Be Selfish and Avoid Dilemmas: Fork After Withholding (FAW) Attacks on Bitcoin

In the Bitcoin system, participants are rewarded for solving cryptographic puzzles. In order to receive more consistent rewards over time, some participants organize mining pools and split the rewards from the pool in proportion to each participant's contribution. However, several attacks threaten the ability to participate in pools. The block withholding (BWH) attack makes the pool reward system unfair by letting malicious participants receive unearned wages while only pretending to contribute work. When two pools launch BWH attacks against each other, they encounter the miner's dilemma: in a Nash equilibrium, the revenue of both pools is diminished. In another attack called selfish mining, an attacker can unfairly earn extra rewards by deliberately generating forks. In this paper, we propose a novel attack called a fork after withholding (FAW) attack. FAW is not just another attack. The reward for an FAW attacker is always equal to or greater than that for a BWH attacker, and it is usable up to four times more often per pool than in BWH attack. When considering multiple pools --- the current state of the Bitcoin network -- the extra reward for an FAW attack is about 56% more than that for a BWH attack. Furthermore, when two pools execute FAW attacks on each other, the miner's dilemma may not hold: under certain circumstances, the larger pool can consistently win. More importantly, an FAW attack, while using intentional forks, does not suffer from practicality issues, unlike selfish mining. We also discuss partial countermeasures against the FAW attack, but finding a cheap and efficient countermeasure remains an open problem. As a result, we expect to see FAW attacks among mining pools.

[2]  Andrew Miller, Bobby Bhattacharjee, Dave Levin, Discovering Bitcoin ’ s Public Topology and Influential Nodes , 2015 .

[3]  Emin Gün Sirer, Robbert van Renesse, Adem Efe Gencer, Bitcoin-NG: A Scalable Blockchain Protocol , 2016, NSDI.

[4]  Srdjan Capkun, Ghassan Karame, Elli Androulaki, Double-spending fast payments in bitcoin , 2012, CCS '12.

[5]  Emin Gün Sirer, Ittay Eyal, Ittay Eyal, Majority Is Not Enough: Bitcoin Mining Is Vulnerable , 2014, Financial Cryptography.

[6]  S. Matthew Weinberg, Arvind Narayanan, Miles Carlsten, On the Instability of Bitcoin Without the Block Reward , 2016, CCS.

[7]  Nicolas Courtois, Lear Bahack, On Subversive Miner Strategies and Block Withholding Attack in Bitcoin Digital Currency , 2014, ArXiv.

[8]  Christian Decker, Roger Wattenhofer, Information propagation in the Bitcoin network , 2013, IEEE P2P 2013 Proceedings.

[9]  Daniel Davis Wood, ETHEREUM: A SECURE DECENTRALISED GENERALISED TRANSACTION LEDGER , 2014 .

[10]  Elaine Shi, Jonathan Katz, Andrew Miller, Permacoin: Repurposing Bitcoin Work for Data Preservation , 2014, 2014 IEEE Symposium on Security and Privacy.

[11]  Aviv Zohar, Yonatan Sompolinsky, Ayelet Sapirshtein, Optimal Selfish Mining Strategies in Bitcoin , 2016, Financial Cryptography.

[12]  Bart Preneel, Ren Zhang, Publish or Perish: A Backward-Compatible Defense Against Selfish Mining in Bitcoin , 2017, CT-RSA.

[13]  Bryan Ford, Philipp Jovanovic, Eleftherios Kokoris-Kogias, Enhancing Bitcoin Security and Performance with Strong Consistency via Collective Signing , 2016, USENIX Security Symposium.

[14]  Prateek Saxena, Loi Luu, Viswesh Narayanan, A Secure Sharding Protocol For Open Blockchains , 2016, CCS.

[15]  Hubert Ritzdorf, Srdjan Capkun, Ghassan Karame, On the Security and Performance of Proof of Work Blockchains , 2016, IACR Cryptol. ePrint Arch..

[16]  Jason Teutsch, Prateek Saxena, Loi Luu, SmartPool: Practical Decentralized Pooled Mining , 2017, USENIX Security Symposium.

[17]  Aviv Zohar, Yonatan Sompolinsky, Secure High-Rate Transaction Processing in Bitcoin , 2015, Financial Cryptography.

[18]  Meni Rosenfeld, Analysis of Bitcoin Pooled Mining Reward Systems , 2011, ArXiv.

[19]  Danny Bradbury, Insuring against data breaches , 2013 .

[20]  Ralph C. Merkle, Protocols for Public Key Cryptosystems , 1980, 1980 IEEE Symposium on Security and Privacy.

[21]  Jeremy Clark, Arvind Narayanan, Andrew Miller, SoK: Research Perspectives and Challenges for Bitcoin and Cryptocurrencies , 2015, 2015 IEEE Symposium on Security and Privacy.

[22]  Kartik Nayak, Elaine Shi, Andrew Miller, Stubborn Mining: Generalizing Selfish Mining and Combining with an Eclipse Attack , 2016, 2016 IEEE European Symposium on Security and Privacy (EuroS&P).

[23]  Moshe Babaioff, Shahar Dobzinski, Aviv Zohar, On Bitcoin and red balloons , 2011, SECO.

[24]  Prateek Saxena, Loi Luu, Aquinas Hobor, On Power Splitting Games in Distributed Computation: The Case of Bitcoin Pooled Mining , 2015, 2015 IEEE 28th Computer Security Foundations Symposium.

[25]  Lear Bahack, Theoretical Bitcoin Attacks with less than Half of the Computational Power (draft) , 2013, IACR Cryptol. ePrint Arch..

[27]  Ittay Eyal, Ittay Eyal, The Miner's Dilemma , 2015, 2015 IEEE Symposium on Security and Privacy.