Tomo's website

Consensus Algorithm in Bitcoin Part 2

This section explains why Bitcoin’s consensus algorithm functions effectively in practice, considering potential attackers (malicious nodes).

Consensus Formation Through the Longest Chain Rule

In the Bitcoin blockchain⛓️, miners, including malicious ones, autonomously extend the chain. Inevitably, chain forks occur, but Bitcoin enforces a rule that only the longest chain is considered valid*1. This rule allows consensus on block validity to be achieved through a majority decision among miners.

*1 Even if two valid blocks are created simultaneously, only one of them will ultimately be added to the chain. Which block gets included depends on the choice of other miners.

Fig 1: Bitcoin blockchain forks and the longest chain

Difficulty of Creating Fraudulent Blocks

Attackers who attempt to create fraudulent blocks must bear significant computational costs through PoW. However, their chances of having the block included in the longest chain are extremely low, and they gain no rewards. As a result, attackers lack motivation to create fraudulent blocks at high costs, and all nodes are incentivized to continue following the rules.

Mathematical Basis for the Attackers’ Low Success Rate

The mathematical foundation for the low success rate of attackers is described in Bitcoin’s white paper:

Satoshi Nakamoto, Bitcoin: A Peer-to-Peer Electronic Cash System, bitcoin.org, 2008.

Let \( P \) be the probability that honest nodes find the next block, \( Q \) be the probability that attackers find the next block, and \( Q_z \) be the probability that attackers catch up after being \( z \) blocks behind.

If \( P > Q \), then \( Q_z = (Q/P)^z \), meaning that as the number of blocks to catch up increases, the probability of attackers catching up decreases exponentially. On the other hand, if \( P \leq Q \), then \( Q_z = 1 \), leading to the attackers’ victory.

\( 51\% \) Attack and Its Practical Challenges

When \( P \leq Q \), meaning that \( Q \) is \( 50\% \) or more, attackers control over half of the total hash rate*2, resulting in fraudulent consensus. This is known as a \( 51\% \) attack. However, in practice, achieving a hash rate of \( 50\% \) or more is extremely costly and challenging.

*2 Hash rate is the number of hash calculations that can be performed per second, measured in [H/s]. It is also referred to as hash power or mining speed.

The Risk of Selfish Mining

While it is reassuring to believe that Bitcoin is secure as long as no 51% attack occurs, there is actually an attack method that undermines this belief. This attack, called selfish mining, was proposed in 2013 by Eyal and Sirer:

Ittay Eyal, Emin Gün Sirer, Majority is not Enough: Bitcoin Mining is Vulnerable, 2013.

Specifically, attackers who successfully mine blocks do not immediately publish them. Instead, they continue mining privately for a few blocks, and at a certain point, publish all the privately mined blocks at once. This allows them to selfishly extend the longest chain, gaining an advantage in the competition.

Conditions for Selfish Mining Success

Let \( Q \) be the probability that attackers find the next block, and \( Z \) be the probability that honest nodes add a block to the attackers’ chain when two chains (forks) are published. If \( Z = 1/2 \), then \( Q > 1/4 \) allows attackers to earn more from selfish mining than regular mining. Moreover, if \( Q > 1/3 \), attackers profit from selfish mining regardless of \( Z \).

Warning Against Overestimating Security

Thus, assuming the blockchain is safe simply because no miner controls over \( 50\% \) of the hash rate is dangerous.

admin

,

Leave a Reply

Your email address will not be published. Required fields are marked *