be selfish and avoid dilemmas · 2018-03-06 · be selfish and avoid dilemmas fork after...
TRANSCRIPT
BeSelfishandAvoidDilemmas
ForkAfterWithholdingAttacksonBitcoin
Y.Kwon,D.Kim,Y.Son,E.Vasserman,Y.Kim.CCS2017.
SimonBienz
Blockchain
Image:https://d2omlh28jsv4r7.cloudfront.net/wp-content/uploads/2016/09/image-4-276x300.png
Blockchain:Mining
Reward
MiningPools
Blockchain:Fork
Bitcoin
• Digitalcurrency
• Completelypeer-to-peer
• Transactionsverifiedbynodes
• Underlyingblockchain actsasledger
• Coinscreatedbymining
Image:https://bitcoin.org/img/icons/opengraph.png
Bitcoin:Block
Header:Merkle rootofdata+hash(previousheader)+Nonce
Data:Transactions
Header
Data
Header
Data
SelfishMining
CreateForkintentionally
private
public
SelfishMining:Reward
MajorityIsNotEnough:BitcoinMiningIsVulnerable;Ittay Eyal andEmin GunSirer; 2014;
BlockWithholdingAttack
Lossfortheattackedpool
FPoW❌
PPoW✔
Image:https://www.buybitcoinworldwide.com/wp-content/uploads/2017/02/i1000-_0000_Vector-Smart-Object-300x300.png
BlockWithholdingAttack
Lossforpool+rewardforattacker
FPoW
Image:https://www.buybitcoinworldwide.com/wp-content/uploads/2017/02/i1000-_0000_Vector-Smart-Object-300x300.png
❌
BWH:Attacker’sDilemma
ForkAfterWithholdingAttack
+FPoW❌
PPoW✔
FAW:AttackingOnePool
FAW:AttackingOnePool
InnocentMiner
InfiltrationMiner
noimmediateFPoW propagation
FPoW holding+2nd Blockfound
1) mineroutside:
2) honestminer:
3) owninnocentminer:
FPoW❌
FPoW❌
RewardAttacker
…
…
…
…
attackerinnocentmining
honestminerinpool
otherminer
attackerinfiltration
otherminer
FAW BWH
RewardAttacker
1
0.8
0.6
0.4
0.2
000.10.20.30.40.5
4.5
3.5
2.5
1.5
0.5
PoolSize
c(coe
fficien
t)
ExtraRe
ward(%
)
RewardPool
…
…
…
…
attackerinnocentmining
honestminerinpool
otherminer
attackerinfiltration
otherminer
FAW NoAttack
PoolReward
1
0.8
0.6
0.4
0.2
000.10.20.30.40.5
0
-2
-6
-8
-10
-12
PoolSize
c(coe
fficien
t)
ExtraRe
ward(%
)
FAW:AgainstMultiplePools
FAW:AgainstMultiplePools
InnocentMiner
InfiltrationMiner
noimmediateFPoW propagation
FPoW holding+2nd Blockfound
1) mineroutside:
2) honestminer:
3) owninnocentminer:
FPoW❌
FPoW❌
RewardAttackerattackerinnocentmining
honestminerinpool
otherminer
attackerinfiltration
otherminer
FAW BWH
……
…
… attackerinfiltrationpool1
attackerinfiltrationpool2
RewardAttacker
FAW:AttackGame
AttackGame
Pool1InfiltrationPower Pool2InfiltrationPower
AttackGame
NetworkCapability
PoolSize1
PoolSize
2
PoolSize1
PoolSize
2
FAWvsSelfishMining
1
0.8
0.6
0.4
0.2
000.10.20.30.40.5
4.5
3.5
2.5
1.5
0.5
PoolSize
c(coe
fficien
t)
ExtraRe
ward(%
)
RationalManager
localFPoW
otherminersblock
?
DetectingAttacks
vs
FAW:Countermeasures
• TwophaseprotocolEyal,Rosenfeld
• beacon
• honeypotEyal
• joiningfeeEyal,Luu etal.
• bonus
Conclusions
• rewardlowerboundedbyBWH• rathersmallgaincomparedtoselfishmining• gainpossiblesingleminer/smallpools• noattackersdilemma• attackhardertodetect