Maher Alharby,Ali Alssaiari,Saad Alateef,Nigel Thomas,Aad van Moorsel

DOI: https://doi.org/10.1007/s10586-024-04645-7

2024-07-15

Cluster Computing

Abstract:This study analyzes the security implications of Proof-of-Work blockchains with respect to the stale block rate and the lack of a block verification process. The stale block rate is a crucial security metric that quantifies the proportion of rejected blocks in the blockchain network. The absence of a block verification process represents another critical security concern, as it permits the potential for invalid transactions within the network. In this article, we propose and implement a quantitative and analytical model to capture the primary operations of Proof-of-Work blockchains utilizing the Performance Evaluation Process Algebra. The proposed model can assist blockchain designers, architects, and analysts in achieving the ideal security level for blockchain systems by determining the proper network and consensus settings. We conduct extensive experiments to determine the sensitivity of security to four aspects: the number of active miners and their mining hash rates, the duration between blocks, the latency in block propagation, and the time required for block verification, all of which have been shown to influence the outcomes. We contribute to the findings of the existing research by conducting the first analysis of how the number of miners affects the frequency of stale block results, as well as how the delay in block propagation influences the incentives received by rational miners who choose to avoid the block verification process.

computer science, information systems, theory & methods

Dinitha Wijewardhana,Sugandima Vidanagamachchi,Nalin Arachchilage

2024-11-01

Abstract:Cryptocurrencies have gained popularity due to their transparency, security, and accessibility compared to traditional financial systems, with Bitcoin, introduced in 2009, leading the market. Bitcoin's security relies on blockchain technology - a decentralized ledger consisting of a consensus and an incentive mechanism. The consensus mechanism, Proof of Work (PoW), requires miners to solve difficult cryptographic puzzles to add new blocks, while the incentive mechanism rewards them with newly minted bitcoins. However, as Bitcoin's acceptance grows, it faces increasing threats from attacks targeting these mechanisms, such as selfish mining, double-spending, and block withholding. These attacks compromise security, efficiency, and reward distribution. Recent research shows that these attacks can be combined with each other or with either malicious strategies, such as network-layer attacks, or non-malicious strategies, like honest mining. These combinations lead to more sophisticated attacks, increasing the attacker's success rates and profitability. Therefore, understanding and evaluating these attacks is essential for developing effective countermeasures and ensuring long-term security. This paper begins by examining individual attacks executed in isolation and their profitability. It then explores how combining these attacks with each other or with other malicious and non-malicious strategies can enhance their overall effectiveness and profitability. The analysis further explores how the deployment of attacks such as selfish mining and block withholding by multiple competing mining pools against each other impacts their economic returns. Lastly, a set of design guidelines is provided, outlining areas future work should focus on to prevent or mitigate the identified threats.

Cryptography and Security,Artificial Intelligence

Yang Xiao,Ning Zhang,Wenjing Lou,Y. Thomas Hou

DOI: https://doi.org/10.1109/INFOCOM41043.2020.9155451

2020-09-01

Abstract:Blockchain, the technology behind the popular Bitcoin, is considered a "security by design" system as it is meant to create security among a group of distrustful parties yet without a central trusted authority. The security of blockchain relies on the premise of honest-majority, namely, the blockchain system is assumed to be secure as long as the majority of consensus voting power is honest. And in the case of proof-of-work (PoW) blockchain, adversaries cannot control more than 50% of the network's gross computing power. However, this 50% threshold is based on the analysis of computing power only, with implicit and idealistic assumptions on the network and node behavior. Recent researches have alluded that factors such as network connectivity, presence of blockchain forks, and mining strategy could undermine the consensus security assured by the honest-majority, but neither concrete analysis nor quantitative evaluation is provided. In this paper we fill the gap by proposing an analytical model to assess the impact of network connectivity on the consensus security of PoW blockchain under different adversary models. We apply our analytical model to two adversarial scenarios: 1) honest-but-potentially-colluding, 2) selfish mining. For each scenario, we quantify the communication capability of nodes involved in a fork race and estimate the adversary's mining revenue and its impact on security properties of the consensus protocol. Simulation results validated our analysis. Our modeling and analysis provide a paradigm for assessing the security impact of various factors in a distributed consensus system.

Cryptography and Security

George Bissias,Rainer Böhme,David Thibodeau,Brian N. Levine

DOI: https://doi.org/10.48550/arXiv.2012.03706

2020-12-07

Abstract:A key component of security in decentralized blockchains is proof of opportunity cost among block producers. In the case of proof-of-work (PoW), currently used by the most prominent systems, the cost is due to spent computation. In this paper, we characterize the security investment of miners in terms of its cost in fiat money. This enables comparison of security allocations across PoW blockchains that generally use different PoW algorithms and reward miners in different cryptocurrency units. We prove that there exists a unique allocation equilibrium, depending on market prices only, that is achieved by both strategic miners (who contemplate the actions of others) and by miners seeking only short-term profit. In fact, the latter will unknowingly compensate for any attempt to deliberately shift security allocation away from equilibrium. Our conclusions are supported analytically through the development of a Markov decision process, game theoretical analysis, and derivation of no arbitrage conditions. We corroborate those results with empirical evidence from more than two years of blockchain and price data. Overall agreement is strong. We show that between January 1, 2018 and August 1, 2020, market prices predicted security allocation between Bitcoin and Bitcoin Cash with error less than 0.6%. And from the beginning of October 2019, until August 1, 2020, market prices predicted security allocation between Bitcoin and Litecoin with error of 0.45%. These results are further corroborated by our establishment of Granger-causality between change in market prices and change in security allocation. To demonstrate the practicality of our results, we describe a trustless oracle that leverages the equilibrium to estimate the price ratios of PoW cryptocurrencies from on-chain information only.

Cryptography and Security

Andrea Merlina,Thiago Garrett,Roman Vitenberg

2024-05-14

Abstract:Proof-of-Work (PoW) blockchains have emerged as a robust and effective consensus mechanism in open environments, leading to widespread deployment with numerous cryptocurrency platforms and substantial investments. However, the commonly deployed PoW implementations are all based on solving cryptographic puzzles. Researchers have been pursuing the compelling idea of replacing cryptopuzzles with useful computing tasks for over a decade, in face of the substantial computational capacity of blockchain networks and the global pursuit of a more sustainable IT infrastructure. In this study, we conduct a comprehensive analysis of the prerequisites for alternative classes of tasks. We provide insight into the effect of introducing "usefulness" and of transitioning to task classes other than cryptopuzzles. Having distilled the prerequisites, we use them to examine proposed designs from existing literature. Finally, we discuss pertinent techniques and present research gaps in the current state-of-the-art.

Cryptography and Security,Distributed, Parallel, and Cluster Computing

Varul Srivastava,Sujit Gujar

2024-01-17

Abstract:Proof-of-Work is a consensus algorithm where miners solve cryptographic puzzles to mine blocks and obtain a reward through some Block Reward Mechanism (BRM). PoW blockchain faces the problem of centralization due to the formation of mining pools, where miners mine blocks as a group and distribute rewards. The rationale is to reduce the risk (variance) in reward while obtaining the same expected block reward. In this work, we address the problem of centralization due to mining pools in PoW blockchain. We propose a two-player game between the new miner joining the system and the PoW blockchain system.

Computer Science and Game Theory

Sarah Azouvi,Christian Cachin,Duc V. Le,Marko Vukolic,Luca Zanolini

DOI: https://doi.org/10.48550/arXiv.2211.12050

2022-11-22

Abstract:Blockchain protocols implement total-order broadcast in a permissionless setting, where processes can freely join and leave. In such a setting, to safeguard against Sybil attacks, correct processes rely on cryptographic proofs tied to a particular type of resource to make them eligible to order transactions. For example, in the case of Proof-of-Work (PoW), this resource is computation, and the proof is a solution to a computationally hard puzzle. Conversely, in Proof-of-Stake (PoS), the resource corresponds to the number of coins that every process in the system owns, and a secure lottery selects a process for participation proportionally to its coin holdings. Although many resource-based blockchain protocols are formally proven secure in the literature, the existing security proofs fail to demonstrate why particular types of resources cause the blockchain protocols to be vulnerable to distinct classes of attacks. For instance, PoS systems are more vulnerable to long-range attacks, where an adversary corrupts past processes to re-write the history, than Proof-of-Work and Proof-of-Storage systems. Proof-of-Storage-based and Proof-of-Stake-based protocols are both more susceptible to private double-spending attacks than Proof-of-Work-based protocols; in this case, an adversary mines its chain in secret without sharing its blocks with the rest of the processes until the end of the attack. In this paper, we formally characterize the properties of resources through an abstraction called resource allocator and give a framework for understanding longest-chain consensus protocols based on different underlying resources. In addition, we use this resource allocator to demonstrate security trade-offs between various resources focusing on well-known attacks (e.g., the long-range attack and nothing-at-stake attacks).

Cryptography and Security,Distributed, Parallel, and Cluster Computing

Somdip Dey

DOI: https://doi.org/10.48550/arXiv.1806.05477

2018-06-14

Abstract:Recently we could see several institutions coming together to create consortium based blockchain networks such as Hyperledger. Although for applications of blockchain such as Bitcoin, Litcoin, etc. the majority-attack might not be a great threat but for consortium based blockchain networks where we could see several institutions such as public, private, government, etc. are collaborating, the majority-attack might just prove to be a prevalent threat if collusion among these institutions takes place. This paper proposes a methodology where we can use intelligent software agents to monitor the activity of stakeholders in the blockchain networks to detect anomaly such as collusion, using supervised machine learning algorithm and algorithmic game theory and stop the majority-attack from taking place.

Cryptography and Security

Fengjun Chen,Zhiqiang Liu,Yu Long,Zhen Liu,Ning Ding

DOI: https://doi.org/10.1007/978-3-030-02744-5_1

2018-01-01

Abstract:Blockchain is built on the basis of peer-to-peer network, cryptography and consensus mechanism over a distributed environment. The underlying cryptography in blockchain, such as hash algorithm and digital signature scheme, is used to guarantee the security of blockchain. However, past experience showed that cryptographic primitives do not last forever along with increasing computational power and advanced cryptanalysis. Therefore, it is crucial to investigate the issue that the underlying cryptography in blockchain is compromised.

Krishnendu Chatterjee,Amirali Ebrahimzadeh,Mehrdad Karrabi,Krzysztof Pietrzak,Michelle Yeo,Đorđe Žikelić

DOI: https://doi.org/10.1145/3662158.3662769

2024-05-07

Abstract:We study selfish mining attacks in longest-chain blockchains like Bitcoin, but where the proof of work is replaced with efficient proof systems -- like proofs of stake or proofs of space -- and consider the problem of computing an optimal selfish mining attack which maximizes expected relative revenue of the adversary, thus minimizing the chain quality. To this end, we propose a novel selfish mining attack that aims to maximize this objective and formally model the attack as a Markov decision process (MDP). We then present a formal analysis procedure which computes an $\epsilon$-tight lower bound on the optimal expected relative revenue in the MDP and a strategy that achieves this $\epsilon$-tight lower bound, where $\epsilon>0$ may be any specified precision. Our analysis is fully automated and provides formal guarantees on the correctness. We evaluate our selfish mining attack and observe that it achieves superior expected relative revenue compared to two considered baselines.

Cryptography and Security

Agron Gemajli,Shivam Patel,Phillip G. Bradford

2024-04-07

Abstract:Proof of Work (PoW) blockchains burn a lot of energy. Proof-of-work algorithms are expensive by design and often only serve to compute blockchains. In some sense, carbon-based and non-carbon based regional electric power is fungible. So the total carbon and non-carbon electric power mix plays a role. Thus, generally PoW algorithms have large CO$_2$ footprints solely for computing blockchains. A proof of technology is described towards replacing hashcash or other PoW methods with a lottery and proof-of-VM (PoVM) emulation. PoVM emulation is a form of PoW where an autonomous blockchain miner gets a lottery ticket in exchange for providing a VM (virtual Machine) for a specified period. These VMs get their jobs from a job queue. Managing and ensuring, by concensus, that autonomous PoVMs are properly configured and running as expected gives several gaps for a complete practical system. These gaps are discussed. Our system is similar to a number of other blockchain systems. We briefly survey these systems. This paper along with our proof of technology was done as a senior design project.

Cryptography and Security

Abdelatif Hafid,Abdelhakim Senhaji Hafid,Adil Senhaji

DOI: https://doi.org/10.48550/arXiv.2108.05835

2021-08-13

Abstract:Blockchain technology has been gaining great interest from a variety of sectors, including healthcare, supply chain and cryptocurrencies. However, Blockchain suffers from its limited ability to scale (i.e. low throughput and high latency). Several solutions have been appeared to tackle this issue. In particular, sharding proved that it is one of the most promising solutions to Blockchain scalability. Sharding can be divided into two major categories: (1) Sharding-based Proof-of-Work (PoW) Blockchain protocols, and (2) Sharding-based Proof-of-Stake (PoS) Blockchain protocols. The two categories achieve a good performances (i.e. good throughput with a reasonable latency), but raise security issues. This article attends that analyze the security of the second category. More specifically, we compute the probability of committing a faulty block and measure the security by computing the number of years to fail. Finally, to show the effectiveness of the proposed model, we conduct a numerical analysis and evaluate the results obtained.

Cryptography and Security

Xiao-Li Du,Deng-Feng Li,Kai-RongLiang

DOI: https://doi.org/10.2991/ijcis.d.191030.001

IF: 2.259

2019-01-01

International Journal of Computational Intelligence Systems

Abstract:In proof-of-work (PoW)-based blockchain network, the blockchain miners publish blocks by contributing computing power to solve crypto-puzzles. Due to the weak computing power of single miner, miners tend to join a mining pool and share the profits from the mining pool according to the contribution proportions of the miners. However, some miners may initiate block withholding attack which may result in wasting computing power, even threatening the efficiency of the blockchain network. To address this problem, in this paper, we use the biform game model to optimize the miners’ strategy choices. We firstly formulate the mining process as a non-cooperative–cooperative biform game model. We use the model to exhibit miners’ strategy choices (non-cooperation stage) and the cooperation mining process (cooperation stage). Then we set the conditions to maintain the voluntary honest behavior of miners. After that, we employ the semi-CIS (semi-the center of imputation set value) value to compute the solutions of the cooperative games in the cooperation stage, and optimize miners’ strategy choices to prevent the block withholding attack. Hence we can ensure the blockchain network is secure. Finally, the validity and applicability of the proposed model and method are verified by a numerical example.

Iván Abellán Álvarez,Vincent Gramlich,Johannes Sedlmeir

2024-01-31

Abstract:With the increasing adoption of decentralized information systems based on a variety of permissionless blockchain networks, the choice of consensus mechanism is at the core of many controversial discussions. Ethereum's recent transition from (PoW) to proof-of-stake (PoS)-based consensus has further fueled the debate on which mechanism is more favorable. While the aspects of energy consumption and degree of (de-)centralization are often emphasized in the public discourse, seminal research has also shed light on the formal security aspects of both approaches individually. However, related work has not yet comprehensively structured the knowledge about the security properties of PoW and PoS. Rather, it has focused on in-depth analyses of specific protocols or high-level comparative reviews covering a broad range of consensus mechanisms. To fill this gap and unravel the commonalities and discrepancies between the formal security properties of PoW- and PoS-based consensus, we conduct a systematic literature review over 26 research articles. Our findings indicate that PoW-based consensus with the longest chain rule provides the strongest formal security guarantees. Nonetheless, PoS can achieve similar guarantees when addressing its more pronounced tradeoff between safety and liveness through hybrid approaches.

Cryptography and Security,Distributed, Parallel, and Cluster Computing

Foteini Baldimtsi,Aggelos Kiayias,Thomas Zacharias,Bingsheng Zhang

DOI: https://doi.org/10.1007/978-3-662-53890-6_30

2016-01-01

Abstract:We introduce a new class of protocols called Proofs of Work or Knowledge PoWorKs. In a PoWorK, a prover can convince a verifier that she has either performed work or that she possesses knowledge of a witness to a public statement without the verifier being able to distinguish which of the two has taken place. We formalize PoWorK in terms of three properties, completeness, f-soundness and indistinguishability where f is a function that determines the tightness of the proof of work aspect and present a construction that transforms 3-move HVZK protocols into 3-move public-coin PoWorKs. To formalize the work aspect in a PoWorK﾿protocol we define cryptographic puzzles that adhere to certain uniformity conditions, which may also be of independent interest. We instantiate our puzzles in the random oracle RO model as well as via constructing \"dense\" versions of suitably hard one-way functions. We then showcase PoWorK﾿protocols by presenting a number of applications. We first show how non-interactive PoWorKs can be used to reduce spam email by forcing users sending an e-mail to either prove to the mail server they are approved contacts of the recipient or to perform computational work. As opposed to previous approaches that applied proofs of work to this problem, our proposal of using PoWorKs is privacy-preserving as it hides the list of the receiver's approved contacts from the mail server. Our second application, shows how PoWorK can be used to compose cryptocurrencies that are based on proofs of work \"Bitcoin-like\" with cryptocurrencies that are based on knowledge relations these include cryptocurrencies that are based on \"proof of stake\", and others. The resulting PoWorK-based cryptocurrency inherits the robustness properties of the underlying two systems while PoWorK-indistinguishability ensures a uniform population of miners. Finally, we show that PoWorK﾿protocols imply straight-line quasi-polynomial simulatable arguments of knowledge and based on our construction we obtain an efficient straight-line concurrent 3-move statistically quasi-polynomial simulatable argument of knowledge.

Daniel J. Moroz,Daniel J. Aronoff,Neha Narula,David C. Parkes

DOI: https://doi.org/10.48550/arXiv.2002.10736

2020-02-25

Abstract:Proof-of-Work mining is intended to provide blockchains with robustness against double-spend attacks. However, an economic analysis that follows from Budish (2018), which considers free entry conditions together with the ability to rent sufficient hashrate to conduct an attack, suggests that the resulting block rewards can make an attack cheap. We formalize a defense to double-spend attacks. We show that when the victim can counterattack in the same way as the attacker, this leads to a variation on the classic game-theoretic War of Attrition model. The threat of this kind of counterattack induces a subgame perfect equilibrium in which no attack occurs in the first place.

Cryptography and Security,Computer Science and Game Theory

Michael Mirkin,Yan Ji,Jonathan Pang,Ariah Klages-Mundt,Ittay Eyal,Ari Juels

DOI: https://doi.org/10.48550/arXiv.1912.07497

2020-11-05

Abstract:Proof-of-work (PoW) cryptocurrency blockchains like Bitcoin secure vast amounts of money. Their operators, called miners, expend resources to generate blocks and receive monetary rewards for their effort. Blockchains are, in principle, attractive targets for Denial-of-Service (DoS) attacks: There is fierce competition among coins, as well as potential gains from short selling. Classical DoS attacks, however, typically target a few servers and cannot scale to systems with many nodes. There have been no successful DoS attacks to date against prominent cryptocurrencies. We present Blockchain DoS (BDoS), the first incentive-based DoS attack that targets PoW cryptocurrencies. Unlike classical DoS, BDoS targets the system's mechanism design: It exploits the reward mechanism to discourage miner participation. Previous DoS attacks against PoW blockchains require an adversary's mining power to match that of all other miners. In contrast, BDoS can cause a blockchain to grind to a halt with significantly fewer resources, e.g., 21% as of March 2020 in Bitcoin, according to our empirical study. We find that Bitcoin's vulnerability to BDoS increases rapidly as the mining industry matures and profitability drops. BDoS differs from known attacks like Selfish Mining in its aim not to increase an adversary's revenue, but to disrupt the system. Although it bears some algorithmic similarity to those attacks, it introduces a new adversarial model, goals, algorithm, and game-theoretic analysis. Beyond its direct implications for operational blockchains, BDoS introduces the novel idea that an adversary can manipulate miners' incentives by proving the existence of blocks without actually publishing them.

Cryptography and Security

Haoyu Wang,Jianwei An

DOI: https://doi.org/10.1007/s11227-023-05289-x

IF: 3.3

2023-04-21

The Journal of Supercomputing

Abstract:As a rising technology in recent years, edge computing has the characteristics of low latency and low energy consumption, which makes it possible for intelligent interconnection of things based on the Internet of Things(IoT) to meet people’s intelligent service needs anytime and anywhere. However, due to its wide geographical distribution, limited node resources, and vulnerability to network attacks, the operating environment of edge computing systems is in jeopardy, and user data privacy disclosure, malicious data tampering, identity authentication, and other security issues are increasingly prominent. As a distributed data-sharing technology, blockchain’s hash encryption transmission, consensus mechanism, and other characteristics determine that it has tamper-proof and traceable performance characteristics, which can well solve the security problems in edge computing systems. Although there have been quite many studies on the application of blockchain technology to the edge computing-enabled IoT system, there has been no systematic and mathematical research and analysis on the security mechanism of the blockchain technology architecture itself. From the perspective of relative security in the field of information security, this paper uses stochastic differential game theory to model the gains of both attack and defense sides under the edge computing system based on blockchain technology and obtain the Nash equilibrium solution. Runge–Kutta algorithm is used to solve the numerical solution of the revenue game model of both sides. From the perspective of architecture theory, it discusses and studies the security characteristics brought by blockchain technology architecture itself. Through simulation comparison with relevant research work and existing baseline scheme, the simulation results show the effectiveness and superiority of our proposed scheme. At the same time, the difficulty coefficient and block size are also revealed as security factors in systems based on blockchain technology.

computer science, theory & methods,engineering, electrical & electronic, hardware & architecture

Na Ruan,Hanyi Sun,Zenan Lou,Jie Li

DOI: https://doi.org/10.1109/tnet.2022.3201493

2023-01-01

IEEE/ACM Transactions on Networking

Abstract:Decentralized cryptocurrency systems have become primary targets for attackers due to substantial profit gain and economic rewards. A number of attack models have been proposed during last few years. However, the evaluation and comparison of those attack models remain problematic due to the lack of systematic framework to analyze them. In this work, we propose a general quantitative analysis framework for attack models in the network and consensus layer of blockchain. We identify the problem statement and evolution process. And we show how to apply our general framework in previous attacks such as selfish mining and bribery attack. We also explained that the framework is suitable for other attacks in blockchain. For further exploration, we simulate the success rate and benefits of different attacks through experiments. We provide several defensive strategies, and study how these strategies against previous attack models.

Jörg Becker,Dominic Breuker,Tobias Heide,Justus Holler,Hans Peter Rauer,Rainer Böhme

DOI: https://doi.org/10.1007/978-3-642-39498-0_7

2013-01-01

Abstract:Proof-of-Work (PoW), a well-known principle to ration resource access in client-server relations, is about to experience a renaissance as a mechanism to protect the integrity of a global state in distributed transaction systems under decentralized control. Most prominently, the Bitcoin cryptographic currency protocol leverages PoW to (1) prevent double spending and (2) establish scarcity, two essential properties of any electronic currency. This chapter asks the important question whether this approach is generally viable. Citing actual data, it provides a first cut of an answer by estimating the resource requirements, in terms of operating cost and ecological footprint, of a suitably dimensioned PoW infrastructure and comparing them to three attack scenarios. The analysis is inspired by Bitcoin, but generalizes to potential successors, which fix Bitcoin’s technical and economic teething troubles discussed in the literature.