Skip to main content
QUICK REVIEW

[论文解读] Optimal Selfish Mining Strategies in Bitcoin

Ayelet Sapirshtein, Yonatan Sompolinsky|arXiv (Cornell University)|Jul 22, 2015
Blockchain Technology Applications and Security参考文献 8被引用 22
一句话总结

本文提出了一种算法,用于计算比特币中的ε-最优自私挖矿策略,与先前已知的SM1策略相比,显著降低了盈利攻击的计算门槛。研究证明了更高效的区块隐瞒策略存在,并且即使在小规模攻击者的情况下,基于现实延迟模型,也能实现盈利,从而破坏比特币的激励相容性。

ABSTRACT

Bitcoin is a decentralized crypto-currency, and an accompanying protocol, created in 2008. Bitcoin nodes continuously generate and propagate blocks---collections of newly approved transactions that are added to Bitcoin's ledger. Block creation requires nodes to invest computational resources, but also carries a reward in the form of bitcoins that are paid to the creator. While the protocol requires nodes to quickly distribute newly created blocks, strong nodes can in fact gain higher payoffs by withholding blocks they create and selectively postponing their publication. The existence of such selfish mining attacks was first reported by Eyal and Sirer, who have demonstrated a specific deviation from the standard protocol (a strategy that we name SM1). In this paper we extend the underlying model for selfish mining attacks, and provide an algorithm to find $ε$-optimal policies for attackers within the model, as well as tight upper bounds on the revenue of optimal policies. As a consequence, we are able to provide lower bounds on the computational power an attacker needs in order to benefit from selfish mining. We find that the profit threshold -- the minimal fraction of resources required for a profitable attack -- is strictly lower than the one induced by the SM1 scheme. Indeed, the policies given by our algorithm dominate SM1, by better regulating attack-withdrawals. Using our algorithm, we show that Eyal and Sirer's suggested countermeasure to selfish mining is slightly less effective than previously conjectured. Next, we gain insight into selfish mining in the presence of communication delays, and show that, under a model that accounts for delays, the profit threshold vanishes, and even small attackers have incentive to occasionally deviate from the protocol. We conclude with observations regarding the combined power of selfish mining and double spending attacks.

研究动机与目标

  • 识别并计算出优于Eyal和Sirer提出的SM1协议的更盈利的自私挖矿策略。
  • 确定实现盈利自私挖矿攻击所需的最低计算能力,进一步降低SM1不可盈利的阈值。
  • 通过攻击盈利性的形式化模型,评估协议反制措施(如Eyal和Sirer提出的方案)的有效性。
  • 分析通信延迟对自私挖矿盈利能力的影响,特别是在小规模攻击者背景下的影响。
  • 研究自私挖矿与双花攻击结合的综合威胁,及其对比特币长期安全性的深远影响。

提出的方法

  • 为自私挖矿形式化构建一个马尔可夫决策过程(MDP)模型,将区块链状态表示为攻击者与诚实矿工链长的函数。
  • 开发一种高效算法,用于计算攻击者的ε-最优策略,确保对任意ε > 0,收敛至真实最优收益的ε范围内。
  • 使用动态规划技术求解MDP,状态空间由攻击者与网络其余部分的链长差值定义。
  • 将现实网络延迟纳入模型,将区块传播建模为具有指数分布延迟的随机过程。
  • 使用自定义的自私挖矿模拟器,验证所计算策略的性能与正确性。
  • 将该框架应用于评估协议修改,包括Eyal和Sirer提出的反制措施,通过测量盈利阈值的变化来评估其效果。

实验结果

研究问题

  • RQ1实现自私挖矿攻击盈利所需的最低计算能力占比是多少?与SM1的阈值相比如何?
  • RQ2能否找到比SM1更高效的自私挖矿策略,通过更优地调控区块隐瞒与释放时机来实现更高盈利?
  • RQ3通信延迟如何影响自私挖矿的盈利能力?在延迟感知模型下,盈利阈值是否消失?
  • RQ4协议修改(如Eyal和Sirer提出的反制措施)在多大程度上降低了自私挖矿的盈利能力?
  • RQ5将自私挖矿与双花攻击结合,对比特币长期安全性有何影响?

主要发现

  • 所提出的算法可计算出在盈利性上优于SM1的ε-最优自私挖矿策略,即使对小规模攻击者也成立。
  • 盈利阈值——即实现盈利攻击所需的最低网络算力占比——严格低于SM1的阈值,意味着更小规模的攻击者现在也能从自私挖矿中获利。
  • 在延迟感知模型下,盈利阈值消失,意味着即使极小规模的攻击者也能通过偶尔偏离协议而获益。
  • 该算法表明,SM1并非对诚实行为的最优响应,且存在能更有效调控攻击撤回行为的更优策略。
  • Eyal和Sirer提出的反制措施效果不如先前认为的那样显著,因为该算法显示在该修改下,SM1的盈利替代策略依然存在。
  • 将自私挖矿与双花攻击结合会构成持续威胁,因为攻击者可无成本地尝试双花,且最终几乎必然成功。

更好的研究,从现在开始

从论文设计到论文写作,大幅缩短您的研究时间。

无需绑定信用卡

本解读由 AI 生成,并经人工编辑审核。