Eyal, Ittay, and Emin Gün Sirer. “Majority is not enough: Bitcoin mining is vulnerable.” Communications of the ACM61.7 (2018): 95102.
The paper targets the problem of Bitcoin’s mining algorithm is not incentive compatible, how to enable a more profitable algorithm in addition to mining, and this algorithm is not conducive to the interests of the entire network? How to use a backward-compatible method to fix it?
The Bitcoin that was born because of “decentralization” is plunging into trouble caused by the disappearance of authority. When Bitcoin has actually become centralized and manipulated, “decentralization” has increasingly become an idealist utopia. To maintain the authority and entity value of Bitcoin, it is necessary to solve the generation of most blocks of private pool control.
The algorithm proposed in this paper, after mining a new block from the mining pool, does not release the block for the time being but continues to mine a block. When it is discovered that someone else on the network has also dug up a new block, the block is released. You can get higher returns. At the same time, this algorithm is not globally optimal, because the miners conduct selfish-mining for higher interests, making the selfish mining pool larger and larger, gradually
becoming a majority, destroying the decentralization of Bitcoin. Although in the selfish mining attack, honest and selfish mining pools will waste power, honesty pools will waste more computing power, while selfish miners can get higher profits than their own honest mining. The miners are more willing to join selfish mining. Moreover, the greater the power of the selfish mining pool, the more reward it can receive than the linear growth. This is more conducive to attracting more miners to the selfish mining pool.
The process is as follows: First, the selfish mining pool does not directly release the whole network after mining block A. It only broadcasts the block in its own mining pool, forms a private chain, and continues to mine a block B. Second, when it is detected that someone on the network sends the next block A’, it broadcasts the block that it has mined, and the network enters a competitive state. Third, if the selfish mining pool mining B, it will be released directly, let the whole network go to its own chain, and gain the benefits of block A and block B, and waste the network’s calculation on A’ fork. Fourth, if the honest miner mining a new block after block A, then the selfish mine pool enjoys the benefits of block A. But if the honest miner mining a new block after block A’, then the selfish mining pool is not profitable.
It is generally believed that the proof of work of Bitcoin is incentive-compatible, that is, everyone simply pursues their own interests to maximize, in this way, and at the same time achieve the global optimal results. The paper gives an algorithm that can obtain more benefits in addition to mining. At the same time, this algorithm is not conducive to the interests of the whole network. It proves that the Bitcoin mining algorithm is not incentive compatible.
The paper analyzes the algorithm: γ represents the proportion of honest nodes choosing to mine on the blocks issued by the selfish mines, and (1-γ) is the proportion of honest nodes mining on the competition blocks. α is the power of the selfish mine, and (1-α) is the sum of the power of the honest node. Regardless of whether the private mining pool can win in the competition when the power of the selfish mining pool is higher than a certain proportion, the income of honest mining can be obtained. And 1) When γ is 1, no matter how much power is selfish, the pool can get more income. 2) When γ is 1/2, the private mining pool calculation power has to exceed the global 1/4 to get more benefits. 3) When γ is 0, the private mining pool calculation power must exceed the global 1/3 to obtain more benefits.
Bitcoin requires miners to mine based on the first new block of the longest chain received. Then, if the network conditions of the selfish mining pool are excellent, it is possible for other miners to receive their own private blocks earlier, so that γ approaches 1. When α approaches 0, the selfish mining pool must obtain higher returns no matter how much power is calculated. An improvement proposed by the paper is that when the miners receive two competing blocks, one of them is randomly selected for mining, so that the average γ is 1/2, and α is also about 1/4, that is, the selfish
mining pool must at least master a quarter of computing power can make more gains.
As suggested in the paper, when a private pool controls Bitcoin, Bitcoin will collapse and lose its value. Even if the private pool control reaches a certain scale, stop adding new miners. Is it not because the computing power is too small to win? Not much benefit, and will not threaten Bitcoin itself?
And the time stamp is difficult to tamper with, how does selfish mining deal with this without being discovered?