research-article

Free access

Majority is not enough: bitcoin mining is vulnerable

Authors:

Emin Gün SirerAuthors Info & Claims

Communications of the ACM, Volume 61, Issue 7

Pages 95 - 102

https://doi.org/10.1145/3212998

Published: 25 June 2018 Publication History

All formats PDF

Abstract

The Bitcoin cryptocurrency records its transactions in a public log called the blockchain. Its security rests critically on the distributed protocol that maintains the blockchain, run by participants called miners. Conventional wisdom asserts that the mining protocol is incentive-compatible and secure against colluding minority groups, that is, it incentivizes miners to follow the protocol as prescribed.

We show that the Bitcoin mining protocol is not incentive-compatible. We present an attack with which colluding miners' revenue is larger than their fair share. The attack can have significant consequences for Bitcoin: Rational miners will prefer to join the attackers, and the colluding group will increase in size until it becomes a majority. At this point, the Bitcoin system ceases to be a decentralized currency.

Unless certain assumptions are made, selfish mining may be feasible for any coalition size of colluding miners. We propose a practical modification to the Bitcoin protocol that protects Bitcoin in the general case. It prohibits selfish mining by a coalition that command less than 1/4 of the resources. This threshold is lower than the wrongly assumed 1/2 bound, but better than the current reality where a coalition of any size can compromise the system.

References

[1]

Andresen, G. March 2013 chain fork post-mortem. BIP 50, en.bitcoin.it/wiki/BIP_50, retrieved Sep. 2013.

[2]

Babaioff, M., Dobzinski, S., Oren, S., Zohar, A. On Bitcoin and red balloons. In EC (ACM, 2012).

Digital Library

[3]

Barber, S., Boyen, X., Shi, E., Uzun, E. Bitter to better, how to make Bitcoin a better currency. In FC (2012).

[4]

bitcoincharts.com. Bitcoin network. bitcoincharts.com/bitcoin/ (Nov. 2013).

[5]

blockchain.info. Bitcoin market capitalization. blockchain.info/charts/market-cap (Jan. 2014).

[6]

Chaum, D. Blind signatures for untraceable payments. In Crypto 82 (1982), 199--203.

[7]

Decker, C., Wattenhofer, R. Information propagation in the Bitcoin network. In P2P (IEEE, 2013).

[8]

Eyal, I., Sirer, E.G. Bitcoin is broken. hackingdistributed.com/2013/11/04/bitcoin-is-broken/ (2013).

[9]

Eyal, I., Sirer, E.G. Majority is not enough: Bitcoin mining is vulnerable. arXiv preprint arXiv:1311.0243 (2013).

[10]

Felten, E.W. Bitcoin research in Princeton CS. freedom-to-tinker.com/blog/felten/bitcoin-research-in-princeton-cs/ (2013).

[11]

Kelkar, A., Bernard, J., Joshi, S., Premkumar, S., Sirer, E.G. Virtual notary.virtual-notary.org/ (Retrieved Sep. 2013).

[12]

Kroll, J.A., Davey, I.C., Felten, E.W. The economics of Bitcoin mining or, Bitcoin in the presence of adversaries. In Workshop on the Economics of Information Security (2013).

[13]

Lee, T.B. Four reasons Bitcoin is worth studying. forbes.com/sites/timothylee/2013/04/07/four-reasons-bitcoin-is-worth-studying/2/ (2013).

[14]

Miers, I., Garman, C., Green, M., Rubin, A.D. Zerocoin: Anonymous distributed e-cash from Bitcoin. In IEEE Symposium on Security and Privacy (2013).

Digital Library

[15]

Nakamoto, S. Bitcoin: A peer-to-peer electronic cash system (2008).

[16]

Namecoin Project. Namecoin DNS -- DotBIT project. dot-bit.org (Retrieved Sep. 2013).

[17]

Narayanan, A., Miller, A. Why the Cornell paper on Bitcoin mining is important. freedom-to-tinker. com/blog/randomwalker/why-the-cornell-paper-on-bitcoin-mining-is-important/ (2013).

[18]

Neighborhood Pool Watch. October 27th 2013 weekly pool and network statistics. organofcorti.blogspot.com/2013/10/october-27th-2013-weekly-pool-and.html (Retrieved Oct. 2013).

[19]

Pacia, C. Bitcoin mining explained like you're five: Part 1 -- incentives. chrispacia.wordpress.com/2013/09/02/bitcoin-mining-explained-like-youre-five-part-1-incentives/ (September 2013).

[20]

RHorning, mtgox, btchris, and ByteCoin. Mining cartel attack. bitcointalk.org/index.php?topic=2227, December 2010.

[21]

Rosenfeld, M. Analysis of Bitcoin pooled mining reward systems. arXiv preprint arXiv:1112.4980 (2011).

[22]

Swanson, E. Bitcoin mining calculator. alloscomp.com/bitcoin/calculator (Retrieved Sep. 2013).

[23]

Vishnumurthy, V., Chandrakumar, S., Sirer, E.G. Karma: A secure economic framework for peer-to-peer resource sharing. In Workshop on Economics of Peer-to-Peer Systems (2003).

[24]

Wikipedia. List of cryptocurrencies.en.wikipedia.org/wiki/List_of_cryptocurrencies (Oct. 2013).

[25]

Yang, B., Garcia-Molina, H. PPay: Micropayments for peer-to-peer systems. In CCS (ACM, 2003).

Digital Library

Cited By

Kundu K(2025)Blockchain Security:"Botnets and Bitcoin Mining” - A Study on the Impacts and CountermeasuresRecent Advances in Electrical & Electronic Engineering (Formerly Recent Patents on Electrical & Electronic Engineering)10.2174/012352096530150224082711450518:2(256-265)Online publication date: Feb-2025
https://doi.org/10.2174/0123520965301502240827114505
Anantharamaiah KSinha D(2025)GENETIC CRYPTOCURRENCY -A HUMAN SAVERSSRN Electronic Journal10.2139/ssrn.5009994Online publication date: 2025
https://doi.org/10.2139/ssrn.5009994
Kumar VAlagarsamy A(2025)A Constructive High-Speed Crypto-mining Approach with Dual SHA-256 on an FPGA2025 38th International Conference on VLSI Design and 2024 23rd International Conference on Embedded Systems (VLSID)10.1109/VLSID64188.2025.00042(169-174)Online publication date: 4-Jan-2025
https://doi.org/10.1109/VLSID64188.2025.00042
Show More Cited By

Index Terms

Majority is not enough: bitcoin mining is vulnerable
1. Applied computing
  1. Electronic commerce

Recommendations

Fact and Fiction: Challenging the Honest Majority Assumption of Permissionless Blockchains
ASIA CCS '21: Proceedings of the 2021 ACM Asia Conference on Computer and Communications Security

Honest majority is the key security assumption of Proof-of-Work (PoW) based blockchains. However, the recent 51% attacks render this assumption unrealistic in practice. In this paper, we challenge this assumption against rational miners in the PoW-based ...
WI Is Not Enough: Zero-Knowledge Contingent (Service) Payments Revisited
CCS '19: Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security

While fair exchange of goods is known to be impossible without assuming a trusted party, smart contracts in cryptocurrencies forgo such parties by assuming trust in the currency system. They allow a seller to sell a digital good, which the buyer will ...
Fair enough: guaranteeing approximate maximin shares
EC '14: Proceedings of the fifteenth ACM conference on Economics and computation

We consider the problem of fairly allocating indivisible goods, focusing on a recently-introduced notion of fairness called maximin share guarantee: Each player's value for his allocation should be at least as high as what he can guarantee by dividing ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image Communications of the ACM

Communications of the ACM Volume 61, Issue 7

July 2018

90 pages

ISSN:0001-0782

EISSN:1557-7317

DOI:10.1145/3234519

Editor:
Andrew A. Chien
Association for Computing Machinery, New York, NY

Issue’s Table of Contents

Copyright © 2018 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 25 June 2018

Published in CACM Volume 61, Issue 7

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Qualifiers

Research-article
Research
Refereed

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

553
Total Citations
View Citations
16,619
Total Downloads

Downloads (Last 12 months)1,288
Downloads (Last 6 weeks)140

Reflects downloads up to 05 Mar 2025

Other Metrics

View Author Metrics

Citations

Cited By

Kundu K(2025)Blockchain Security:"Botnets and Bitcoin Mining” - A Study on the Impacts and CountermeasuresRecent Advances in Electrical & Electronic Engineering (Formerly Recent Patents on Electrical & Electronic Engineering)10.2174/012352096530150224082711450518:2(256-265)Online publication date: Feb-2025
https://doi.org/10.2174/0123520965301502240827114505
Anantharamaiah KSinha D(2025)GENETIC CRYPTOCURRENCY -A HUMAN SAVERSSRN Electronic Journal10.2139/ssrn.5009994Online publication date: 2025
https://doi.org/10.2139/ssrn.5009994
Kumar VAlagarsamy A(2025)A Constructive High-Speed Crypto-mining Approach with Dual SHA-256 on an FPGA2025 38th International Conference on VLSI Design and 2024 23rd International Conference on Embedded Systems (VLSID)10.1109/VLSID64188.2025.00042(169-174)Online publication date: 4-Jan-2025
https://doi.org/10.1109/VLSID64188.2025.00042
Chen WYang WXiao MXue LWang S(2025)LBDT: A Lightweight Blockchain-Based Data Trading Scheme in Internet of Vehicles Using Proof-of-ReputationIEEE Transactions on Mobile Computing10.1109/TMC.2024.349793424:4(2800-2816)Online publication date: Apr-2025
https://doi.org/10.1109/TMC.2024.3497934
Rehman ZGregory MGondal IDong HGe M(2025)Eclipse Attacks in Blockchain Networks: Detection, Prevention, and Future DirectionsIEEE Access10.1109/ACCESS.2025.353883713(25918-25933)Online publication date: 2025
https://doi.org/10.1109/ACCESS.2025.3538837
Wen YChen M(2025)Mined Block Withholding and Imposed Fork by Using Mining Pool Alliance Strategic—A Case Study in Bitcoin SystemIEEE Access10.1109/ACCESS.2024.352296213(817-833)Online publication date: 2025
https://doi.org/10.1109/ACCESS.2024.3522962
Nikhalat-Jahromi ASaghiri AMeybodi M(2025)Asymmetric variable depth learning automaton and its application in defending against selfish mining attacks on bitcoinApplied Soft Computing10.1016/j.asoc.2024.112416170(112416)Online publication date: Feb-2025
https://doi.org/10.1016/j.asoc.2024.112416
Sarenche RNikova SPreneel B(2025)Deep Selfish Proposing in Longest-Chain Proof-of-Stake ProtocolsFinancial Cryptography and Data Security10.1007/978-3-031-78676-1_2(24-40)Online publication date: 22-Feb-2025
https://doi.org/10.1007/978-3-031-78676-1_2
D’Amato FNeu JTas ETse D(2025)Goldfish: No More Attacks on Ethereum?!Financial Cryptography and Data Security10.1007/978-3-031-78676-1_1(3-23)Online publication date: 22-Feb-2025
https://doi.org/10.1007/978-3-031-78676-1_1
Tomić N(2024)Oligopoly structure in the cryptocurrency marketAnali Ekonomskog fakulteta u Subotici10.5937/AnEkSub2300026T(91-104)Online publication date: 2024
https://doi.org/10.5937/AnEkSub2300026T
Show More Cited By

View Options

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Digital Edition

View this article in digital edition.

Digital Edition

Magazine Site

View this article on the magazine site (external)

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Article

Figures

Tables

Media

View Issue’s Table of Contents