Pay-To-Win: Incentive Attacks on Proof-of-Work Cryptocurrencies

The feasibility of bribing attacks on cryptocurrencies was first highlighted in 2016, with various new techniques and approaches having since been proposed. Recent reports of real world 51% attacks on smaller cryptocurrencies with rented hashrate underline the realistic threat bribing attacks present, in particular to permissionless cryptocurrencies. In this paper, bribing attacks and similar techniques, which we refer to as incentive attacks, are systematically analyzed and categorized. We show that the problem space is not fully explored and present several new and improved incentive attacks. Thereby, we identify noand near-fork incentive attacks as a powerful, yet largely overlooked, category. To be successful, such attacks require forks of short length that are independent from a security parameter k defined by the victim, or even no forks at all. The consequences, such as transaction exclusion and ordering attacks, raise serious security concerns for smart contract platforms. Further, we propose the first trustless out-of-band bribing attack capable of facilitating double-spend collusion across different blockchains that reimburses collaborators in case of failure. Our attack is hereby rendered between 85% and 95% cheaper than comparable bribing techniques (e.g., the whale attack). We implement the basic building blocks of all our out-of-band attacks as Ethereum smart contracts to demonstrate their feasibility.

[1]  Michael Dahlin,et al.  BAR fault tolerance for cooperative services , 2005, SOSP '05.

[2]  Michael Dahlin,et al.  BAR gossip , 2006, OSDI '06.

[3]  Amos Fiat,et al.  Zero-knowledge proofs of identity , 1988, Journal of Cryptology.

[4]  Nir Bitansky,et al.  From extractable collision resistance to succinct non-interactive arguments of knowledge, and back again , 2012, ITCS '12.

[5]  Nir Bitansky,et al.  Recursive composition and bootstrapping for SNARKS and proof-carrying data , 2013, STOC '13.

[6]  Joshua A. Kroll,et al.  The Economics of Bitcoin Mining, or Bitcoin in the Presence of Adversaries , 2013 .

[7]  Pieter Wuille,et al.  Enabling Blockchain Innovations with Pegged Sidechains , 2014 .

[8]  Meni Rosenfeld,et al.  Analysis of Hashrate-Based Double Spending , 2014, ArXiv.

[9]  Why buy when you can rent ? Bribery attacks on Bitcoin consensus , 2015 .

[10]  Christian Decker,et al.  A Fast and Scalable Payment Network with Bitcoin Duplex Micropayment Channels , 2015, SSS.

[11]  Jeremy Clark,et al.  SoK: Research Perspectives and Challenges for Bitcoin and Cryptocurrencies , 2015, 2015 IEEE Symposium on Security and Privacy.

[12]  Aggelos Kiayias,et al.  The Bitcoin Backbone Protocol: Analysis and Applications , 2015, EUROCRYPT.

[13]  Abhi Shelat,et al.  Analysis of the Blockchain Protocol in Asynchronous Networks , 2017, EUROCRYPT.

[14]  Sanjay Jain,et al.  When Cryptocurrencies Mine Their Own Business , 2016, Financial Cryptography.

[15]  Aviv Zohar,et al.  Bitcoin's Security Model Revisited , 2016, ArXiv.

[16]  Jonathan Katz,et al.  Incentivizing Blockchain Forks via Whale Transactions , 2017, Financial Cryptography Workshops.

[17]  Jason Teutsch,et al.  SmartPool: Practical Decentralized Pooled Mining , 2017, USENIX Security Symposium.

[18]  Aggelos Kiayias,et al.  The Bitcoin Backbone Protocol with Chains of Variable Difficulty , 2017, CRYPTO.

[19]  Andrew Miller,et al.  Sprites: Payment Channels that Go Faster than Lightning , 2017, ArXiv.

[20]  Jason Teutsch,et al.  Smart Contracts Make Bitcoin Mining Pools Vulnerable , 2017, Financial Cryptography Workshops.

[21]  Edgar R. Weippl,et al.  Agreement with Satoshi - On the Formalization of Nakamoto Consensus , 2018, IACR Cryptol. ePrint Arch..

[22]  Sarah Meiklejohn,et al.  Smart contracts for bribing miners , 2018, IACR Cryptol. ePrint Arch..

[23]  Edgar R. Weippl,et al.  Pitchforks in Cryptocurrencies: - Enforcing Rule Changes Through Offensive Forking- and Consensus Techniques (Short Paper) , 2018, DPM/CBT@ESORICS.

[24]  Ilya Sergey,et al.  Temporal Properties of Smart Contracts , 2018, ISoLA.

[25]  Joseph Bonneau,et al.  Hostile Blockchain Takeovers (Short Paper) , 2018, Financial Cryptography Workshops.

[26]  Ittay Eyal,et al.  The Gap Game , 2018, SYSTOR.

[27]  Alexei Zamyatin,et al.  XCLAIM: Trustless, Interoperable, Cryptocurrency-Backed Assets , 2019, 2019 IEEE Symposium on Security and Privacy (SP).

[28]  Ari Juels,et al.  Flash Boys 2.0: Frontrunning, Transaction Reordering, and Consensus Instability in Decentralized Exchanges , 2019, ArXiv.

[29]  Jeremy Clark,et al.  SoK: Transparent Dishonesty: Front-Running Attacks on Blockchain , 2019, Financial Cryptography Workshops.

[30]  Prateek Saxena,et al.  Exploiting the laws of order in smart contracts , 2018, ISSTA.

[31]  Sebastian Faust,et al.  Temporary Censorship Attacks in the Presence of Rational Miners , 2019, 2019 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW).