attacks on pow systems
play

Attacks on PoW systems Yujin Kwon KAIST 1 Various Attacks Double - PowerPoint PPT Presentation

Attacks on PoW systems Yujin Kwon KAIST 1 Various Attacks Double Spending Generate forks intentionally Selfish mining Generate forks intentionally Majority Is Not Enough: Bitcoin Mining Is Vulnerable, FC 2014


  1. Attacks on PoW systems Yujin Kwon KAIST 1

  2. Various Attacks  Double Spending – Generate forks intentionally  Selfish mining – Generate forks intentionally  “Majority Is Not Enough: Bitcoin Mining Is Vulnerable”, FC 2014  Block withholding (BWH) attack – Exploit the pools’ protocol – It is possible to launch the BWH attack each other.  “The Miner’s Dilemma”, SP 2016  “On Power Splitting Games in Distributed Computation: The Case of Bitcoin Pooled Mining”, CSF 2016  Fork after withholding (FAW) attack – Generate forks intentionally through pools 2

  3. Various Attacks  Double Spending – Generate forks intentionally  Selfish mining – Generate forks intentionally  “Majority Is Not Enough: Bitcoin Mining Is Vulnerable”, FC 2014  Block withholding (BWH) attack – Exploit the pools’ protocol – It is possible to launch the BWH attack each other.  “The Miner’s Dilemma”, SP 2016  “On Power Splitting Games in Distributed Computation: The Case of Bitcoin Pooled Mining”, CSF 2016  Fork after withholding (FAW) attack – Generate forks intentionally through pools 3

  4. The Miner’s Dilemma Ittay Eyal Cornell University 2015 IEEE Symposium on Security and Privacy

  5. Mining Pool Others rs 8% 8% Others rs Litecoi oin AntPool ol Others rs Ethpool ool 21% 21% 6% 6% 23% 23% 23% 23% AntPool ol 27% 27% BW.COM COM 30% 30% 6% 6% Ethfans ans ViaBTC BTC.COM C.COM 8% 8% 10% 10% F2Pool 7% 7% 11% 11% BW.COM COM LTC.top MPH F2Pool 7% 7% 10% 10% 10% 10% BitFury 23% 23% F2Pool nano Slush 11% 11% BTCC 30% 30% 11% 11% 7% 7% 11% 11% Ethereum Litecoin Bitcoin  Miners can organize pools and mine together to reduce the variance of reward.  Currently, major players are pools. 5

  6. Mining Pool Pool manager 1. Give the problem. 𝐼(𝑑𝑝𝑜𝑢𝑓𝑜𝑢𝑡| 𝑜𝑝𝑜𝑑𝑓 < 𝑢𝑏𝑠𝑕𝑓𝑢 ? Workers 6

  7. Mining Pool Partial solutions 463 125 Pool manager 352 432 Full solutions 2. Submit shares. Workers 7

  8. Mining Pool Pool manager 3. Pay the reward. Workers 8

  9. Block Withholding (BWH) Attack 463 125 Pool manager 352 432 Withhold Submit only partial solutions. An Attacker 9

  10. History  2011 : Analysis of Bitcoin Pooled Mining Reward Systems (by Meni Rosenfeld) – “ This has no direct bene fi t for the attacker, only causing harm to the pool operator or participants. ”  2014 : On Subversive Miner Strategies and Block Withholding Attack in Bitcoin Digital Currency – “They showed that an attacker can earn profit by this attack”  2015 : The miner’s dilemma  On Power Splitting Games in Distributed Computation: The Case of Bitcoin Pooled Mining – “Attack strategy && game theory” 10

  11. Block Withholding (BWH) Attack  An attacker joins the victim pool.  She should split her computational power into solo mining and malicious pool mining (BWH attack).  She receives unearned wages while only pretending to contribute work to the pool. Solo Pool Pool BWH Attack Mining Attacker 11

  12. Pool game  Pools can launch the BWH attack each other through infiltration. Infiltration from Pool 1 into Pool 2 Po Pool ol 1 Po Pool ol 2 Infiltration from Pool 2 into Pool 1

  13. Classical BWH attack

  14. BWH attack among pools 𝑛 1 𝑛 2

  15. Analysis 15

  16. Therefore, the case for no attack is not an equilibrium .

  17. Two Pools 𝑛 1 𝑛 2

  18. Analysis 19

  19. The prisoner’s dilemma  The priso soner' ner's s dilemm mma is a standard example of a game analyzed in game theory  Two prisoners are separated into individual rooms and cannot communicate with each other. 21

  20. The Miners’ dilemma From “The Miner’s Dilemma”  The equilibrium reward of the pool is inferi nferior or compared to the no-attack scenario.  The fact that the BWH attack is not ot co commo mmon n may be explained.

  21. The FAW Attack

  22. FAW Attack Against One Pool Submit an FPoW to the pool only Tar arge get t poo ool if others generate another block. Otherwise, throw her FPoW. Pool Pool Solo Mining Attacker Others rs 24

  23. FAW Attack Against One Pool Submit an FPoW to the pool only Tar arge get t poo ool if others generate another block. Otherwise, throw her FPoW. Pool Pool Solo Mining Attacker Others rs  An attacker generates forks intentionally through a pool! 25

  24. FAW vs BWH  When an attacker finds an FPoW through solo mining… FAW/ W/ BWH Attack acker er (N (N-1) 1)-th th Block New Block ock N-th th Bloc ock k (N+1)-th th Block Blockch ockchain ain Victim ctim Othe hers rs 26

  25. FAW vs BWH  When an attacker finds an FPoW through solo mining… FAW/ W/ BWH Attack acker er (N (N-1) 1)-th th Block New Block ock N-th th Bloc ock k (N+1)-th th Block Blockch ockchain ain The attacker earns the block reward. Victim ctim Othe hers rs 27

  26. FAW vs BWH  When an honest miner in the victim pool finds an FPoW … FAW/ W/ BWH Attack acker er (N (N-1) 1)-th th Block New Block ock N-th th Bloc ock k (N+1)-th th Block Blockch ockchain ain Victim ctim Othe hers rs 28

  27. FAW vs BWH  When an honest miner in the victim pool finds an FPoW … FAW/ W/ BWH Attack acker er (N (N-1) 1)-th th Block New Block ock N-th th Bloc ock k (N+1)-th th Block Blockch ockchain ain The victim earns the block reward and shares the reward with the attacker. Victim ctim Othe hers rs 29

  28. FAW vs BWH  When only others find an FPoW … FAW/ W/ BWH Attack acker er (N (N-1) 1)-th th Block New Block ock N-th th Bloc ock k (N+1)-th th Block Blockch ockchain ain Victim ctim Othe hers rs 30

  29. FAW vs BWH  When only others find an FPoW … FAW/ W/ BWH Attack acker er (N (N-1) 1)-th th Block New Block ock N-th th Bloc ock k (N+1)-th th Block Blockch ockchain ain Others earn the block reward. Victim ctim Othe hers rs 31

  30. FAW vs BWH  When the attacker finds an FPoW in the victim pool, and BWH others also find another FPoW … Attack acker er (N (N-1) 1)-th th Block New Block ock N-th th Bloc ock k (N+1)-th th Block Blockch ockchain ain Victim ctim Othe hers rs 32

  31. FAW vs BWH  When the attacker finds an FPoW in the victim pool, and BWH others also find another FPoW … Attack acker er (N (N-1) 1)-th th Block New Block ock N-th th Bloc ock k (N+1)-th th Block Blockch ockchain ain Others earn the block reward. Victim ctim Othe hers rs 33

  32. FAW vs BWH  When the attacker finds an FPoW in the victim pool, and FAW FAW others also find another FPoW … Attack acker er Attacker’s Ne New Block ock (N (N-1) 1)-th th Block N-th th Bloc ock k (N+1)-th th Block Others’ Blockch ockchain ain Ne New Block ock Victim ctim Othe hers rs 34

  33. FAW vs BWH  When the attacker find an FPoW in the victim pool, and FAW FAW others also find another FPoW … Attack acker er Attacker’s New Block Ne ock (N (N-1) 1)-th th Block N-th th Bloc ock k (N+1)-th th Block Others’ Blockch ockchain ain Ne New Block ock I f others’ block is selected as the main chain, others earn the block reward. Victim ctim Othe hers rs 35

  34. FAW vs BWH  When the attacker find an FPoW in the victim pool, and FAW FAW others also find another FPoW … Attack acker er Attacker’s Ne New Block ock (N (N-1) 1)-th th Block N-th th Bloc ock k (N+1)-th th Block Others’ Blockch ockchain ain Ne New Block ock I f the attacker’s block is selected as the main chain, the victim earns the block reward and Victim ctim Othe hers rs shares the reward with the attacker. 36

  35. FAW vs BWH  When the attacker find an FPoW in the victim pool, and FAW FAW others also find another FPoW … Attack acker er Attacker’s New Block Ne ock (N (N-1) 1)-th th Block N-th th Bloc ock k (N+1)-th th Block Others’ Blockch ockchain ain Ne New Block ock The attacker can plant many Sybil nodes in the network to win with higher probability. Victim ctim Othe hers rs 37

  36. FAW Attack Against One Pool  Notation – 𝛽: Computational power of the attacker – 𝛾: Total computational power of a victim pool – 𝛿: The infiltration mining power divided by 𝛽 – 𝑑: Attacker ′ s network capability – 𝑆 𝑏 𝑆 𝑞 : An attacker’s (The victim′s) reward 38

  37. Analysis 39

  38. FAW vs BWH At Attac acker ker Victi tim Others ers FAW AW BWH 40

  39. Numerical Analysis Increasing An attacker’s power The case is equivalent to the case of the BWH attack. Increasing  We can see that the FAW attack is more profitable than the BWH attack numerically. 41

  40. FAW Attack Game  Pools can launch the FAW attack each other through infiltration. Infiltration from Pool 1 to Pool 2 Po Pool ol 1 Po Pool ol 2 Infiltration from Pool 2 to Pool 1 42

  41. Break Dilemma Poo ool 1 c can earn the extra a reward rd in Nash h equilibri rium. um.  FAW attacks between two pools lead to a pool size game: the larger pool can always earn the extra reward. 43

Recommend


More recommend