Be Selfish and Avoid Dilemmas: Fork After Withholding (FAW) Attacks on Bitcoin (1708.09790v1)

Abstract: In the Bitcoin system, participants are rewarded for solving cryptographic puzzles. In order to receive more consistent rewards over time, some participants organize mining pools and split the rewards from the pool in proportion to each participant's contribution. However, several attacks threaten the ability to participate in pools. The block withholding (BWH) attack makes the pool reward system unfair by letting malicious participants receive unearned wages while only pretending to contribute work. When two pools launch BWH attacks against each other, they encounter the miner's dilemma: in a Nash equilibrium, the revenue of both pools is diminished. In another attack called selfish mining, an attacker can unfairly earn extra rewards by deliberately generating forks. In this paper, we propose a novel attack called a fork after withholding (FAW) attack. FAW is not just another attack. The reward for an FAW attacker is always equal to or greater than that for a BWH attacker, and it is usable up to four times more often per pool than in BWH attack. When considering multiple pools - the current state of the Bitcoin network - the extra reward for an FAW attack is about 56% more than that for a BWH attack. Furthermore, when two pools execute FAW attacks on each other, the miner's dilemma may not hold: under certain circumstances, the larger pool can consistently win. More importantly, an FAW attack, while using intentional forks, does not suffer from practicality issues, unlike selfish mining. We also discuss partial countermeasures against the FAW attack, but finding a cheap and efficient countermeasure remains an open problem. As a result, we expect to see FAW attacks among mining pools.

• The paper demonstrates that FAW attacks yield up to 56% higher returns than BWH attacks, enhancing attacker profitability.
• The paper highlights how FAW attacks disrupt mining pools by undermining revenue distribution and destabilizing pool cooperation.
• The paper reveals that existing countermeasures are insufficient, urging the development of robust reward systems to effectively counter FAW attacks.

An Analysis of Fork After Withholding (FAW) Attacks on Bitcoin

The paper "Be Selfish and Avoid Dilemmas: Fork After Withholding (FAW) Attacks on Bitcoin" introduces a novel attack strategy targeting the Bitcoin mining process, known as the Fork After Withholding (FAW) attack. This paper meticulously details the components and strategic execution of FAW attacks, examining their implications on the Bitcoin mining landscape. It advances the existing literature on Bitcoin security, particularly improving upon the known selfish mining and block withholding (BWH) attacks.

Summary of Findings

In the Bitcoin network, miners solve cryptographic puzzles to mine new blocks, being rewarded in newly generated bitcoins. To stabilize their income streams, miners often join mining pools. FAW attacks exploit these mining pools' structures and are an evolution of BWH attacks, which deceptively earn rewards by withholding valid blocks thereby diminishing target pools' earnings. FAW attacks extend this mechanism by incorporating fork creation, akin to selfish mining, aiming to illicitly maximize an attacker's rewards.

The paper's central claims are:

1. Profitability: FAW attacks are consistently more profitable compared to BWH attacks, providing attackers with superior financial returns. Numerical results indicate that the FAW attack returns can be up to 56% higher than those of the BWH attack.
2. Effect on Mining Pools: The presence of FAW attacks disrupts the revenue distribution among mining pools, potentially collapsing mutual understandings amongst pools not to attack each other—a phenomenon termed as "miner's dilemma."
3. Lack of Efficient Countermeasures: Existing countermeasures against BWH attacks are insufficient for mitigating FAW attacks. The paper suggests that the implementation of a more sophisticated attack-resistant reward system remains an unresolved challenge.
4. Theoretical Contributions: The FAW attack introduces a game-theoretical component where mining pools can strategize whether to engage in FAW attacks against one another. This game results in scenarios where larger pools dominate smaller ones, potentially destabilizing the network.

Implications

The implications of FAW attacks are multifaceted. For mining pools, the choice to engage or defend against such attacks becomes crucial. Mining pools must evaluate their size and connectivity within the network to either secure defenses or opt for strategic engagement against rivals. The risk that large pools might engage in FAW attacks raises concerns over centralization and the potential for network destabilization.

Theoretically, this paper enhances understanding of adversarial behavior in blockchain networks, adding to the discourse on Nash equilibria and incentives in cryptocurrency economics. Practically, it calls for a reassessment of pool management strategies and the development of new mechanism designs that can nullify the benefits of both FAW and similar attack vectors.

Future Developments

The challenges posed by FAW attacks necessitate innovation in detection and defense mechanisms within the Bitcoin protocol and similar proof-of-work systems. The exploration of alternative reward systems, modifications to block propagation protocols, or entirely new dispute-resolution mechanisms may become a focal point for future research. This paper serves as a cornerstone for such explorations, highlighting the need for comprehensive strategies to safeguard the decentralized, trustless environments that cryptocurrencies promise.

In conclusion, the introduction of the FAW attack model underscores the continual evolution of threats within blockchain networks. As the economic stakes within these networks elevate, so too must the sophistication and foresight with which these risks are managed.