Selfish mining is a kind of mining strategy for bitcoin and other proof of work (PoW) mechanism blockchain. To put it simply, it is not announced when the block is dug, but it continues to be mined, and then published according to the strategy. This strategy, according to the researchers, actually slows down network verification blocks, undermines the profitability of honest miners, and, until difficulty adjustments are made, hurts the selfish miners themselves.
It can be said that in this case, selfish mining is equivalent to “killing the enemy 1000 self loss 800” of the “seven wounded boxing.” Selfish mining can be profitable only if the difficulty is adjusted.
As such, we see selfish mining as a form of attack on the Bitcoin protocol that exploits flaws in the bitcoin difficulty adjustment formula. While difficult to implement in practice, it is more feasible than 51% attacks. In response, researchers CYRIL GRUNSPAN and RICARDO Perez-Marco have proposed a new difficulty adjustment formula that does not eliminate the possibility of selfish mining, but does not give selfish mining an advantage over honest mining even in the case of difficulty adjustment.
Thesis title: On the Profitability of Selfish Mining
Authors: CYRIL GRUNSPAN and RICARDO Perez-Marco
Abstract: We investigate the possible selfish mining strategies in the Bitcoin network and evaluate their cost and profitability. The expected duration of the attack has been neglected in much of the literature, but it is critical. We show that this strategy can only be profitable if the network adjusts its difficulty. Thus, this is an attack on the difficulty adjustment algorithm. We propose an improved protocol that would make the Bitcoin network immune to selfish mining attacks.
A list,
The stability of the Bitcoin protocol [7] depends on its rules being in the self-interest of network participants. One of its basic rules is that once blocks are verified, miners choose to publish them. However, “selfish mining” is an abnormal mining strategy [5], in which the main miner operators choose to detain mining blocks and publish them with a timed strategy to invalidate the maximum number of blocks mined by the rest of the network miners. The authors of literature [5] claim baselessly that selfish mining strategies will break the Bitcoin protocol [4], but we have not observed this phenomenon in practice.
Other researchers have proposed other selfish mining strategies that are considered to be “optimal” [9]. Selfish mining strategies are presented as courses and textbooks in bitcoin books, such as [1] (chapter 5 of the book, referred to as “temporary block attacks”) or [10].
However, none of this literature does a proper analysis of the costs of selfish mining attacks and, more importantly, ignores time considerations. Rather, the Markov model used in these papers was flawed from the start, because it did not incorporate attack duration analysis. The main goal of this paper is to analyze the profitability of selfish mining, which is not available in the literature. This selfish mining strategy proved unreliable without difficulty adjustments.
Two, selfish mining strategy
We describe the selfish mining strategy proposed in reference [5]. Selfish miners attack by verifying and unbroadcasting blocks and then continue to mine secretly at the top of the block. The miner then operates as follows:
(1) If the selfish miner’s advantage is 1 block, when the honest miner finds a block, then the selfish miner immediately secretly broadcasts the block he has secretly dug. Then there is a race, with the selfish miner working on his declared block. The selfish miner is well connected to the other participants in the network, so the 0 ≤ γ ≤ 1 fraction of the honest network will accept his block offer and begin mining tasks on his block.
(2) If the selfish miner’s advantage is 2 blocks, when the honest miner finds a block, then the selfish miner immediately secretly broadcasts the block he has secretly dug. Then the whole network would switch to the branch he was in.
(3) If the selfish miner’s advantage is greater than 2 blocks, when the honest miner finds a block, the selfish miner can publish the block to release a sliver chain to compete with the new honest block. The selfish miner can continue to mine on his secret chain.
(4) With the exception of (1), the selfish miner can work secretly on his forked chain.
Note that if the selfish miner’s advantage block is greater than 2, then at some point his advantage will be equal to 2 blocks (because we assume his power is less than 50%, or other more efficient attacks are possible), and then, according to point 2, the entire network ends up using the forked chain proposed by the selfish miner. Thus, when his advantage block is always greater than 2, the block posted by the selfish miner will always be accepted by the network. The third point is somewhat irrelevant, because when the selfish miner has the upper hand, it is important to force the blocks he validates into the blockchain. He can ignore the honest miner’s block validation, except when the block advantage is only 2, and then the selfish miner can only release the whole secret fork.
In reference [5], the authors assumed that the proportion of γ remained constant. This is not accurate because gamma depends on when new blocks of the network are mined, so it cannot remain constant. However, the Markov chain model used in [5] requires the assumption that γ is constant, so these authors propose this assumption. This analysis is inaccurate. But, more importantly, they failed to calculate the cost of such attacks. Calculating profitability is important for such rogue strategies. Time analysis is also crucial to estimating profitability, but these authors have also chosen to ignore it.
Profitability of selfish mining vs. honest mining
3.1. Profitability in the literature. Most articles on selfish mining strategies do not take into account the cost of mining, or only implicitly express it. In literature [5], this factor is simply ignored. In literature [3] and other articles, we can see surprising statements:
The cost. Each miner M has a configurable parameter Cm, which represents the cost (electricity) of miner M to perform the mining task. For our simulation results, we always set Cm = 0 because we don’t look at this aspect of mining.
Clearly, if there is no energy cost to mining blocks, anyone can try to reverse the history of Bitcoin transactions and try a two-flower attack, and there would be no financial incentive to respect the Bitcoin protocol. Energy costs make it expensive to forge blockchain, which is the foundation of bitcoin security!
Other authors, such as [2], describe selfish mining in the following way:
“Selfish mining does reduce the attacker’s income in the short term, but it does significantly reduce everyone else’s income, so neutral nodes have an incentive to join the attacker’s alliance to increase their own income. Eventually, the attacker’s alliance will grow to more than 50 percent of the size, potentially giving the attacker a lot of control over the network.”
In other words, according to this interpretation, a miner who loses money will be attracted by the attack and join another miner who loses money. And that’s just because the attacker miners lost less money, so the attacker was able to convince the honest miners! Leaving aside the fact that honest miners cannot know for sure the difference in profitability between the two sides, this naive scenario is mind-boggling.
From this point of view, selfish mining is merely a preparatory act to control 51% of the network’s attacks. The more likely outcome is that honest mining pools will notice that some miners are doing selfish mining, adopt obvious defensive strategies, and start their own selfish mining, bringing the network to a standstill. That would be bad for everyone. A form of Nash equilibrium is at work, which avoids the scenario described above.
Beyond these creative explanations, what is really lacking in the literature is proper accounting and understanding of the costs of selfish mining attacks, as well as proper time analysis.
3.2 Mining costs. The key to evaluating the profitability of selfish mining is to compare it with that of honest mining. We assume that miners are in the mining business because the operating costs (equipment and energy) are recouped by newly generated Bitcoin block rewards + transaction fees.
Therefore, if the calculation force is running at full load, the mining cost per unit time is independent of the strategy. So we have CS = CH, where CS and CH are the mining costs per unit time of selfish mining and honest mining strategies. We say C0 = CS = CH. Note that this cost is not only independent of the strategy, but also indicates whether the blocks mined will or will not be accepted by the network.
3.3 Gains and losses. Our goal is to evaluate the profit and loss (PnL) and compare selfish and honest PnL mining. The profit and loss (PnL) algorithm is revenue R minus cost C:
PnL = R − C. We take a conservative, but adequate setup where the block reward is reduced to (b > 0) newly generated Bitcoins (therefore, we do not consider transaction fees). Unless otherwise stated, we assume that we are not close to halving the reward, so reward B stays the same.
What matters for any business is the PNL per unit of time, not the PNL per block resolved or accepted by the network. It is important to note that the P-NL is not equal per block or per unit time due to selfish mining strategies employed that delay the validation speed of blocks in the network.
3.4 Profit and loss per unit of time. A continuous attack strategy, such as selfish mining, involves a series of successive “attack cycles”.
In the case of selfish mining, it happens when selfish miners and honest miners are both working on the same blockchain. The selfish miners’ goal is to exploit the blockchain they secretly mine. If, at the beginning, the honest miner finds a new block, a new cycle begins. If the selfish miners succeed in establishing an advantage, then the cycle continues until the honest miners catch up and force the selfish miners to release the blocks they secretly mined. Then start the cycle again. For such strategy games with repetitive effects, the increments per unit of time P nL, P nLt∞ can be evaluated. And that’s what the following theorem says.
A proposal to stop selfish mining
6.1. Root cause of the problem. Basically, this attack takes advantage of the difficulty adjustment rule. The current Bitcoin protocol underestimates the actual computing power in the network because it only considers the blocks that are incorporated into the (official) blockchain. In the presence of selfish miners, the blocks grow and a lot of honest computing power is lost. The average time the network spends on authentication will increase. After 2016 blocks, the autocomplete difficulty adjustment ignores lone block production. Although the network power will remain the same, the new difficulty will be lower than it should be, and the block validation time will be reduced. As a result, selfish mining revenue per unit of time increases and makes attacks profitable.
6.2. A new difficulty adjustment formula. To mitigate this attack, one idea is to factor in the number of lone blocks in the difficulty adjustment formula. This can be done by miners indicating the existence of “uncle” in the blocks they dig (relaying the data through the block headers that contain them and peer nodes).
The signal from the honest miner is enough. Nodes do not need to broadcast the entire block, but only their block headers. This might give miners an incentive to include proof of uncle’s existence in their blocks (by a rule that in the event of a contest between two blocks of the same height, the node should always broadcast the block with the most proof of work, that is, the block with the most proof of Uncle’s existence). According to [11], this rule is also in favor of honest miners when they compete with selfish miners. At the end of the n0 = 2016 block validation cycle, the new formula for difficulty adjustment will be
Where n ‘is the total number of isolated blocks dug during this time, and Sn0 is the time the network uses to validate block N0 (and uses the formula Sn0 = TN0-T1, where Ti represents the timestamp of block I block header).
Let ω be the average number of solitary blocks observed during τ0= 600 seconds. So, on average, for every τ0 time, there are ω solitary blocks and (1 — ω) non-solitary blocks. Only the last one will be added to the official blockchain. The time that the network uses to increase the blockchain is
Seven, conclusion
Selfish mining is a technique that slows down the network and makes mining easier. This attack undermines the profitability of honest miners and, until difficulty adjustments are made, hurts the selfish miners themselves. Selfish mining only becomes profitable once the difficulty is adjusted. Selfish mining is an attack on the Bitcoin protocol, but many of the arguments in the literature do not properly justify such attacks. They lack a proper analysis of attack costs and p&L per unit of time.
To compare the profitability of different mining strategies, we need to calculate their average cycle length and revenue ratio, which is a new concept mentioned in this article.
This attack exploits a flaw in the difficulty adjustment formula. The parameter used to update the mining difficulty should be a measure of the actual computing power of the network. And the current parameters, in the case of selfish miners, are no longer applicable. We propose a formula to correct this anomaly of producing isolated blocks by taking this into account. We suggest that the protocol specify that the official blockchain contains the most proof of work (with the most proof of uncle’s existence) blocks. While this proposed formula, if adopted, would not eliminate the possibility of selfish mining, it would not have an advantage over honest mining, even with difficulty adjustments. Thus, this aligns individual incentives with protocol rules, which is consistent with the intent of bitcoin when it was founded [7].
reference
[1] J. Bonneau, E. Felten, S. Goldfeder, A. Miller , A. Narayanan. Bitcoin and Cryptocurrency Technologies: A Comprehensive Introduction, Princeton University Press, NJ, USA, 2016.
[2] V. Buterin. Selfish mining: a 25% attack against the bitcoin network, bitcoinmagazine.com/ articles/selfish-mining-a-25-attack-against-the-bitcoin-network-1383578440, 2013.
[3] M. Carlsten, H. Kalodner, A. Narayanan , S. M. Weinberg. On the instability of bitcoin without the block reward, Proc. ACM SIGSAC Conf. Comp. and Comm. Sec., p.154-167, NY, 2016. 14 C. GRUNSPAN AND R. PEREZ-MARCO ´
[4] I. Eyal, E. G. Sirer. Bitcoin is broken, hackingdistributed.com/2013/11/04/bitcoin-is-broken/ (accessed 1/2018), 2013. [5] I. Eyal, E. G. Sirer. Majority is not enough: bitcoin mining is vulnerable, Int. Conf. Financial Cryptography and Data Security, Springer, p.436-454, 2014.
[6] C. Grunspan and R. P´ Erez -Marco. Double Spend Races. ArXiv:1702.02867, 2017.
[7] S. Nakamoto. Bitcoin: a peer-to-peer electronic cash system. Bitcoin.org, 2008.
[8] S. Ross. Introduction to Probability Models 10th Edition. Academic Press Inc, 2012
[9] A. Sapirshtein, Y. Sompolinsky , A. Zohar, Optimal selfish mining strategies in bitcoin, International Conference on Financial Cryptography and Data Security, Springer, p.515-532, 2016.
[10] R. Wattenhofer. Distributed Ledger Technology: The Science of the Blockchain, 2nd Ed., Create Space Independent Publishing Platform, 2017.
[11] R. Zhang, B. Preneel. Publish or perish: A backward-compatible defense against selfish mining in bitcoin. In Topics in Cryptology — The Cryptographers Track at the RSA Conference 2017, Springer, p.277-292, 2017.
Original: https://arxiv.org/pdf/1805.08281.pdf author: CYRIL GRUNSPAN and RICARDO PEREZ – MARCO compiler: free and easy like articles (translated) : Babbitt information (http://www.8btc.com/selfish-mining-profitability)