implementations beyond Bitcoin could benefit from the methodologies proposed by this paper to gauge vulnerability and apply corrective measures.
• Game-Theoretic Model Enhancements: Extending game-theoretic models to incorporate more granular miner behaviors and inter-miner communications could yield greater insights into reinforcing blockchain ecosystems.

In conclusion, Eyal and Sirer's research offers a pivotal critique of Bitcoin's mining protocol, substantiates the risks posed by selfish mining, and delineates concrete steps towards mitigating these vulnerabilities. The findings and recommendations have profound implications, urging both immediate protocol reforms and laying the groundwork for future explorations into blockchain security and incentive structures.