ceClub: Majority is not Enough: Bitcoin Mining is Vulnerable

Ittay Eyal (Cornell University)
Wednesday, 24.12.2014, 11:30
EE Meyer Building 1007

The Bitcoin cryptocurrency records its transactions in a public log called the blockchain. Its security rests critically on the distributed protocol that maintains the blockchain, run by participants called miners. Conventional wisdom had asserted that the protocol was incentive-compatible and secure against colluding minority groups, i.e., it incentivized miners to follow the protocol as prescribed.

I will show that the Bitcoin protocol is not incentive-compatible by presenting an attack with which colluding miners obtain a revenue larger than their fair share. This attack can have significant consequences for Bitcoin: Rational miners would prefer to join the selfish miners, and the colluding group would increase in size until it became a majority. At this point, the Bitcoin system ceases to be a decentralized currency.

Selfish mining may be feasible for any group size of colluding miners. However, a practical modification to the Bitcoin protocol can protect against selfish mining pools that command less than 1/4 of the resources. This threshold is lower than the wrongly assumed 1/2 bound, but better than the current reality where a group of any size can compromise the system.

Ittay is a post-doctoral associate in the Department of Computer Science in Cornell University. He completed his PhD in the Technion in 2012 under the supervision of Prof. Idit Keidar and Prof. Raphi Rom. Ittay's main research interests are the security and scalability of the Blockchain protocol (on which Bitcoin runs) and consistent distributed storage algorithms.

Back to the index of events