51% attacks - pools and game theory
TRANSCRIPT
51% ATTACKS – POOLS AND GAME THEORYGAME THEORETIC PERSPECTIVE ON THE BLOCK SIZE LIMIT AND THE SECURITY OF THE BITCOIN NETWORK
STATEMENTS
• Gavin’s proposal (50% block size increase/ year) would break the mining incentive scheme
• (some) 51% attacks cannot be detected and are very likely
• Bitcoin will naturally without a hardfork evolve to a POW/POS mixture
MINING REWARD & BLOCK SIZE LIMIT (1/4)
MINING REWARD & BLOCK SIZE LIMIT (2/4)- Nash equilibrium
- Real „Transaction Fee Death Spiral“
- Your pool always performs better if it accepts lower fees
Mining fees will converge to the cost of including a transaction vs. not including a transaction
MINING REWARD & BLOCK SIZE LIMIT (3/4)
X | 25 BTC X+1 | 25 BTC
X+1 | 25 BTC 10% * 25 = 2.5
X+2 | 25 BTC 99% * 25 = 24.75
MINING REWARD & BLOCK SIZE LIMIT (4/4)
Empty mempool problem
X | 5 BTC X+1 | 5 BTC
X+1 | 5 BTC10% * 5 = 0.5
X+2 | 0.1 BTC 99% * 0.1 = 0.099
THE BLOCK SIZE LIMIT HAS TO MAKE TRANSACTIONS SCARCE AND THEREFORE VALUABLE
Proposal: dynamic block size limit based on transactions and transaction fees of the last 2016 blocks
BITCOIN WITH CLOSE TO 0 MINING SUBSIDY
Assumption:
The avarge Bitcoin user holds $100,000 in Bitcoin
What would they be willing to pay in fees in total in one year?
=> SAME RATIO AS MARKETCAP/ COST OF ATTACKING
Bitcoin market cap
mining reward
money into mining
cost of acquiring 51%
INCENTIVE CHALLENGES TODAY
30% HR = 30% MR = 0.3
Adding 1% HR= 31% MR / 0.31
= 31/101 = 30,69% = 0.3069 (diff = 0.0069)
Cannibalizing pools:
1/71* 0,7 = 0,0098
POOL – WARSADDING 1% HASH RATE
POOL – WARSWORTH OF AN ORPHANED BLOCKWorth of orphaned block in other pools = HR share * block reward
Cost of orphaned block in your pool = % of pool HR * block reward
“parasitizing pools”
Parasitizing cont.
Regular reward
Mining contribution
Reward of mining pool
Full reward
POTENTIAL SOLUTION
• Increase reward for a block significantly compared to a share
• Closed pools
VALUE OF A 51% ATTACK
Big attacks:
•Shorting: value of destroying the value
•Value of getting 100% of the miners reward
Undetectable attacks:
•Selfish mining•Increasing the share of participants
Bitcoin market cap
mining reward
money into mining
cost of acquiring 51%
NUMBERS
1) Mining reward ≈ money into mining
2) Cost of acquiring 51% < money into mining
3) Worth of a 51% attack ≥ mining reward
4) Worth of a 51% attack > cost of acquiring 51%
POOL – WARSLIKELY ATTACK
• Three pools colluding:
• Ignoring every 10th block of another pool
HISTORICAL CENTRALIZATION OF POOLS
POOL – WARSLIKELY ATTACKTHE UNWANTED COALITION
• Create a block with a timestamp 2h+epsilon in the future
POOL – WARSLIKELY ATTACK – GOLDFINGER REWARD
X | 25 BTC
X+2 B | 25 BTC
X+2 A | 25 BTC + 1 from A
X +1 A | 25 BTC
X +1 B | 25 BTC
MEMBERS ONLY MINING
1. To increase earnings someone needs to be excluded
2. Let hashrate join until 80% of the network is in
3. As soon as >55% of blocks are created by members – start giving none-member blocks a higher diff.
1. Overall difficulty will go down
2. Every participating miner/pool will become its own difficulty (minimum the network diff) -> HR increase will have smaller effect
-> Mixture of POW and POW share in the past
5 STEPS TO DO A 51% ATTACK
1. Publish mining software with higher EV
1. Mine on new headers (but validate it asap)
2. More „flexible“ 2 hours rule
3. Decide for fork with own block version number
4. Make miner aware of „Goldfinger“ reward
5. „Members only“ functionality
2. Create a pool with stickiness
1. New members will receive only 90% for shares in the first 2 weeks, after 2 weeks 110% (ponzi scheme)
3. Create unwanted coalitions (timestamp attack)
4. Atack other pools with cannibalizing pools
5. Eventually switch to members only
STATEMENTS
• Hashrate/POW does NOT secure Bitcoin/transactions – full nodes do! POW only distributes votes.
• Other mechanics for vote distribution are maybe fine
FUNDING MINERS:
INSURANCE CONTRACT BOUND TO % OF ORPHANED BLOCKS
RANDOM THOUGHTS
• Make transactions only valid after a specific block (proof of activity)
• Pools and pool members establish a trust relation (not possible for small members)
• Change to a mix of proof of stake and POW
• Block chain limit debate – in case of a hard fork not the majority of hashrate decides but merchants and exchanges