Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

Fully Automated Selfish Mining Analysis in Efficient Proof Systems Blockchains

Krishnendu Chatterjee, Amirali Ebrahimzadeh, Mehrdad Karrabi, Krzysztof Pietrzak, Michelle Yeo, Đorđe Žikelić

TL;DR

This work analyzes selfish mining in longest-chain blockchains that use efficient proofs (PoStake/PoSpace/PoST) rather than PoW. It introduces a formal, fully automated method that models the attack as a finite-state Markov Decision Process and reduces the objective to a mean-payoff problem, yielding an ε-tight lower bound on the adversary’s optimal relative revenue ERRev and an accompanying strategy with formal guarantees. The authors demonstrate that their approach outperforms honest mining and a PoW-inspired baseline across a range of parameters, and they show the method’s flexibility to different system settings. This contributes a rigorous, automated framework for assessing chain quality risk and adversarial profitability in efficient-proof blockchain protocols, with implications for protocol design and security analysis.

Abstract

We study selfish mining attacks in longest-chain blockchains like Bitcoin, but where the proof of work is replaced with efficient proof systems -- like proofs of stake or proofs of space -- and consider the problem of computing an optimal selfish mining attack which maximizes expected relative revenue of the adversary, thus minimizing the chain quality. To this end, we propose a novel selfish mining attack that aims to maximize this objective and formally model the attack as a Markov decision process (MDP). We then present a formal analysis procedure which computes an $ε$-tight lower bound on the optimal expected relative revenue in the MDP and a strategy that achieves this $ε$-tight lower bound, where $ε>0$ may be any specified precision. Our analysis is fully automated and provides formal guarantees on the correctness. We evaluate our selfish mining attack and observe that it achieves superior expected relative revenue compared to two considered baselines. In concurrent work [Sarenche FC'24] does an automated analysis on selfish mining in predictable longest-chain blockchains based on efficient proof systems. Predictable means the randomness for the challenges is fixed for many blocks (as used e.g., in Ouroboros), while we consider unpredictable (Bitcoin-like) chains where the challenge is derived from the previous block.

Fully Automated Selfish Mining Analysis in Efficient Proof Systems Blockchains

TL;DR

This work analyzes selfish mining in longest-chain blockchains that use efficient proofs (PoStake/PoSpace/PoST) rather than PoW. It introduces a formal, fully automated method that models the attack as a finite-state Markov Decision Process and reduces the objective to a mean-payoff problem, yielding an ε-tight lower bound on the adversary’s optimal relative revenue ERRev and an accompanying strategy with formal guarantees. The authors demonstrate that their approach outperforms honest mining and a PoW-inspired baseline across a range of parameters, and they show the method’s flexibility to different system settings. This contributes a rigorous, automated framework for assessing chain quality risk and adversarial profitability in efficient-proof blockchain protocols, with implications for protocol design and security analysis.

Abstract

We study selfish mining attacks in longest-chain blockchains like Bitcoin, but where the proof of work is replaced with efficient proof systems -- like proofs of stake or proofs of space -- and consider the problem of computing an optimal selfish mining attack which maximizes expected relative revenue of the adversary, thus minimizing the chain quality. To this end, we propose a novel selfish mining attack that aims to maximize this objective and formally model the attack as a Markov decision process (MDP). We then present a formal analysis procedure which computes an -tight lower bound on the optimal expected relative revenue in the MDP and a strategy that achieves this -tight lower bound, where may be any specified precision. Our analysis is fully automated and provides formal guarantees on the correctness. We evaluate our selfish mining attack and observe that it achieves superior expected relative revenue compared to two considered baselines. In concurrent work [Sarenche FC'24] does an automated analysis on selfish mining in predictable longest-chain blockchains based on efficient proof systems. Predictable means the randomness for the challenges is fixed for many blocks (as used e.g., in Ouroboros), while we consider unpredictable (Bitcoin-like) chains where the challenge is derived from the previous block.
Paper Structure (23 sections, 4 theorems, 4 equations, 5 figures, 1 table, 1 algorithm)

This paper contains 23 sections, 4 theorems, 4 equations, 5 figures, 1 table, 1 algorithm.

Table of Contents

  1. Introduction
  2. Bitcoin.
  3. Related Work
  4. Selfish mining in Bitcoin.
  5. Preliminaries
  6. System Model
  7. Selfish Mining Objective
  8. Chain quality.
  9. Markov Decision Processes
  10. Selfish Mining Attack
  11. Overview
  12. Motivation.
  13. Formal Model
  14. Formal Analysis
  15. Goal of the analysis.
  16. ...and 8 more sections

Key Result

theorem 1

We have $\texttt{MP}^\ast_{\beta^\ast} = 0$ if and only if $\beta^\ast = \texttt{ERRev}^\ast$. Moreover, if $\epsilon > 0$ and $\beta \in [\texttt{ERRev}^\ast-\epsilon,\texttt{ERRev}^\ast]$, then for any strategy $\sigma$ such that $\texttt{MP}_{\beta}(\sigma) = \texttt{MP}^\ast_{\beta}$ we have $\t

Figures (5)

  • Figure 1: Comparison of expected relative revenue $\texttt{ERRev}$ as a function of adversarial resource achieved by our attack and the baselines for different values of $\gamma$.
  • Figure 2: The top chain shows adversarial (red) and honest (green) miners extending the public chain. The bottom chain shows adversarial miners growing a private chain to overtake the public chain.
  • Figure 3: The chains show the reward of the adversary when following the honest strategy and when growing a private chain to overtake the public chain.
  • Figure 4: The chains show the reward of the adversary and chain quality of the chain when all users mine honestly and when the adversary grows a private chain.
  • Figure :

Theorems & Definitions (4)

  • theorem 1
  • corollary 1: Correctness of the analysis
  • corollary 2: Formal lower bound
  • theorem 1