The concept of selfish mining has been explored within the Bitcoin community for several years. Discourse on the phenomenon began to pick up steam in 2013 following many published pieces of work focused on the possibility of an attack that took this vector.
At the time, the most notable of these was a paper by two research scientists from Cornell University. Ittay Eyal and Emin Gün Sirer from the Department of Computer Science released a paper titled: “Majority is not Enough: Bitcoin Mining is Vulnerable” in 2013 that detailed how the selfish mine attack vector would affect the Bitcoin network, as well as other decentralized currencies that employed similar mining protocols.
While the idea of such an attack was not entirely new and had been postulated, as early as the year 2010 on different bitcoin-related forums, with notable bitcoin developers such as Gavin Andresen participating in the discourse, the paper published by Eyal and Sirer explored and defined the parameters of the attack vector in an in-depth manner, which had been lacking up to that point.
What Is Selfish Mining?
Selfish mining refers to the practice through which a miner, or a group of miners, will delay broadcasting a found block to the rest of the network. Once a selfish miner has mined a block, they will keep this block private but continue to mine on it. It is also sometimes referred to as ‘Temporary Block-Withholding Attack.’
This practice several advantages for the selfish miner. First, it allows the attacker to have an unfair advantage over the rest of the network because they possess a head start. This is because the selfish miner will continue working on new blocks on the found block while the honest miner will keep dedicating computational power to solve the already found block. Eyal and Sirer further explained this stating: “The key insight behind the selfish mining strategy is to force the honest miners into performing wasted computations on the stale public branch.
Specifically, selfish mining forces the honest miners to spend their cycles on blocks that are destined a not a part of the blockchain. Selfish miners achieve this goal by selectively revealing their mined blocks to invalidate the honest miners’ work.
Approximately speaking, the selfish mining pool keeps its mined blocks private, secretly bifurcating the blockchain and creating a private branch. Meanwhile, the honest miners continue mining on the shorter, public branch.”
In addition to intentionally creating a scenario where the computational power and resources of honest miners are wasted, selfish miners also benefit because the act of withholding a found block allows them to take advantage of a lower difficulty rate for the newer blocks.
In this way, they can collect more substantial revenues with each new block they find through their private chain. “Consequently, selfish mining judiciously reveals blocks from the private branch to the public, such that the honest miners will switch to the recently revealed blocks, abandoning the shorter public branch.
This renders their previous effort spent on the shorter public branch wasted, and enables the selfish pool to collect higher revenues by incorporating a higher fraction of its blocks into the blockchain.”
To prevent the occurrence of a selfish mining attack, the duo suggested lowering the threshold within the Bitcoin network. “We suggest a simple change to the protocol that, if adopted by all non-selfish miners, sets γ to 1/2, and therefore the threshold to 1/4. This change is backward compatible; that is, any subset of the miners can adopt it without hindering the protocol. Moreover, it is progressive; that is, any ratio of the miners that adopts it decreases γ and therefore increases the threshold.”
Responses to the Paper
The Eyal and Sirer paper was received with varying levels of scrutiny from the Bitcoin community. Many appreciated the accurate mathematical computations that went into creating the models that were used to show how the network would respond in case of such an attack. Moreover, the research was seen as an essential part of evaluating any weaknesses or vectors that could have rendered the bitcoin network vulnerable to attack.
Vitalik Buterin expressed this sentiment:
“Eyal and Sirer’s result, as well as the work of others in the years before, is an important and under-appreciated part of the game-theoretic research around Bitcoin, showing us that Bitcoin’s network security is slightly less infallible than we at first might think it is.”
However, there were concerns that the paper did not take into account the complex economic considerations that affected the actions of miners within the Bitcoin network. Buterin further explained: “In practice, most Bitcoin miners act altruistically to support the network, both out of ideological considerations and because they do not want to destabilize the source of their own revenue.
Such higher-level economic concerns are beyond the scope of Eyal and Sirer’s paper, but they seriously reduce the chance that this economic attack will work in practice.” These sentiments echoed the thoughts of many within the space with regards to the temporary block-withholding attack.
A new research paper published by Cyril Grunspan and Ricardo Perez-Marco has introduced new considerations into the concept of the selfish mine theory. The paper titled ”On Profitability Of Selfish Mining” explores the connection between this attack vector and time. The duo postulates that the duration of the attack has a direct result on its profitability.
Moreover, the researchers believe that prior work on the subject relied on models that did not correctly fit the scenario as well as utilized variables that were irrelevant. This combination of factors explains why Grunspan and Perez-Marco believe past research papers were insufficient for understanding and mapping out the true effects of the temporary block-withholding attack. “All these articles do not make a proper analysis of the costs of the attack, and, more critically, do ignore time considerations.
More precisely, the Markov model used in these papers is flawed by inception since it does not incorporate an analysis of the time duration of the attack. The main goal of this article is to carry out a proper analysis of profitability that is lacking in the literature.”
While the paper comes to the same conclusions concerning the selfish mining strategy would proceed as its 2013 predecessor, it does make an important distinction about calculations involving the variable of time was handled.
Referencing “Majority is not Enough: Bitcoin Mining is Vulnerable,” the duo states: “In  it is assumed that the fraction γ always stays constant. This is not accurate since γ depends on the timing of the discovery of a new block mined by the network, and therefore cannot be constant.
But it is necessary to assume it constant for the sake of the Markov chain model presented in and these authors made such an assumption. The analysis of the necessary capital to reach a stable regime is not done. But, more importantly, the cost of deviating from the Bitcoin protocol are not accurately accounted. This is fundamental to compute the profitability of such a rogue strategy. The time analysis is also critical to estimate the profitability and is ignored.”
Furthermore, Grunspan and Perez-Marco show that previous work did not adequately set out to show the connection between the costs associated with mining and the launching of a temporary block-withholding attack. Eyal and Sirer’s paper does not factor in the cost variable while other papers either set the cost as zero for the model they employed. This is not a accurate representation of how mining works.
The “On Selfish Mining” paper by the French research duo seeks to show that the 2013 paper, as well as other past work, did not succeed in creating a true representation of the selfish mine attack as they did not take into consideration important variables that would likely affect if, and how, a miner would launch such an attack. “Selfish mining is an attack on the Bitcoin protocol, but the arguments present in the literature do not properly justify the attack.
They lack a correct evaluation of the cost of the attack and a proper analysis of profit and loss per unit of time. To compare the profitability of different mining strategies one needs to compute the average length of their cycles and their revenue ratio.”
Proposed Difficulty Adjustment Considerations
Following calculations involving the costs that both selfish and honest miners would incur in their schemes, as well as other variables such as block time and attack cycle time, Grunspan and Perez-Marco conclude that the temporary block-withholding attack takes advantage of the difficulty adjustment protocol inherent to the bitcoin network. “Basically, the attack exploits the difficulty adjustment law. The protocol underestimates the real hashing power in the network since only the blocks that are in the (official) blockchain are taken into account.”
The paper stated:
“Despite the fact that the total hashing power of the network remains the same, the new difficulty is lower than it should be, and the block validation time decreases. So the revenue per unit of time of the selfish miner improves and makes the attack profitable.”
Grunspan and Perez-Marco thus propose an algorithm that would involve miners indicating the number of orphan blocks, known as uncles, as part of their proof-of-work declarations:
“The idea is to incorporate the count of orphan blocks in the difficulty adjustment formula. This can be implemented with miners indicating the presence of “uncles’ in the blocks they mine by including their header and peers relaying this data. Only a signaling by honest miners will be enough.”
This adjusted difficulty algorithm would negate the advantage that selfish miners would have over the rest of the network as the measurements of the hashing power of the network would not be affected by the temporary block-withholding.
The paper reiterates older notions that selfish mining has negative effects on both the speed of the network as well as the profitability of a mining operation. This is true for both selfish and honest miners in the initial stages. However, the paper introduces a new notion which is that after the first difficulty adjustment sets in, selfish miners are able to gain an advantage.
The duo believes the selfish mine is inherently a flaw of the difficulty algorithm and as such can be fixed by their proposition. “We have proposed a formula that corrects this anomaly by taking into account the production of orphan blocks. We propose to reinforce the protocol which states that the official blockchain is the chain which contains the most proof-of-work by requiring peers to give priority to those containing the most proof-of-work (with ”uncles”).
The proposed formula, if adopted, would not eliminate the possibility of selfish mining but it would make it non-profitable compared to honest mining even after a difficulty adjustment. So this will keep the individual incentives properly aligned in the protocol rules, as intended in the original inception of Bitcoin.”