Could bribes paid through Smart Contracts undermine the general Bitcoin mining pool model?
A new research report sheds light on an attack mechanism characterised by the malicious use of a smart contract. Miners are to be prevented by payments from solving their cryptographic puzzle – an attack on the basis of mining itself.
Bitcoin mining is an energy-intensive and competitive process in which the participating parties try to find the next block for the network.
The paper entitled “Smart Contracts Make Bitcoin Mining Pools Vulnerable” was published by Yaron Velner of Hebrw University of Jerusalem. Jason Teutsch from the University of Alabama and Birmingham and Loi Luu from the National University of Singapore School of Computing are also involved.
The research published on March 7 describes how, in the right scenario, an attacker could use smart contracts to direct payments to Miner. These would then contain information before the pools (or other large alliances).
This would allow the malicious party to increase its share of profits relative to the pool hash rate. On the other hand, such an attack could also be used to damage an opposing pool in favor of its own pool.
The key is cryptosoft. The authors explain it as follows:
“The use of cryptosoft for such an attack is essential according to onlinebetrug. In fact, it is unlikely that several miners will join forces for such an attack unless their payment is otherwise guaranteed. In addition, the attack via a smart contract leaves the attacker anonymous and prevents the counterattack (e.g. by a Denial of Service attack), as well as the resulting shutdown.”
Why would you do that? Those who dig on their own and don’t have large hash rates run the risk of using all the power for nothing.
That’s why miners join together to form large pools, which provides a concentration of enormous hash power. The block reward (if there is one) is split, with the split varying according to the hash rate achieved.
With a Block withholding attack, a miner with large hashing power can split the reward between two pools by withholding a proof of work from one.
According to the authors, however, it was the development of smart contracts that made such coordinated attacks possible.
But such an attack is probably doomed to failure – especially by those who shy away from ethical concerns and others who don’t want to rely on smart contracts to get paid (because in the past such contracts hardly worked).
The paper is available here in English.
Comment by Danny de Boer:
And what if smart contracts are developed so far that they work? How far can we trust moral standards? Isn’t it also immoral for a Miner to dig chronically underpaid in his pool?
This kind of attack is only the threshold. If you think a little further, bribes could generally be made with smart contracts and the briber always remains a secret.
Top software for lobbyists? Let’s hope that we don’t slip into a ‘war of pools’ – after all, all pools have the same goal: making money by securing the (Bitcoin) network.