Although the 51% attack is the potential vulnerability that seems to garner the most attention in the bitcoin community, there are many other possible issues that keep developers, researchers, and thinkers in the space up at night. One of those other issues that has worried Cornell Professor Emin Gün Sirer and post-doc Ittay Eyal for quite some time has been selfish mining, an attack the duo outlined in a paper released in November of 2013. Although they’ve been exploring other attack vectors in the time since then, Gün Sirer and Eyal’s selfish mining attack was the topic of an episode of Epicenter Bitcoin near the end of April.
What is selfish mining?
Early in the discussion, Eyal was able to provide a concise summary of selfish mining and how it works:
“You know that blocks are generated one after the other. When a miner generates a block, it’s supposed to publish it to the network, and then everybody works to try to create a block that will follow this original block. With selfish mining, the attacker keeps the block to itself and mines on top of it without exposing it to the network. [The selfish miner] only exposes this secret chain — the local secret chain — when it has to in order to maximize its revenue. It turns out by doing that a miner can actually increase its revenue and earn more than it should, more than its fair share of the mining power, and this is the essence of the attack.”
Epicenter Bitcoin host Brian Fabian Crain attempted to clarify Eyal’s summary by asking, “Is the basic idea of this that a miner in this scenario can kind of waste work for other miners so that his work is a larger portion of the total work of the network?”
Eyal and Gün Sirer explained that Crain was basically right in his attempt to get at the heart of the issue. In other words, the idea of selfish mining is to basically trick other miners into working on blocks that aren’t attached to what could potentially be the longest chain. By not broadcasting a found block to the network, a selfish miner is basically giving themselves a head start on mining the following block.
Is this a worrisome attack vector?
The real issue with selfish mining was described by Eyal rather early in the show:
“It was commonly believed that as long as a majority [of miners] — more than half of them — are honestly working, then the network is fine. What we found out is that you actually need at least two-thirds of the miners to be honest, and actually this is an optimistic bound. If you don’t make any assumptions, the bound may be even worse.”
Gün Sirer and Eyal both claimed that the amount of hashing power needed to pull off a selfish mining attack is unknown. At one point, Gün Sirer noted that it could be as low as five or ten percent of the network hashrate.
https://twitter.com/gavinandresen/status/397706050591129601
The attack has the side effect of possibly creating a scenario where it makes financial sense to join a group of selfish miners, but honest miners who are simply interested in earning a profit may avoid this attack as it could potentially weaken the value of the resource that they’re mining (bitcoin). Of course, Gün Sirer had a response to this line of thinking:
“These sort of counter-arguments that a selfish miner would never do that because [he or she] wouldn’t want to hurt the network — they don’t really make sense. They all rely on assuming a whole lot of things about what the selfish miner wants in the long term.”
The fact that members of mining pools would be able to tell that their hashing power was being used for a selfish mining attack may dampen the potential of this attack for the owner of a mining pool. As Gün Sirer explained:
“The miners are working for the pool controller, and they will know on which hash they are mining. If they correlate that with the publicly known tail of the blockchain then they will be able to tell that they are, indeed, being used to mine selfishly.”
Gün Sirer and Eyal have a fix for selfish bitcoin mining
The good news is that Eyal and Gün Sirer have developed a fix for selfish mining. The bad news is that the fix would still allow a miner with 25 percent of the network hashrate to mine selfishly. Gün Sirer described the proposed fix:
“The fix adds some randomization into the network that currently people took for granted that the selfish miner takes advantage of. Essentially what we do is make sure that when there are certain battles inside the network — sort of block races inside the network — we randomize who wins. That is, someone who preplaces his blocks, somebody who gets rid of the delay from his node . . . he doesn’t have an advantage over the honest nodes. That ensures that a selfish miner has to be at least 25 percent big before he can succeed.”
The code is already written, but Gün Sirer claimed that more pressing issues have taken up the time of bitcoin core developers. For now, it’s important to remember that bitcoin is still an experiment, and it may take a few more years for the system to become more secure against these kinds of attacks.