Bitcopocalypse! Top crypto-currency can be HIJACKED, warn boffins
Selfish miners could derail Bitcoin's decentralized design, according to new study
The Bitcoin crypto-currency is vulnerable to manipulation by greedy miners, researchers have claimed, which poses a threat to the stability of the funny money.
In a paper distributed on Monday titled Majority is not Enough: Bitcoin Mining is Vulnerable, two researchers from Cornell University describe how Bitcoin's currency generation and authorization system – the "blockchain" – can be exploited by groups of "selfish" Bitcoin miners.
The foundation on which Bitcoin rests is a public ledger called the blockchain, which is a sequential list of blocks that contain all confirmed transactions: each block is used to securely and permanently record a small set of Bitcoin transactions, and each block links to the previous block so that a record of verified exchanges between Bitcoin wallets can be publicly agreed upon.
Crucially, and simply put, Bitcoin relies on a peer-to-peer network to synchronize everyone to the longest valid blockchain.
You can't create a new block out of thin air: a cryptographic puzzle unique to each new block must be solved for it to be considered valid by the Bitcoin network; only then can it be used to securely store transactions.
Mining is therefore the act of attempting to solve mathematically non-trivial puzzles to create cryptographically secure blocks; there's a reward in Bitcoins for solving each block's crypto-riddle for the whole network.
People can choose to pool together compute resources to crack these blocks. These miners typically have to join other miners to unite their computation power and increase the rate at which they can tear through the increasingly difficult mathematical puzzles for each block.
The Cornell researchers now believe that if a third of all the miners in the Bitcoin ecosystem banded together into a "selfish miner" group, they could crush the competition and take an ever-larger share of proceeds.
So, how exactly could this come to pass? It relates to the fact that a selfish miner can keep newly found blocks private rather than making every single one public for the network to use. The honest, non-selfish Bitcoiners will continue to toil away on already solved problems while the pool of selfish miners start using the new blocks to store transactions.
At the right moment, when enough extra blocks have been secretly acquired, the pool of selfish miners can reveal their private blockchain, which will be longer than the public blockchain: the network will switch to the longer chain, the selfish miners earn their reward for cracking the crypto-puzzles and the honest Bitcoiners earn nothing for all the electricity they spent finding the same blocks.
'Bitcoin will never be safe against attacks by a selfish mining pool'
"Selfish mining judiciously reveals blocks from the private branch to the public, such that the honest miners will switch to the recently revealed blocks, abandoning the shorter public branch," the researchers wrote. "This renders their previous effort spent on the shorter public branch wasted, and enables the selfish pool to collect higher revenues by incorporating a higher fraction of its blocks into the blockchain."
The Cornell bods believe that once a third of toiling Bitcoin miners cluster together into a single pool, selfish mining is inevitable. "The [Bitcoin] protocol will never be safe against attacks by a selfish mining pool that commands more than 33 percent of the total mining power of the network," their paper concluded.
To deal with this, the researchers "propose a simple, backwards-compatible change to the Bitcoin protocol to address this problem and raise the threshold. Specifically, when a miner learns of competing branches of the same [blockchain] length, it should propagate all of them, and choose which one to mine on uniformly at random."
This will help protect against the formation of selfish miners and hopefully save the network from itself. Though banding together a third of all Bitcoin miners is a tall order, given the fact the fact the currency has a market capitalization of $1.5bn, and the mining network is running at 42 times 10^18 floating-point operations per second, it could evolve organically due to the incentive by innocent miners to join a selfish gang to make more money.
"Last time I checked, the two largest pools were 28 per cent and 23 per cent," Eyal told The Reg via email. ®
Sponsored: Flash storage buyer's guide