51% Attacks - Pools and Game Theory

51% ATTACKS – POOLS AND GAME THEORYGAME THEORETIC PERSPECTIVE ON THE BLOCK SIZE LIMIT AND THE SECURITY OF THE BITCOIN NETWORK

STATEMENTS

• Gavin’s proposal (50% block size increase/ year) would break the mining incentive scheme

• (some) 51% attacks cannot be detected and are very likely

• Bitcoin will naturally without a hardfork evolve to a POW/POS mixture

MINING REWARD & BLOCK SIZE LIMIT (1/4)

MINING REWARD & BLOCK SIZE LIMIT (2/4)- Nash equilibrium

- Real „Transaction Fee Death Spiral“

- Your pool always performs better if it accepts lower fees

Mining fees will converge to the cost of including a transaction vs. not including a transaction

MINING REWARD & BLOCK SIZE LIMIT (3/4)

X | 25 BTC X+1 | 25 BTC

X+1 | 25 BTC 10% * 25 = 2.5

X+2 | 25 BTC 99% * 25 = 24.75

MINING REWARD & BLOCK SIZE LIMIT (4/4)

Empty mempool problem

X | 5 BTC X+1 | 5 BTC

X+1 | 5 BTC10% * 5 = 0.5

X+2 | 0.1 BTC 99% * 0.1 = 0.099

THE BLOCK SIZE LIMIT HAS TO MAKE TRANSACTIONS SCARCE AND THEREFORE VALUABLE

Proposal: dynamic block size limit based on transactions and transaction fees of the last 2016 blocks

BITCOIN WITH CLOSE TO 0 MINING SUBSIDY

Assumption:

The avarge Bitcoin user holds $100,000 in Bitcoin

What would they be willing to pay in fees in total in one year?

=> SAME RATIO AS MARKETCAP/ COST OF ATTACKING

Bitcoin market cap

mining reward

money into mining

cost of acquiring 51%

INCENTIVE CHALLENGES TODAY

30% HR = 30% MR = 0.3

Adding 1% HR= 31% MR / 0.31

= 31/101 = 30,69% = 0.3069 (diff = 0.0069)

Cannibalizing pools:

1/71* 0,7 = 0,0098

POOL – WARSADDING 1% HASH RATE

POOL – WARSWORTH OF AN ORPHANED BLOCKWorth of orphaned block in other pools = HR share * block reward

Cost of orphaned block in your pool = % of pool HR * block reward

“parasitizing pools”

Parasitizing cont.

Regular reward

Mining contribution

Reward of mining pool

Full reward

POTENTIAL SOLUTION

• Increase reward for a block significantly compared to a share

• Closed pools

VALUE OF A 51% ATTACK

Big attacks:

•Shorting: value of destroying the value

•Value of getting 100% of the miners reward

Undetectable attacks:

•Selfish mining•Increasing the share of participants

Bitcoin market cap

mining reward

money into mining

cost of acquiring 51%

NUMBERS

1) Mining reward ≈ money into mining

2) Cost of acquiring 51% < money into mining

3) Worth of a 51% attack ≥ mining reward

4) Worth of a 51% attack > cost of acquiring 51%

POOL – WARSLIKELY ATTACK

• Three pools colluding:

• Ignoring every 10th block of another pool

HISTORICAL CENTRALIZATION OF POOLS

POOL – WARSLIKELY ATTACKTHE UNWANTED COALITION

• Create a block with a timestamp 2h+epsilon in the future

POOL – WARSLIKELY ATTACK – GOLDFINGER REWARD

X | 25 BTC

X+2 B | 25 BTC

X+2 A | 25 BTC + 1 from A

X +1 A | 25 BTC

X +1 B | 25 BTC

MEMBERS ONLY MINING

1. To increase earnings someone needs to be excluded

2. Let hashrate join until 80% of the network is in

3. As soon as >55% of blocks are created by members – start giving none-member blocks a higher diff.

1. Overall difficulty will go down

2. Every participating miner/pool will become its own difficulty (minimum the network diff) -> HR increase will have smaller effect

-> Mixture of POW and POW share in the past

5 STEPS TO DO A 51% ATTACK

1. Publish mining software with higher EV

1. Mine on new headers (but validate it asap)

2. More „flexible“ 2 hours rule

3. Decide for fork with own block version number

4. Make miner aware of „Goldfinger“ reward

5. „Members only“ functionality

2. Create a pool with stickiness

1. New members will receive only 90% for shares in the first 2 weeks, after 2 weeks 110% (ponzi scheme)

3. Create unwanted coalitions (timestamp attack)

4. Atack other pools with cannibalizing pools

5. Eventually switch to members only

STATEMENTS

• Hashrate/POW does NOT secure Bitcoin/transactions – full nodes do! POW only distributes votes.

• Other mechanics for vote distribution are maybe fine

FUNDING MINERS:

INSURANCE CONTRACT BOUND TO % OF ORPHANED BLOCKS

RANDOM THOUGHTS

• Make transactions only valid after a specific block (proof of activity)

• Pools and pool members establish a trust relation (not possible for small members)

• Change to a mix of proof of stake and POW

• Block chain limit debate – in case of a hard fork not the majority of hashrate decides but merchants and exchanges