“Selfish Mining” not tenable for even the most selfish miner

A recent paper out of Cornell University’s Computer Science Department describing a theoretical attack on Bitcoin, in which “rational miners” may join in on a practice referred to as “Selfish Mining,” turns out to be just that: Theoretical.

To break down the theoretical selfish mining attack further.  Let us imagine that such an attack is happening right this second, with a selfish mining pool [technically one large node] that currently has 25% of the total network hashrate and said pool operator starts selectively relaying blocks so as to disrupt the other 75% of the network.

Eyal and Sirer would have you believe that “neutral nodes” would join with the selfish mining pool because they would be able to generate more revenue from mining by doing so.  While the attack put forth by Eyal and Sirer is theoretically possible, it is only remotely plausible if one makes assumptions about miners that do not hold in reality.

From bitcoinmagazine’s article on this topic:

In practice, most Bitcoin miners act altruistically to support the network, both out of ideological considerations and because they do not want to destabilize the source of their own revenue. Such higher-level economic concerns are beyond the scope of Eyal and Sirer’s paper, but they seriously reduce the chance that this economic attack will work in practice.

The specific higher-level economic concern that Eyal and Sirer have failed to take into account is the simple fact that neutral nodes, or miners, would have zero incentive to participate in an attack that could destroy the integrity of or the public’s faith in the Bitcoin protocol.  The marginally larger profits, and more importantly the very incentives,  from “selfish mining” are entirely wiped out if the bitcoin exchange rate takes a plunge on news of a hard fork in the blockchain, which it is wont to do.  In short, Selfish Mining isn’t tenable for even the most selfish of Bitcoin miners.  Such attacks on Bitcoin intrinsically damage Bitcoin’s integrity and as such no “rational miner” [their words not mine] would ever partake in such an attack.

Eyal and Sirer have pointed out a potential vector for an attack on Bitcoin that has hitherto not been pursued completely; however, the only “new” danger to consider is botnet use of Sybill nodes, and Eyal and Sirer have presented an easy fix to the Bitcoin protocol that would allow the difficulty of their prescribed attack vector to scale properly with the size of the Bitcoin network.

Now that 25% attack is in everyone’s vocabulary, comparisons to the previously lauded 51% attack may lead some people to incorrectly conclude that Bitcoin is at best only half as secure as it was before the publication of this paper.

For more information: http://arxiv.org/pdf/1311.0243v1.pdf

Advertisements
7 comments
  1. Kunal Talwar said:

    If I am reading the Eyal-Sirer blog post correctly, there is no 25% security right now. The protocol is susceptible to any small group misbehaving. They propose a fix that will lead to it being resistant to collusions less than 25% in size. Am I missing something?

    • Collusion leads to a fork, which would have negative effects on Bitcoin as a whole. Essentially, no rational miner would ever partake in any type of attack against Bitcoin. If the attack were to succeed, Bitcoin would be a failure and the attackers would have gained nothing. If the attack were to fail, well then the miner wasted his or her time.

  2. Author of the Bitcoin Magazine article here.

    > If I am reading the Eyal-Sirer blog post correctly, there is no 25% security right now. The protocol is susceptible to any small group misbehaving. They propose a fix that will lead to it being resistant to collusions less than 25% in size. Am I missing something?

    A 1% attack requires the attacker to (1) have so many more nodes than the rest of the network to be able to instantly transmit their own blocks, and (2) to be able to essentially censor legitimate blocks. Even if we grant that (1) is doable, (2) is not. Large Bitcoin miners and businesses have proprietary links to each other, so network censorship by throwing dummy nodes into the network is impossible. I would say their gamma parameter should not be much higher than 0.5 today (so we basically have >20% security).

    > In short, Selfish Mining isn’t tenable for even the most selfish of Bitcoin miners.

    Not necessarily. Here’s what you could do:

    1. Buy a miner
    2. Short a mining contract for the same amount of GH/s
    3. Join a selfish pool

    If you do (1) and (2), you have zero net exposure to the Bitcoin ecosystem, so (3) in theory makes economic sense.

    So I think the better point to make is to specifically point out that my above scenario is highly contrived and game-theoretic models don’t always reflect reality.

    • As you mentioned in your article, the infrastructure that could bring the theory closer to reality isn’t here yet and is more likely to be of concern 20 years down the road.

      I wonder how long until we see USD or EUR valued mining contracts, but I’d be willing to bet that a fork of any sort would be written in to void said contract :P.

      PS: Your writing is an inspiration.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: