An open distributed system can be secured by requiring participants to
present proof of work and rewarding them for participation. The Bitcoin digital
currency introduced this mechanism, which is adopted by almost all contemporary
digital currencies and related services.
A natural process leads participants of such systems to form pools, where
members aggregate their power and share the rewards. Experience with Bitcoin
shows that the largest pools are often open, allowing anyone to join. It has
long been known that a member can sabotage an open pool by seemingly joining it
but never sharing its proofs of work. The pool shares its revenue with the
attacker, and so each of its participants earns less.
We define and analyze a game where pools use some of their participants to
infiltrate other pools and perform such an attack. With any number of pools,
no-pool-attacks is not a Nash equilibrium. With two pools, or any number of
identical pools, there exists an equilibrium that constitutes a tragedy of the
commons where the pools attack one another and all earn less than they would
have if none had attacked.
For two pools, the decision whether or not to attack is the miner's dilemma,
an instance of the iterative prisoner's dilemma. The game is played daily by
the active Bitcoin pools, which apparently choose not to attack. If this
balance breaks, the revenue of open pools might diminish, making them
unattractive to participants