Elsevier

Computers & Security

Volume 97, October 2020, 101956
Computers & Security

Assessing blockchain selfish mining in an imperfect network: Honest and selfish miner views

https://doi.org/10.1016/j.cose.2020.101956Get rights and content

Abstract

Bitcoin and Ethereum, the most famous blockchain-based cryptocurrencies, both use Proof-of-Work protocol to achieve consensus, which is vulnerable to selfish mining. The existing researches on selfish mining analysis focused on Bitcoin, or ignored the blockchain details, or only investigated mining revenue without considering system performance and security.

This paper aims to quantitatively evaluate the influence of selfish mining in an imperfect blockchain network from the perspective of honest miners (system performance and security) and selfish miners (selfish mining revenue ratio). We develop a novel Markov model to capture the behaviors of honest and selfish miners in both Bitcoin and Ethereum. Our model can also capture natural forks (occurring due to block propagation delay) and the varying distance between uncle and nephew blocks in Ethereum. Formulas are derived to calculate mining revenue, system performance and security metrics. The proposed model and metric formulas are validated by (1) comparing our numerical with simulation results, and (2) comparing our numerical results with the existing work results. Numerical analysis is carried out to investigate selfish mining impact over diverse parameters. These quantitative results can help detect whether there are any selfish miners in the system, help design blockchain reward mechanisms and enhance security.

Introduction

BITCOIN (Nakamoto and Bitcoin, 2008) and Ethereum (Buterin, 2014) are the representatives of blockchain-based cryptocurrency. Bitcoin is the most popular and valuable cryptocurrency, and its market cap dominance is more than 60% in May 2020 (https://coinmarketcap.com/charts/ 2020). Ethereum, known as the representative of blockchain 2.0, is the largest and most active blockchain platform in the world. There are a large number of core protocol developers, fortune 500 companies, mining organizations, and Ether (the native cryptocurrency of Ethereum) holders in Ethereum community (https://ethereum.org/what-is-ethereum/ 2020).

Bitcoin and Ethereum both use Proof-of-Work (PoW) to reach consensus (Chicarino et al., 2020). In a PoW system, people or organizations attempt to generate a new block by solving a math puzzle. When a block is produced, based on the new block, all participants start to solve a new math puzzle. The above process is known as ‘mining blocks’, and the people or organizations, who take part in the mining, are known as ‘miners’. The essence of mining is solving a hash function, so the computing power for mining is called ‘hash power’. In both Bitcoin and Ethereum, the first miner who successfully produces a new regular block (the block in the main chain) is entitled to rewards. To increase the chance of generating a block, several miners form a mining pool and then work together to mine blocks and share their revenues when one of the pool members generates a block (Pachal and Ruj, 2019).

In an imperfect network, it takes time to propagate information from one node to the other nodes. Blockchain miners are all over the world and some miners can be in a bad network connection, leading to large network latency. In a blockchain network, more than one block can be generated and propagated nearly simultaneously. Therefore, the other miners can receive these blocks in a different order, and miners only validate the block they receive firstly. In this case, an inconsistency occurs, and a fork is created. The fork caused by block propagation delay is called a natural fork, which must exist in an imperfect blockchain network. See an example shown in Fig. 1a (Shahsavari et al., 2019). A green miner (M1) and a blue miner (M2) independently produce a new block, denoted as H1 and H2, respectively. Assume that H1 and H2 are produced and propagated almost at the same time. At time t, some miners receive H1 firstly and validate it, but others validate H2. Thus, a natural fork with two branches (H1 and H2) is created (depicted in Fig. 1b). The time intervals of generating a block in Bitcoin and Ethereum are about 10 minutes and 13 seconds, respectively (etherchain.org 2020). Therefore, forks are created more frequently in Ethereum, about 6.6% (etherchain.org 2020). Thus, Ethereum adopts a modified version of GHOST protocol (Sompolinsky and Zohar, 2015) which has a more complex reward mechanism. If there is a fork occurrence, Bitcoin and Ethereum both apply the longest rule to choose the main chain (Wang et al., 2019; Grunspan and Pérez-Marco, 2019a; Grunspan and Pérez-Marco, 2019; Bai et al., 2019; Göbel et al., 2016; Feng and Niu, 2019; Kasireddy, 2017).

Blockchain is exposed to various security threats. Blockchain-based cryptocurrencies, such as Bitcoin Gold, ZenCash, Zcash and Litecoin Cash, suffered from double-spending attacks, and millions of US dollars were lost in 2018 (Jang and Lee, 2019). Ethereum Classic, which is a hard fork of the original Ethereum, suffered selfish mining in 2019 (https://www.cryptoglobe.com/latest/2019/01/ethereum-classic-etc-network-s-hashpower-consolidation-is-not-51-attack-developers-claim/ 2020). Eyal and Sirer, (2014) first proposed the selfish mining attack in Bitcoin. Selfish miners get unfair revenue by keeping the new block privately for a while instead of publishing it immediately. For example, several selfish miners form a selfish pool (Fig. 1a), and the pool has produced four blocks but only publishes two blocks (Fig. 1b), which can prevent honest miners from mining blocks on the last block and then waste the power of honest miners. If a blockchain system is attacked by selfish mining, honest miners get less mining revenue than they deserve. Thus, honest miners are willing to participate selfish mining, and the decentralization of blockchain is destroyed.

There existed several studies on blockchain selfish mining analysis. However, these researches only focused on selfish mining in Bitcoin (Eyal and Sirer, 2014) and (Bai et al., 2019; Göbel et al., 2016), or ignored natural forks (Grunspan and Pérez-Marco, 2019; Grunspan and Pérez-Marco, 2019a; Bai et al., 2019; Göbel et al., 2016; Feng and Niu, 2019), or assumed that the distance between uncle and nephew blocks (which is denoted as ‘reference distance’ in this paper) is a constant, which is 1, in Ethereum (Wang et al., 2019; Grunspan and Pérez-Marco, 2019a HYPERLINK \l "bib29" , 2019b), or only evaluated the revenue for selfish miners without investigating performance and security (Eyal and Sirer, 2014; Wang et al., 2019; Grunspan and Pérez-Marco, 2019a; Grunspan and Pérez-Marco, 2019b; Bai et al., 2019; Göbel et al., 2016; Feng and Niu, 2019). However, natural forks are inevitable and do affect blockchain mining, especially in Ethereum. In addition, the reference distance is varying instead of being always equal to one when blocks are produced. Furthermore, selfish mining not only makes selfish miners get unfair revenue but also disrupts the system performance and security.

In this paper, we consider a system which consists of honest and selfish miners (defined in Sec. III-A). We develop an analytical model to quantitatively study blockchain selfish mining in an imperfect network. Then, we derive formulas to evaluate the impact of selfish mining on two typical blockchain systems (Bitcoin and Ethereum), from the perspective of honest miners (system performance and security) and selfish miners (selfish mining revenue ratio), respectively.

Our major contributions are summarized as follows.

  • The system studied in this paper is more realistic than that in the existing works. The system is in an imperfect network, so natural forks can be created by honest miners. In addition, the reference distance can vary with the blocks produced. We develop a Markov model to capture the behaviors of honest and selfish miners in the system. Our model also captures natural forks and varying reference.

  • We derive formulas for calculating the revenue of honest and selfish miners in both Bitcoin and Ethereum. Ethereum mining revenue consists of static block reward, uncle reward and nephew reward. Bitcoin mining revenue consists of only static block reward. The formula for calculating each reward is different for honest and selfish miners. Furthermore, based on our model, we compare two uncle block reference strategies in Ethereum, and the formulas for calculating the revenues in different reference strategies are different. These formulas can help honest miners to determine the selfish mining revenue ratio (defined in Sec. III-C) and set the threshold (it is used to limit selfish mining hash power to gain unfair revenue) and design mining reward mechanism under different situations in Bitcoin and Ethereum, respectively.

  • We derive formulas for calculating several performance and security metrics, including the stale block ratio, transactions per second, probability of double-spending success, and so on. To the best of our knowledge, we are the first to quantify the impact of selfish mining on blockchain performance and security by modeling the system. These metrics can offer the reference for honest miners to detect whether there exist selfish miners in the blockchain system and to estimate the hash power of the selfish pool. The security analysis can help to enhance blockchain security.

The rest of the paper is organized as follows. Section II presents related works. In Section III, we describe the behaviors of honest miners and selfish pool, respectively. Then, we present the model and metric formulas. Section IV shows the numerical and simulation results. Section V concludes the paper and then talks about future work.

Section snippets

Related work

Blockchain security has been a concerning problem since the birth of blockchain. There are multiple kinds of attacks threatening blockchain. Rot and Blaicke, (2019) summarized blockchain threats into five types: double-spending, mining threat, wallet threat, network threat, and smart contract threat. Zhang and Lee, (2019) proposed a double-spending attack combining with Sybil attack on Bitcoin, which can increase the probability of attack success with lower hash power. Volety et al., (2019)

System description and model

This section first describes the system to be considered and introduces the behaviors of honest miners and the selfish pool in Section III-A. Then we present the model in Section III-B and the formulas in Section III-C.

Analysis results

This section shows the analysis results of selfish mining in Bitcoin and Ethereum based on our model. We first verify our model and metric formulas by comparing other research works and our simulation experiments, which are shown in Figs. 6–8. Then we use numerical analysis to evaluate mining revenue for the selfish pool, the system performance and security, which are given in Figs. 9–16. In our result figures, ‘-S1’ and ‘-S2’ suffixes denote that the selfish pool adopts S1 and S2 (which are

Conclusion and future work

In this paper, we propose a continuous-time Markov chain model to analyze selfish mining in the top two largest cryptocurrencies by market capitalization, namely, Bitcoin and Ethereum. Our model enables us to capture the behaviors of the system with selfish miners. Differently from the existing models, our model considers the natural forks made by honest miners, and it has three-dimensional states which can describe the accurate reference distance in Ethereum. As illustrated in the experiment

Declaration of Competing Interest

The authors declare that they have no known competing financial interests or personal relationships that could have appeared to influence the work reported in this paper.

Runkai Yang received his B.Eng. in Computer Science and Technology from Beijing Information Science and Technology University, China, in 2016. He received his M.Eng. in Computer Technology from Beijing Jiaotong University, China, in 2018. He is pursuing a Ph.D. degree in Cyberspace Secure at Beijing Key Laboratory of Security and Privacy in Intelligent Transportation, Beijing Jiaotong University, China. His research interests include virtualization technology, cloud computing, and blockchain

References (37)

  • Johannes Göbel et al.

    Bitcoin blockchain dynamics: the selfish-mine strategy in the presence of propagation delay

    Perform. Eval.

    (2016)
  • Tejaswi Volety et al.

    Cracking Bitcoin wallets: I want what you have in the wallets

    Future Gener. Comput. Syst.

    (2019)
  • Qianlan Bai et al.

    A deep dive into blockchain selfish mining

    ICC

    (2019)
  • Mirko Bez et al.

    The scalability challenge of Ethereum: an initial quantitative analysis

    SOSE

    (2019)
  • Vitalik Buterin

    A next-generation smart contract and decentralized application platform.

    White Pap.

    (2014)
  • Vanessa R.L. Chicarino et al.

    On the detection of selfish mining and stalker attacks in blockchain networks

    Ann. des Télécommun.

    (2020)
  • Francisco J.C. da Silva et al.

    Analysis of Blockchain forking on an ethereum network

    Eur. Wirel.

    (2019)
  • Xuewen Dong et al.

    Selfholding: a combined attack model using selfish mining with block withholding attack

    Comput. Secur.

    (2019)
  • etherchain.org. Accessed: May,...
  • Ittay Eyal et al.

    Majority is not enough: Bitcoin mining is vulnerable

    Financ. Cryptogr.

    (2014)
  • Chen Feng et al.

    Selfish mining in Ethereum

    ICDCS

    (2019)
  • Yu Feng et al.

    Precise attack synthesis for smart contracts

    CoRR abs/1902

    (2019)
  • Cyril Grunspan et al.

    Selfish mining in Ethereum

    CoRR abs/1904

    (2019)
  • Cyril Grunspan et al.

    Selfish mining and Dyck words in Bitcoin and Ethereum networks

    CoRR abs/1904

    (2019)
  • https://coinmarketcap.com/charts/. Accessed: May,...
  • https://ethereum.org/what-is-ethereum/. Accessed: Jan.30,...
  • ...
  • https://www.maplesoft.com/. Accessed: May,...
  • Cited by (33)

    • Analysis of hybrid attack and defense based on block withholding strategy

      2023, Journal of Information Security and Applications
    • An In-Depth Look at Forking-Based Attacks in Ethereum With PoW Consensus

      2024, IEEE Transactions on Network and Service Management
    View all citing articles on Scopus

    Runkai Yang received his B.Eng. in Computer Science and Technology from Beijing Information Science and Technology University, China, in 2016. He received his M.Eng. in Computer Technology from Beijing Jiaotong University, China, in 2018. He is pursuing a Ph.D. degree in Cyberspace Secure at Beijing Key Laboratory of Security and Privacy in Intelligent Transportation, Beijing Jiaotong University, China. His research interests include virtualization technology, cloud computing, and blockchain security.

    Xiaolin Chang is Professor at School of Computer and Information Technology, Beijing Jiaotong University. She has published over 80 papers in journals and conferences. Her current research interests include Cloud-edge computing, cybersecurity, secure and dependable in machine learning. She is a member of IEEE.

    Jelena Mišić is Professor of Computer Science at Ryerson University in Toronto, Ontario, Canada. She has published over 120 papers in archival journals and close to 200 papers at international conferences in the areas of wireless networks, in particular wireless personal area network and wireless sensor network protocols, performance evaluation, and security. She serves on editorial boards of IEEE Transactions on Vehicular Technology, Computer Networks, Ad hoc Networks, Security and Communication Networks, Ad Hoc & Sensor Wireless Networks, Int. Journal of Sensor Networks, and Int. Journal of Telemedicine and Applications. She is a Fellow of IEEE and Member of ACM.

    Vojislav B. Mišić is Professor of Computer Science at Ryerson University in Toronto, Ontario, Canada. He received his PhD in Computer Science from University of Belgrade, Serbia, in 1993. His research interests include performance evaluation of wireless networks and systems and software engineering. He has authored or co-authored six books, 20 book chapters, and over 280 papers in archival journals and at prestigious international conferences. He serves on the editorial boards of IEEE transactions on Cloud Computing, Ad hoc Networks, Peer-to-Peer Networks and Applications, and International Journal of Parallel, Emergent and Distributed Systems. He is a Senior Member of IEEE and member of ACM.

    1

    The research of the first two authors was supported by the National Natural Science Foundation of China under Grant U1836105 and the Fundamental Research Funds for the Central Universities (Grant No. 2019YJS034).

    2

    The research of Jelena Mišić and Vojislav Mišić was supported in part by the National Science and Engineering Research Council of Canada (NSERC) through Discovery Grants.

    View full text