Time-Restricted Double-Spending Attack on PoW-based Blockchains
Yiming Jiang, Jiangfan Zhang
TL;DR
Problem addressed: double-spending attacks on PoW blockchains for applications with finite task windows; approach: define a time-restricted DSA (TR-DSA) and derive a closed-form success probability $P_s^{(TR)}$ by mapping the catch-up event to a two-dimensional boundary-hitting random walk, with $b$ following a negative-binomial distribution and $Q(l,m,n)$ expressed via Catalan-number structures; contributions: (i) full closed-form for $P_s^{(TR)}$, (ii) proof that $P_s^{(TR)} ≤ P_s^{(TU)}$ with strict inequality for $0<I<1$, and (iii) numerical validation showing monotone increase of $P_s^{(TR)}$ with horizon $L$ and nonzero risk even if $I≥0.5$; practical impact: offers a quantitative risk instrument to set secure confirmation depths $Z$ and to evaluate attacker feasibility under limited resources.
Abstract
Numerous blockchain applications are designed with tasks that naturally have finite durations, and hence, a double-spending attack (DSA) on such blockchain applications leans towards being conducted within a finite timeframe, specifically before the completion of their tasks. Furthermore, existing research suggests that practical attackers typically favor executing a DSA within a finite timeframe due to their limited computational resources. These observations serve as the impetus for this paper to investigate a time-restricted DSA (TR-DSA) model on Proof-of-Work based blockchains. In this TR-DSA model, an attacker only mines its branch within a finite timeframe, and the TR-DSA is considered unsuccessful if the attacker's branch fails to surpass the honest miners' branch when the honest miners' branch has grown by a specific number of blocks. First, we developed a general closed-form expression for the success probability of a TR-DSA. This developed probability not only can assist in evaluating the risk of a DSA on blockchain applications with timely tasks, but also can enable practical attackers with limited computational resources to assess the feasibility and expected reward of launching a TR-DSA. In addition, we provide rigorous proof that the success probability of a TR-DSA is no greater than that of a time-unrestricted DSA where the attacker indefinitely mines its branch. This result implies that blockchain applications with timely tasks are less vulnerable to DSAs than blockchain applications that provide attackers with an unlimited timeframe for their attacks. Furthermore, we show that the success probability of a TR-DSA is always smaller than one even though the attacker controls more than half of the hash rate in the network. This result alerts attackers that there is still a risk of failure in launching a TR-DSA even if they amass a majority of the hash rate in the network.