Feeds

Bitcopocalypse! Top crypto-currency can be HIJACKED, warn boffins

Selfish miners could derail Bitcoin's decentralized design, according to new study

Intelligent flash storage arrays

The Bitcoin crypto-currency is vulnerable to manipulation by greedy miners, researchers have claimed, which poses a threat to the stability of the funny money.

In a paper distributed on Monday titled Majority is not Enough: Bitcoin Mining is Vulnerable, two researchers from Cornell University describe how Bitcoin's currency generation and authorization system – the "blockchain" – can be exploited by groups of "selfish" Bitcoin miners.

Bitcoin 101

The foundation on which Bitcoin rests is a public ledger called the blockchain, which is a sequential list of blocks that contain all confirmed transactions: each block is used to securely and permanently record a small set of Bitcoin transactions, and each block links to the previous block so that a record of verified exchanges between Bitcoin wallets can be publicly agreed upon.

Crucially, and simply put, Bitcoin relies on a peer-to-peer network to synchronize everyone to the longest valid blockchain.

You can't create a new block out of thin air: a cryptographic puzzle unique to each new block must be solved for it to be considered valid by the Bitcoin network; only then can it be used to securely store transactions.

Mining is therefore the act of attempting to solve mathematically non-trivial puzzles to create cryptographically secure blocks; there's a reward in Bitcoins for solving each block's crypto-riddle for the whole network.

People can choose to pool together compute resources to crack these blocks. These miners typically have to join other miners to unite their computation power and increase the rate at which they can tear through the increasingly difficult mathematical puzzles for each block.

The Cornell researchers now believe that if a third of all the miners in the Bitcoin ecosystem banded together into a "selfish miner" group, they could crush the competition and take an ever-larger share of proceeds.

So, how exactly could this come to pass? It relates to the fact that a selfish miner can keep newly found blocks private rather than making every single one public for the network to use. The honest, non-selfish Bitcoiners will continue to toil away on already solved problems while the pool of selfish miners start using the new blocks to store transactions.

At the right moment, when enough extra blocks have been secretly acquired, the pool of selfish miners can reveal their private blockchain, which will be longer than the public blockchain: the network will switch to the longer chain, the selfish miners earn their reward for cracking the crypto-puzzles and the honest Bitcoiners earn nothing for all the electricity they spent finding the same blocks.

'Bitcoin will never be safe against attacks by a selfish mining pool'

"Selfish mining judiciously reveals blocks from the private branch to the public, such that the honest miners will switch to the recently revealed blocks, abandoning the shorter public branch," the researchers wrote. "This renders their previous effort spent on the shorter public branch wasted, and enables the selfish pool to collect higher revenues by incorporating a higher fraction of its blocks into the blockchain."

The Cornell bods believe that once a third of toiling Bitcoin miners cluster together into a single pool, selfish mining is inevitable. "The [Bitcoin] protocol will never be safe against attacks by a selfish mining pool that commands more than 33 percent of the total mining power of the network," their paper concluded.

To deal with this, the researchers "propose a simple, backwards-compatible change to the Bitcoin protocol to address this problem and raise the threshold. Specifically, when a miner learns of competing branches of the same [blockchain] length, it should propagate all of them, and choose which one to mine on uniformly at random."

This will help protect against the formation of selfish miners and hopefully save the network from itself. Though banding together a third of all Bitcoin miners is a tall order, given the fact the fact the currency has a market capitalization of $1.5bn, and the mining network is running at 42 times 10^18 floating-point operations per second, it could evolve organically due to the incentive by innocent miners to join a selfish gang to make more money.

"Last time I checked, the two largest pools were 28 per cent and 23 per cent," Eyal told The Reg via email. ®

Top 5 reasons to deploy VMware with Tegile

More from The Register

next story
Regin: The super-spyware the security industry has been silent about
NSA fingered as likely source of complex malware family
Why did it take antivirus giants YEARS to drill into super-scary Regin? Symantec responds...
FYI this isn't just going to target Windows, Linux and OS X fans
Privacy bods offer GOV SPY VICTIMS a FREE SPYWARE SNIFFER
Looks for gov malware that evades most antivirus
Home Office: Fancy flogging us some SECRET SPY GEAR?
If you do, tell NOBODY what it's for or how it works
HACKERS can DELETE SURVEILLANCE DVRS remotely – report
Hikvision devices wide open to hacking, claim securobods
'Regin': The 'New Stuxnet' spook-grade SOFTWARE WEAPON described
'A degree of technical competence rarely seen'
Syrian Electronic Army in news site 'hack' POP-UP MAYHEM
Gigya redirect exploit blamed for pop-rageous ploy
Astro-boffins start opening universe simulation data
Got a supercomputer? Want to simulate a universe? Here you go
prev story

Whitepapers

10 ways wire data helps conquer IT complexity
IT teams can automatically detect problems across the IT environment, spot data theft, select unique pieces of transaction payloads to send to a data source, and more.
Getting started with customer-focused identity management
Learn why identity is a fundamental requirement to digital growth, and how without it there is no way to identify and engage customers in a meaningful way.
How to determine if cloud backup is right for your servers
Two key factors, technical feasibility and TCO economics, that backup and IT operations managers should consider when assessing cloud backup.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Beginner's guide to SSL certificates
De-mystify the technology involved and give you the information you need to make the best decision when considering your online security options.