Paper 2019/752
Sucker punch makes you richer: Rethinking Proof-of-Work security model
Runchao Han and Zhimei Sui and Jiangshan Yu and Joseph Liu and Shiping Chen
Abstract
Honest majority is the key security assumption of Proof-of-Work (PoW) based blockchains like Bitcoin. However, recent 51% attacks render this assumption unrealistic in practice. In this paper, we propose the sucker punch attack, where an attacker temporarily utilises external mining power, from either other PoW-based blockchains (we call it mining power migration attack) or cloud mining services like NiceHash (we call it cloud mining attack), to launch 51% attacks. The sucker punch attack leads to two implications. First, the “honest majority” may not always hold. Second, if sucker punch attacks are feasible and profitable, PoW-based consensus will incentivise such attacks i.e. become incentive-incompatible. To prove these two implications, we propose a Markov Decision Process (MDP) based model SPA-MDP to evaluate the feasibility and the profitability of sucker punch attacks on PoW-based blockchains. Our results show that, unfortunately, both attacks are feasible and profitable on most mainstream blockchains. For example, with 12.5% mining power of Bitcoin, a miner can gain approximately 6% (18,946.5 USD) extra profit than honest mining by launching a mining power migration attack to double-spend a transaction of 3000 BCH (equivalent to 378,930 USD) on BitcoinCash. In order to understand happened 51% attacks, we also investigate the recent 51% attack on Ethereum Classic in Jan. 2019 using our SPA-MDP model. Our results successfully estimate the attacker’s revenue and explain the attacker’s behaviours during the attack, which further prove our evaluation results.
Note: All types of feedback are welcome.
Metadata
- Available format(s)
- Category
- Cryptographic protocols
- Publication info
- Preprint. MINOR revision.
- Keywords
- blockchaindouble-spending attackincentive
- Contact author(s)
- runchao han @ monash edu
- History
- 2021-02-28: last of 11 revisions
- 2019-06-26: received
- See all versions
- Short URL
- https://ia.cr/2019/752
- License
-
CC BY