Paper 2019/752

Sucker punch makes you richer: Rethinking Proof-of-Work security model

Runchao Han and Zhimei Sui and Jiangshan Yu and Joseph Liu and Shiping Chen

Abstract

Honest majority is the key security assumption of Proof-of-Work (PoW) based blockchains like Bitcoin. However, recent 51% attacks render this assumption unrealistic in practice. In this paper, we propose the sucker punch attack, where an attacker temporarily utilises external mining power, from either other PoW-based blockchains (we call it mining power migration attack) or cloud mining services like NiceHash (we call it cloud mining attack), to launch 51% attacks. The sucker punch attack leads to two implications. First, the “honest majority” may not always hold. Second, if sucker punch attacks are feasible and profitable, PoW-based consensus will incentivise such attacks i.e. become incentive-incompatible. To prove these two implications, we propose a Markov Decision Process (MDP) based model SPA-MDP to evaluate the feasibility and the profitability of sucker punch attacks on PoW-based blockchains. Our results show that, unfortunately, both attacks are feasible and profitable on most mainstream blockchains. For example, with 12.5% mining power of Bitcoin, a miner can gain approximately 6% (18,946.5 USD) extra profit than honest mining by launching a mining power migration attack to double-spend a transaction of 3000 BCH (equivalent to 378,930 USD) on BitcoinCash. In order to understand happened 51% attacks, we also investigate the recent 51% attack on Ethereum Classic in Jan. 2019 using our SPA-MDP model. Our results successfully estimate the attacker’s revenue and explain the attacker’s behaviours during the attack, which further prove our evaluation results.

Note: All types of feedback are welcome.