Stubborn Mining: Generalizing Selfish Mining and Combining with an Eclipse Attack With Srijan Kumar, Andrew Miller and Elaine Shi 1 Kartik Nayak.

Slides:



Advertisements
Similar presentations
Functional Encryption & Property Preserving Encryption
Advertisements

Secure Multiparty Computations on Bitcoin
BY : Darshana Chaturvedi.  INTRODUCTION  RSA ALGORITHM  EXAMPLES  RSA IS EFFECTIVE  FERMAT’S LITTLE THEOREM  EUCLID’S ALGORITHM  REFERENCES.
Cryptocurrency Café UVa cs4501 Spring 2015 David Evans Class 14: Selfish Mining.
Bitcoin. What is Bitcoin? A P2P network for electronic payments Benefits: – Low fees – No middlemen – No central authority – Can be anonymous – Each payment.
Reusable Anonymous Return Channels
Beyond Bitoin: The Bitcoin 2.0 movement
The Dominance Tournament Method of Monitoring Progress in Coevolution Speaker: Lin, Wei-Kai (2009/04/30) 1.
Stefan Dziembowski Why do the cryptographic currencies need a solid theory? Forum Informatyki Teoretycznej, Warsaw
Slicing the Onion: Anonymous Routing without PKI Saurabh Shrivastava CS 259
1 Security analysis of an enhanced authentication key exchange protocol Authors : H.Y. Liu, G.B. Horng, F.Y. Hung Presented by F.Y. Hung Date : 2005/5/20.
Establishment of Conference Keys in Heterogeneous Networks Wade Trappe, Yuke Wang, K. J. Ray Liu ICC IEEE International Conference.
Receipt-freeness and coercion-resistance: formal definitions and fault attacks Stéphanie Delaune / Steve Kremer / Mark D. Ryan.
Graphical Models Lei Tang. Review of Graphical Models Directed Graph (DAG, Bayesian Network, Belief Network) Typically used to represent causal relationship.
ITIS 6200/8200. time-stamping services Difficult to verify the creation date and accurate contents of a digital file Required properties of time-stamping.
CSE331: Introduction to Networks and Security Lecture 20 Fall 2002.
A Framework for Cost-Effective Peer-to- Peer Content Distribution Mohamed Hefeeda and Bharat Bhargava Department of Computer Sciences Purdue University.
On Power Splitting Games in Distributed Computation: The case of Bitcoin Pooled Mining Loi Luu, Ratul Saha, Inian Parameshwaran, Prateek Saxena & Aquinas.
Masquerade Detection Mark Stamp 1Masquerade Detection.
Cryptocurrency Café UVa cs4501 Spring 2015 David Evans Class 11: Mining Pools and Attacks.
GraphSC: Parallel Secure Computation Made Easy Kartik Nayak With Xiao Shaun Wang, Stratis Ioannidis, Udi Weinsberg, Nina Taft, Elaine Shi 1.
m-Privacy for Collaborative Data Publishing
1 A Randomized Space-Time Transmission Scheme for Secret-Key Agreement Xiaohua (Edward) Li 1, Mo Chen 1 and E. Paul Ratazzi 2 1 Department of Electrical.
1 Bitcoin A Digital Currency. Functions of Money.
Presented by: Suparita Parakarn Kinzang Wangdi Research Report Presentation Computer Network Security.
Password Mistyping in Two-Factor Authenticated Key Exchange Vladimir KolesnikovCharles Rackoff Bell LabsU. Toronto ICALP 2008.
Presented by: Sanketh Beerabbi University of Central Florida.
Decapitation of networks with and without weights and direction : The economics of iterated attack and defense Advisor : Professor Frank Y. S. Lin Presented.
CS555Topic 251 Cryptography CS 555 Topic 25: Quantum Crpytography.
Bitcoin today (October 2, 2015)
Efficient Distribution of Key Chain Commitments for Broadcast Authentication in Distributed Sensor Networks Donggang Liu and Peng Ning Department of Computer.
Demystifying incentives in the consensus computer Loi Luu, Jason Teutsch, Raghav Kulkarni, Prateek Saxena National University of Singapore.
Experimentation in Computer Science (Part 2). Experimentation in Software Engineering --- Outline  Empirical Strategies  Measurement  Experiment Process.
m-Privacy for Collaborative Data Publishing
1 Authenticated Key Exchange Rocky K. C. Chang 20 March 2007.
Subverting Bitcoin David Evans and Samee Zahur. Mining Why do we need miners?
Bitcoin is a cryptographic currency that has been in continuous operation over the last 3 years. It currently enjoys an exchange rate of $4.80 (as of April.
Bitcoin Based on “Bitcoin Tutorial” presentation by Joseph Bonneau, Princeton University Bonneau slides marked “JB”
Chapter 9 Sampling Distributions 9.1 Sampling Distributions.
How Bitcoin Achieves Decentralization
SYNERGY: A Game-Theoretical Approach for Cooperative Key Generation in Wireless Networks Jingchao Sun, Xu Chen, Jinxue Zhang, Yanchao Zhang, and Junshan.
Towards Robust Revenue Management: Capacity Control Using Limited Demand Information Michael Ball, Huina Gao, Yingjie Lan & Itir Karaesmen Robert H Smith.
Lower bounds for Unconditionally Secure MPC Ivan Damgård Jesper Buus Nielsen Antigoni Polychroniadou Aarhus University.
Motivation ✓ ✘ ? Bitcoin/Ideal Credit Card Works on Internet
“Connecting bitcoiners worldwide”
Hijacking Bitcoin: Routing attacks on cryptocurrencies
Bitcoin Based on “Bitcoin Tutorial” presentation by
Bitcoin - a distributed virtual currency system
Instability Of Bitcoin Without the Block Reward.
Presentation by Shamili
Distributed Systems for Information Systems Management
Amiko Pay A decentralized network for secure, instant, off-blockchain transactions.
CPS 512 midterm exam #1, 10/5/17 Your name please: NetID:_______ Sign for your honor:____________________________.
Ling Ren Joint work with Ittai Abraham, Dahlia Malkhi,
M onero is an open source, secure, private and non-traceable cryptocurrency. Monero token is known as XMR. Monero is aimed at privacy of transaction and.
Dash Mining - for Dummies. Dash, an altcoin, is best known for two main features – ability to send instantly and highest level of privacy provision. It’s.
Deanonymization of Clients in Bitcoin P2P Network
Zcash Mining – A Guide For Beginners. Zcash (also known as ZEC and seventeenth most valued cryptocurrency with market capitalization of $500 million)
Bitcoin Mining Script | Cryptocurrency Mining Script | Bitcoin Mining Software.
Nakamoto Consensus Marco Canini
EECS 498 Introduction to Distributed Systems Fall 2017
NEECOM – May 16, 2018 Todd L. Gould, CEO
Bitcoin & Blockchain Bina Ramamurthy 2/22/2019.
Kai Bu 04 Blockchain Kai Bu
A Case for Interconnect-Aware Architectures
Scalable and Privacy-preserving Design of On/Off-chain Smart Contracts
GAYATRI INSTITUTE OF COMPUTER AND MANAGEMENT HINJILICUT (GANJAM)
Majority is not Enough: Bitcoin Mining is Vulnerable
Bitcoin and Blockchain
Blockchain Mining Games
Presentation transcript:

Stubborn Mining: Generalizing Selfish Mining and Combining with an Eclipse Attack With Srijan Kumar, Andrew Miller and Elaine Shi 1 Kartik Nayak

2 Alice Bob Charlie Emily Blockchain Bitcoin Mining Dave Fairness: If Alice has 1/4 th computation power, she gets 1/4 th of the total reward

3 Selfish Mining [ES’14] If Alice deviates from the protocol, can she gain more? Yes! Computation power > 0.33 Alice Emily Charlie Bob Dave

4 Prior work: Selfish Mining One way of deviating so that one miner earns more revenue at the expense of others Stubborn Mining We show other attacks in the same model that perform better than selfish mining Earn ~$137,000 / day more than by Selfish Mining attack 1 Our Contribution: All miners earn ~$1.5 M / day

5 Eclipse Attacks [HKZG’15] World 1 World 2 Alice can double-spend Compose Stubborn Mining and Eclipse Attacks Alic e Bob Charlie Emily Dave 2 Our Contribution:

6 1 2 Compose Stubborn Mining and Eclipse Attacks Stubborn Mining Key Contributions Sometimes, the best strategies benefit the “victim” Both of these attacks are better than were previously known for the attacker

7 Selfish Mining (in more detail) Alice Emily Charlie Bob Dave Alic e (α) Publi c (β) γ: Alice’s ability to win race conditions (α, γ): network model parameters 40%: Ghash.IO largest pool in 2014 α 41%: two largest mining pools 21%: largest mining pool γ : depending on attacker’s influence - May 16, 2015

8 Selfish Mining (in more detail) Public’s view 0 1 α 2 α 3 α β β Alice’s private chain Alic e (α) Publi c (β) γ: Alice’s ability to win race conditions (α, γ): network model parameters

9 Selfish Mining (in more detail) Alic e (α) Publi c (β) Public’s view 0 1 α 2 α 3 α β β

10 Selfish Mining (in more detail) Alic e (α) Publi c (β) Public’s view 0 1 α 2 α 3 α β β 0’ β α γβ (1-γ)β γ: Fraction of public mining on Alice’s block Alice’s private chain A strategy where Alice reveals blocks under certain conditions

11 Our Contribution: Stubborn Mining Intuition: A selfish miner gives up too easily Three stubborn mining strategies: 1.Lead Stubborn Mining 2.Equal-Fork Stubborn Mining 3.Trail Stubborn Mining

12 Lead Stubborn Mining Alic e (α) Publi c (β) 0 1 α 2 α 3 α β β 0’ β α γβ (1-γ)β Public’s view 2’ α 1’ β Alice’s private chain

13 Equal-Fork Stubborn Mining Alic e (α) Publi c (β) 0 1 α 2 α 3 α β β 0’ β α γβ (1-γ)β Public’s view Alice’s private chain

14 Trail Stubborn Mining Alic e (α) Publi c (β) 0 1 α 2 α 3 α β β 0’ β α γβ (1-γ)β Public’s view (1-γ)β Alice’s private chain

15 Hybrid Stubborn Mining Strategies S L F T1T1 Lead Stubbornness Equal-Fork Stubbornness Trail Stubbornness LF T2T2 LT 1 FT 1 LFT 1

16 There is no one-size-fits-all dominant strategy. γ: Alice’s network influence (fraction of public mining on Alice’s chain in case of a fork) Results MonteCarlo simulations Multiple samples and report mean

17 For a large parameter space, Stubborn Mining strategies perform better than Selfish Mining.

18 Trail stubborn strategies perform better than non-trail- stubborn counterparts when α > 0.33

19 Attacker’s Revenue: Compared to Honest Mining α = 0.4, γ = % higher revenue Increase in revenue: ~$375,000 / day

20 Attacker’s Revenue: Compared to Selfish Mining α = 0.4, γ = % higher revenue Increase in revenue: ~$137,000 / day

21 Eclipse Attacks (reminder) World 1 World 2 Alic e Bob Lucy Emily Dave

22 Eclipse Attacks (reminder) World 1 World 2 Alic e Bob Lucy Emily Dave Alic e (α) Publi c (β) Luc y (λ) λ < β

23 Exploiting Eclipse Attack Victims Alic e (α) Publi c (β) Luc y (λ) 1. Forward all messages – no eclipsing 2. Partition all messages – waste Lucy’s computation power 3. Collude with Lucy 4. Destroy if no stake (DNS) No Eclipsing Partition all messages Collude with Lucy Destroy if no stake Eclipsin g degree

24 Non-trivial compositions of Stubborn Mining + Eclipsing outperform naïve strategies 8% gain Alice’s relative gain wrt naïve Dominant Strategies Naïve: Honest/Selfish Mining – Stubbornness, Collude/Destroy Lucy - Eclipsing

25 Gain compared to Selfish Mining 25% gain Alice’s relative gain wrt Selfish Mining

26 The attack may benefit Lucy Lucy’s relative gain:

27 Detecting and inferring attacks Are these attacks likely to occur? Discussed in the paper Countermeasures? Dispersed mining power Selfish Mining not observed until now ~$375,000 / day Other cryptocurrencies

28 Conclusion 1 2 Compose Stubborn Mining and Eclipse Attacks Stubborn Mining Thank You! Dominant Strategies

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.