Matheus V. X. Ferreira,Aadityan Ganesh,Jack Hourigan,Hannah Huh,S. Matthew Weinberg,Catherine Yu

DOI: https://doi.org/10.1145/3670865.3673602

2024-06-22

Abstract:Cryptographic Self-Selection is a paradigm employed by modern Proof-of-Stake consensus protocols to select a block-proposing "leader." Algorand [Chen and Micali, 2019] proposes a canonical protocol, and Ferreira et al. [2022] establish bounds $f(\alpha,\beta)$ on the maximum fraction of rounds a strategic player can lead as a function of their stake $\alpha$ and a network connectivity parameter $\beta$. While both their lower and upper bounds are non-trivial, there is a substantial gap between them (for example, they establish $f(10\%,1) \in [10.08\%, 21.12\%]$), leaving open the question of how significant of a concern these manipulations are. We develop computational methods to provably nail $f(\alpha,\beta)$ for any desired $(\alpha,\beta)$ up to arbitrary precision, and implement our method on a wide range of parameters (for example, we confirm $f(10\%,1) \in [10.08\%, 10.15\%]$). Methodologically, estimating $f(\alpha,\beta)$ can be phrased as estimating to high precision the value of a Markov Decision Process whose states are countably-long lists of real numbers. Our methodological contributions involve (a) reformulating the question instead as computing to high precision the expected value of a distribution that is a fixed-point of a non-linear sampling operator, and (b) provably bounding the error induced by various truncations and sampling estimations of this distribution (which appears intractable to solve in closed form). One technical challenge, for example, is that natural sampling-based estimates of the mean of our target distribution are \emph{not} unbiased estimators, and therefore our methods necessarily go beyond claiming sufficiently-many samples to be close to the mean.

Computer Science and Game Theory,Cryptography and Security,Theoretical Economics

Maryam Bahrani,S. Matthew Weinberg

DOI: https://doi.org/10.48550/arXiv.2309.06847

2024-02-05

Abstract:Seminal work of Eyal and Sirer (2014) establishes that a strategic Bitcoin miner may strictly profit by deviating from the intended Bitcoin protocol, using a strategy now termed *selfish mining*. More specifically, any miner with $>1/3$ of the total hashrate can earn bitcoin at a faster rate by selfish mining than by following the intended protocol (depending on network conditions, a lower fraction of hashrate may also suffice). One convincing critique of selfish mining in practice is that the presence of a selfish miner is *statistically detectable*: the pattern of orphaned blocks created by the presence of a selfish miner cannot be explained by natural network delays. Therefore, if an attacker chooses to selfish mine, users can detect this, and this may (significantly) negatively impact the value of BTC. So while the attacker may get slightly more bitcoin by selfish mining, these bitcoin may be worth significantly less USD. We develop a selfish mining variant that is provably *statistically undetectable*: the pattern of orphaned blocks is statistically identical to a world with only honest miners but higher network delay. Specifically, we consider a stylized model where honest miners with network delay produce orphaned blocks at each height independently with probability $\beta'$. We propose a selfish mining strategy that instead produces orphaned blocks at each height independently with probability $\beta > \beta'$. We further show that our strategy is strictly profitable for attackers with $38.2\% \ll 50\%$ of the total hashrate (and this holds for all natural orphan rates $\beta'$).

Computer Science and Game Theory,Cryptography and Security,Distributed, Parallel, and Cluster Computing,Data Structures and Algorithms

Qianlan Bai,Yuedong Xu,Nianyi Liu,Xin Wang

DOI: https://doi.org/10.1109/tifs.2023.3275736

IF: 7.231

2023-01-01

IEEE Transactions on Information Forensics and Security

Abstract:This paper studies a fundamental problem regarding the security of blockchain PoW consensus on how the existence of multiple misbehaving miners influences the profitability of selfish mining. Each selfish miner maintains a private chain and makes it public opportunistically for acquiring more rewards incommensurate to his Hash power. We first establish a general Markov chain model to characterize the state transition of public and private chains for Basic Selfish Mining (BSM), and derive the stationary profitable threshold of Hash power in closed form. It reduces from 25% for a single attacker to below 21.48% for two symmetric attackers theoretically, and further reduces to around 10% with eight symmetric attackers experimentally. We next explore the profitable threshold when one of the attackers performs strategic mining based on Partially Observable Markov Decision Process (POMDP) that only half of the attributes pertinent to a mining state are observable to him. An online algorithm is presented to compute the nearly optimal policy efficiently despite the large state space and high dimensional belief space. The profitable threshold is much lower for the strategic attacker. Last, we formulate a simple model of absolute mining revenue that yields an interesting observation: selfish mining is never profitable at the first difficulty adjustment period, but relies on the reimbursement of stationary selfish mining gains in future periods. The delay till being profitable of an attacker increases with the decrease of his Hash power, making blockchain miners more cautious about performing selfish mining.

Francisco J. Marmolejo-Cossío,Eric Brigham,Benjamin Sela,Jonathan Katz

DOI: https://doi.org/10.48550/arXiv.1906.04502

2019-06-11

Abstract:The Bitcoin protocol prescribes certain behavior by the miners who are responsible for maintaining and extending the underlying blockchain; in particular, miners who successfully solve a puzzle, and hence can extend the chain by a block, are supposed to release that block immediately. Eyal and Sirer showed, however, that a selfish miner is incentivized to deviate from the protocol and withhold its blocks under certain conditions. The analysis by Eyal and Sirer, as well as in followup work, considers a \emph{single} deviating miner (who may control a large fraction of the hashing power in the network) interacting with a remaining pool of honest miners. Here, we extend this analysis to the case where there are \emph{multiple} (non-colluding) selfish miners. We find that with multiple strategic miners, specific deviations from honest mining by multiple strategic agents can outperform honest mining, even if individually miners would not be incentivised to be dishonest. This previous point effectively renders the Bitcoin protocol to be less secure than previously thought.

Computer Science and Game Theory,Cryptography and Security

Aggelos Kiayias,Saad Quader,Alexander Russell

DOI: https://doi.org/10.48550/arXiv.2001.06403

2020-07-29

Abstract:We improve the fundamental security threshold of eventual consensus Proof-of-Stake (PoS) blockchain protocols under the longest-chain rule by showing, for the first time, the positive effect of rounds with concurrent honest leaders. Current security analyses reduce consistency to the dynamics of an abstract, round-based block creation process that is determined by three events associated with a round: (i) event $A$: at least one adversarial leader, (ii) event $S$: a single honest leader, and (iii) event $M$: multiple, but honest, leaders. We present an asymptotically optimal consistency analysis assuming that an honest round is more likely than an adversarial round (i.e., $\Pr[S] + \Pr[M] > \Pr[A]$); this threshold is optimal. This is a first in the literature and can be applied to both the simple synchronous communication as well as communication with bounded delays. In all existing consistency analyses, event $M$ is either penalized or treated neutrally. Specifically, the consistency analyses in Ouroboros Praos (Eurocrypt 2018) and Genesis (CCS 2018) assume that $\Pr[S] - \Pr[M] > \Pr[A]$; the analyses in Sleepy Consensus (Asiacrypt 2017) and Snow White (Fin. Crypto 2019) assume that $\Pr[S] > \Pr[A]$. Moreover, all existing analyses completely break down when $\Pr[S] < \Pr[A]$. These thresholds determine the critical trade-off between the honest majority, network delays, and consistency error. Our new results can be directly applied to improve the security guarantees of the existing protocols. We also provide an efficient algorithm to explicitly calculate these error probabilities in the synchronous setting. Furthermore, we complement these results by analyzing the setting where $S$ is rare, even allowing $\Pr[S] = 0$, under the added assumption that honest players adopt a consistent chain selection rule.

Distributed, Parallel, and Cluster Computing,Cryptography and Security,Discrete Mathematics

Michael Neuder,Daniel J. Moroz,Rithvik Rao,David C. Parkes

DOI: https://doi.org/10.48550/arXiv.1912.02954

2020-04-08

Abstract:Proof-of-Stake consensus protocols give rise to complex modeling challenges. We analyze the recently-updated Tezos Proof-of-Stake protocol and demonstrate that, under certain conditions, rational participants are incentivized to behave dishonestly. In doing so, we provide a theoretical analysis of the feasibility and profitability of a block stealing attack that we call selfish endorsing, a concrete instance of an attack previously only theoretically considered. We propose and analyze a simple change to the Tezos protocol which significantly reduces the (already small) profitability of this dishonest behavior, and introduce a new delay and reward scheme that is provably secure against length-1 and length-2 selfish endorsing attacks. Our framework provides a template for analyzing other Proof-of-Stake implementations for selfish behavior.

Cryptography and Security,Computer Science and Game Theory

Qianlan Bai,Xinyan Zhou,Xing Wang,Yuedong Xu,Xin Wang,Qingsheng Kong

DOI: https://doi.org/10.48550/arXiv.1811.08263

2018-11-01

Abstract:This paper studies a fundamental problem regarding the security of blockchain on how the existence of multiple misbehaving pools influences the profitability of selfish mining. Each selfish miner maintains a private chain and makes it public opportunistically for the purpose of acquiring more rewards incommensurate to his Hashrate. We establish a novel Markov chain model to characterize all the state transitions of public and private chains. The minimum requirement of Hashrate together with the minimum delay of being profitable is derived in close-form. The former reduces to 21.48% with the symmetric selfish miners, while their competition with asymmetric Hashrates puts forward a higher requirement of the profitable threshold. The profitable delay increases with the decrease of the Hashrate of selfish miners, making the mining pools more cautious on performing selfish mining.

Cryptography and Security,Computational Engineering, Finance, and Science

Krishnendu Chatterjee,Amirali Ebrahimzadeh,Mehrdad Karrabi,Krzysztof Pietrzak,Michelle Yeo,Đorđe Žikelić

DOI: https://doi.org/10.1145/3662158.3662769

2024-05-07

Abstract:We study selfish mining attacks in longest-chain blockchains like Bitcoin, but where the proof of work is replaced with efficient proof systems -- like proofs of stake or proofs of space -- and consider the problem of computing an optimal selfish mining attack which maximizes expected relative revenue of the adversary, thus minimizing the chain quality. To this end, we propose a novel selfish mining attack that aims to maximize this objective and formally model the attack as a Markov decision process (MDP). We then present a formal analysis procedure which computes an $\epsilon$-tight lower bound on the optimal expected relative revenue in the MDP and a strategy that achieves this $\epsilon$-tight lower bound, where $\epsilon>0$ may be any specified precision. Our analysis is fully automated and provides formal guarantees on the correctness. We evaluate our selfish mining attack and observe that it achieves superior expected relative revenue compared to two considered baselines.

Cryptography and Security

Sheng-Nan Li,Carlo Campajola,Claudio J. Tessone

DOI: https://doi.org/10.1038/s41598-024-55348-3

IF: 4.6

2024-03-16

Scientific Reports

Abstract:The core of many cryptocurrencies is the decentralised validation network operating on proof-of-work technology. In these systems, validation is done by so-called miners who can digitally sign blocks once they solve a computationally-hard problem. Conventional wisdom generally considers this protocol as secure and stable as miners are incentivised to follow the behaviour of the majority. However, whether some strategic mining behaviours occur in practice is still a major concern. In this paper we target this question by focusing on a security threat: a selfish mining attack in which malicious miners deviate from protocol by not immediately revealing their newly mined blocks. We propose a statistical test to analyse each miner's behaviour in five popular cryptocurrencies: Bitcoin, Litecoin, Monacoin, Ethereum and Bitcoin Cash. Our method is based on the realisation that selfish mining behaviour will cause identifiable anomalies in the statistics of miner's successive blocks discovery. Secondly, we apply heuristics-based address clustering to improve the detectability of this kind of behaviour. We find a marked presence of abnormal miners in Monacoin and Bitcoin Cash, and, to a lesser extent, in Ethereum. Finally, we extend our method to detect coordinated selfish mining attacks, finding mining cartels in Monacoin where miners might secretly share information about newly mined blocks in advance. Our analysis contributes to the research on security in cryptocurrency systems by providing the first empirical evidence that the aforementioned strategic mining behaviours do take place in practice.

multidisciplinary sciences

Mansoor Ahmed-Rengers,Kari Kostiainen

DOI: https://doi.org/10.48550/arXiv.1804.07391

2020-05-19

Abstract:Proof-of-Stake systems randomly choose, on each round, one of the participants as a consensus leader that extends the chain with the next block such that the selection probability is proportional to the owned stake. However, distributed random number generation is notoriously difficult. Systems that derive randomness from the previous blocks are completely insecure; solutions that provide secure random selection are inefficient due to their high communication complexity; and approaches that balance security and performance exhibit selection bias. When block creation is rewarded with new stake, even a minor bias can have a severe cumulative effect. In this paper, we propose Robust Round Robin, a new consensus scheme that addresses this selection problem. We create reliable long-term identities by bootstrapping from an existing infrastructure, such as Intel's SGX processors, or by mining them starting from an initial fair distribution. For leader selection we use a deterministic approach. On each round, we select a set of the previously created identities as consensus leader candidates in round robin manner. Because simple round-robin alone is vulnerable to attacks and offers poor liveness, we complement such deterministic selection policy with a lightweight endorsement mechanism that is an interactive protocol between the leader candidates and a small subset of other system participants. Our solution has low good efficiency as it requires no expensive distributed randomness generation and it provides block creation fairness which is crucial in deployments that reward it with new stake.

Cryptography and Security,Distributed, Parallel, and Cluster Computing

Tao Li,Zhaojie Wang,Guoyu Yang,Yang Cui,Yuling Chen,Xiaomei Yu

DOI: https://doi.org/10.1002/int.22428

IF: 8.993

2021-04-06

International Journal of Intelligent Systems

Abstract:Selfish mining attacks sabotage the blockchain systems by utilizing the vulnerabilities of consensus mechanism. The attackers' main target is to obtain higher revenues compared with honest parties. More specifically, the essence of selfish mining is to waste the power of honest parties by generating a private chain. However, these attacks are not practical due to high forking rate. The honest parties may quit the blockchain system once they detect the abnormal forking rate, which impairs their revenues. While selfish mining attacks make no sense anymore with the honest parties' departure. Therefore, selfish miners need to restrain when launch selfish mining attacks such that the forking rate is not preposterously higher than normal level. The crux is how to illustrate the attacks toward the view of honest parties, who are blind to the private chain. Generally, previous works, especially those using Markov decision processes, stress on the increment of attackers' revenues, while overlooking the detection on forking rate. In this paper, we propose, to maintain the benefit from selfish mining, an improved selfish mining based on hidden Markov decision processes (SMHMDP). To reduce the forking rate, we also relax the behaviors of selfish miners (also known as semi‐selfish miners), who mine on the private chain, to mine on public chain with a small probability ρ. Simulation results show that SMHMDP can trade off between revenues and forking rate. Put differently, selfish miners benefit from attacking within an acceptable forking rate toward the view of honest parties, without leading selfish mining attacks to be an armchair strategist.

Mengqian Zhang,Yuhao Li,Jichen Li,Chaozhe Kong,Xiaotie Deng

DOI: https://doi.org/10.48550/arXiv.2202.08466

2022-02-17

Computer Science and Game Theory

Abstract:The selfish mining attack, arguably the most famous game-theoretic attack in blockchain, indicates that the Bitcoin protocol is not incentive-compatible. Most subsequent works mainly focus on strengthening the selfish mining strategy, thus enabling a single strategic agent more likely to deviate. In sharp contrast, little attention has been paid to the resistant behavior against the selfish mining attack, let alone further equilibrium analysis for miners and mining pools in the blockchain as a multi-agent system. In this paper, first, we propose a strategy called insightful mining to counteract selfish mining. By infiltrating an undercover miner into the selfish pool, the insightful pool could acquire the number of its hidden blocks. We prove that, with this extra insight, the utility of the insightful pool could be strictly greater than the selfish pool's when they have the same mining power. Then we investigate the mining game where all pools can either choose to be honest or take the insightful mining strategy. We characterize the Nash equilibrium of this mining game, and derive three corollaries: (a) each mining game has a pure Nash equilibrium; (b) honest mining is a Nash equilibrium if the largest mining pool has a fraction of mining power no more than 1/3; (c) there are at most two insightful pools under equilibrium no matter how the mining power is distributed.

Tin Leelavimolsilp,Long Tran-Thanh,Sebastian Stein,Viet Hung Nguyen

DOI: https://doi.org/10.48550/arXiv.1905.06853

2019-05-15

Cryptography and Security

Abstract:Proof-of-Work blockchain, despite its numerous benefits, is still not an entirely secure technology due to the existence of Selfish Mining (SM) strategies that can disrupt the system and its mining economy. While the effect of SM has been studied mostly in a two-miners scenario, it has not been investigated in a more practical context where there are multiple malicious miners individually performing SM. To fill this gap, we carry out an empirical study that separately accounts for different numbers of SM miners (who always perform SM) and strategic miners (who choose either SM or Nakamoto's mining protocol depending on which maximises their individual mining reward). Our result shows that SM is generally more effective as the number of SM miners increases, however its effectiveness does not vary in the presence of a large number of strategic miners. Under specific mining power distributions, we also demonstrate that multiple miners can perform SM and simultaneously gain higher mining rewards than they should. Surprisingly, we also show that the more strategic miners there are, the more robust the systems become. Since blockchain miners should naturally be seen as self-interested strategic miners, our findings encourage blockchain system developers and engineers to attract as many miners as possible to prevent SM and similar behaviour.

Yu Zhou,Shang Gao,Weiwei Qiu,Kai Lei,Bin Xiao

DOI: https://doi.org/10.1109/GLOBECOM54140.2023.10437863

2023-01-01

Abstract:Though designed with security in mind, blockchains are vulnerable to various kinds of attacks, especially when the network computational power is low. Selfish mining is one of the most rudimentary and notorious attacks, which maliciously renders blocks found by honest miners orphaned by strategically withholding and revealing the found blocks. In this paper, we analyze the profitability of selfish mining under the checkpoint mechanism-a mechanism that has been adopted as a finality gadget by many blockchains like Ethereum and Bitcoin Cash. We develop a rigorous analysis method and conduct quantitative evaluations in various scenarios to explore the mechanism's suppression effect on selfish mining. The results illustrate that the checkpoint mechanism can restrict the profit of selfish mining and increase the threshold of computational power that makes selfish mining profitable, suggesting that it is a practical defense mechanism against selfish mining.

Jing-Yu Ma,Quan-Lin Li

DOI: https://doi.org/10.48550/arXiv.2111.07070

2021-11-13

Abstract:In this paper, we provide a novel dynamic decision method of blockchain selfish mining by applying the sensitivity-based optimization theory. Our aim is to find the optimal dynamic blockchain-pegged policy of the dishonest mining pool. To study the selfish mining attacks, two mining pools is designed by means of different competitive criterions, where the honest mining pool follows a two-block leading competitive criterion, while the dishonest mining pool follows a modification of two-block leading competitive criterion through using a blockchain-pegged policy. To find the optimal blockchain-pegged policy, we set up a policy-based continuous-time Markov process and analyze some key factors. Based on this, we discuss monotonicity and optimality of the long-run average profit with respect to the blockchain-pegged reward and prove the structure of the optimal blockchain-pegged policy. We hope the methodology and results derived in this paper can shed light on the dynamic decision research on the selfish mining attacks of blockchain selfish mining.

Cryptography and Security,Combinatorics,Optimization and Control,Probability

Cyril Grunspan,Ricardo Pérez-Marco

DOI: https://doi.org/10.48550/arXiv.1805.08281

2018-05-16

Computer Science and Game Theory

Abstract:We review the so called selfish mining strategy in the Bitcoin network and compare its profitability to honest mining.We build a rigorous profitability model for repetition games. The time analysis of the attack has been ignored in the previous literature based on a Markov model,but is critical. Using martingale's techniques and Doob Stopping Time Theorem we compute the expected duration of attack cycles. We discover a remarkable property of the bitcoin network: no strategy is more profitable than the honest strategy before a difficulty adjustment. So selfish mining can only become profitable afterwards, thus it is an attack on the difficulty adjustment algorithm. We propose an improvement of Bitcoin protocol making it immune to selfish mining attacks. We also study miner's attraction to selfish mining pools. We calculate the expected duration time before profit for the selfish miner, a computation that is out of reach by the previous Markov models.

Martin Perešíni,Ivan Homoliak,Federico Matteo Benčić,Martin Hrubý,Kamil Malinka

DOI: https://doi.org/10.48550/arXiv.2305.16757

2023-05-26

Abstract:Several blockchain consensus protocols proposed to use of Directed Acyclic Graphs (DAGs) to solve the limited processing throughput of traditional single-chain Proof-of-Work (PoW) blockchains. Many such protocols utilize a random transaction selection (RTS) strategy (e.g., PHANTOM, GHOSTDAG, SPECTRE, Inclusive, and Prism) to avoid transaction duplicates across parallel blocks in DAG and thus maximize the network throughput. However, previous research has not rigorously examined incentive-oriented greedy behaviors when transaction selection deviates from the protocol. In this work, we first perform a generic game-theoretic analysis abstracting several DAG-based blockchain protocols that use the RTS strategy, and we prove that such a strategy does not constitute a Nash equilibrium, which is contradictory to the proof in the Inclusive paper. Next, we develop a blockchain simulator that extends existing open-source tools to support multiple chains and explore incentive-based deviations from the protocol. We perform simulations with ten miners to confirm our conclusion from the game-theoretic analysis. The simulations confirm that greedy actors who do not follow the RTS strategy can profit more than honest miners and harm the processing throughput of the protocol because duplicate transactions are included in more than one block of different chains. We show that this effect is indirectly proportional to the network propagation delay. Finally, we show that greedy miners are incentivized to form a shared mining pool to increase their profits. This undermines the decentralization and degrades the design of the protocols in question. To further support our claims, we execute more complex experiments on a realistic Bitcoin-like network with more than 7000 nodes.

Cryptography and Security

Lei Fan

2018-01-01

Abstract:Bitcoin and blockchain technologies have proven to be a phenomenal success. Œe underlying techniques hold huge promise to change the future of €nancial transactions, and eventually the way people and companies compute, collaborate, and interact. At the same time, the current Bitcoin-like proof-of-work based blockchain systems are facing many challenges. For example, a huge amount of energy/electricity is needed for maintaining the Bitcoin blockchain. We propose a new approach to constructing energy-ecient blockchain protocols. More concretely, we develop proof-of-stake based, scalable blockchain protocols in the open network seŠing. Our contributions are as follows: • We for the €rst time identify a new security property called chain soundness for proofof-stake based protocols, which captures the intuition of ensuring new players to join the protocol execution securely. • We for the €rst time formally investigate greedy strategies for proof-of-stake based protocols; via a greedy strategy, the protocol players may extend the best blockchain faster by aŠempting to extend multiple positions, instead of only the latest block, in the blockchain. We demonstrate a very useful upper bound of extending blockchain by greedy players, which enables us to give the €rst natural mimic of Bitcoin blockchain via proof-of-stake mechanism (without using any form of Byzantine fault tolerance). • Our design is very simple, using only standard hash functions and unique digital signatures, which makes our design very appealing in practice. Our blockchain achieves important security properties including common pre€x, chain quality, chain growth, and chain soundness, and is adaptively secure without assuming secure erasure. ∗All results in this paper have been submiŠed to Eurocrypt 2018. In this version, the presentation has been improved, according to the feedback from the Eurocrypt reviewers, and from multiple researchers. In addition, in the current version, the related work part has been updated, and some discussions about rational aŠacks including nothing at stake aŠacks, sel€sh mining aŠacks, are added.

Nasser Alsalami,Bingsheng Zhang

DOI: https://doi.org/10.1109/iwqos49365.2020.9213064

2020-01-01

Abstract:Public blockchains can be abused to covertly store and disseminate potentially harmful digital content which poses a serious regulatory issue. In this work, we show the severity of the problem by demonstrating that blockchains can be exploited to surreptitiously distribute arbitrary content. More specifically, all major blockchain systems use randomized cryptographic primitives, such as digital signatures and non-interactive zero-knowledge proofs; we illustrate how the uncontrolled randomness in such primitives can be maliciously manipulated to enable covert communication and hidden persistent storage. To clarify the potential risk, we design, implement and evaluate our technique against the widely-used ECDSA signature scheme, the CryptoNote's ring signature scheme, and Monero's ring confidential transactions. Importantly, the significance of the demonstrated attacks stems from their undetectability, their adverse effect on the future of decentralized blockchains, and their serious repercussions on users' privacy and crypto funds. Finally, we present a generic framework to immunize blockchains against these attacks.

Muhammad Saad,Laurent Njilla,Charles Kamhoua,Aziz Mohaisen

DOI: https://doi.org/10.48550/arXiv.1811.09943

2018-12-17

Abstract:Selfish mining is a well known vulnerability in blockchains exploited by miners to steal block rewards. In this paper, we explore a new form of selfish mining attack that guarantees high rewards with low cost. We show the feasibility of this attack facilitated by recent developments in blockchain technology opening new attack avenues. By outlining the limitations of existing countermeasures, we highlight a need for new defense strategies to counter this attack, and leverage key system parameters in blockchain applications to propose an algorithm that enforces fair mining. We use the expected transaction confirmation height and block publishing height to detect selfish mining behavior and develop a network-wide defense mechanism to disincentivize selfish miners. Our design involves a simple modifications to transactions' data structure in order to obtain a "truth state" used to catch the selfish miners and prevent honest miners from losing block rewards.

Cryptography and Security