bitcoin mining is vulnerable
play

Bitcoin Mining is Vulnerable Ittay Eyal and Emin G un Sirer - PowerPoint PPT Presentation

Jan 22, 2023 •283 likes •632 views

Majority is not Enough: Bitcoin Mining is Vulnerable Ittay Eyal and Emin G un Sirer 2019.03.25 1 Ittay Eyal 2 Cryptocurrencies Popular algorithm: PoW 4 Proof-of-Work Mining They use blockcha kchain to run without a trusted third

  1. Majority is not Enough: Bitcoin Mining is Vulnerable Ittay Eyal and Emin G ¨ un Sirer 2019.03.25 1

  2. Ittay Eyal 2

  3. Cryptocurrencies

  4. Popular algorithm: PoW 4

  5. Proof-of-Work Mining  They use blockcha kchain to run without a trusted third party.  Miners generate blocks by spending their comp mputatio utationa nal power er.  If a miner generates a valid block, he earns re rewar ard d for t r the block.  This process is competi etiti tive ve. 12.5 5 BTC (N (N-1) 1)-th th Block New Block ock N-th th Bloc ock k (N+1)-th th Block Block ockch chain ain Miner ner

  6. Mining Difficulty Inc ncrease! rease! iculty ulty Diffic Di Ti Time From “https://blockchain.info”

  7. Can we earn the extra reward through fork?  The change of mining difficulty  Validators consider the expected relative revenue per one round (10 mins) as their payoff. 7

  8. Can we earn the extra reward through fork?  The change of mining difficulty  Validators consider the expected relative revenue per one round (10 mins) as their payoff. If a miner possesses 10% of the total computational power? 8

  9. Can we earn the extra reward through fork?  The change of mining difficulty  Validators consider the expected relative revenue per one round (10 mins) as their payoff. If a miner possesses 10% of the total He earns ns 10% of of t the tota tal l reward. ard. computational power? 9

  10. Poisson distribution  The Poisson distribution expresses the probability of a given number of events occurring in a fixed interval of time or space if these events occur with a known constant rate and indepen ependently dently of the time since the last event. Pr[𝑙 events in one interval]=𝑓 −𝜇 𝜇 𝑙 𝑙! 10

  11. Poisson distribution  The Poisson distribution expresses the probability of a given number of events occurring in a fixed interval of time or space if these events occur with a known constant rate and indepen ependently dently of the time since the last event. Pr[𝑙 events in one interval]=𝑓 −𝜇 𝜇 𝑙 𝑙! In the he Bi Bitco coin in sy syst stem em, , one event nt means ns a ge generat ration ion of o one block ck. 11

  12. The 51% Attack 12

  13. 51% Attack  Majority of hashing power has voted for transactions on longest chain. – It is costly to increase voting power – Players are not motivated to cheat  If any party controls majority of hashing power, they can: – Undo the past – Deny mining rewards – Undermine the currency

  14. Goldfinger Attack  In the James Bond movie….  The attacker’s goal is to destroy Bitcoin by executing the 51% attack.  Is a realistic attack?

  15. Selfish Mining 15

  16. Selfish Mining  Forks – Due to the nonzero block propagation delay, nodes can have different views. – When a fork occurs, only one block becomes valid. Which of two blocks should I choose as a main (N+1)-th th Bl Block chain? N-th th Bloc ock k (N-1) (N 1)-th th Block (N+1)-th th Block Fork

  17. Selfish Mining  Generate intentional forks adaptively. – An attacker finds a valid block and propagates the block when en anot other her bloc ock k is found d by an honest est node.  Force the honest miners into wasting victims’ computations on the stale public branch.

  18. Strategy 18

  19. Strategy 19

  20. Strategy 20

  21. Strategy 21

  22. Strategy 22

  23. Analysis  The states of the system represent the lead of the selfish pool; that is, the difference between the number of unpublished blocks in the pool’s private branch and the length of the public branch. 23

  24. State Probabilities 24

  25. Simulation  𝛿: An attacker’s network capability  When an attacker possesses more than 33% computational power, the attacker can always earn extra rewards.

  26. Observation 26

  27. Observation The e selfi lfish sh poo ool l wou ould ld there refor fore e increa rease se in size, e, unop opposed posed by any y mechan chanism ism, , tow owards ards a majo ajori rity ty . 27

  28. Countermeasure  When a miner learns of competing branches of the same length, it should propagate all of them, and choose which one to mine on unif iform ormly ly at rand ndom. 1 1 𝛿 = 2 , Threshold= 4 28

  29. Selfish Mining

  30. Selfish Mining Im Impra practical! ctical!

  31. Concurrent paper  Theoretical Bitcoin Attacks with less than Half of the Computational Power 31

  32. Impractical  The value of γ cannot be 1 because when the intentional fork occurs, the honest miner who generated a block will select his block, not that of the selfish miner.  Honest miners can easily detect that their pool manager is a selfish mining attacker. – If the manager does not propagate blocks immediately when honest miners generate blocks, the honest miners will know that their pool manager is an attacker. – The blockchain has an abnormal shape when a selfish miner exists.

  33. Optimal selfish mining  Optimal selfish mining strategies in bitcoin  Stubborn mining: Generalizing selfish mining and combining with an eclipse attack ….. 33

  34. Yu Yujin jin Kwon on dbwls872 wls8724@kaist 4@kaist.ac .ac.kr .kr

Recommend

Bitcoin Mining The Task of Bitcoin Miners Mining Hardware Energy Consumption &

Bitcoin Mining The Task of Bitcoin Miners Mining Hardware Energy Consumption &

Cryptocurrency Technologies Bitcoin Mining Bitcoin Mining The Task of Bitcoin Miners Mining Hardware Energy Consumption & Ecology Mining Pools Mining Incentives and Strategies Recap: Bitcoin Miners Bitcoin depends on

821 views • 35 slides
On the insecurity of quantum Bitcoin mining arXiv:1804.08118 Or Sattath, Ben-Gurion University

On the insecurity of quantum Bitcoin mining arXiv:1804.08118 Or Sattath, Ben-Gurion University

On the insecurity of quantum Bitcoin mining arXiv:1804.08118 Or Sattath, Ben-Gurion University QCrypt 2018 SUMMARY The Bitcoin network will become less secure once Bitcoin miners use a quantum computer. Quantum Bitcoin mining a high

872 views • 24 slides
All about mining Joseph Bonneau Recap: Bitcoin miners Bitcoin depends on miners to: Store

All about mining Joseph Bonneau Recap: Bitcoin miners Bitcoin depends on miners to: Store

Lecture 4 All about mining Joseph Bonneau Recap: Bitcoin miners Bitcoin depends on miners to: Store and broadcast the block chain Validate new transactions Vote (by hash power) on consensus Who are the miners? Lecture 4.1: The

1.16k views • 99 slides
Mining Pools Prof. Tom Austin San Jos State University Review: Bitcoin mining Miners

Mining Pools Prof. Tom Austin San Jos State University Review: Bitcoin mining Miners

Cryptocurrencies & Security on the Blockchain Mining Pools Prof. Tom Austin San Jos State University Review: Bitcoin mining Miners verify transactions Must find a proof-of-work. Reward: newly generated bitcoins, plus

796 views • 28 slides
Mining, network, economics Joseph Bonneau Recap: Bitcoin miners

Mining, network, economics Joseph Bonneau Recap: Bitcoin miners

Lecture 2 Mining, network, economics Joseph Bonneau Recap: Bitcoin miners Bitcoin depends on miners to: Store and broadcast the block chain Validate new transactions Vote (by hash

1.1k views • 98 slides
Introduc)on to Bitcoin CONTENTS What is Bitcoin Who created it? Who prints it? How does Bitcoin

Introduc)on to Bitcoin CONTENTS What is Bitcoin Who created it? Who prints it? How does Bitcoin

Introduc)on to Bitcoin CONTENTS What is Bitcoin Who created it? Who prints it? How does Bitcoin work? The characteris5cs of Bitcoin WHAT IS BITCOIN Bitcoin is a form of digital currency, created and held electronically. No one controls it.

839 views • 17 slides
Mechanics of Bitcoin Bitcoin Transactions Bitcoin Scripts Applications of Bitcoin

Mechanics of Bitcoin Bitcoin Transactions Bitcoin Scripts Applications of Bitcoin

Cryptocurrency Technologies Mechanics of Bitcoin Mechanics of Bitcoin Bitcoin Transactions Bitcoin Scripts Applications of Bitcoin Scripts Bitcoin Blocks The Bitcoin Network Limitations and Improvements Mechanics of

695 views • 33 slides
Bitcoin vs. Bitcoin Cash: Coexistence or Downfall of Bitcoin Cash? Yujin Kwon* , Hyoungshick Kim

Bitcoin vs. Bitcoin Cash: Coexistence or Downfall of Bitcoin Cash? Yujin Kwon* , Hyoungshick Kim

Bitcoin vs. Bitcoin Cash: Coexistence or Downfall of Bitcoin Cash? Yujin Kwon* , Hyoungshick Kim , Jinwoo Shin*, Yongdae Kim* *KAIST, Sungkyunkwan University 1 Governance conflict The number of Bitcoin transaction per month Bad scala bility

731 views • 46 slides
Optimising the SHA256 Hashing Algorithm for Faster and More Efficient Bitcoin Mining Presented

Optimising the SHA256 Hashing Algorithm for Faster and More Efficient Bitcoin Mining Presented

Optimising the SHA256 Hashing Algorithm for Faster and More Efficient Bitcoin Mining Presented by: Rahul P. Naik (12026189) Supervisor: Dr. Nicolas T. Courtois MSc Information Security DEPARTMENT OF COMPUTER SCIENCE September 17, 2013

579 views • 33 slides
Bitcoin as a Platform We have built Bitcoin. What can we build on top of it? Commitments

Bitcoin as a Platform We have built Bitcoin. What can we build on top of it? Commitments

Cryptocurrency Technologies Bitcoin as a Platform Bitcoin as a Platform We have built Bitcoin. What can we build on top of it? Commitments Token tracking Multiparty lotteries Public randomness Prediction markets A fine stew

714 views • 38 slides
Attacks on PoW systems Yujin Kwon KAIST 1 Various Attacks Double Spending Generate

Attacks on PoW systems Yujin Kwon KAIST 1 Various Attacks Double Spending Generate

Attacks on PoW systems Yujin Kwon KAIST 1 Various Attacks Double Spending Generate forks intentionally Selfish mining Generate forks intentionally Majority Is Not Enough: Bitcoin Mining Is Vulnerable, FC 2014

466 views • 46 slides
Bitcoin Selfish Mining Marie Vasek Secure Electric Commerce (some slides heavily inspired by Dr.

Bitcoin Selfish Mining Marie Vasek Secure Electric Commerce (some slides heavily inspired by Dr.

Bitcoin Selfish Mining Marie Vasek Secure Electric Commerce (some slides heavily inspired by Dr. Moore) s k c a t t a g n i d l o h h t i w k c o l b y r a r o p m e T n i o c t i B Bitcoin Selfish

567 views • 14 slides
On instabilities of the Bitcoin protocol Ricardo P erez-Marco @rperezmarco CNRS, IMJ-PRG,

On instabilities of the Bitcoin protocol Ricardo P erez-Marco @rperezmarco CNRS, IMJ-PRG,

Dynamical instability Perdurance of the Bitcoin protocol. Hard forks Double spend attacks Catch-up mining instability On instabilities of the Bitcoin protocol Ricardo P erez-Marco @rperezmarco CNRS, IMJ-PRG, Univ. Paris 7 Breaking

1.23k views • 85 slides
Information Propagation in the Bitcoin Network Christian Decker ETH Zurich Distributed

Information Propagation in the Bitcoin Network Christian Decker ETH Zurich Distributed

Information Propagation in the Bitcoin Network Christian Decker ETH Zurich Distributed Computing Group www.disco.ethz.ch What is Bitcoin? What is Bitcoin? + What is Bitcoin? = + Whats it worth? USD / Bitcoin exchange price 300

752 views • 48 slides
Distributed Synthetic Data Platform for Deep Learning Applications BITCOIN OR ETHER AMAZON DEEP

Distributed Synthetic Data Platform for Deep Learning Applications BITCOIN OR ETHER AMAZON DEEP

Distributed Synthetic Data Platform for Deep Learning Applications BITCOIN OR ETHER AMAZON DEEP MINING LEARNING BITCOIN OR AMAZON DEEP The AI industry is ready to x 6 ETHER MINING LEARNING pay miners for their computational resources GPU

222 views • 18 slides
SELFISH MINING RE-EXAMINED Kevin Alarcn Negy 1 , Peter Rizun 2 , Emin Gn Sirer 1 1 Computer

SELFISH MINING RE-EXAMINED Kevin Alarcn Negy 1 , Peter Rizun 2 , Emin Gn Sirer 1 1 Computer

SELFISH MINING RE-EXAMINED Kevin Alarcn Negy 1 , Peter Rizun 2 , Emin Gn Sirer 1 1 Computer Science Department, Cornell University 2 Bitcoin Unlimited Bitcoin folk theorems Incentive compatibility Hash power is proportional to winnings

591 views • 39 slides
Bitcoin Tom Anderson Bitcoin Network of bitcoin peers (servers) run by volunteers Peers

Bitcoin Tom Anderson Bitcoin Network of bitcoin peers (servers) run by volunteers Peers

Bitcoin Tom Anderson Bitcoin Network of bitcoin peers (servers) run by volunteers Peers are not trusted: may be greedy or corrupt Each peer knows about all bitcoins and transactions Transaction (sender -> receiver): sender

958 views • 23 slides
Intro to Bitcoin Research or Why Bitcoin is a full employment act for security engineers

Intro to Bitcoin Research or Why Bitcoin is a full employment act for security engineers

Intro to Bitcoin Research or Why Bitcoin is a full employment act for security engineers Joseph Bonneau CITP, Princeton Thanks to Andrew Miller, Arvind Narayanan, Jeremy Clark, Joshua Kroll, Ed Felten Part I: Bitcoin in 6 easy steps

752 views • 32 slides
Bitcoin and Anonymity Anonymity Basics How to de-anonymize Bitcoin Mixing

Bitcoin and Anonymity Anonymity Basics How to de-anonymize Bitcoin Mixing

Cryptocurrency Technologies Bitcoin and Anonymity Bitcoin and Anonymity Anonymity Basics How to de-anonymize Bitcoin Mixing Decentralized Mixing Zerocoin and Zerocash Tor and the Silk Road Bitcoin and Anonymity

524 views • 39 slides
Regulation of Bitcoin Jerry Brito Coin Center coincenter.org Is Bitcoin regulated? Is Bitcoin

Regulation of Bitcoin Jerry Brito Coin Center coincenter.org Is Bitcoin regulated? Is Bitcoin

Regulation of Bitcoin Jerry Brito Coin Center coincenter.org Is Bitcoin regulated? Is Bitcoin regulated? The so far unregulated digital currency has courted controversy because of its volatile value and its popularity among

1.17k views • 51 slides
Proof of Stake Recap Bitcoin Incentives Block subsidy Transaction fees Recap

Proof of Stake Recap Bitcoin Incentives Block subsidy Transaction fees Recap

Proof of Stake Recap Bitcoin Incentives Block subsidy Transaction fees Recap Proof of Work Mining Transactions UTXO Nakamoto Consensus Longest chain Recap Scripting Bitcoin Stack Machine Recap

4.84k views • 47 slides
nix-bitcoin robust Lightning nodes for hackers github.com/fort-nix/nix-bitcoin 2019-06-01

nix-bitcoin robust Lightning nodes for hackers github.com/fort-nix/nix-bitcoin 2019-06-01

nix-bitcoin robust Lightning nodes for hackers github.com/fort-nix/nix-bitcoin 2019-06-01 @n1ckler A smart home A Bitcoin node A lonely datacenter Robustness Do you trust binaries from some cache or do you build from source? Do

411 views • 29 slides
Bitcoin CS 161: Computer Security Prof. Raluca Ada Poipa April 24, 2018 What is Bitcoin?

Bitcoin CS 161: Computer Security Prof. Raluca Ada Poipa April 24, 2018 What is Bitcoin?

Bitcoin CS 161: Computer Security Prof. Raluca Ada Poipa April 24, 2018 What is Bitcoin? Bitcoin is a cryptocurrency: a digital currency whose rules are enforced by cryptography and not by a trusted party (e.g., bank) Core ideal: avoid

1.02k views • 36 slides
Algorand: Scaling Byzantine Agreements for Cryptocurrencies Hyunjin Kim KAIST Introduction

Algorand: Scaling Byzantine Agreements for Cryptocurrencies Hyunjin Kim KAIST Introduction

Algorand: Scaling Byzantine Agreements for Cryptocurrencies Hyunjin Kim KAIST Introduction Previous Presentations: How secure PoW is? -Attack on Bitcoin Mining pool -Attack on Bitcoin Communication -Attack on Bitcoin Consensus

601 views • 46 slides

More recommend