Information Technology News.


More on Bitcoin's reward mechanism to miners

Share on Twitter.

Sponsered ad: Get a Linux Enterprise server with 92 Gigs of RAM, 16 CPUs and 8 TB of storage at our liquidation sale. Only one left in stock.

Sponsered ad: Order the best SMTP service for your business. Guaranteed or your money back.

March 13, 2017

It's now well known that Bitcoin's reward mechanism to its miners is based on publishing a complex solution to the block chain itsself.

But what if a smart mathematician was successful in reversing this and instead rewarded the miners for withholding their solutions? Ever thought of that?

The simple answer: a pool of miners in which someone withheld solutions would collapse. The surprising, longer answer however, presented in a whitepaper at the International Association for Cryptologic Research (IACR) is that the attacker could conceivably end up in the black just the same.

Yaron Velner from the Hebrew University of Jerusalem, Jason Teutsch of the University of Alabama at Birmingham and Loi Luu from the National University of Singapore wrote that the problem arises in the mining pools that now account for most Bitcoin computations.

Although this isn't exactly clear, some estimates run as much as 95 percent of all computations. That's big.

Withholding attacks have been discussed since early in the blockchain's history, but Bitcoin's pretty resilient against them because if you want to mine coins and not tell anyone, you need enough computing power to be a miner. That means a lot of cash outlay for a very slim return in deed.

The Velner/Teutsch/Luu team suggests that rewarding others to withhold is a lot more affordable, for the following reasons.

“In this work, we propose to pay other miners to withhold blocks. An attacker with only 0.0000002 percent of Bitcoin’s computation power can reduce the revenue of a big pool to absolute zero without any financial losses on his side. In fact, the theoretical outcome of our attack (if miners are fully rational) is equivalent to a classical block withholding attack in which a miner rents Bitcoin’s entire hashing power and withholds all the blocks that he finds.”

But let's take a closer look at this. Satoshi Nakamoto, Bitcoin's inventor back in 2010 wrote a paper at that time mentioning block withholding attacks as “an attacker trying to generate an alternate chain faster than the honest chain”. So even he was aware of it at such an early date.

Block withholding has been typically regarded as a double-spending attack. The paper is a manipulation of the value of Bitcoin held in various pools, and should be treated as that, although some may not agree.

Each time a Bitcoin is successfully mined, that is, someone's miner finds the next solution, the math gets a little bit harder, and the next solution will take longer, or it'll need more computing power to find.

If blocks aren't published, they're not included in the assumption that makes Bitcoin progressively more difficult, and the result is that the attacker “benefits from reducing the effective hash rate of the entire network”.

Only if they can do it for a small outlay and that's where this attack is different. Instead of doing the mining themselves, an attacker with a modest home-scale setup can disrupt pools, and this is what it's all about.

The requirement, the authors write, is merely that the “the fraction of the network’s hashing rate controlled by the attacker” is greater than “a miner’s reward for submitting a full solution to the pool”. And they have a point there.

“The mining power is currently equivalent to about 4 TH/s (tera-hashes per second), which is obtainable by modern ASICs. Moreover, a miner with N ASICs could offer a reward that is N times higher and still make a profit.”

Were someone with the capability to mount an attack, they'd need their miners to prove they're holding valid blocks, and that's one reason withholding attacks don't happen: storage sufficient for the minion to submit a proof to the attacker is extremely expensive.

Instead, the attack asks only for a “proof of stale work” to validate that they're performing sha256 operations over some data without an intention of submitting full solutions to the blockchain.

When the withholder allocates his mining equipment for stale work, the effective hash power of the network is greatly reduced in the process.

Crucially, because it's an attack on the pool mining protocol, the authors note that their attack does not affect the Nakamoto consensus that protects the truth of the Bitcoin blockchain. And that's what it really all boils down to.

Source: The Velner/Teutsch/Luu team.


Sponsered ad: Get a Linux Enterprise server with 92 Gigs of RAM, 16 CPUs and 8 TB of storage at our liquidation sale. Only one left in stock.

Sponsered ad: Order the best SMTP service for your business. Guaranteed or your money back.

Share on Twitter.

IT News Archives | Site Search | Advertise on IT Direction | Contact | Home

All logos, trade marks or service marks on this site are the property of their respective owners.

Sponsored by Sure Mail™, Avantex and
by Montreal Server Colocation.

       © IT Direction. All rights reserved.