AI帮你理解科学

AI 生成解读视频

AI抽取解析论文重点内容自动生成视频


pub
生成解读视频

AI 溯源

AI解析本论文相关学术脉络


Master Reading Tree
生成 溯源树

AI 精读

AI抽取本论文的概要总结


微博一下
We further show that the Bitcoin mining protocol will never be safe against attacks by a selfish mining pool that commands more than 1/3 of the total mining power of the network

Majority Is Not Enough: Bitcoin Mining Is Vulnerable.

Communications of the ACM, no. 7 (2018): 95-102

被引用1423|浏览229
EI
下载 PDF 全文
引用
微博一下

摘要

The Bitcoin cryptocurrency records its transactions in a public log called the blockchain. Its security rests critically on the distributed protocol that maintains the blockchain, run by participants called miners. Conventional wisdom asserts that the mining protocol is incentive-compatible and secure against colluding minority groups, th...更多

代码

数据

0
简介
  • Bitcoin [23] is a cryptocurrency that has recently emerged as a popular medium of exchange, with a rich and extensive ecosystem.
  • Each miner that successfully solves a cryptopuzzle is allowed to record a set of transactions, and to collect a reward in Bitcoins.
  • The more mining power a miner applies, the better are its chances to solve the puzzle first.
  • This reward structure provides an incentive for miners to contribute their resources to the system, and is essential to the currency’s decentralized nature
重点内容
  • Bitcoin [23] is a cryptocurrency that has recently emerged as a popular medium of exchange, with a rich and extensive ecosystem
  • We further show that the Bitcoin mining protocol will never be safe against attacks by a selfish mining pool that commands more than 1/3 of the total mining power of the network
  • The resulting bound of 2/3 for the fraction of Bitcoin mining power that needs to follow the honest protocol to ensure that the protocol remains resistant to being gamed is substantially lower than the 50% figure currently assumed, and difficult to achieve in practice
  • Our results show that Bitcoin’s mining protocol is not incentive-compatible
  • Higher revenues can lead new miners to join a selfish miner pool, a dangerous dynamic that enables the selfish mining pool to grow towards a majority
  • We offer a backwardscompatible modification to Bitcoin that ensures that pools smaller than 1/4 of the total mining power cannot profitably engage selfish mining
结果
  • For a mining pool with high connectivity and good control on information flow, the threshold is close to zero.
  • This implies that, if less than 100% of the miners are honest, the system may not be incentive compatible: The first selfish miner will earn proportionally higher revenues than its honest counterparts, and the revenue of the selfish mining pool will increase superlinearly with pool size.
  • The resulting bound of 2/3 for the fraction of Bitcoin mining power that needs to follow the honest protocol to ensure that the protocol remains resistant to being gamed is substantially lower than the 50% figure currently assumed, and difficult to achieve in practice
结论
  • The authors briefly discuss below several points at the periphery of the scope.

    System Collapse.
  • The authors refer to a state in which a single entity controls the entire currency system as a collapse of Bitcoin.
  • An analysis of a Bitcoin monopolist’s behavior is beyond the scope of this paper, but the authors believe that a currency that is de facto or potentially controlled by a single entity may deter many of Bitcoin’s clients.Bitcoin is the first widely popular cryptocurrency with a broad user base and a rich ecosystem, all hinging on the incentives in place to maintain the critical Bitcoin blockchain.
  • The authors show that at least 2/3 of the network needs to be honest to thwart selfish mining; a simple majority is not enough
总结
  • Introduction:

    Bitcoin [23] is a cryptocurrency that has recently emerged as a popular medium of exchange, with a rich and extensive ecosystem.
  • Each miner that successfully solves a cryptopuzzle is allowed to record a set of transactions, and to collect a reward in Bitcoins.
  • The more mining power a miner applies, the better are its chances to solve the puzzle first.
  • This reward structure provides an incentive for miners to contribute their resources to the system, and is essential to the currency’s decentralized nature
  • Results:

    For a mining pool with high connectivity and good control on information flow, the threshold is close to zero.
  • This implies that, if less than 100% of the miners are honest, the system may not be incentive compatible: The first selfish miner will earn proportionally higher revenues than its honest counterparts, and the revenue of the selfish mining pool will increase superlinearly with pool size.
  • The resulting bound of 2/3 for the fraction of Bitcoin mining power that needs to follow the honest protocol to ensure that the protocol remains resistant to being gamed is substantially lower than the 50% figure currently assumed, and difficult to achieve in practice
  • Conclusion:

    The authors briefly discuss below several points at the periphery of the scope.

    System Collapse.
  • The authors refer to a state in which a single entity controls the entire currency system as a collapse of Bitcoin.
  • An analysis of a Bitcoin monopolist’s behavior is beyond the scope of this paper, but the authors believe that a currency that is de facto or potentially controlled by a single entity may deter many of Bitcoin’s clients.Bitcoin is the first widely popular cryptocurrency with a broad user base and a rich ecosystem, all hinging on the incentives in place to maintain the critical Bitcoin blockchain.
  • The authors show that at least 2/3 of the network needs to be honest to thwart selfish mining; a simple majority is not enough
相关工作
  • Decentralized digital currencies have been proposed before Bitcoin, starting with [11] and followed by peer-to-peer currencies [32,34]; see [5,22] for short surveys. None of these are centered around a global log; therefore, their techniques and challenges are unrelated to this work.

    Several dozen cryptocurrencies have followed Bitcoin’s success [17,18,33], most prominently Litecoin [21]. These currencies are based on a global log, which is extended by the users’ efforts. We conjecture that the essential technique of withholding blocks for selfish mining can be directly applied to all such systems.

    It was commonly believed that the Bitcoin system is sound as long as a majority of the participants honestly follow the protocol, and the “51 % attack” was the chief concern [1,20,23]. The notion of soundness for a nascent, distributed, Internet-wide, decentralized system implies the presence of incentives for adoption of the prescribed protocol, for such incentives ensure a robust system comprised of participants other than enthusiastic and altruistic early adopters. Felten [15] notes that “there was a folk theorem that the Bitcoin system was stable, in the sense that if everyone acted according to their incentives, the inevitable result would be that everyone followed the rules of Bitcoin as written.” Others [25] have claimed that “the well-known argument – never proven, but taken on intuitive faith – that a minority of miners can’t control the network is a special case of a more general assumption: that a coalition of miners with X% of the network’s hash power can make no more than X% of total mining revenues.” A survey [5] on the technical features responsible for Bitcoin’s success notes that the Bitcoin design “addresses the incentive problems most expeditiously,” while Bitcoin tutorials for the general public hint at incentives designed to align participants’ and the system’s goals [27]. More formally, Kroll, Davey and Felten’s work [19] provides a game-theoretic analysis of Bitcoin, without taking into account block withholding attacks such as selfish mining, and argues that the honest strategy constitutes a Nash equilibrium, implying incentive-compatibility.
基金
  • This research was supported by the NSF Trust STC and by DARPA
引用论文
  • andes: Bitcoin’s kryptonite: the 51% attack, June 2011. https://bitcointalk.org/index.php?topic=12435
    Findings
  • Andresen, G.: March 2013 chain fork post-mortem. BIP 50. https://en.bitcoin.it/wiki/BIP 50. Accessed September 2013
    Findings
  • Araoz, M.: Proof of existence. http://www.proofofexistence.com/. Accessed September 2013
    Findings
  • Babaioff, M., Dobzinski, S., Oren, S., Zohar, A.: On Bitcoin and red balloons. In: ACM Conference on Electronic Commerce, pp. 56–73 (2012)
    Google ScholarLocate open access versionFindings
  • Barber, S., Boyen, X., Shi, E., Uzun, E.: Bitter to better — how to make Bitcoin a better currency. In: Keromytis, A.D. (ed.) FC 2012. LNCS, vol. 7397, pp. 399–414. Springer, Heidelberg (2012)
    Google ScholarLocate open access versionFindings
  • Bitcoin community: Bitcoin source. https://github.com/bitcoin/bitcoin. Accessed September 2013
    Findings
  • Bitcoin community: protocol rules. https://en.bitcoin.it/wiki/Protocol rules. Accessed September 2013
    Findings
  • Bitcoin community: protocol specification. https://en.bitcoin.it/wiki/Protocol specification. Accessed September 2013
    Findings
  • bitcoincharts.com: Bitcoin network. http://bitcoincharts.com/bitcoin/. Accessed November 2013
    Findings
  • blockchain.info: Bitcoin market capitalization. http://blockchain.info/charts/market-cap. Accessed January 2014
    Findings
  • Chaum, D.: Blind signatures for untraceable payments. In: CRYPTO, vol. 82, pp. 199–203 (1982)
    Google ScholarFindings
  • Decker, C., Wattenhofer, R.: Information propagation in the Bitcoin network. In: IEEE P2P (2013)
    Google ScholarFindings
  • Eyal, I., Sirer, E.G.: Bitcoin is broken (2013). http://hackingdistributed.com/2013/11/04/bitcoin-is-broken/
    Findings
  • Eyal, I., Sirer, E.G.: Majority is not enough: Bitcoin mining is vulnerable (2013). arXiv preprint arXiv:1311.0243
    Findings
  • Felten, E.W.: Bitcoin research in Princeton CS, November 2013. https://freedom-to-tinker.com/blog/felten/bitcoin-research-in-princeton-cs/
    Findings
  • Kelkar, A., Bernard, J., Joshi, S., Premkumar, S., Sirer, E.G.: Virtual notary. http://virtual-notary.org/. Accessed September 2013
    Findings
  • King, S.: Primecoin: cryptocurrency with prime number proof-of-work (2013). http://primecoin.org/static/primecoin-paper.pdf
    Findings
  • King, S., Nadal, S.: PPCoin: peer-to-peer crypto-currency with proof-of-stake (2012). https://archive.org/details/PPCoinPaper
    Findings
  • Kroll, J.A., Davey, I.C., Felten, E.W.: The economics of Bitcoin mining or, Bitcoin in the presence of adversaries. In: Workshop on the Economics of Information Security (2013)
    Google ScholarLocate open access versionFindings
  • Lee, T.B.: Four reasons Bitcoin is worth studying, April 2013. http://www.forbes.com/sites/timothylee/2013/04/07/four-reasons-bitcoin-is-worth-studying/2/
    Findings
  • Litecoin Project: Litecoin, open source P2P digital currency. https://litecoin.org. Accessed September 2013
    Findings
  • Miers, I., Garman, C., Green, M., Rubin, A.D.: Zerocoin: anonymous distributed e-cash from Bitcoin. In: IEEE Symposium on Security and Privacy (2013)
    Google ScholarLocate open access versionFindings
  • Nakamoto, S.: Bitcoin: a peer-to-peer electronic cash system (2008) 24. Namecoin Project: Namecoin DNS - DotBIT project. https://dot-bit.org. Accessed September 2013 25.
    Findings
  • Narayanan, A., Miller, A.: Why the Cornell paper on Bitcoin mining is important, November 2013. https://freedom-to-tinker.com/blog/randomwalker/why-the-cornell-paper-on-bitcoin-mining-is-important/26. Neighborhood Pool Watch: October 27th 2013 weekly pool and network statistics.http://organofcorti.blogspot.com/2013/10/october-27th-2013-weekly-pool-and.html. Accessed October 2013 27.
    Locate open access versionFindings
  • Pacia, C.: Bitcoin mining explained like you’re five: part 1 - incentives, September 2013. http://chrispacia.wordpress.com/2013/09/02/bitcoin-mining-explainedlike-youre-five-part-1-incentives/28. RHorning, mtgox, btchris, ByteCoin:mining cartel attack, December 2010.https://bitcointalk.org/index.php?topic=2227 29.
    Locate open access versionFindings
  • Ron, D., Shamir, A.: Quantitative analysis of the full Bitcoin transaction graph. In: Sadeghi, A.-R. (ed.) FC 2013. LNCS, vol. 7859, pp. 6–24.
    Google ScholarLocate open access versionFindings
  • Springer, Heidelberg (2013)
    Google ScholarFindings
  • 30. Rosenfeld, M.: Analysis of Bitcoin pooled mining reward systems (2011). arXiv preprint arXiv:1112.4980 31. Swanson, E.: Bitcoin mining calculator. http://www.alloscomp.com/bitcoin/calculator. Accessed September 2013 32.
    Findings
  • Vishnumurthy, V., Chandrakumar, S., Sirer, E.G.: Karma: a secure economic framework for peer-to-peer resource sharing. In: Workshop on Economics of Peerto-Peer Systems (2003) 33. Wikipedia: List of cryptocurrencies. https://en.wikipedia.org/wiki/List of cryptocurrencies. Accessed October 2013 34.
    Locate open access versionFindings
  • Yang, B., Garcia-Molina, H.: PPay: micropayments for peer-to-peer systems. In: Proceedings of the 10th ACM Conference on Computer and Communications Security, pp. 300–310. ACM (2003)
    Google ScholarLocate open access versionFindings
您的评分 :
0

 

标签
评论
小科