Could bribery payments issued via smart contract undo the bitcoin mining pool model?
A new research paper outlines a kind of attack against pools in which a malicious actor uses smart contracts, or agreements hard-coded onto a blockchain, to pay miners to essentially stymie their own efforts to solve the cryptographic puzzles at the heart of mining. Mining is an energy-intensive – and competitive – process by which parties race to add the next block of transactions to the network.
The paper, entitled "Smart Contracts Make Bitcoin Mining Pools Vulnerable", was penned by Yaron Velner of the Hebrew University of Jerusalem; Jason Teutsch of the University of Alabama and Birmingham; and Loi Luu of the National University of Singapore's School of Computing.
Made available on 7th March, the research posits that, in the right scenario, someone could use smart contracts to guarantee payments to miners who, in that case, would then withhold information from the pools (or large conglomerations of miners) to which they are connected. By doing so, the malicious actor effectively increases their share of any profits relative to the pool's total hash rate. Conversely, this attack could be deployed to break up an opposing pool to the benefit of another.
Yet the key is the use of a smart contract, the authors say, who go on to explain:
"The use of smart contracts is crucial in order for the attack to be successful. Indeed, it is unlikely that miners would collaborate with such an attack unless their payment is guaranteed. Moreover, rewarding via smart contracts makes it possible for the attackers to remain anonymous, and prevent other parties from targeting the attacker (e.g., with a denial of service attack) and shutting him down."
Why take this route? Those who mine on their own without a significant amount of hashing power run the risk of burning all that electricity with no profits to show for it. So, miners congregate around pools, which concentrate that hashing power onto one point, splitting the block rewards received (if any) and distributing those bitcoins to the miners miner based upon the hash rate they contribute.
With a block withholding attack, a miner who has a big amount of hashing power divides it between two pools, withholding full proof-of-work solutions from one of them. Yet according to the authors, it wasn’t until the development of smart contracts that this type of coordinated internal mining attack was possible.
Yet the attack isn't guaranteed, as some miners – particularly those guided by ethical considerations and those who don't want to rely on a smart contract to get paid (given that those contracts have failed due to flaws in the past) – might not want to participate, according to the researchers.
Read the full paper here.
Image via Shutterstock