Hashrate amplification attacks

A lot of people asked me about the recent paper by Ittay Eyal and Emin Gun Sirer, titled Majority is not Enough: Bitcoin Mining is Vulnerable.

In this paper they describe a hashrate amplification attack – a way to find a greater percentage of the total valid blocks in the network than an attacker’s portion of the hashrate would indicate, potentially leading to dire consequences.

I really wish I had the time right now to examine this paper thoroughly. It’s a topic that interests me, I want to be up to date on Bitcoin research, and I’d be able to comment much more intelligently if I did. Unfortunately, as is often the case with me, I am wholly occupied right now with previous commitments and barely have a minute to spare.

But precisely because of this, I want to save some time by writing down a single response I can direct people to. And I believe I have enough understanding of the issue to say this:

  1. The basic idea of the attack is not new; it can be traced at least 3 years back. Nobody seemed to panic about it back then, and no reason we should start now. I did not participate in the original discussion but have read it with interest, and mentioned it whenever the topic came up. I had half a mind to conduct a more thorough research of it myself, but could never allocate the time.
  2. They’re not the only ones to perform a detailed analysis of the attack. Over the past few months, a young Israeli researcher called Lear Bahack has independently studied the same issues. As it happened, one day before Eyal’s and Sirer’s paper was published, I sat down with Lear to discuss his results. My impression is that his research is more detailed, accurate, and thought out. He unfortunately was beat to publishing the results, but we will soon see him write about his innovations.
  3. According to Lear, the attack is not nearly as easy to carry out as Eyal and Sirer would have us believe, in particular due to unrealistic assumptions about the network topology and the operation of mining pools. There is no real danger in the near future.
  4. He also suggested a protocol change that could remove this vulnerability, which we should hear about soon.
  5. The paper title and the way they write about it elsewhere is alarmist and self-centered. They give the impression they feel they’re the first ever to find a vulnerability with Bitcoin, and try to sow panic with talks about how Bitcoin is broken. I’ll take their word for them honestly being motivated by the desire to get the potential attack thwarted before any damage is done (EDIT: I did until I saw this), but it certainly looks like they’re just after the publicity, maybe even seeking profit from price manipulation.
    It’s not the first time we see alarmist headlines inspired by academic papers. It happened with the transaction graph work of Adi Shamir et al., and with the red balloons work of Aviv Zohar et al. But in those cases the researcher gave a neutral description and the media blew it out of all proportion. It is unfortunate that in this case, the sensationalism comes from the researchers themselves.

All this notwithstanding, we should thank Ittay Eyal and Emin Gun Sirer for their work on this interesting and potentially important topic. Stay tuned for further developments.

Updates:

Lear has published a sample of his results in this forum post, and also put up his paper (work in progress) at http://arxiv.org/pdf/1312.7013.pdf.

One thought on “Hashrate amplification attacks

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s