Affiliation:
1. Technion, Haifa, Israel
2. Cornell University, Ithaca, NY
Abstract
The Bitcoin cryptocurrency records its transactions in a public log called the blockchain. Its security rests critically on the distributed protocol that maintains the blockchain, run by participants called miners. Conventional wisdom asserts that the mining protocol is incentive-compatible and secure against colluding minority groups, that is, it incentivizes miners to follow the protocol as prescribed.
We show that the Bitcoin mining protocol is not incentive-compatible. We present an attack with which colluding miners' revenue is larger than their fair share. The attack can have significant consequences for Bitcoin: Rational miners will prefer to join the attackers, and the colluding group will increase in size until it becomes a majority. At this point, the Bitcoin system ceases to be a decentralized currency.
Unless certain assumptions are made, selfish mining may be feasible for any coalition size of colluding miners. We propose a practical modification to the Bitcoin protocol that protects Bitcoin in the general case. It prohibits selfish mining by a coalition that command less than 1/4 of the resources. This threshold is lower than the wrongly assumed 1/2 bound, but better than the current reality where a coalition of any size can compromise the system.
Publisher
Association for Computing Machinery (ACM)
Reference25 articles.
1. Andresen G. March 2013 chain fork post-mortem. BIP 50 en.bitcoin.it/wiki/BIP_50 retrieved Sep. 2013. Andresen G. March 2013 chain fork post-mortem. BIP 50 en.bitcoin.it/wiki/BIP_50 retrieved Sep. 2013.
2. On bitcoin and red balloons
Cited by
360 articles.
订阅此论文施引文献
订阅此论文施引文献,注册后可以免费订阅5篇论文的施引文献,订阅后可以查看论文全部施引文献