[PDF] The Economics of Bitcoin Mining, or Bitcoin in the ...

The Economics of Bitcoin Mining, or, Bitcoin in the Presence of Adversaries [PDF]

submitted by moyix to Bitcoin [link] [comments]

Princeton University: The Economics of Bitcoin Mining or, Bitcoin in the Presence of Adversaries

submitted by cryptoevents to Bitcoin [link] [comments]

The Economics of Bitcoin Mining or, Bitcoin in the Presence of Adversaries (WEIS 2013 paper)

submitted by Fredfin to programming [link] [comments]

Hijacking Bitcoin: Routing Attacks on Cryptocurrencies

arXiv:1605.07524
Date: 2017-03-24
Author(s): Maria Apostolaki, Aviv Zohar, Laurent Vanbever

Link to Paper


Abstract
As the most successful cryptocurrency to date, Bitcoin constitutes a target of choice for attackers. While many attack vectors have already been uncovered, one important vector has been left out though: attacking the currency via the Internet routing infrastructure itself. Indeed, by manipulating routing advertisements (BGP hijacks) or by naturally intercepting traffic, Autonomous Systems (ASes) can intercept and manipulate a large fraction of Bitcoin traffic. This paper presents the first taxonomy of routing attacks and their impact on Bitcoin, considering both small-scale attacks, targeting individual nodes, and large-scale attacks, targeting the network as a whole. While challenging, we show that two key properties make routing attacks practical: (i) the efficiency of routing manipulation; and (ii) the significant centralization of Bitcoin in terms of mining and routing. Specifically, we find that any network attacker can hijack few (<100) BGP prefixes to isolate ~50% of the mining power---even when considering that mining pools are heavily multi-homed. We also show that on-path network attackers can considerably slow down block propagation by interfering with few key Bitcoin messages. We demonstrate the feasibility of each attack against the deployed Bitcoin software. We also quantify their effectiveness on the current Bitcoin topology using data collected from a Bitcoin supernode combined with BGP routing data. The potential damage to Bitcoin is worrying. By isolating parts of the network or delaying block propagation, attackers can cause a significant amount of mining power to be wasted, leading to revenue losses and enabling a wide range of exploits such as double spending. To prevent such effects in practice, we provide both short and long-term countermeasures, some of which can be deployed immediately.

References
[1] “A Next-Generation Smart Contract and Decentralized Application Platform ,” https://github.com/ethereum/wiki/wiki/White-Paper.
[2] “Bitcoin Blockchain Statistics,” https://blockchain.info/.
[3] “bitnodes,” https://bitnodes.21.co/.
[4] “Bitnodes. Estimating the size of Bitcoin network,” https://bitnodes.21.co/.
[5] “CAIDA Macroscopic Internet Topology Data Kit.” https://www.caida.org/data/internet-topology-data-kit/.
[6] “Dyn Research. Pakistan hijacks YouTube.” http://research.dyn.com/2008/02/pakistan-hijacks-youtube-1/.
[7] “FALCON,” http://www.falcon-net.org/.
[8] “FIBRE,” http://bitcoinfibre.org/.
[9] “Litecoin ,” https://litecoin.org.
[10] “RIPE RIS Raw Data,” https://www.ripe.net/data-tools/stats/ris/ris-raw-data.
[11] “Routeviews Prefix to AS mappings Dataset (pfx2as) for IPv4 and IPv6.” https://www.caida.org/data/routing/routeviews-prefix2as.xml.
[12] “Scapy.” http://www.secdev.org/projects/scapy/.
[13] “The Relay Network,” http://bitcoinrelaynetwork.org/.
[14] “ZCash,” https://z.cash/.
[15] A. M. Antonopoulos, “The bitcoin network,” in Mastering Bitcoin. O’Reilly Media, Inc., 2013, ch. 6.
[16] H. Ballani, P. Francis, and X. Zhang, “A Study of Prefix Hijacking and Interception in the Internet,” ser. SIGCOMM ’07. New York, NY, USA: ACM, 2007, pp. 265–276.
[17] A. Boldyreva and R. Lychev, “Provable Security of S-BGP and Other Path Vector Protocols: Model, Analysis and Extensions,” ser. CCS ’12. New York, NY, USA: ACM, 2012, pp. 541–552.
[18] J. Bonneau, A. Miller, J. Clark, A. Narayanan, J. A. Kroll, and E. W. Felten, “Sok: Research perspectives and challenges for bitcoin and cryptocurrencies,” in Security and Privacy (SP), 2015 IEEE Symposium on. IEEE, 2015, pp. 104–121.
[19] P. Bosshart, D. Daly, G. Gibb, M. Izzard, N. McKeown, J. Rexford, C. Schlesinger, D. Talayco, A. Vahdat, G. Varghese et al., “P4: Programming protocol-independent packet processors,” ACM SIGCOMM Computer Communication Review, vol. 44, no. 3, pp. 87–95, 2014.
[20] C. Decker and R. Wattenhofer, “Information propagation in the bitcoin network,” in Peer-to-Peer Computing (P2P), 2013 IEEE Thirteenth International Conference on. IEEE, 2013, pp. 1–10.
[21] ——, Bitcoin Transaction Malleability and MtGox. Cham: Springer International Publishing, 2014, pp. 313–326. [Online]. Available: http://dx.doi.org/10.1007/978-3-319-11212-1_18
[22] M. Edman and P. Syverson, “As-awareness in tor path selection,” in Proceedings of the 16th ACM Conference on Computer and Communications Security, ser. CCS ’09, 2009.
[23] I. Eyal, “The miner’s dilemma,” in 2015 IEEE Symposium on Security and Privacy. IEEE, 2015, pp. 89–103.
[24] I. Eyal and E. G. Sirer, “Majority is not enough: Bitcoin mining is vulnerable,” in Financial Cryptography and Data Security. Springer, 2014, pp. 436–454.
[25] N. Feamster and R. Dingledine, “Location diversity in anonymity networks,” in WPES, Washington, DC, USA, October 2004.
[26] J. Garay, A. Kiayias, and N. Leonardos, “The bitcoin backbone protocol: Analysis and applications,” in Advances in Cryptology-EUROCRYPT 2015. Springer, 2015, pp. 281–310.
[27] A. Gervais, G. O. Karama, V. Capkun, and S. Capkun, “Is bitcoin a decentralized currency?” IEEE security & privacy, vol. 12, no. 3, pp. 54–60, 2014.
[28] A. Gervais, H. Ritzdorf, G. O. Karame, and S. Capkun, “Tampering with the delivery of blocks and transactions in bitcoin,” in Proceedings of the 22Nd ACM SIGSAC Conference on Computer and Communications Security, ser. CCS ’15. New York, NY, USA: ACM, 2015, pp. 692–705.
[29] P. Gill, M. Schapira, and S. Goldberg, “Let the Market Drive Deployment: A Strategy for Transitioning to BGP Security,” ser. SIGCOMM ’11. New York, NY, USA: ACM, 2011, pp. 14–25.
[30] S. Goldberg, M. Schapira, P. Hummon, and J. Rexford, “How Secure Are Secure Interdomain Routing Protocols,” in SIGCOMM, 2010.
[31] E. Heilman, A. Kendler, A. Zohar, and S. Goldberg, “Eclipse attacks on bitcoin’s peer-to-peer network,” in 24th USENIX Security Symposium (USENIX Security 15), 2015, pp. 129–144.
[32] Y.-C. Hu, A. Perrig, and M. Sirbu, “SPV: Secure Path Vector Routing for Securing BGP,” ser. SIGCOMM ’04. New York, NY, USA: ACM, 2004, pp. 179–192.
[33] J. Karlin, S. Forrest, and J. Rexford, “Pretty Good BGP: Improving BGP by Cautiously Adopting Routes,” in Proceedings of the Proceedings of the 2006 IEEE International Conference on Network Protocols, ser. ICNP ’06. Washington, DC, USA: IEEE Computer Society, 2006, pp. 290–299.
[34] E. K. Kogias, P. Jovanovic, N. Gailly, I. Khoffi, L. Gasser, and B. Ford, “Enhancing bitcoin security and performance with strong consistency via collective signing,” in 25th USENIX Security Symposium (USENIX Security 16). Austin, TX: USENIX Association, 2016, pp. 279–296.
[35] J. A. Kroll, I. C. Davey, and E. W. Felten, “The economics of bitcoin mining, or bitcoin in the presence of adversaries.” Citeseer.
[36] A. Miller, J. Litton, A. Pachulski, N. Gupta, D. Levin, N. Spring, and B. Bhattacharjee, “Discovering bitcoin’s public topology and influential nodes.”
[37] S. J. Murdoch and P. Zielinski, “Sampled traffic analysis by Internet- ´ exchange-level adversaries,” in Privacy Enhancing Technologies: 7th International Symposium, PET 2007, N. Borisov and P. Golle, Eds. Springer-Verlag, LNCS 4776, 2007, pp. 167–183.
[38] K. Nayak, S. Kumar, A. Miller, and E. Shi, “Stubborn mining: Generalizing selfish mining and combining with an eclipse attack,” IACR Cryptology ePrint Archive, vol. 2015, p. 796, 2015.
[39] T. Neudecker, P. Andelfinger, and H. Hartenstein, “A simulation model for analysis of attacks on the bitcoin peer-to-peer network,” in IFIP/IEEE International Symposium on Internet Management. IEEE, 2015, pp. 1327–1332.
[40] P. v. Oorschot, T. Wan, and E. Kranakis, “On interdomain routing security and pretty secure bgp (psbgp),” ACM Trans. Inf. Syst. Secur., vol. 10, no. 3, Jul. 2007.
[41] A. Pilosov and T. Kapela, “Stealing The Internet. An Internet-Scale Man In The Middle Attack.” DEFCON 16.
[42] Y. Rekhter and T. Li, A Border Gateway Protocol 4 (BGP-4), IETF, Mar. 1995, rFC 1771.
[43] M. Rosenfeld, “Analysis of hashrate-based double spending,” arXiv preprint arXiv:1402.2009, 2014.
[44] A. Sapirshtein, Y. Sompolinsky, and A. Zohar, “Optimal selfish mining strategies in bitcoin,” CoRR, vol. abs/1507.06183, 2015.
[45] E. B. Sasson, A. Chiesa, C. Garman, M. Green, I. Miers, E. Tromer, and M. Virza, “Zerocash: Decentralized anonymous payments from bitcoin,” in 2014 IEEE Symposium on Security and Privacy. IEEE, 2014, pp. 459–474.
[46] B. Schlinker, K. Zarifis, I. Cunha, N. Feamster, and E. Katz-Bassett, “Peering: An as for us,” in Proceedings of the 13th ACM Workshop on Hot Topics in Networks, ser. HotNets-XIII. New York, NY, USA: ACM, 2014, pp. 18:1–18:7.
[47] J. Schnelli, “BIP 151: Peer-to-Peer Communication Encryption,” Mar. 2016, https://github.com/bitcoin/bips/blob/mastebip-0151.mediawiki.
[48] X. Shi, Y. Xiang, Z. Wang, X. Yin, and J. Wu, “Detecting prefix hijackings in the Internet with Argus,” ser. IMC ’12. New York, NY, USA: ACM, 2012, pp. 15–28.
[49] Y. Sompolinsky and A. Zohar, “Secure high-rate transaction processing in bitcoin,” in Financial Cryptography and Data Security. Springer, 2015, pp. 507–527.
[50] Y. Sun, A. Edmundson, L. Vanbever, O. Li, J. Rexford, M. Chiang, and P. Mittal, “RAPTOR: Routing attacks on privacy in TOR.” in USENIX Security, 2015.
[51] A. Tonk, “Large scale BGP hijack out of India,” 2015, http://www.bgpmon.net/large-scale-bgp-hijack-out-of-india/.
[52] ——, “Massive route leak causes Internet slowdown,” 2015, http://www.bgpmon.net/massive-route-leak-cause-internet-slowdown/.
[53] L. Vanbever, O. Li, J. Rexford, and P. Mittal, “Anonymity on quicksand: Using BGP to compromise TOR,” in ACM HotNets, 2014.
[54] Z. Zhang, Y. Zhang, Y. C. Hu, and Z. M. Mao, “Practical defenses against BGP prefix hijacking,” ser. CoNEXT ’07. New York, NY, USA: ACM, 2007.
[55] Z. Zhang, Y. Zhang, Y. C. Hu, Z. M. Mao, and R. Bush, “iSPY: Detecting IP prefix hijacking on my own,” IEEE/ACM Trans. Netw., vol. 18, no. 6, pp. 1815–1828, Dec. 2010.
submitted by dj-gutz to myrXiv [link] [comments]

Bitcoin-NG: A Scalable Blockchain Protocol

arXiv:1510.02037
Date: 2015-11-11
Author(s): Ittay Eyal, Adem Efe Gencer, Emin Gun Sirer, Robbert van Renesse

Link to Paper


Abstract
Cryptocurrencies, based on and led by Bitcoin, have shown promise as infrastructure for pseudonymous online payments, cheap remittance, trustless digital asset exchange, and smart contracts. However, Bitcoin-derived blockchain protocols have inherent scalability limits that trade-off between throughput and latency and withhold the realization of this potential.This paper presents Bitcoin-NG, a new blockchain protocol designed to scale. Based on Bitcoin's blockchain protocol, Bitcoin-NG is Byzantine fault tolerant, is robust to extreme churn, and shares the same trust model obviating qualitative changes to the ecosystem.In addition to Bitcoin-NG, we introduce several novel metrics of interest in quantifying the security and efficiency of Bitcoin-like blockchain protocols. We implement Bitcoin-NG and perform large-scale experiments at 15% the size of the operational Bitcoin system, using unchanged clients of both protocols. These experiments demonstrate that Bitcoin-NG scales optimally, with bandwidth limited only by the capacity of the individual nodes and latency limited only by the propagation time of the network.

References
[1] Andresen, G. O(1) block propagation. https://gist.github.com/gavinandresen/#file-blockpropagation-md, retrieved July. 2015.
[2] Aspnes, J. Randomized protocols for asynchronous consensus. Distributed Computing 16, 2-3 (2003), 165–175.
[3] Back, A., Corallo, M., Dashjr, L., Friedenbach, M., Maxwell, G., Miller, A., Poelstra, A., Timn, J., and Wuille, P. Enabling blockchain innovations with pegged sidechains. http://cs.umd.edu/projects/coinscope/coinscope.pdf, 2014.
[4] Bamert, T., Decker, C., Elsen, L., Wattenhofer, R., and Welten, S. Have a snack, pay with Bitcoins. In Peer-to-Peer Computing (P2P), 2013 IEEE Thirteenth International Conference on (2013), IEEE, pp. 1–5.
[5] Bellare, M., and Rogaway, P. Random oracles are practical: A paradigm for designing efficient protocols. In Proceedings of the 1st ACM conference on Computer and communications security (1993), ACM, pp. 62–73.
[6] Bitcoin community. Bitcoin source. https://github.com/bitcoin/bitcoin, retrieved Mar. 2015.
[7] Bitcoin community. Protocol rules. https://en.bitcoin.it/wiki/Protocol_rules, retrieved Sep. 2013.
[8] Bitcoin community. Protocol specification. https://en.bitcoin.it/wiki/Protocol_specification, retrieved Sep. 2013.
[9] BlockTrail. BlockTrail API. https://www.blocktrail.com/api/docs#api_data, retrieved Sep. 2015.
[10] Bonneau, J., Miller, A., Clark, J., Narayanan, A., Kroll, J. A., and Felten, E. W. Research perspectives on Bitcoin and second-generation cryptocurrencies. In Symposium on Security and Privacy (San Jose, CA, USA, 2015), IEEE.
[11] Buterin, V. Slasher: A punitive proof-of-stake algorithm. https://blog.ethereum.org/2014/01/15/slasher-a-punitive-proof-of-stake-algorithm/, January 2015.
[12] CNNMoney Staff. The Ashley Madison hack...in 2 minutes. http://money.cnn.com/2015/08/24/technology/ashley-madison-hack-in-2-minutes/, retrieved Sep. 2015.
[13] CoinDesk. Bitcoin venture capital. http://www.coindesk.com/bitcoin-venture-capital/, retrieved Sep. 2015.
[14] Colored Coins Project. Colored Coins. http://coloredcoins.org/, retrieved Sep. 2015.
[15] Corallo, M. High-speed Bitcoin relay network. http://sourceforge.net/p/bitcoin/mailman/message/31604935/, November 2013.
[16] Decker, C., and Wattenhofer, R. Information propagation in the Bitcoin network. In IEEE P2P (Trento, Italy, 2013).
[17] Decker, C., and Wattenhofer, R. A fast and scalable payment network with Bitcoin Duplex Micropayment Channels. In Stabilization, Safety, and Security of Distributed Systems - 17th International Symposium, SSS 2015, Edmonton, AB, Canada, August 18-21, 2015, Proceedings (2015), Springer, pp. 3–18.
[18] Dwork, C., Lynch, N. A., and Stockmeyer, L. J. Consensus in the presence of partial synchrony. J. ACM 35, 2 (1988), 288–323.
[19] Eyal, I., Birman, K., and van Renesse, R. Cache serializability: Reducing inconsistency in edge transactions. In 35th IEEE International Conference on Distributed Computing Systems, ICDCS 2015, Columbus, OH, USA, June 29 - July 2, 2015 (2015), pp. 686–695.
[20] Eyal, I., and Sirer, E. G. Bitcoin is broken. http://hackingdistributed.com/2013/11/04/bitcoin-is-broken/, 2013.
[21] Eyal, I., and Sirer, E. G. Majority is not enough: Bitcoin mining is vulnerable. In Financial Cryptography and Data Security (Barbados, 2014).
[22] Garay, J. A., Kiayias, A., and Leonardos, N. The Bitcoin backbone protocol: Analysis and applications. In Advances in Cryptology - EUROCRYPT 2015 - 34th Annual International Conference on the Theory and Applications of Cryptographic Techniques, Sofia, Bulgaria, April 26-30, 2015, Proceedings, Part II (2015), pp. 281–310.
[23] Garcia-Molina, H. Elections in a distributed computing system. Computers, IEEE Transactions on 100, 1 (1982), 48–59.
[24] Hearn, M., and Spilman, J. Rapidly-adjusted (micro)payments to a pre-determined party. https://en.bitcoin.it/wiki/Contract, retrieved Sep. 2015.
[25] Heilman, E., Kendler, A., Zohar, A., and Goldberg, S. Eclipse attacks on Bitcoin’s peerto-peer network. In 24th USENIX Security Symposium, USENIX Security 15, Washington, D.C., USA, August 12-14, 2015. (2015), pp. 129–144.
[26] Kosba, A., Miller, A., Shi, E., Wen, Z., and Papamanthou, C. Hawk: The blockchain model of cryptography and privacy-preserving smart contracts. Cryptology ePrint Archive, Report 2015/675, 2015. http://eprint.iacr.org/.
[27] Kroll, J. A., Davey, I. C., and Felten, E. W. The economics of Bitcoin mining or, Bitcoin in the presence of adversaries. In Workshop on the Economics of Information Security (2013).
[28] Lamport, L. Using time instead of timeout for fault-tolerant distributed systems. ACM Transactions on Programming Languages and Systems 6, 2 (Apr. 1984), 254–280.
[29] Le Lann, G. Distributed systems-towards a formal approach. In IFIP Congress (1977), vol. 7, Toronto, pp. 155–160.
[30] Lewenberg, Y., Sompolinsky, Y., and Zohar, A. Inclusive block chain protocols. In Financial Cryptography (Puerto Rico, 2015).
[31] Litecoin Project. Litecoin, open source P2P digital currency. https://litecoin.org, retrieved Nov. 2014.
[32] Meiklejohn, S., Pomarole, M., Jordan, G., Levchenko, K., McCoy, D., Voelker, G. M., and Savage, S. A fistful of bitcoins: characterizing payments among men with no names. In Proceedings of the 2013 Internet Measurement Conference, IMC 2013, Barcelona, Spain, October 23-25, 2013 (2013), pp. 127–140.
[33] Miller, A., and Jansen, R. Shadow-Bitcoin: Scalable simulation via direct execution of multithreaded applications. IACR Cryptology ePrint Archive 2015 (2015), 469.
[34] Miller, A., and Jr., L. J. J. Anonymous Byzantine consensus from moderately-hard puzzles: A model for Bitcoin. https://socrates1024.s3.amazonaws.com/consensus.pdf, 2009.
[35] Miller, A., Litton, J., Pachulski, A., Gupta, N., Levin, D., Spring, N., and Bhattacharjee, B. Preprint: Discovering Bitcoins public topology and influential nodes. http://cs.umd.edu/projects/coinscope/coinscope.pdf, 2015.
[36] Moraru, I., Andersen, D. G., and Kaminsky, M. Egalitarian Paxos. In ACM Symposium on Operating Systems Principles (2012).
[37] Nakamoto, S. Bitcoin: A peer-to-peer electronic cash system. http://www.bitcoin.org/ bitcoin.pdf, 2008.
[38] Nayak, K., Kumar, S., Miller, A., and Shi, E. Stubborn mining: Generalizing selfish mining and combining with an eclipse attack. IACR Cryptology ePrint Archive 2015 (2015), 796.
[39] Pazmino, J. E., and da Silva Rodrigues, C. K. ˜ Simply dividing a Bitcoin network node may reduce transaction verification time. The SIJ Transactions on Computer Networks and Communication Engineering (CNCE) 3, 2 (February 2015), 17–21.
[40] Pease, M. C., Shostak, R. E., and Lamport, L. Reaching agreement in the presence of faults. J. ACM 27, 2 (1980), 228–234.
[41] Peck, M. E. Adam Back says the Bitcoin fork is a coup. http://spectrum.ieee.org/tech-talk/computing/networks/the-bitcoin-for-is-a-coup, Aug 2015.
[42] Poon, J., and Dryja, T. The Bitcoin Lightning Network. http://lightning.network/lightning-network.pdf, February 2015. Draft 0.5.
[43] Sapirshtein, A., Sompolinsky, Y., and Zohar, A. Optimal selfish mining strategies in Bitcoin. CoRR abs/1507.06183 (2015).
[44] Schneider, F. B. Implementing fault-tolerant services using the state machine approach: A tutorial. ACM Computing Surveys 22, 4 (Dec. 1990), 299–319.
[45] Sompolinsky, Y., and Zohar, A. Accelerating Bitcoin’s transaction processing. fast money grows on trees, not chains. In Financial Cryptography (Puerto Rico, 2015).
[46] Sompolinsky, Y., and Zohar, A. Secure high-rate transaction processing in Bitcoin. In Financial Cryptography and Data Security - 19th International Conference, FC 2015, San Juan, Puerto Rico, January 26-30, 2015, Revised Selected Papers (2015), pp. 507–527.
[47] Stathakopoulou, C. A faster Bitcoin network. Tech. rep., ETH, Z¨urich, January 2015. Semester Thesis, supervised by C. Decker and R. Wattenhofer.
[48] Swanson, E. Bitcoin mining calculator. http://www.alloscomp.com/bitcoin/calculator, retrieved Sep. 2013.
[49] The Ethereum community. Ethereum white paper. https://github.com/ethereum/wiki/wiki/White-Paper, retrieved July. 2015.
[50] Wikipedia. List of cryptocurrencies. https://en.wikipedia.org/wiki/List_of_cryptocurrencies, retrieved Oct. 2013.
submitted by dj-gutz to myrXiv [link] [comments]

Personalized Difficulty Adjustment for Countering the Double-Spending Attack in Proof-of-Work Consensus Protocols

arXiv:1807.02933
Date: 2018-07-09
Author(s): Chi-Ning Chou, Yu-Jing Lin, Ren Chen, Hsiu-Yao Chang, I-Ping Tu, Shih-wei Liao

Link to Paper


Abstract
Bitcoin is the first secure decentralized electronic currency system. However, it is known to be inefficient due to its proof-of-work (PoW) consensus algorithm and has the potential hazard of double spending. In this paper, we aim to reduce the probability of double spending by decreasing the probability of consecutive winning. We first formalize a PoW-based decentralized secure network model in order to present a quantitative analysis. Next, to resolve the risk of double spending, we propose the personalized difficulty adjustment (PDA) mechanism which modifies the difficulty of each participant such that those who win more blocks in the past few rounds have a smaller probability to win in the next round. To analyze the performance of the PDA mechanism, we observe that the system can be modeled by a high-order Markov chain. Finally, we show that PDA effectively decreases the probability of consecutive winning and results in a more trustworthy PoW-based system.

References
[1] Satoshi Nakamoto, “Bitcoin: A peer-to-peer electronic cash system,” Consulted, vol. 1, no. 2012.
[2] Ephraim Feig, “A framework for blockchain-based applications,” arXiv preprint arXiv:1803.00892, 2018.
[3] Marta Piekarska Harry Halpin, “Introduction to security and privacy on the blockchain,” in Symposium on Security and Privacy Workshops, 2017 IEEE European Symposium on. IEEE, 2017.
[4] Ayelet Sapirshtein, Yonatan Sompolinsky, and Aviv Zohar, “Optimal selfish mining strategies in bitcoin,” in Financial Cryptography and Data Security. 2017, pp. 515–532, Springer.
[5] Ghassan Karame, Elli Androulaki, and Srdjan Capkun, “Two bitcoins at the price of one? double-spending attacks on fast payments in bitcoin.,” IACR Cryptology ePrint Archive, vol. 2012.
[6] Ghassan O Karame, Elli Androulaki, Marc Roeschlin, Arthur Gervais, and Srdjan Capkun, “Misbehavior in bitcoin: A study ˇ of double-spending and accountability,” ACM Transactions on Information and System Security (TISSEC), vol. 18, no. 1.
[7] Tobias Bamert, Christian Decker, Lennart Elsen, Roger Wattenhofer, and Samuel Welten, “Have a snack, pay with bitcoins,” in Peer-to-Peer Computing (P2P), 2013 IEEE Thirteenth International Conference on. IEEE, 2013, pp. 1–5.
[8] Chrysoula Stathakopoulou, “A faster bitcoin network,” 2015.
[9] Adrian E Raftery, “A model for high-order markov chains,” Journal of the Royal Statistical Society. Series B (Methodological), pp. 528–539, 1985.
[10] Andre Berchtold and Adrian E Raftery, “The mixture tran- ´sition distribution model for high-order markov chains and non-gaussian time series,” Statistical Science, pp. 328–356, 2002.
[11] Waiki Ching, Michael K Ng, and Shuqin Zhang, “On computation with higher-order markov chains,” in Current Trends in High Performance Computing and Its Applications, pp. 15–24. Springer, 2005.
[12] Michael K Ng and WK Ching, Markov Chains: Models, Algorithms and Applications, Springer, 2006.
[13] Wen Li and Michael K Ng, “On the limiting probability distribution of a transition probability tensor,” Linear and Multilinear Algebra, vol. 62, no. 3.
[14] Jen-Hung Tseng, Yen-Chih Liao, Bin Chong, and Shih-Wei Liao, “Governance on the drug supply chain via gcoin blockchain,” International Journal of Environmental Research and Public Health, 2018.
[15] Shih-Wei Liao, Boyu Lin, and En-Ran Zhou, “Gcoin:wiki, code and whitepaper,” https://g-coin.org and github.com/OpenNetworking/gcoin-community/wiki/Gcoinwhite-paper-English, 2014.
[16] Meni Rosenfeld, “Analysis of hashrate-based double spending,” arXiv preprint arXiv:1402.2009, 2014.
[17] Joshua A Kroll, Ian C Davey, and Edward W Felten, “The economics of bitcoin mining, or bitcoin in the presence of adversaries,” in Proceedings of WEIS, 2013, vol. 2013.
submitted by dj-gutz to myrXiv [link] [comments]

Pitchforks in Cryptocurrencies: Enforcing rule changes through offensive forking- and consensus techniques

Cryptology ePrint Archive: Report 2018/836
Date: 2018-09-05
Author(s): Aljosha Judmayer, Nicholas Stifter, Philipp Schindler, Edgar Weippl

Link to Paper


Abstract
The increasing number of cryptocurrencies, as well as the rising number of actors within each single cryptocurrency, inevitably leads to tensions between the respective communities. As with open source projects, (protocol) forks are often the result of broad disagreement. Usually, after a permanent fork both communities ``mine'' their own business and the conflict is resolved. But what if this is not the case? In this paper, we outline the possibility of malicious forking and consensus techniques that aim at destroying the other branch of a protocol fork. Thereby, we illustrate how merged mining can be used as an attack method against a permissionless PoW cryptocurrency, which itself involuntarily serves as the parent chain for an attacking merge mined branch of a hard fork.

References
  1. J. Bonneau. Why buy when you can rent? bribery attacks on bitcoin consensus. In BITCOIN ’16: Proceedings of the 3rd Workshop on Bitcoin and Blockchain Research, February 2016.
  2. J. Bonneau. Hostile blockchain takeovers (short paper). In 5th Workshop on Bitcoin and Blockchain Research, Financial Cryptography and Data Security 18 (FC). Springer, 2018.
  3. K. Croman, C. Decker, I. Eyal, A. E. Gencer, A. Juels, A. Kosba, A. Miller, P. Saxena, E. Shi, and E. G¨un. On scaling decentralized blockchains. In 3rd Workshop on Bitcoin and Blockchain Research, Financial Cryptography 16, 2016.
  4. I. Eyal, A. E. Gencer, E. G. Sirer, and R. van Renesse. Bitcoin-ng: A scalable blockchain protocol. In 13th USENIX Security Symposium on Networked Systems Design and Implementation (NSDI’16). USENIX Association, Mar 2016.
  5. I. Eyal and E. G. Sirer. Majority is not enough: Bitcoin mining is vulnerable. In Financial Cryptography and Data Security, pages 436–454. Springer, 2014.
  6. A. Gervais, G. O. Karame, K. W¨ust, V. Glykantzis, H. Ritzdo rf, and S. Capkun. On the security and performance of proof of work blockchains. In Proceedings of the 2016 ACM SIGSAC, pages 3–16. ACM, 2016.
  7. A. Judmayer, A. Zamyatin, N. Stifter, A. G. Voyiatzis, and E. Weippl. Merged mining: Curse or cure? In CBT’17: Proceedings of the International Workshop on Cryptocurrencies and Blockchain Technology, Sep 2017.
  8. A. Kiayias, A. Miller, and D. Zindros. Non-interactive proofs of proof-of-work. Cryptology ePrint Archive, Report 2017/963, 2017. Accessed:2017-10-03.
  9. J. A. Kroll, I. C. Davey, and E. W. Felten. The economics of bitcoin mining, or bitcoin in the presence of adversaries. In Proceedings of WEIS, volume 2013, page 11, 2013.
  10. K. Liao and J. Katz. Incentivizing blockchain forks via whale transactions. In International Conference on Financial Cryptography and Data Security, pages 264–279. Springer, 2017.
  11. P. McCorry, A. Hicks, and S. Meiklejohn. Smart contracts for bribing miners. In 5th Workshop on Bitcoin and Blockchain Research, Financial Cryptography and Data Security 18 (FC). Springer, 2018.
  12. Narayanan, Arvind and Bonneau, Joseph and Felten, Edward and Miller, Andrew and Goldfeder, Steven. Bitcoin and cryptocurrency technologies. http://bitcoinbook.cs.princeton.edu/, 2016. Accessed: 2016-03-29.
  13. K. Nayak, S. Kumar, A. Miller, and E. Shi. Stubborn mining: Generalizing selfish mining and combining with an eclipse attack. In 1st IEEE European Symposium on Security and Privacy, 2016. IEEE, 2016.
  14. J. Teutsch, S. Jain, and P. Saxena. When cryptocurrencies mine their own business. In Financial Cryptography and Data Security (FC 2016), Feb 2016.
  15. Y. Velner, J. Teutsch, and L. Luu. Smart contracts make bitcoin mining pools vulnerable. In International Conference on Financial Cryptography and Data Security, pages 298–316. Springer, 2017.
  16. A. Zamyatin, N. Stifter, A. Judmayer, P. Schindler, E. Weippl, and W. J. Knottebelt. (Short Paper) A Wild Velvet Fork Appears! Inclusive Blockchain Protocol Changes in Practice. In 5th Workshop on Bitcoin and Blockchain Research, Financial Cryptography and Data Security 18 (FC). Springer, 2018.
submitted by dj-gutz to myrXiv [link] [comments]

A Nightmare Scenario for Bitcoin

A Nightmare Scenario for Bitcoins
This scenario is inspired by the paper “The Economics of Bitcoin Mining, or Bitcoin in the Presence of Adversaries” by Kroll et al.
Imagine a company or nation which views Bitcoin as a threat, either to its profits or to its ability to tax an important sector of its economy. Call this entity: Hater Of Bitcoin, or HoB. HoB decides that it will destroy Bitcoin now, rather than waiting to see what damage it will do later.
Step 1: HoB spends the money to buy control over the two main producers of state-of-the-art Bitcoin mining machines (right now that seems to be CoinTerra and Kennemar & Cole). Let us say HoB can buy control of both companies for around $100 million dollars. Fine, HoB makes a billion dollars a quarter and has more than $10 billion in the bank, $100 million is not a problem.
Step 2: HoB reduces the delivery of all new Bitcoin mining rigs to a trickle, and implements a crash program to produce as many new mining rigs as possible in the next three months. This costs another $50 million.
Step 3: As the new mining rigs become available, HoB starts up new mining pools and they each grow to a modest size and then stabilize in computing power - everything seems innocent enough.
Step 4: Some months pass and HoB finally has 51% of the computing power of the Bitcoin network, distributed over 5 to 10 modest sized pools. Now, since the pools are secretly under the control of HoB, they work together. Because they have more hashing power than the rest of the world, the HoB pool gets to make double spends. HoB uses this power to rewrite the block chain on a series of high-profile transactions.
Step 5: The newspapers are “tipped off” by HoB that someone is doing double spends. Sad anecdotes about businesses who exchanged some valuable items for Bitcoins and then found that the transaction was removed from the block-chain 6 hours later, and they didn’t actually get the Bitcoins they thought they had received, are spread as widely as possible - and its true. Merchants quickly refuse all transactions involving Bitcoins, until the problem is “fixed”.
Step 6: The Bitcoin community is thrown into chaos. The realization that the 51% problem is real and facing them right now hits them like a 2x4 to the face, and there are no good solutions. There is no way to wall off the HoB mining pools, if they tried, the HoB pools would just rejoin the “new” Bitcoin network with new names and new IP addresses. And there is no way to change this aspect of the Bitcoin algorithm. The fact that a 51% majority controls future modifications to the block-chain is built into the heart of the code.
Step 7: The rational people dump their Bitcoins ASAP. The true believers hang on, hoping that the problem will go away - but HoB is playing for keeps. The true believers will lose essentially everything. Meanwhile the HoB mining pools continue to collect the majority of the new Bitcoins - not that they care - and HoB continues to mess with the block-chain. Most rational Bitcoin miners stop mining because it no longer makes any economic sense and the price is in freefall. HoB rides the Bitcoin jetliner all the way into the ground.
Step 8: Six months later, Bitcoin is worth about what it was in 2010, less than a cent per coin. HoB has spent $150 million and destroyed the paper assets of hundreds of thousands of Bitcoin owners. Sure, HoB COULD have spent that $150 million to mine thousands of Bitcoins which would have been worth millions at the pre-attack price, but HoB is looking to protect a current business which is pulling in billions a year. Its not even a close trade-off for HoB’s finance guys.
========== End of Scenario ===============
Speaking as an intellectual follower of Robert Nozik and Richard Epstein, I’m sympathetic to the ideas which underlie Bitcoin, but this scenario worries me.
What can Bitcoin miners and owners do? Any cryptocurrency based on the SHA-256 proof of work is vulnerable to this super-mining attack thanks, in part, to the fact that ASICs can generate hash values so much faster than normal CPUs and GPUs. It is possible that scrypt based currencies are somewhat less vulnerable but really, its just money. Buy enough computing power and anyone can own 51% and destroy a proof-of-work based currency. Bitcoin and all the clones, with their “most-work-wins” logic cannot avoid this problem.
The argument that “this does not make economic sense” - seems rather like the U.S. telling Russia that it doesn’t make economic sense to occupy the Crimea. This argument likely will not stop the Crimea from “joining” Russia in the near-term.
https://en.bitcoin.it/wiki/Weaknesses#Attacker_has_a_lot_of_computing_power
Note 1: I don’t offer any opinion on the legality of what HoB is doing. If HoB were operating out of Cyprus or Luxembourg, could it do this without fear of legal sanctions?
Note 2: If HoB waits and tries to destroy Bitcoin in 2015, at the current exponential growth in network hash power, the cost might be more than $1 billion. Then we move into the territory outlined by Kroll, et al. as to threats and the impact of threats on rational actors. In other words, if Bitcoin isn’t wrecked within the next year, this attack may not be feasible for any save the wealthiest entities on the planet. Link to the Kroll paper: http://www.weis2013.econinfosec.org/papers/KrollDaveyFeltenWEIS2013.pdf
Note 3: There are other cryptocurrencies which are less vulnerable to this attack (and yes, I do mean Ripple) but they aren’t Bitcoin.
submitted by Seaglass1 to Bitcoin [link] [comments]

★★ My Bitcoin mining farm in the Shed ★★ So kaufst du Bitcoin OHNE Gebühren Bitcoin Mining Looks Like Bitcoin Money: The definition of Bitcoin Coinscrum /Markets :: Ep014

The Economics of Bitcoin Mining, or Bitcoin in the Presence of Adversaries . By Joshua A. Kroll, Ian C. Davey and Edward W. Felten. Abstract. The Bitcoin digital currency depends for its correctness and stability on a combination of cryptography, distributed algorithms, and incentivedriven behavior. We examine Bitcoin as a consensus game and determine that it relies on separate consensus about ... The Economics of Bitcoin Mining, or Bitcoin in the Presence of Adversaries Joshua A. Kroll, Ian C. Davey, and Edward W. Felten Princeton University Abstract The Bitcoin digital currency depends for its correctness and stability on a combination of cryptography, distributed algorithms, and incentive-driven behavior. We examine Bitcoin as a consensus game and deter- mine that it relies on ... The Economics of Bitcoin Mining, or Bitcoin in the Presence of Adversaries @inproceedings{Kroll2013TheEO, title={The Economics of Bitcoin Mining, or Bitcoin in the Presence of Adversaries}, author={Joshua A. Kroll and Ian C. Davey and E. Felten}, year={2013} } The Economics of Bitcoin Mining, or Bitcoin in the Presence of Adversaries. J. Kroll, I. Davey, and E. Felten. The Twelfth Workshop on the Economics of Information Security (WEIS 2013) (June 2013) The Bitcoin digital currency depends for its correctness and stability on a combination of cryptography, distributed algorithms, and incentive- driven behavior. We examine Bitcoin as a consensus game ... The Economics of Bitcoin Mining, or Bitcoin in the Presence of Adversaries. J. Kroll, I. Davey, and E. Felten. The Twelfth Workshop on the Economics of Information Security (WEIS 2013) (June 2013) Abstract. The Bitcoin digital currency depends for its correctness and stability on a combination of cryptography, distributed algorithms, and incentive- driven behavior. We examine Bitcoin as a ...

[index] [29753] [36133] [20405] [34780] [28587] [25613] [21795] [11497] [37697] [1239]

★★ My Bitcoin mining farm in the Shed ★★

In the first of our Opinion series, digitalisation specialist Tara Shirvani, explains how mining cryptocurrencies like Bitcoin is having a negative impact on our planet. Bitcoin's hashrate implications and miner economics Sam Doctor, Chief Strategist, BitOoda US Broker-Dealer, BitOoda, in partnership with Fidelity, recently released their comprehensive report on ... Bitcoin is a cryptocurrency and worldwide payment system. It is the first decentralized digital currency, as the system works without a central bank or single administrator. The network is peer-to ... We present an ambitious team of high level professionals. Our goal is promotion and popularization by any means acceptable for us universal Ethereum platform, a new generation of cryptocurrency ... Bitcoin Mining has become very profitable since the 70% increase in November and can no longer be denied by Wall Street or the serious investor. The brothers have aligned themselves with the 3rd ...

#