skip to main content
research-article
Free access

Majority is not enough: bitcoin mining is vulnerable

Published: 25 June 2018 Publication History

Abstract

The Bitcoin cryptocurrency records its transactions in a public log called the blockchain. Its security rests critically on the distributed protocol that maintains the blockchain, run by participants called miners. Conventional wisdom asserts that the mining protocol is incentive-compatible and secure against colluding minority groups, that is, it incentivizes miners to follow the protocol as prescribed.
We show that the Bitcoin mining protocol is not incentive-compatible. We present an attack with which colluding miners' revenue is larger than their fair share. The attack can have significant consequences for Bitcoin: Rational miners will prefer to join the attackers, and the colluding group will increase in size until it becomes a majority. At this point, the Bitcoin system ceases to be a decentralized currency.
Unless certain assumptions are made, selfish mining may be feasible for any coalition size of colluding miners. We propose a practical modification to the Bitcoin protocol that protects Bitcoin in the general case. It prohibits selfish mining by a coalition that command less than 1/4 of the resources. This threshold is lower than the wrongly assumed 1/2 bound, but better than the current reality where a coalition of any size can compromise the system.

References

[1]
Andresen, G. March 2013 chain fork post-mortem. BIP 50, en.bitcoin.it/wiki/BIP_50, retrieved Sep. 2013.
[2]
Babaioff, M., Dobzinski, S., Oren, S., Zohar, A. On Bitcoin and red balloons. In EC (ACM, 2012).
[3]
Barber, S., Boyen, X., Shi, E., Uzun, E. Bitter to better, how to make Bitcoin a better currency. In FC (2012).
[4]
bitcoincharts.com. Bitcoin network. bitcoincharts.com/bitcoin/ (Nov. 2013).
[5]
blockchain.info. Bitcoin market capitalization. blockchain.info/charts/market-cap (Jan. 2014).
[6]
Chaum, D. Blind signatures for untraceable payments. In Crypto 82 (1982), 199--203.
[7]
Decker, C., Wattenhofer, R. Information propagation in the Bitcoin network. In P2P (IEEE, 2013).
[8]
Eyal, I., Sirer, E.G. Bitcoin is broken. hackingdistributed.com/2013/11/04/bitcoin-is-broken/ (2013).
[9]
Eyal, I., Sirer, E.G. Majority is not enough: Bitcoin mining is vulnerable. arXiv preprint arXiv:1311.0243 (2013).
[10]
Felten, E.W. Bitcoin research in Princeton CS. freedom-to-tinker.com/blog/felten/bitcoin-research-in-princeton-cs/ (2013).
[11]
Kelkar, A., Bernard, J., Joshi, S., Premkumar, S., Sirer, E.G. Virtual notary.virtual-notary.org/ (Retrieved Sep. 2013).
[12]
Kroll, J.A., Davey, I.C., Felten, E.W. The economics of Bitcoin mining or, Bitcoin in the presence of adversaries. In Workshop on the Economics of Information Security (2013).
[13]
Lee, T.B. Four reasons Bitcoin is worth studying. forbes.com/sites/timothylee/2013/04/07/four-reasons-bitcoin-is-worth-studying/2/ (2013).
[14]
Miers, I., Garman, C., Green, M., Rubin, A.D. Zerocoin: Anonymous distributed e-cash from Bitcoin. In IEEE Symposium on Security and Privacy (2013).
[15]
Nakamoto, S. Bitcoin: A peer-to-peer electronic cash system (2008).
[16]
Namecoin Project. Namecoin DNS -- DotBIT project. dot-bit.org (Retrieved Sep. 2013).
[17]
Narayanan, A., Miller, A. Why the Cornell paper on Bitcoin mining is important. freedom-to-tinker. com/blog/randomwalker/why-the-cornell-paper-on-bitcoin-mining-is-important/ (2013).
[18]
Neighborhood Pool Watch. October 27th 2013 weekly pool and network statistics. organofcorti.blogspot.com/2013/10/october-27th-2013-weekly-pool-and.html (Retrieved Oct. 2013).
[19]
Pacia, C. Bitcoin mining explained like you're five: Part 1 -- incentives. chrispacia.wordpress.com/2013/09/02/bitcoin-mining-explained-like-youre-five-part-1-incentives/ (September 2013).
[20]
RHorning, mtgox, btchris, and ByteCoin. Mining cartel attack. bitcointalk.org/index.php?topic=2227, December 2010.
[21]
Rosenfeld, M. Analysis of Bitcoin pooled mining reward systems. arXiv preprint arXiv:1112.4980 (2011).
[22]
Swanson, E. Bitcoin mining calculator. alloscomp.com/bitcoin/calculator (Retrieved Sep. 2013).
[23]
Vishnumurthy, V., Chandrakumar, S., Sirer, E.G. Karma: A secure economic framework for peer-to-peer resource sharing. In Workshop on Economics of Peer-to-Peer Systems (2003).
[24]
Wikipedia. List of cryptocurrencies.en.wikipedia.org/wiki/List_of_cryptocurrencies (Oct. 2013).
[25]
Yang, B., Garcia-Molina, H. PPay: Micropayments for peer-to-peer systems. In CCS (ACM, 2003).

Cited By

View all
  • (2025)GENETIC CRYPTOCURRENCY -A HUMAN SAVERSSRN Electronic Journal10.2139/ssrn.5009994Online publication date: 2025
  • (2025)Mined Block Withholding and Imposed Fork by Using Mining Pool Alliance Strategic—A Case Study in Bitcoin SystemIEEE Access10.1109/ACCESS.2024.352296213(817-833)Online publication date: 2025
  • (2025)Asymmetric variable depth learning automaton and its application in defending against selfish mining attacks on bitcoinApplied Soft Computing10.1016/j.asoc.2024.112416170(112416)Online publication date: Feb-2025
  • Show More Cited By

Recommendations

Reviews

Barrett Hazeltine

This article concerns a way to circumvent the decentralization aspect of Bitcoin, that is, it shows how a group of "miners" could control the cryptocurrency by colluding. The attractiveness of Bitcoin is the perception that no person can be in control. In fact, no evidence exists that up to now a group of miners has colluded. This article gives a strategy for reducing the possibility of control. Bitcoin "records its transactions in a public log called the blockchain." Participants, called miners, enter transactions using a distributive protocol. These miners bring different amounts of resources. As the authors state, "conventional wisdom asserts that the mining protocol ... incentivizes miners to follow the protocol as prescribed" by ensuring that miners would not profit by doing otherwise. Conventional wisdom is incorrect. The article shows that rational miners, by colluding, will profit from a higher share of profits than noncolluding miners; "the colluding group will increase in size until it becomes a [controlling] majority." When such happens, "the Bitcoin system ceases to be a decentralized currency." The article proposes a practical modification to the protocol. The modification prevents "selfish mining by a coalition that commands less than one-fourth of the [total] resources"; this limit is "better than the current reality where a coalition of any size can compromise the system." This article is of most interest to designers of cryptocurrency systems, but is readable and thus of value to anyone wanting to know what is under the hood.

Access critical reviews of Computing literature here

Become a reviewer for Computing Reviews.

Comments

Information & Contributors

Information

Published In

cover image Communications of the ACM
Communications of the ACM  Volume 61, Issue 7
July 2018
90 pages
ISSN:0001-0782
EISSN:1557-7317
DOI:10.1145/3234519
Issue’s Table of Contents
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 25 June 2018
Published in CACM Volume 61, Issue 7

Permissions

Request permissions for this article.

Check for updates

Qualifiers

  • Research-article
  • Research
  • Refereed

Contributors

Other Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

  • Downloads (Last 12 months)1,302
  • Downloads (Last 6 weeks)146
Reflects downloads up to 17 Jan 2025

Other Metrics

Citations

Cited By

View all
  • (2025)GENETIC CRYPTOCURRENCY -A HUMAN SAVERSSRN Electronic Journal10.2139/ssrn.5009994Online publication date: 2025
  • (2025)Mined Block Withholding and Imposed Fork by Using Mining Pool Alliance Strategic—A Case Study in Bitcoin SystemIEEE Access10.1109/ACCESS.2024.352296213(817-833)Online publication date: 2025
  • (2025)Asymmetric variable depth learning automaton and its application in defending against selfish mining attacks on bitcoinApplied Soft Computing10.1016/j.asoc.2024.112416170(112416)Online publication date: Feb-2025
  • (2025)Optimal blocks for maximizing the transaction fee revenue of Bitcoin minersJournal of Combinatorial Optimization10.1007/s10878-024-01249-049:1Online publication date: 1-Jan-2025
  • (2024)Oligopoly structure in the cryptocurrency marketAnali Ekonomskog fakulteta u Subotici10.5937/AnEkSub2300026T(91-104)Online publication date: 2024
  • (2024)Max attestation mattersProceedings of the 33rd USENIX Conference on Security Symposium10.5555/3698900.3699250(6255-6272)Online publication date: 14-Aug-2024
  • (2024)RICEProceedings of the 41st International Conference on Machine Learning10.5555/3692070.3692394(8203-8228)Online publication date: 21-Jul-2024
  • (2024)BAR Nash Equilibrium and Application to Blockchain DesignProceedings of the 23rd International Conference on Autonomous Agents and Multiagent Systems10.5555/3635637.3663185(2435-2437)Online publication date: 6-May-2024
  • (2024)Smart and Secure E-Voting Application using Blockchain TechnologyInternational Journal of Advanced Research in Science, Communication and Technology10.48175/IJARSCT-15999(626-631)Online publication date: 26-Mar-2024
  • (2024)A Focused Bibliometric Analysis of Blockchain Research in India (2014-2023)Leveraging Blockchain for Future-Ready Libraries10.4018/979-8-3693-7783-3.ch002(33-50)Online publication date: 11-Oct-2024
  • Show More Cited By

View Options

View options

PDF

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Digital Edition

View this article in digital edition.

Digital Edition

Magazine Site

View this article on the magazine site (external)

Magazine Site

Login options

Full Access

Media

Figures

Other

Tables

Share

Share

Share this Publication link

Share on social media