research-article

Free access

Majority is not enough: bitcoin mining is vulnerable

Authors:

Ittay Eyal,

Emin Gün SirerAuthors Info & Claims

Communications of the ACM, Volume 61, Issue 7

Pages 95 - 102

https://doi.org/10.1145/3212998

Published: 25 June 2018 Publication History

All formats PDF

Abstract

The Bitcoin cryptocurrency records its transactions in a public log called the blockchain. Its security rests critically on the distributed protocol that maintains the blockchain, run by participants called miners. Conventional wisdom asserts that the mining protocol is incentive-compatible and secure against colluding minority groups, that is, it incentivizes miners to follow the protocol as prescribed.

We show that the Bitcoin mining protocol is not incentive-compatible. We present an attack with which colluding miners' revenue is larger than their fair share. The attack can have significant consequences for Bitcoin: Rational miners will prefer to join the attackers, and the colluding group will increase in size until it becomes a majority. At this point, the Bitcoin system ceases to be a decentralized currency.

Unless certain assumptions are made, selfish mining may be feasible for any coalition size of colluding miners. We propose a practical modification to the Bitcoin protocol that protects Bitcoin in the general case. It prohibits selfish mining by a coalition that command less than 1/4 of the resources. This threshold is lower than the wrongly assumed 1/2 bound, but better than the current reality where a coalition of any size can compromise the system.

References

[1]

Andresen, G. March 2013 chain fork post-mortem. BIP 50, en.bitcoin.it/wiki/BIP_50, retrieved Sep. 2013.

Google Scholar

[2]

Babaioff, M., Dobzinski, S., Oren, S., Zohar, A. On Bitcoin and red balloons. In EC (ACM, 2012).

Digital Library

Google Scholar

[3]

Barber, S., Boyen, X., Shi, E., Uzun, E. Bitter to better, how to make Bitcoin a better currency. In FC (2012).

Crossref

Google Scholar

[4]

bitcoincharts.com. Bitcoin network. bitcoincharts.com/bitcoin/ (Nov. 2013).

Google Scholar

[5]

blockchain.info. Bitcoin market capitalization. blockchain.info/charts/market-cap (Jan. 2014).

Google Scholar

[6]

Chaum, D. Blind signatures for untraceable payments. In Crypto 82 (1982), 199--203.

Google Scholar

[7]

Decker, C., Wattenhofer, R. Information propagation in the Bitcoin network. In P2P (IEEE, 2013).

Crossref

Google Scholar

[8]

Eyal, I., Sirer, E.G. Bitcoin is broken. hackingdistributed.com/2013/11/04/bitcoin-is-broken/ (2013).

Google Scholar

[9]

Eyal, I., Sirer, E.G. Majority is not enough: Bitcoin mining is vulnerable. arXiv preprint arXiv:1311.0243 (2013).

Google Scholar

[10]

Felten, E.W. Bitcoin research in Princeton CS. freedom-to-tinker.com/blog/felten/bitcoin-research-in-princeton-cs/ (2013).

Google Scholar

[11]

Kelkar, A., Bernard, J., Joshi, S., Premkumar, S., Sirer, E.G. Virtual notary.virtual-notary.org/ (Retrieved Sep. 2013).

Google Scholar

[12]

Kroll, J.A., Davey, I.C., Felten, E.W. The economics of Bitcoin mining or, Bitcoin in the presence of adversaries. In Workshop on the Economics of Information Security (2013).

Google Scholar

[13]

Lee, T.B. Four reasons Bitcoin is worth studying. forbes.com/sites/timothylee/2013/04/07/four-reasons-bitcoin-is-worth-studying/2/ (2013).

Google Scholar

[14]

Miers, I., Garman, C., Green, M., Rubin, A.D. Zerocoin: Anonymous distributed e-cash from Bitcoin. In IEEE Symposium on Security and Privacy (2013).

Digital Library

Google Scholar

[15]

Nakamoto, S. Bitcoin: A peer-to-peer electronic cash system (2008).

Google Scholar

[16]

Namecoin Project. Namecoin DNS -- DotBIT project. dot-bit.org (Retrieved Sep. 2013).

Google Scholar

[17]

Narayanan, A., Miller, A. Why the Cornell paper on Bitcoin mining is important. freedom-to-tinker. com/blog/randomwalker/why-the-cornell-paper-on-bitcoin-mining-is-important/ (2013).

Google Scholar

[18]

Neighborhood Pool Watch. October 27th 2013 weekly pool and network statistics. organofcorti.blogspot.com/2013/10/october-27th-2013-weekly-pool-and.html (Retrieved Oct. 2013).

Google Scholar

[19]

Pacia, C. Bitcoin mining explained like you're five: Part 1 -- incentives. chrispacia.wordpress.com/2013/09/02/bitcoin-mining-explained-like-youre-five-part-1-incentives/ (September 2013).

Google Scholar

[20]

RHorning, mtgox, btchris, and ByteCoin. Mining cartel attack. bitcointalk.org/index.php?topic=2227, December 2010.

Google Scholar

[21]

Rosenfeld, M. Analysis of Bitcoin pooled mining reward systems. arXiv preprint arXiv:1112.4980 (2011).

Google Scholar

[22]

Swanson, E. Bitcoin mining calculator. alloscomp.com/bitcoin/calculator (Retrieved Sep. 2013).

Google Scholar

[23]

Vishnumurthy, V., Chandrakumar, S., Sirer, E.G. Karma: A secure economic framework for peer-to-peer resource sharing. In Workshop on Economics of Peer-to-Peer Systems (2003).

Google Scholar

[24]

Wikipedia. List of cryptocurrencies.en.wikipedia.org/wiki/List_of_cryptocurrencies (Oct. 2013).

Google Scholar

[25]

Yang, B., Garcia-Molina, H. PPay: Micropayments for peer-to-peer systems. In CCS (ACM, 2003).

Digital Library

Google Scholar

Cited By

View all

Tomić N(2024)Oligopoly structure in the cryptocurrency marketAnali Ekonomskog fakulteta u Subotici10.5937/AnEkSub2300026T(91-104)Online publication date: 2024
https://doi.org/10.5937/AnEkSub2300026T
Reynouard MGorelkina OLaraki RDastani MSichman JAlechina NDignum V(2024)BAR Nash Equilibrium and Application to Blockchain DesignProceedings of the 23rd International Conference on Autonomous Agents and Multiagent Systems10.5555/3635637.3663185(2435-2437)Online publication date: 6-May-2024
https://dl.acm.org/doi/10.5555/3635637.3663185
Prof. V. M. Khanapure Joshi Mahi Kadam Amruta Patil Swarupa Swami Gayatri Kambale Sakshi (2024)Smart and Secure E-Voting Application using Blockchain TechnologyInternational Journal of Advanced Research in Science, Communication and Technology10.48175/IJARSCT-15999(626-631)Online publication date: 26-Mar-2024
https://doi.org/10.48175/IJARSCT-15999
Show More Cited By

Index Terms

Majority is not enough: bitcoin mining is vulnerable
1. Applied computing
  1. Electronic commerce

Recommendations

Fact and Fiction: Challenging the Honest Majority Assumption of Permissionless Blockchains
ASIA CCS '21: Proceedings of the 2021 ACM Asia Conference on Computer and Communications Security

Honest majority is the key security assumption of Proof-of-Work (PoW) based blockchains. However, the recent 51% attacks render this assumption unrealistic in practice. In this paper, we challenge this assumption against rational miners in the PoW-based ...
WI Is Not Enough: Zero-Knowledge Contingent (Service) Payments Revisited
CCS '19: Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security

While fair exchange of goods is known to be impossible without assuming a trusted party, smart contracts in cryptocurrencies forgo such parties by assuming trust in the currency system. They allow a seller to sell a digital good, which the buyer will ...
Fair enough: guaranteeing approximate maximin shares
EC '14: Proceedings of the fifteenth ACM conference on Economics and computation

We consider the problem of fairly allocating indivisible goods, focusing on a recently-introduced notion of fairness called maximin share guarantee: Each player's value for his allocation should be at least as high as what he can guarantee by dividing ...

Reviews

Reviewer: Barrett Hazeltine

This article concerns a way to circumvent the decentralization aspect of Bitcoin, that is, it shows how a group of "miners" could control the cryptocurrency by colluding. The attractiveness of Bitcoin is the perception that no person can be in control. In fact, no evidence exists that up to now a group of miners has colluded. This article gives a strategy for reducing the possibility of control. Bitcoin "records its transactions in a public log called the blockchain." Participants, called miners, enter transactions using a distributive protocol. These miners bring different amounts of resources. As the authors state, "conventional wisdom asserts that the mining protocol ... incentivizes miners to follow the protocol as prescribed" by ensuring that miners would not profit by doing otherwise. Conventional wisdom is incorrect. The article shows that rational miners, by colluding, will profit from a higher share of profits than noncolluding miners; "the colluding group will increase in size until it becomes a [controlling] majority." When such happens, "the Bitcoin system ceases to be a decentralized currency." The article proposes a practical modification to the protocol. The modification prevents "selfish mining by a coalition that commands less than one-fourth of the [total] resources"; this limit is "better than the current reality where a coalition of any size can compromise the system." This article is of most interest to designers of cryptocurrency systems, but is readable and thus of value to anyone wanting to know what is under the hood.

Access critical reviews of Computing literature here

Become a reviewer for Computing Reviews.

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

Communications of the ACM Volume 61, Issue 7

July 2018

90 pages

ISSN:0001-0782

EISSN:1557-7317

DOI:10.1145/3234519

Editor:
Andrew A. Chien
Association for Computing Machinery, New York, NY

Issue’s Table of Contents

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 25 June 2018

Published in CACM Volume 61, Issue 7

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Qualifiers

Research-article
Research
Refereed

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

535
Total Citations
View Citations
16,280
Total Downloads

Downloads (Last 12 months)1,212
Downloads (Last 6 weeks)132

Reflects downloads up to 25 Nov 2024

Other Metrics

View Author Metrics

Citations

Cited By

View all

Tomić N(2024)Oligopoly structure in the cryptocurrency marketAnali Ekonomskog fakulteta u Subotici10.5937/AnEkSub2300026T(91-104)Online publication date: 2024
https://doi.org/10.5937/AnEkSub2300026T
Reynouard MGorelkina OLaraki RDastani MSichman JAlechina NDignum V(2024)BAR Nash Equilibrium and Application to Blockchain DesignProceedings of the 23rd International Conference on Autonomous Agents and Multiagent Systems10.5555/3635637.3663185(2435-2437)Online publication date: 6-May-2024
https://dl.acm.org/doi/10.5555/3635637.3663185
Prof. V. M. Khanapure Joshi Mahi Kadam Amruta Patil Swarupa Swami Gayatri Kambale Sakshi (2024)Smart and Secure E-Voting Application using Blockchain TechnologyInternational Journal of Advanced Research in Science, Communication and Technology10.48175/IJARSCT-15999(626-631)Online publication date: 26-Mar-2024
https://doi.org/10.48175/IJARSCT-15999
Archana KGloth A(2024)Blockchain and EntrepreneurshipApplying Business Intelligence and Innovation to Entrepreneurship10.4018/979-8-3693-1846-1.ch003(35-51)Online publication date: 26-Apr-2024
https://doi.org/10.4018/979-8-3693-1846-1.ch003
Rukhiran MBoonsong SNetinant P(2024)Sustainable Optimizing Performance and Energy Efficiency in Proof of Work Blockchain: A Multilinear Regression ApproachSustainability10.3390/su1604151916:4(1519)Online publication date: 10-Feb-2024
https://doi.org/10.3390/su16041519
Hall OShiaeles SLi F(2024)A Study of Ethereum’s Transition from Proof-of-Work to Proof-of-Stake in Preventing Smart Contracts Criminal ActivitiesNetwork10.3390/network40100024:1(33-47)Online publication date: 26-Jan-2024
https://doi.org/10.3390/network4010002
Maciejasz MPoskart RWotzka D(2024)Perceptions of Cryptocurrencies and Modern Money before and after the COVID-19 Pandemic in Poland and GermanyInternational Journal of Financial Studies10.3390/ijfs1203006412:3(64)Online publication date: 29-Jun-2024
https://doi.org/10.3390/ijfs12030064
Piazza CRossi SSmuseva D(2024)Efficient Algorithm for Proportional Lumpability and Its Application to Selfish Mining in Public BlockchainsAlgorithms10.3390/a1704015917:4(159)Online publication date: 15-Apr-2024
https://doi.org/10.3390/a17040159
Solomka ILiubinskyi BTorshyn V(2024)Application of machine learning algorithms to enhance blockchain network securityMathematical Modeling and Computing10.23939/mmc2024.03.89311:3(893-903)Online publication date: 2024
https://doi.org/10.23939/mmc2024.03.893
Liang XChen JDu R(2024)XPull: A Relay-Based Blockchain Intercommunication Framework Achieving Cross-Chain State PullingChinese Journal of Electronics10.23919/cje.2023.00.00433:5(1261-1273)Online publication date: Sep-2024
https://doi.org/10.23919/cje.2023.00.004
Show More Cited By

View Options

View options

PDF

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Digital Edition

View this article in digital edition.

Digital Edition

Magazine Site

View this article on the magazine site (external)

Magazine Site

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Abstract

References

Cited By

Index Terms

Recommendations

Fact and Fiction: Challenging the Honest Majority Assumption of Permissionless Blockchains

WI Is Not Enough: Zero-Knowledge Contingent (Service) Payments Revisited

Fair enough: guaranteeing approximate maximin shares

Reviews

Access critical reviews of Computing literature here

Comments

Information

Published In

Publisher

Publication History

Permissions

Check for updates

Qualifiers

Contributors

Other Metrics

Bibliometrics

Article Metrics

Other Metrics

Citations

Cited By

View options

PDF

eReader

Digital Edition

Magazine Site

Login options

Full Access

Figures

Other

Share

Share this Publication link

Share on social media

Affiliations