Feeds

Bitcopocalypse! Top crypto-currency can be HIJACKED, warn boffins

Selfish miners could derail Bitcoin's decentralized design, according to new study

The Essential Guide to IT Transformation

The Bitcoin crypto-currency is vulnerable to manipulation by greedy miners, researchers have claimed, which poses a threat to the stability of the funny money.

In a paper distributed on Monday titled Majority is not Enough: Bitcoin Mining is Vulnerable, two researchers from Cornell University describe how Bitcoin's currency generation and authorization system – the "blockchain" – can be exploited by groups of "selfish" Bitcoin miners.

Bitcoin 101

The foundation on which Bitcoin rests is a public ledger called the blockchain, which is a sequential list of blocks that contain all confirmed transactions: each block is used to securely and permanently record a small set of Bitcoin transactions, and each block links to the previous block so that a record of verified exchanges between Bitcoin wallets can be publicly agreed upon.

Crucially, and simply put, Bitcoin relies on a peer-to-peer network to synchronize everyone to the longest valid blockchain.

You can't create a new block out of thin air: a cryptographic puzzle unique to each new block must be solved for it to be considered valid by the Bitcoin network; only then can it be used to securely store transactions.

Mining is therefore the act of attempting to solve mathematically non-trivial puzzles to create cryptographically secure blocks; there's a reward in Bitcoins for solving each block's crypto-riddle for the whole network.

People can choose to pool together compute resources to crack these blocks. These miners typically have to join other miners to unite their computation power and increase the rate at which they can tear through the increasingly difficult mathematical puzzles for each block.

The Cornell researchers now believe that if a third of all the miners in the Bitcoin ecosystem banded together into a "selfish miner" group, they could crush the competition and take an ever-larger share of proceeds.

So, how exactly could this come to pass? It relates to the fact that a selfish miner can keep newly found blocks private rather than making every single one public for the network to use. The honest, non-selfish Bitcoiners will continue to toil away on already solved problems while the pool of selfish miners start using the new blocks to store transactions.

At the right moment, when enough extra blocks have been secretly acquired, the pool of selfish miners can reveal their private blockchain, which will be longer than the public blockchain: the network will switch to the longer chain, the selfish miners earn their reward for cracking the crypto-puzzles and the honest Bitcoiners earn nothing for all the electricity they spent finding the same blocks.

'Bitcoin will never be safe against attacks by a selfish mining pool'

"Selfish mining judiciously reveals blocks from the private branch to the public, such that the honest miners will switch to the recently revealed blocks, abandoning the shorter public branch," the researchers wrote. "This renders their previous effort spent on the shorter public branch wasted, and enables the selfish pool to collect higher revenues by incorporating a higher fraction of its blocks into the blockchain."

The Cornell bods believe that once a third of toiling Bitcoin miners cluster together into a single pool, selfish mining is inevitable. "The [Bitcoin] protocol will never be safe against attacks by a selfish mining pool that commands more than 33 percent of the total mining power of the network," their paper concluded.

To deal with this, the researchers "propose a simple, backwards-compatible change to the Bitcoin protocol to address this problem and raise the threshold. Specifically, when a miner learns of competing branches of the same [blockchain] length, it should propagate all of them, and choose which one to mine on uniformly at random."

This will help protect against the formation of selfish miners and hopefully save the network from itself. Though banding together a third of all Bitcoin miners is a tall order, given the fact the fact the currency has a market capitalization of $1.5bn, and the mining network is running at 42 times 10^18 floating-point operations per second, it could evolve organically due to the incentive by innocent miners to join a selfish gang to make more money.

"Last time I checked, the two largest pools were 28 per cent and 23 per cent," Eyal told The Reg via email. ®

Build a business case: developing custom apps

More from The Register

next story
14 antivirus apps found to have security problems
Vendors just don't care, says researcher, after finding basic boo-boos in security software
Secure microkernel that uses maths to be 'bug free' goes open source
Hacker-repelling, drone-protecting code will soon be yours to tweak as you see fit
Only '3% of web servers in top corps' fully fixed after Heartbleed snafu
Just slapping a patched OpenSSL on a machine ain't going to cut it, we're told
How long is too long to wait for a security fix?
Synology finally patches OpenSSL bugs in Trevor's NAS
Israel's Iron Dome missile tech stolen by Chinese hackers
Corporate raiders Comment Crew fingered for attacks
Roll out the welcome mat to hackers and crackers
Security chap pens guide to bug bounty programs that won't fail like Yahoo!'s
HIDDEN packet sniffer spy tech in MILLIONS of iPhones, iPads – expert
Don't panic though – Apple's backdoor is not wide open to all, guru tells us
Researcher sat on critical IE bugs for THREE YEARS
VUPEN waited for Pwn2Own cash while IE's sandbox leaked
prev story

Whitepapers

Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
The Essential Guide to IT Transformation
ServiceNow discusses three IT transformations that can help CIO's automate IT services to transform IT and the enterprise.
Consolidation: The Foundation for IT Business Transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.
How modern custom applications can spur business growth
Learn how to create, deploy and manage custom applications without consuming or expanding the need for scarce, expensive IT resources.
Build a business case: developing custom apps
Learn how to maximize the value of custom applications by accelerating and simplifying their development.