( 03rd October 2019 )

Withholding attack. According to the original Bitcoin white paper, Nakamoto argued that as long as all Bitcoin miners follow the consensus rule, Bitcoin is able to remain stable. However, it is shown the pool miners can get unfair advantages by performing malicious attacks in pool mining, thereby making Bitcoin system not incentive compatible. Bonneau et al. defined the stability of Bitcoin consensus from five aspects including eventual consensus, exponential convergence, liveness, correctness, and fairness. The Bitcoin system remains stable if all these five properties are held. Malicious attacks may harm at least one aspect, thus causing the Bitcoin unstable. For example, an attacker is likely to expect a higher revenue by submitting a share rather than mining honestly. In this paper, we investigate the most traditional and famous attack strategies and analyze how they can harm the Bitcoin system. Most Bitcoin pools are open to the public, which allows anyone to participate in. Researches have indicated that attackers can directly join an open pool and get extra unfair revenues by never sharing or delaying sharing their proof of work. In this paper, we define such kind of attacks as Withholding Attack and propose a systematic analysis of it based on several existing works. To understand why withholding attack can make more profit, here we use a traditional block withholding. attack (BWH) as an example. Suppose Bob is the owner of a pool with 20% of the total computational power of the Bitcoin network. Consider that the reward for mining a Bitcoin block is 12.5 BTC today, and assume that Bob purchases additional 5% mining equipment (i.e., Bob has additional 5% computational power). He may have two choices: (i) mining honestly, and (ii) infiltrating other pool and withholding the full solution.

Delay Full Solution. This case happens in some outdated pools such as those adopting proportional mechanism. As long as the proportion of shares submitted by a miner is less than the proportion of mining power he owns, the miner could always increase his received reward by withholding one or more shares to delay full solutions, which is proved in Theorem 3.1. Extending to a wider aspect, if the reward distribution mechanism is not incentive compatible, which means the reward of shares is affected in time 404 SAIDE ZHU, WEI LI, HONG LI, CHUNQIANG HU AND ZHIPENG CAI domain, it is seductive for miners to conduct delay full solution attack. Although most open pools nowadays focus more on incentive compatibility when designing their reward distribution scheme, some small pools may be threatened by such attack.

Withhold Full Solution. Withholding full solution, which is the typical form of block withholding attack (BWH), was first defined in 2011. BWH occurs in the case where a malicious miner sends only partial proof of work to the pool manager and discards full proof of work. By taking this strategy, the malicious miner is treated as a regular participant in the mining pool due to the partial shares received by the pool manager. Therefore, the malicious miner could share the reward from the pool without truly contributing to the pool. In the BWH example, it is shown that if a miner gets sufficient computational power in Bitcoin network, he can always infiltrate other pools to expect a higher reward. Even though a pool can use its expected mining power divided by its actual mining power to check the BWH attack, it is hard for pool managers to identify which miners indeed perform BWH attack. The effect of block withholding attack has always been a debatable topic. Initially, some studies argued that BWH attack is not profitable in practice, and thus if the whole network of mining pools is sufficiently decentralized, pool managers do not need to worry about this attack. The reasons for this conclusion lie in many aspects, such as attacker may suffer from a net loss and honest miners may take counterattack strategies. On the other hand, however, other studies showed that there is always an incentive for attackers to launch BWH attack. BWH attack can be analyzed by using game theory based on various analytic models. In this paper, we mainly discuss three existing analytic models and compare their results. The first systematic game theory-based analysis of BWH attack in pool mining was proposed by Eyal in, in which the malicious behaviors to perform BWH attack is modeled as “the miner’s dilemma” under two specific scenarios. In the first scenario, only a miner attacks other mining pools as shown in Figure. Eyal proved that if there is only one attacker, the attacker can always gain more rewards by implementing BWH attack, thereby indicating that no pool attack is not a Nash Equilibrium. Moreover, a threshold has been calculated for an attacker to get the maximum reward in this scenario.

Fig-: BitCoin Network