Cryptology ePrint Archive: Report 2019/752

Sucker punch makes you richer: Rethinking Proof-of-Work security model

Runchao Han and Zhimei Sui and Jiangshan Yu and Joseph Liu and Shiping Chen

Abstract: Honest majority is the key security assumption of Proof-of-Work (PoW) based blockchains like Bitcoin. However, recent 51% attacks render this assumption unrealistic in practice. In this paper, we propose the sucker punch attack, where an attacker temporarily utilises external mining power, from either other PoW-based blockchains (we call it mining power migration attack) or cloud mining services like NiceHash (we call it cloud mining attack), to launch 51% attacks. The sucker punch attack leads to two implications. First, the “honest majority” may not always hold. Second, if sucker punch attacks are feasible and profitable, PoW-based consensus will incentivise such attacks i.e. become incentive-incompatible. To prove these two implications, we propose a Markov Decision Process (MDP) based model SPA-MDP to evaluate the feasibility and the profitability of sucker punch attacks on PoW-based blockchains. Our results show that, unfortunately, both attacks are feasible and profitable on most mainstream blockchains. For example, with 12.5% mining power of Bitcoin, a miner can gain approximately 6% (18,946.5 USD) extra profit than honest mining by launching a mining power migration attack to double-spend a transaction of 3000 BCH (equivalent to 378,930 USD) on BitcoinCash. In order to understand happened 51% attacks, we also investigate the recent 51% attack on Ethereum Classic in Jan. 2019 using our SPA-MDP model. Our results successfully estimate the attacker’s revenue and explain the attacker’s behaviours during the attack, which further prove our evaluation results.

Category / Keywords: cryptographic protocols / blockchain, double-spending attack, incentive

Date: received 25 Jun 2019, last revised 10 Jul 2019

Contact author: runchao han at monash edu

Available format(s): PDF | BibTeX Citation

Note: All types of feedback are welcome.

Version: 20190711:004419 (All versions of this report)

Short URL: ia.cr/2019/752


[ Cryptology ePrint archive ]