Feeds

Bitcopocalypse! Top crypto-currency can be HIJACKED, warn boffins

Selfish miners could derail Bitcoin's decentralized design, according to new study

The essential guide to IT transformation

The Bitcoin crypto-currency is vulnerable to manipulation by greedy miners, researchers have claimed, which poses a threat to the stability of the funny money.

In a paper distributed on Monday titled Majority is not Enough: Bitcoin Mining is Vulnerable, two researchers from Cornell University describe how Bitcoin's currency generation and authorization system – the "blockchain" – can be exploited by groups of "selfish" Bitcoin miners.

Bitcoin 101

The foundation on which Bitcoin rests is a public ledger called the blockchain, which is a sequential list of blocks that contain all confirmed transactions: each block is used to securely and permanently record a small set of Bitcoin transactions, and each block links to the previous block so that a record of verified exchanges between Bitcoin wallets can be publicly agreed upon.

Crucially, and simply put, Bitcoin relies on a peer-to-peer network to synchronize everyone to the longest valid blockchain.

You can't create a new block out of thin air: a cryptographic puzzle unique to each new block must be solved for it to be considered valid by the Bitcoin network; only then can it be used to securely store transactions.

Mining is therefore the act of attempting to solve mathematically non-trivial puzzles to create cryptographically secure blocks; there's a reward in Bitcoins for solving each block's crypto-riddle for the whole network.

People can choose to pool together compute resources to crack these blocks. These miners typically have to join other miners to unite their computation power and increase the rate at which they can tear through the increasingly difficult mathematical puzzles for each block.

The Cornell researchers now believe that if a third of all the miners in the Bitcoin ecosystem banded together into a "selfish miner" group, they could crush the competition and take an ever-larger share of proceeds.

So, how exactly could this come to pass? It relates to the fact that a selfish miner can keep newly found blocks private rather than making every single one public for the network to use. The honest, non-selfish Bitcoiners will continue to toil away on already solved problems while the pool of selfish miners start using the new blocks to store transactions.

At the right moment, when enough extra blocks have been secretly acquired, the pool of selfish miners can reveal their private blockchain, which will be longer than the public blockchain: the network will switch to the longer chain, the selfish miners earn their reward for cracking the crypto-puzzles and the honest Bitcoiners earn nothing for all the electricity they spent finding the same blocks.

'Bitcoin will never be safe against attacks by a selfish mining pool'

"Selfish mining judiciously reveals blocks from the private branch to the public, such that the honest miners will switch to the recently revealed blocks, abandoning the shorter public branch," the researchers wrote. "This renders their previous effort spent on the shorter public branch wasted, and enables the selfish pool to collect higher revenues by incorporating a higher fraction of its blocks into the blockchain."

The Cornell bods believe that once a third of toiling Bitcoin miners cluster together into a single pool, selfish mining is inevitable. "The [Bitcoin] protocol will never be safe against attacks by a selfish mining pool that commands more than 33 percent of the total mining power of the network," their paper concluded.

To deal with this, the researchers "propose a simple, backwards-compatible change to the Bitcoin protocol to address this problem and raise the threshold. Specifically, when a miner learns of competing branches of the same [blockchain] length, it should propagate all of them, and choose which one to mine on uniformly at random."

This will help protect against the formation of selfish miners and hopefully save the network from itself. Though banding together a third of all Bitcoin miners is a tall order, given the fact the fact the currency has a market capitalization of $1.5bn, and the mining network is running at 42 times 10^18 floating-point operations per second, it could evolve organically due to the incentive by innocent miners to join a selfish gang to make more money.

"Last time I checked, the two largest pools were 28 per cent and 23 per cent," Eyal told The Reg via email. ®

5 things you didn’t know about cloud backup

More from The Register

next story
Ice cream headache as black hat hacks sack Dairy Queen
I scream, you scream, we all scream 'DATA BREACH'!
Goog says patch⁵⁰ your Chrome
64-bit browser loads cat vids FIFTEEN PERCENT faster!
Chinese hackers spied on investigators of Flight MH370 - report
Classified data on flight's disappearance pinched
KER-CHING! CryptoWall ransomware scam rakes in $1 MEEELLION
Anatomy of the net's most destructive ransomware threat
NIST to sysadmins: clean up your SSH mess
Too many keys, too badly managed
Scratched PC-dispatch patch patched, hatched in batch rematch
Windows security update fixed after triggering blue screens (and screams) of death
Researchers camouflage haxxor traps with fake application traffic
Honeypots sweetened to resemble actual workloads, complete with 'secure' logins
Attack flogged through shiny-clicky social media buttons
66,000 users popped by malicious Flash fudging add-on
prev story

Whitepapers

Gartner critical capabilities for enterprise endpoint backup
Learn why inSync received the highest overall rating from Druva and is the top choice for the mobile workforce.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Rethinking backup and recovery in the modern data center
Combining intelligence, operational analytics, and automation to enable efficient, data-driven IT organizations using the HP ABR approach.
Consolidation: The Foundation for IT Business Transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.
Next gen security for virtualised datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.