Skip to main content
SpringerLink
Log in

When Cryptocurrencies Mine Their Own Business

  • Conference paper
  • First Online:
Book cover Financial Cryptography and Data Security (FC 2016)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 9603))

Included in the following conference series:

Abstract

Bitcoin and hundreds of other cryptocurrencies employ a consensus protocol called Nakamoto consensus which rewards miners for maintaining a public blockchain. In this paper, we study the security of this protocol with respect to rational miners and show how a minority of the computation power can incentivize the rest of the network to accept a blockchain of the minority’s choice. By deviating from the mining protocol, a mining pool which controls at least 38.2% of the network’s total computational power can, with modest financial capacity, gain mining advantage over honest mining. Such an attack creates a longer valid blockchain by forking the honest blockchain, and the attacker’s blockchain need not disrupt any “legitimate” non-mining transactions present on the honest blockchain. By subverting the consensus protocol, the attacking pool can double-spend money or simply create a blockchain that pays mining rewards to the attacker’s pool. We show that our attacks are easy to encode in any Nakamoto-consensus-based cryptocurrency which supports a scripting language that is sufficiently expressive to encode its own mining puzzles.

J. Teutsch and P. Saxena’s research is supported by Singapore Ministry of Education Grant No. R-252-000-560-112. S. Jain is supported in part by NUS grant Nos. R252-000-534-112, R146-000-181-112 and C252-000-087-001.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    It further assumes a favorable broadcast network between miners.

  2. 2.

    Since the time required to solve these script puzzles is modest, Ethereum’s gaslimit function does not hinder their execution.

  3. 3.

    In the following discussions, we assume that the total number of processors on the network is fixed.

  4. 4.

    The puzzle M chooses may be identical to the nonce he needs to solve in order to extend his private blockchain, and this choice may help M to mine faster on his private chain. We do not attempt to quantify the advantage of implementing this strategy, however, as latency from network broadcasts and puzzle reward commitment schemes make the benefit difficult to estimate.

  5. 5.

    For simplicity of calculation, we assume that the hardness of the puzzle that M posts in a given block is equally hard compared to the mining problem in the current block.

  6. 6.

    For the purposes of our calculations, it is equivalent to assume that the miner devotes a fraction of his computational resources to puzzle solving and \(1-a\) fraction to mining.

  7. 7.

    A slightly weaker inequality holds here. At the end of Attack 1, the attacker’s private chain is a block longer than the public chain, and so the attacker’s expected net gain per block actually exceeds \((1-p) \cdot b\) by some positive quantity, namely \( [(1-p)\epsilon / (p-\epsilon )]\cdot b\), which tends to zero as \(\epsilon \rightarrow 0\). In this argument we ultimately care only about what happens as \(\epsilon \) approaches 0, and so for now we ignore this quantity. We revisit the present calculation in more detail in Lemma 7.

  8. 8.

    Since many Bitcoin users do not consider a transaction confirmed until the transaction is at least 6 places deep in the blockchain, one might wish to wait until the private chain extension is at least 6 blocks long before revealing it. This can be done be choosing an \(\epsilon \) satisfying, in the notation of Lemma 5, \(t(p,\epsilon ,1) \ge 6 \cdot (p-\epsilon )/p\), or equivalently \(\epsilon \le p/6\).

  9. 9.

    In the long run, the private blockchain becomes the main chain.

References

  1. http://coinmarketcap.com/

  2. http://www.mail-archive.com/cryptography@metzdowd.com/msg09959.html

  3. Bonneau, J.: Why buy when you can rent? bribery attacks on Bitcoin. In: Clark, J., Meiklejohn, S., Ryan, P.Y.A., Wallach, D., Brenner, M., Rohloff, K. (eds.) FC 2016. LNCS, vol. 9604, pp. 19–26. Springer, Heidelberg (2016). doi:10.1007/978-3-662-53357-4_2

    Chapter  Google Scholar 

  4. Courtois, N.T.: On the longest chain rule and programmed self-destruction of crypto currencies. CoRR, abs/1405.0534 (2014)

    Google Scholar 

  5. Courtois, N.T., Bahack, L.: On subversive miner strategies and block withholding attack in Bitcoin digital currency. CoRR, abs/1402.1718 (2014)

    Google Scholar 

  6. Eyal, I.: The miner’s dilemma. In: IEEE Symposium on Security and Privacy (SP 2015), pp. 89–103, May 2015

    Google Scholar 

  7. Eyal, I., Sirer, E.G.: Majority is not enough: Bitcoin mining is vulnerable. In: Christin, N., Safavi-Naini, R. (eds.) FC 2014. LNCS, vol. 8437, pp. 436–454. Springer, Heidelberg (2014). doi:10.1007/978-3-662-45472-5_28

    Google Scholar 

  8. Ethereum Foundation. Ethereum’s white paper (2014). https://github.com/ethereum/wiki/wiki/White-Paper

  9. Franco, P.: Understanding Bitcoin: Cryptography, Engineering and Economics. Wiley, New York (2014)

    Book  Google Scholar 

  10. Garay, J., Kiayias, A., Leonardos, N.: The Bitcoin backbone protocol: analysis and applications. In: Oswald, E., Fischlin, M. (eds.) EUROCRYPT 2015. LNCS, vol. 9057, pp. 281–310. Springer, Heidelberg (2015). doi:10.1007/978-3-662-46803-6_10

    Google Scholar 

  11. Luu, L., Saha, R., Parameshwaran,I., Saxena, P., Hobor, A.: On power splitting games in distributed computation: the case of Bitcoin pooled mining. http://eprint.iacr.org/2015/155

  12. Luu, L., Teutsch, J., Kulkarni, R., Saxena, P.: Demystifying incentives in the consensus computer. In: Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security (CCS 2015), pp. 706–719. ACM, New York (2015)

    Google Scholar 

  13. Nakamoto, S.: Bitcoin: a peer-to-peer electronic cash system. http://bitcoin.org/bitcoin.pdf

  14. Rosenfeld, M.: Analysis of Bitcoin pooled mining reward systems. CoRR, abs/1112.4980 (2011)

    Google Scholar 

  15. Tschorsch, F., Scheuermann, B.: Bitcoin and beyond: a technical survey on decentralized digital currencies. http://eprint.iacr.org/2015/464

Download references

Acknowledgements

We thank Frank Stephan, Loi Luu, and Gregory J. Duck for useful discussions and helpful feedback.

Author information

Authors and Affiliations

  1. School of Computing, National University of Singapore, Singapore, 117543, Singapore

    Jason Teutsch, Sanjay Jain & Prateek Saxena

Authors
  1. Jason Teutsch
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Sanjay Jain
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Prateek Saxena
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Jason Teutsch .

Editor information

Editors and Affiliations

  1. Technical University Munich, Garching, Germany

    Jens Grossklags

  2. Department of Electrical Engineering-ESAT, KU Leuven, Leuven, Belgium

    Bart Preneel

Rights and permissions

Reprints and permissions

Copyright information

© 2017 International Financial Cryptography Association

About this paper

Cite this paper

Teutsch, J., Jain, S., Saxena, P. (2017). When Cryptocurrencies Mine Their Own Business. In: Grossklags, J., Preneel, B. (eds) Financial Cryptography and Data Security. FC 2016. Lecture Notes in Computer Science(), vol 9603. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-662-54970-4_29

Download citation

  • DOI: https://doi.org/10.1007/978-3-662-54970-4_29

  • Published:

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-662-54969-8

  • Online ISBN: 978-3-662-54970-4

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation