Feeds

Bitcopocalypse! Top crypto-currency can be HIJACKED, warn boffins

Selfish miners could derail Bitcoin's decentralized design, according to new study

Securing Web Applications Made Simple and Scalable

The Bitcoin crypto-currency is vulnerable to manipulation by greedy miners, researchers have claimed, which poses a threat to the stability of the funny money.

In a paper distributed on Monday titled Majority is not Enough: Bitcoin Mining is Vulnerable, two researchers from Cornell University describe how Bitcoin's currency generation and authorization system – the "blockchain" – can be exploited by groups of "selfish" Bitcoin miners.

Bitcoin 101

The foundation on which Bitcoin rests is a public ledger called the blockchain, which is a sequential list of blocks that contain all confirmed transactions: each block is used to securely and permanently record a small set of Bitcoin transactions, and each block links to the previous block so that a record of verified exchanges between Bitcoin wallets can be publicly agreed upon.

Crucially, and simply put, Bitcoin relies on a peer-to-peer network to synchronize everyone to the longest valid blockchain.

You can't create a new block out of thin air: a cryptographic puzzle unique to each new block must be solved for it to be considered valid by the Bitcoin network; only then can it be used to securely store transactions.

Mining is therefore the act of attempting to solve mathematically non-trivial puzzles to create cryptographically secure blocks; there's a reward in Bitcoins for solving each block's crypto-riddle for the whole network.

People can choose to pool together compute resources to crack these blocks. These miners typically have to join other miners to unite their computation power and increase the rate at which they can tear through the increasingly difficult mathematical puzzles for each block.

The Cornell researchers now believe that if a third of all the miners in the Bitcoin ecosystem banded together into a "selfish miner" group, they could crush the competition and take an ever-larger share of proceeds.

So, how exactly could this come to pass? It relates to the fact that a selfish miner can keep newly found blocks private rather than making every single one public for the network to use. The honest, non-selfish Bitcoiners will continue to toil away on already solved problems while the pool of selfish miners start using the new blocks to store transactions.

At the right moment, when enough extra blocks have been secretly acquired, the pool of selfish miners can reveal their private blockchain, which will be longer than the public blockchain: the network will switch to the longer chain, the selfish miners earn their reward for cracking the crypto-puzzles and the honest Bitcoiners earn nothing for all the electricity they spent finding the same blocks.

'Bitcoin will never be safe against attacks by a selfish mining pool'

"Selfish mining judiciously reveals blocks from the private branch to the public, such that the honest miners will switch to the recently revealed blocks, abandoning the shorter public branch," the researchers wrote. "This renders their previous effort spent on the shorter public branch wasted, and enables the selfish pool to collect higher revenues by incorporating a higher fraction of its blocks into the blockchain."

The Cornell bods believe that once a third of toiling Bitcoin miners cluster together into a single pool, selfish mining is inevitable. "The [Bitcoin] protocol will never be safe against attacks by a selfish mining pool that commands more than 33 percent of the total mining power of the network," their paper concluded.

To deal with this, the researchers "propose a simple, backwards-compatible change to the Bitcoin protocol to address this problem and raise the threshold. Specifically, when a miner learns of competing branches of the same [blockchain] length, it should propagate all of them, and choose which one to mine on uniformly at random."

This will help protect against the formation of selfish miners and hopefully save the network from itself. Though banding together a third of all Bitcoin miners is a tall order, given the fact the fact the currency has a market capitalization of $1.5bn, and the mining network is running at 42 times 10^18 floating-point operations per second, it could evolve organically due to the incentive by innocent miners to join a selfish gang to make more money.

"Last time I checked, the two largest pools were 28 per cent and 23 per cent," Eyal told The Reg via email. ®

Mobile application security vulnerability report

More from The Register

next story
NEW, SINISTER web tracking tech fingerprints your computer by making it draw
Have you been on YouPorn lately, perhaps? White House website?
HIDDEN packet sniffer spy tech in MILLIONS of iPhones, iPads – expert
Don't panic though – Apple's backdoor is not wide open to all, guru tells us
LibreSSL RNG bug fix: What's all the forking fuss about, ask devs
Blow to bit-spitter 'tis but a flesh wound, claim team
Black Hat anti-Tor talk smashed by lawyers' wrecking ball
Unmasking hidden users is too hot for Carnegie-Mellon
Manic malware Mayhem spreads through Linux, FreeBSD web servers
And how Google could cripple infection rate in a second
NUDE SNAPS AGENCY: NSA bods love 'showing off your saucy selfies'
Swapping other people's sexts is a fringe benefit, says Snowden
Own a Cisco modem or wireless gateway? It might be owned by someone else, too
Remote code exec in HTTP server hands kit to bad guys
prev story

Whitepapers

Reducing security risks from open source software
Follow a few strategies and your organization can gain the full benefits of open source and the cloud without compromising the security of your applications.
Consolidation: The Foundation for IT Business Transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.
Application security programs and practises
Follow a few strategies and your organization can gain the full benefits of open source and the cloud without compromising the security of your applications.
Boost IT visibility and business value
How building a great service catalog relieves pressure points and demonstrates the value of IT service management.
Consolidation: the foundation for IT and business transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.