Abstract
The Bitcoin cryptocurrency records its transactions in a public log called the blockchain. Its security rests critically on the distributed protocol that maintains the blockchain, run by participants called miners. Conventional wisdom asserts that the mining protocol is incentive-compatible and secure against colluding minority groups, that is, it incentivizes miners to follow the protocol as prescribed.
We show that the Bitcoin mining protocol is not incentive-compatible. We present an attack with which colluding miners obtain a revenue larger than their fair share. This attack can have significant consequences for Bitcoin: Rational miners will prefer to join the selfish miners, and the colluding group will increase in size until it becomes a majority. At this point, the Bitcoin system ceases to be a decentralized currency.
Unless certain assumptions are made, selfish mining may be feasible for any group size of colluding miners. We propose a practical modification to the Bitcoin protocol that protects Bitcoin in the general case. It prohibits selfish mining by pools that command less than \(1/4\) of the resources. This threshold is lower than the wrongly assumed \(1/2\) bound, but better than the current reality where a group of any size can compromise the system.
This research was supported by the NSF Trust STC and by DARPA.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
Notes
- 1.
The criterion is actually the most difficult chain in the block tree, i.e., the one that required (in expectancy) the most mining power to create. To simplify presentation, and because it is usually the case, we assume the set difficulty at the different branches is the same, and so the longest chain is also the most difficult one.
- 2.
The rate at which the new Bitcoins are generated is designed to slowly decrease towards zero, and will reach zero when almost 21 million Bitcoins are created. Then, the miners’ revenue will be only from transaction fees.
- 3.
In alphabetical order.
References
andes: Bitcoin’s kryptonite: the 51% attack, June 2011. https://bitcointalk.org/index.php?topic=12435
Andresen, G.: March 2013 chain fork post-mortem. BIP 50. https://en.bitcoin.it/wiki/BIP_50. Accessed September 2013
Araoz, M.: Proof of existence. http://www.proofofexistence.com/. Accessed September 2013
Babaioff, M., Dobzinski, S., Oren, S., Zohar, A.: On Bitcoin and red balloons. In: ACM Conference on Electronic Commerce, pp. 56–73 (2012)
Barber, S., Boyen, X., Shi, E., Uzun, E.: Bitter to better — how to make Bitcoin a better currency. In: Keromytis, A.D. (ed.) FC 2012. LNCS, vol. 7397, pp. 399–414. Springer, Heidelberg (2012)
Bitcoin community: Bitcoin source. https://github.com/bitcoin/bitcoin. Accessed September 2013
Bitcoin community: protocol rules. https://en.bitcoin.it/wiki/Protocol_rules. Accessed September 2013
Bitcoin community: protocol specification. https://en.bitcoin.it/wiki/Protocol_specification. Accessed September 2013
bitcoincharts.com: Bitcoin network. http://bitcoincharts.com/bitcoin/. Accessed November 2013
blockchain.info: Bitcoin market capitalization. http://blockchain.info/charts/market-cap. Accessed January 2014
Chaum, D.: Blind signatures for untraceable payments. In: CRYPTO, vol. 82, pp. 199–203 (1982)
Decker, C., Wattenhofer, R.: Information propagation in the Bitcoin network. In: IEEE P2P (2013)
Eyal, I., Sirer, E.G.: Bitcoin is broken (2013). http://hackingdistributed.com/2013/11/04/bitcoin-is-broken/
Eyal, I., Sirer, E.G.: Majority is not enough: Bitcoin mining is vulnerable (2013). arXiv preprint arXiv:1311.0243
Felten, E.W.: Bitcoin research in Princeton CS, November 2013. https://freedom-to-tinker.com/blog/felten/bitcoin-research-in-princeton-cs/
Kelkar, A., Bernard, J., Joshi, S., Premkumar, S., Sirer, E.G.: Virtual notary. http://virtual-notary.org/. Accessed September 2013
King, S.: Primecoin: cryptocurrency with prime number proof-of-work (2013). http://primecoin.org/static/primecoin-paper.pdf
King, S., Nadal, S.: PPCoin: peer-to-peer crypto-currency with proof-of-stake (2012). https://archive.org/details/PPCoinPaper
Kroll, J.A., Davey, I.C., Felten, E.W.: The economics of Bitcoin mining or, Bitcoin in the presence of adversaries. In: Workshop on the Economics of Information Security (2013)
Lee, T.B.: Four reasons Bitcoin is worth studying, April 2013. http://www.forbes.com/sites/timothylee/2013/04/07/four-reasons-bitcoin-is-worth-studying/2/
Litecoin Project: Litecoin, open source P2P digital currency. https://litecoin.org. Accessed September 2013
Miers, I., Garman, C., Green, M., Rubin, A.D.: Zerocoin: anonymous distributed e-cash from Bitcoin. In: IEEE Symposium on Security and Privacy (2013)
Nakamoto, S.: Bitcoin: a peer-to-peer electronic cash system (2008)
Namecoin Project: Namecoin DNS - DotBIT project. https://dot-bit.org. Accessed September 2013
Narayanan, A., Miller, A.: Why the Cornell paper on Bitcoin mining is important, November 2013. https://freedom-to-tinker.com/blog/randomwalker/why-the-cornell-paper-on-bitcoin-mining-is-important/
Neighborhood Pool Watch: October 27th 2013 weekly pool and network statistics. http://organofcorti.blogspot.com/2013/10/october-27th-2013-weekly-pool-and.html. Accessed October 2013
Pacia, C.: Bitcoin mining explained like you’re five: part 1 - incentives, September 2013. http://chrispacia.wordpress.com/2013/09/02/bitcoin-mining-explained-like-youre-five-part-1-incentives/
RHorning, mtgox, btchris, ByteCoin: mining cartel attack, December 2010. https://bitcointalk.org/index.php?topic=2227
Ron, D., Shamir, A.: Quantitative analysis of the full Bitcoin transaction graph. In: Sadeghi, A.-R. (ed.) FC 2013. LNCS, vol. 7859, pp. 6–24. Springer, Heidelberg (2013)
Rosenfeld, M.: Analysis of Bitcoin pooled mining reward systems (2011). arXiv preprint arXiv:1112.4980
Swanson, E.: Bitcoin mining calculator. http://www.alloscomp.com/bitcoin/calculator. Accessed September 2013
Vishnumurthy, V., Chandrakumar, S., Sirer, E.G.: Karma: a secure economic framework for peer-to-peer resource sharing. In: Workshop on Economics of Peer-to-Peer Systems (2003)
Wikipedia: List of cryptocurrencies. https://en.wikipedia.org/wiki/List_of_cryptocurrencies. Accessed October 2013
Yang, B., Garcia-Molina, H.: PPay: micropayments for peer-to-peer systems. In: Proceedings of the 10th ACM Conference on Computer and Communications Security, pp. 300–310. ACM (2003)
Acknowledgements
We are grateful to Raphael Rom, Fred B. Schneider, Eva Tardos, and Dror Kronstein for their valuable advice on drafts of this paper, as well as our shepherd Rainer Böhme for his guidance.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2014 International Financial Cryptography Association
About this paper
Cite this paper
Eyal, I., Sirer, E.G. (2014). Majority Is Not Enough: Bitcoin Mining Is Vulnerable. In: Christin, N., Safavi-Naini, R. (eds) Financial Cryptography and Data Security. FC 2014. Lecture Notes in Computer Science(), vol 8437. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-662-45472-5_28
Download citation
DOI: https://doi.org/10.1007/978-3-662-45472-5_28
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-662-45471-8
Online ISBN: 978-3-662-45472-5
eBook Packages: Computer ScienceComputer Science (R0)