Categories: Bitcoin Business

Hold ’em, don’t fold ’em: how to bite Bitcoin pools

Click here to view original web page at

Boffins demo withholding attack that could work on one ASIC and make an Evil Genius™ rich

Bitcoin's reward mechanism is based on publishing a solution to the block chain. What if an Evil Genius™ reversed this, and rewarded miners for withholding their solutions?

The simple answer: a pool of miners in which an Evil Genius™ withheld solutions would collapse. The surprise longer answer, presented in this paper at the International Association for Cryptologic Research (IACR), is that the attacker could conceivably end up in the black.

Yaron Velner (Hebrew University of Jerusalem), Jason Teutsch (University of Alabama at Birmingham) and Loi Luu (National University of Singapore) write that the problem arises in the mining pools that now account for most Bitcoin computation (as much as 95 per cent by some estimates).

“Withholding attacks” have been discussed since early in the blockchain's history, but Bitcoin's pretty resilient against them because if you want to mine coins and not tell anyone, you need enough computing power to be a miner. That means a lot of outlay for a slim return.

Rewarding others to withhold, the Velner/Teutsch/Luu paper suggests, is a lot more affordable, for the following reasons:

“In this work we propose to pay other miners to withhold blocks … an attacker with only 0.0000002% of Bitcoin’s computation power can reduce the revenue of a big pool to zero without any financial losses on his side. In fact the theoretical outcome of our attack (if miners are fully rational) is equivalent to a classical block withholding attack in which a miner rents Bitcoin’s entire hash power and withholds all the blocks that he finds.”

As they say on Twitter, “huge if true” – so let's drill down a little.

Nakamoto's original paper (PDF) mentions block withholding attacks as “an attacker trying to generate an alternate chain faster than the honest chain”.

Block withholding has been typically regarded as a double-spending attack. This paper, instead, is a manipulation of the value of Bitcoin held in pools.

Each time a Bitcoin is successfully mined (that is, someone's rig finds the next solution), the math gets a little bit harder, and the next solution will take longer, or it'll need more computing power to find. That's why Bitcoin mining is now conducted in data centres and dedicated servers, rather than at home on PCs.

If blocks aren't published, they're not included in the assumption that makes Bitcoin progressively more difficult, and the result is that the attacker “benefits from reducing the effective hash rate of the entire network”.

Only if, however, they can do it for a small outlay – and that's where this attack is different. Instead of doing the mining themselves, an attacker with a modest home-scale setup can disrupt pools.

The requirement, the authors write, is merely that the “the fraction of the network’s hash rate controlled by the attacker” is greater than “a miner’s reward for submitting a full solution to the pool”.

“This mining power is currently equivalent to 4 TH/s [tera-hashes per second – El Reg] mining power, which is obtainable by modern ASICs. Moreover, a miner with N ASICs could offer a reward that is N times higher and still make a profit.”

Were an Evil Genius™ to mount the attack, they'd need their minions to prove they're holding valid blocks, and that's one reason withholding attacks don't happen: storage sufficient for the minion to submit a proof to the attacker is expensive.

Instead, the attack asks only for the minion for a “proof of stale work” – to prove that they're “performing sha256 operations over some data without an intention of submitting full solutions to the blockchain. When the withholder allocates his mining equipment for stale work, the effective hash power of the network is reduced.”

Crucially, because it's an attack on the pool mining protocol, the authors note that their attack does not affect the “Nakamoto consensus” that protects the “truth” of the Bitcoin blockchain. ®


Illuminati, Mason, Anonymous I'll never tell. I can tell you this, global power is shifting and those who have the new intelligence are working to acquire this new force. You matter naught except to yourself, therefore prepare for the least expected and make your place in the new world order.

Disqus Comments Loading...
Published by

Recent Posts

New York Gym Grit Bxng Accepts BTC Payments

Who would have ever thought that working out and bitcoin could ever go together? Well, thanks to a new Manhattan-based… Read More

4 hours ago

Are Whales Behing Bitcoin’s Latest Dips?

A reason for the recent up-and-down behavior of bitcoin may have been uncovered. It’s being reported that several whales moved… Read More

4 hours ago

Bitcoin Drops Below $10,000 as Support Wears Thin

Bitcoin (BTC) has once again found itself caught in the throes of a choppy trading range that has provided little… Read More

4 hours ago

Bitcoin Bottomed at $9,080, BTC to Rally Into End of 2019

Once again, Bitcoin (BTC) has stagnated, finding a foothold around $10,000 for the umpteenth time in a matter of weeks.… Read More

4 hours ago

Cresio CIO Comments, New ‘Satoshi’ and BTC Games: This Week in CT Spain

As many of our readers probably know, Cointelegraph has a number of non-English branches, each covering news from different parts… Read More

4 hours ago

VeChain Attends Shanghai International Blockchain Week 2019

SHANGHAI, Aug. 24, 2019 /PRNewswire/ -- From September 14-18, 2019, Shanghai International Blockchain Week 2019, the largest and most influential… Read More

4 hours ago

This website uses cookies. We use these cookies to collect data about your interaction with our website for the purpose of continuously improving your experience with our site. For more information we encourage you to read our privacy policy.

Read More