Security of the Blockchain against Long Delay Attack

The consensus protocol underlying Bitcoin (the blockchain) works remarkably well in practice. However proving its security in a formal setting has been an elusive goal. A recent analytical result by Pass, Seeman and shelat indicates that an idealized blockchain is indeed secure against attacks in an asynchronous network where messages are maliciously delayed by at most $\Delta\ll1/np$, with $n$ being the number of miners and $p$ the mining hardness. This paper improves upon the result by showing that if appropriate inconsistency tolerance is allowed the blockchain can withstand even more powerful external attacks in the honest miner setting. Specifically we prove that the blockchain is secure against long delay attacks with $\Delta\geq1/np$ in an asynchronous network

Formalizing Bitcoin Crashes with Universally Composable Security

Bitcoin has introduced an open and decentralized consensus mechanism which in combination with an append-only ledger allows building so-called blockchain systems, often instantiated as permissionless cryptocurrencies. Bitcoin is surprisingly successful and its market capitalization has reached about 168 billion USD as of July 2020. Due to its high economic value, it became a lucrative target and the growing community has discovered various attacks, proposed promising improvements, and introduced contingency plans for handling catastrophic failures. Nonetheless, existing analysis and contingency plans are not formalized and are tailored only to handle a small specific subset of diverse attacks, and as such, they cannot resist unexpected emergency cases and it is hard to reason about their effectiveness and impact on the system. In this work, we provide a formalized framework to help evaluate a variety of attacks and their mitigations. The framework is based upon the universal composability (UC) framework to describe the attacker\u27s power and the system\u27s security goals. We propose the system in the context of Bitcoin and to the best of our knowledge, no similar work has been proposed previously. Besides, we demonstrate and evaluate our model with different case studies from the real world. Finally, we signal remaining challenges for the contingency plans and their formalization

Echoes of the Past: Recovering Blockchain Metrics From Merged Mining

So far, the topic of merged mining has mainly been considered in a security context, covering issues such as mining power centralization or crosschain attack scenarios. In this work we show that key information for determining blockchain metrics such as the fork rate can be recovered through data extracted from merge mined cryptocurrencies. Specifically, we reconstruct a long-ranging view of forks and stale blocks in Bitcoin from its merge mined child chains, and compare our results to previous findings that were derived from live measurements. Thereby, we show that live monitoring alone is not sufficient to capture a large majority of these events, as we are able to identify a non-negligible portion of stale blocks that were previously unaccounted for. Their authenticity is ensured by cryptographic evidence regarding both, their position in the respective blockchain, as well as the Proof-of-Work difficulty. Furthermore, by applying this new technique to Litecoin and its child cryptocur rencies, we are able to provide the first extensive view and lower bound on the stale block and fork rate in the Litecoin network. Finally, we outline that a recovery of other important metrics and blockchain characteristics through merged mining may also be possible

But Why does it Work? A Rational Protocol Design Treatment of Bitcoin

An exciting recent line of work has focused on formally investigating the core cryptographic assumptions underlying the security of Bitcoin. In a nutshell, these works conclude that Bitcoin is secure if and only if the majority of the mining power is honest. Despite their great impact, however, these works do not address an incisive question asked by positivists and Bitcoin critics, which is fuelled by the fact that Bitcoin indeed works in reality: Why should the real-world system adhere to these assumptions? In this work we employ the machinery from the Rational Protocol Design (RPD) framework by Garay et al. [FOCS\u2713] to analyze Bitcoin and address questions such as the above. We show assuming a natural class of incentives for the miners\u27 behavior i.e., rewarding them for adding blocks to the blockchain but having them pay for mining here one can reserve the honest majority assumption as a fallback, or even, depending on the application, completely replace it by the assumption that the miners aim to maximize their revenue. Our results underscore the appropriateness of RPD as a ``rational cryptography\u27\u27 framework for analyzing Bitcoin. Along the way, we devise significant extensions to the original RPD machinery that broaden its applicability to cryptocurrencies, which may be of independent interest

Valuable Puzzles for Proofs-of-Work

Proof-of-work (PoW) is used as the consensus mechanism in most cryptocurrencies. PoW-based puzzles play an important part in the operation and security of a cryptocurrency, but come at a considerable energy cost. One approach to the problem of energy wastage is to find ways to build PoW schemes from valuable computational problems. This work proposes calibration of public key cryptographic systems as a suitable source of PoW puzzles. We describe the properties needed to adapt public key cryptosystems as PoW functions suitable for decentralised cryptocurrencies and provide a candidate example

Selfish mining in Proof-of-Work blockchain with multiple miners: An empirical evaluation

Proof-of-Work blockchain, despite its numerous benefits, is still not an entirely secure technology due to the existence of Selfish Mining (SM) strategies that can disrupt the system and its mining economy. While the effect of SM has been studied mostly in a two-miners scenario, it has not been investigated in a more practical context where there are multiple malicious miners individually performing SM.To fill this gap, we carry out an empirical study that separately accounts for different numbers of SM miners (who always perform SM) and strategic miners (who choose either SM or Nakamoto's mining protocol depending on which maximises their individual mining reward).Our result shows that SM is generally more effective as the number of SM miners increases, however its effectiveness does not vary in the presence of a large number of strategic miners. Under specific mining power distributions, we also demonstrate that multiple miners can perform SM and simultaneously gain higher mining rewards than they should. Surprisingly, we also show that the more strategic miners there are, the more robust the systems become. Since blockchain miners should naturally be seen as self-interested strategic miners, our findings encourage blockchain system developers and engineers to attract as many miners as possible to prevent SM and similar behaviour

Multi-Agent Modelling of Fairness for Users and Miners in Blockchains

International audienc