While researchers and academics are just at the beginning of the process of trying to judge the value of a recent paper on a vulnerability in the Bitcoin protocol, some are arguing that there is a smaller point that’s being missed in all of the back and forth: There is a problem with the peer-to-peer set-up of the Bitcoin network that could be exploited for profit.
The main claim in the Cornell researchers’ Bitcoin paper is that a cartel of so-called selfish miners comprising at least one-third of the total mining population could eventually earn more than their fair share of Bitcoin revenue. That could then lead to a snowball effect that would cause other miners to join this cartel in the hope of greater financial rewards. Some other researchers and academics have disputed this claim, saying that’s not the way that people would behave in the real world and that it’s difficult to predict the behavior of large groups of individuals, especially when money is involved.
But a pair of researchers who analyzed the paper say that there is a different issue raised by the Cornell paper that is being overlooked, namely that an attacker’s position in the Bitcoin network could make a difference in the way an attack works.
“Here’s the thing: this is the first time a serious issue with Bitcoin’s consensus mechanism has exploited the peer-to-peer aspect of the system. This is a problem for our ability to reason about Bitcoin. The cryptography in Bitcoin is considered solid. We also have some ability to model and write equations about miners’ incentives and behavior. Based on this, we thought we had strong reasons to believe that ‘X% of miners can earn no more than X% of mining revenue’,” Andrew Miller of the University of Maryland and Arvind Narayanan of Princeton University wrote in a new analysis of the paper.
“But if network position can make a difference to the attacker’s prospects, all such bets are off. Weaknesses that depend on the attacker creating ‘sybil’ nodes in the network are in a very different category. Bitcoin’s P2P network is ‘open to the public.’ Nodes can come and go as they please, and are not expected to identify themselves. Running a Bitcoin node means being willing to accept connections from strangers. This makes it problematic to apply existing theoretical models to analyze the security of Bitcoin.”
Miller and Narayanan say that while it will likely take some time to determine whether the broader claims in the Cornell paper are accurate, they believe that the basic assumption that a minority cartel of minors could earn more than its due of revenue is probably valid.
“The assumption that X% of the hashpower cannot earn more than X% of the revenue is almost certainly not true, once X% exceeds 33.3%,” the researchers say.
Image from Flickr photos of Btckeychain.