smart contracts for bribing miners
play

Smart Contracts for Bribing Miners Patrick McCorry, Alexander Hicks , - PowerPoint PPT Presentation

Jul 09, 2023 •357 likes •668 views

Smart Contracts for Bribing Miners Patrick McCorry, Alexander Hicks , Sarah Meiklejohn University College London What is a bribery attack? A wealthy adversary seeks to rent hashrate from existing miners in order to obtain a majority of the

  1. Smart Contracts for Bribing Miners Patrick McCorry, Alexander Hicks , Sarah Meiklejohn University College London

  2. What is a bribery attack? A wealthy adversary seeks to rent hashrate from existing miners in order to obtain a majority of the network’s computational power. There are two methods to fund a bribe: ● In-band (e.g. large fees) ● Out-of-band (bank transfer; payment in another cryptocurrency) If a sufficient portion of miners accept the bribe, then the briber can censor, reverse or attack the cryptocurrency in question.

  3. Why would a miner accept a bribe? Tragedy of the commons (Bonneau ‘16) ● All miners have an interest in the cryptocurrency’s long-term health ● Miners may deviate in the short-term to maximise their profit Have we seen real-world examples of miners boosting short-term profit?

  4. Potential bribery already? https://www.coindesk.com/miners-mining-bitcoin-cash-losing-money/

  5. Any wealthy adversaries out there? “We have prepared $100 million USD to kill the small fork of CoreCoin, no matter what proof of work algorithm, sha256 or scrypt or X11 or any other GPU algorithm. Show me your money. We very much welcome a CoreCoin change to POS.” Zhuoer (BTC.TOP founder) in February 2017 He held 13% of the network’s computational power as of October 2017 https://www.ccn.com/bitcoin-market-needs-big-blocks-says-founder-btc-top-mining-pool/

  6. State of the art in “bribery-style attacks” Trustless Divert hashrate Payment Subsidy Whale transactions ✘ ✘ In band ✘ Whale Transactions (K. Liao and J. Katz) Briber signs transaction with anomalously large fee

  7. State of the art in “bribery-style attacks” Trustless Divert hashrate Payment Subsidy Whale transactions ✘ ✘ In band ✘ Script Puzzles ✔ ✔ Both ✘ Script Puzzles (J. Teutsch, S. Jain, and P. Saxena) Briber publishs a PoW puzzle inside a transaction that sends the solver a large reward if solved.

  8. State of the art in “bribery-style attacks” Trustless Divert hashrate Payment Subsidy Whale transactions ✘ ✘ In band ✘ Script Puzzles ✔ ✔ Both ✘ Proof of stale block ✔ (Not fully) Out of band ✔ ✘ Proof of stale block (L. Luu, Y. Velner, J. Teutsch, and P. Saxena) Smart contract rewards miners who can prove they mined a stale block in another cryptocurrency. Trust Issue: cannot check if stale block is valid

  9. Smart contracts remove the trust required between Briber and Miner CensorshipCon HistoryRevisionCon GoldfingerCon

  10. CensorshipCon Briber wants full control over the blockchain and they will be subsidised by the uncle block reward

  11. CensorshipCon Trustless Divert hashrate Payment Subsidy Whale transactions ✘ ✘ In band ✘ Script Puzzles ✔ ✔ Both ✘ Proof of stale block ✔ (Not fully) Out of band ✔ ✘ CensorshipCon In band ✔ ✘ ✔ Trustless - Briber and Briber only trust the smart contract Divert hashrate - All blocks contribution to the blockchain’s overall weight Subsidy - Uncle block reward policy subsidises the briber

  12. What is an uncle block? Ethereum added an “uncle block reward policy” b 1,a b 2,a ● All uncle blocks receive a partial reward depending on when it is accepted Ethereum allows up to two uncle blocks per b 1,b block Uncle Reward: 2.625 eth

  13. What is an uncle block? Ethereum added an “uncle block reward policy” b 1,a b 2,a b 3,a ● All uncle blocks receive a partial reward depending on when it is accepted Ethereum allows up to two uncle blocks per b 1,b block Uncle Reward: 2.25 eth

  14. What is an uncle block? Ethereum added an “uncle block reward policy” b 1,a b 2,a b 3,a b 4,a ● All uncle blocks receive a partial reward depending on when it is accepted Ethereum allows up to two uncle blocks per b 1,b block Uncle Reward: 1.875 eth

  15. What will the blockchain look like during the attack? Briber only creates main blocks Bribed miners only create uncle blocks

  16. CensorshipCon: Subsidy and Hashrate Requirement For each uncle block: ● Network pays up to 2.625 ether. ● Briber pays remaining share of the block reward + the bribe bonus Minimum initial hashrate: ● With >25%, not all miners can accept the bribe ● With >33%, all miners can accept the bribe Briber and miners

  17. HistoryRevisionCon Briber wants to reverse / remove a transaction from the blockchain by rewarding miners for mining an alternative (and longer) fork

  18. HistoryRevisionCon Trustless Divert hashrate Payment Subsidy Whale transactions ✘ ✘ In band ✘ Script Puzzles ✔ ✔ Both ✘ Proof of stale block ✔ (Not fully) Out of band ✔ ✘ CensorshipCon In band ✔ ✘ ✔ HistoryRevisionCon In band ✔ ✘ ✔ Trustless - Briber and Briber only trust the smart contract Divert hashrate - Only if the attack is not successful Subsidy - Same trick as before - uncle blocks can subsidise attack

  19. HistoryRevisionCon: Observations Two modes of payment: ● Every block (full block reward + bribe) ● Every uncle block (subsidised block reward + bribe) All or nothing: ● Bribed miners are only rewarded if new fork becomes the longest chain Could be used for more than double spending: ● Inspecting the state of other contract, reversing computations and state transactions

  20. Source: ETHnews Could have saved the Parity wallets…

  21. Source: ETHnews …. Although bribery hard-fork smart contracts can still save the day … i.e. reward miners 20% of the locked 519k ether for the next k blocks?

  22. GoldfingerCon Can Ethereum be used to reduce the utility of Bitcoin?

  23. Goldfinger attacks A wealthy adversary wants to reduce the utility of another cryptocurrency (Kroll, Davey, Felten at WEIS 2013) Before: miners are invested in the utility of the cryptocurrency they mine, trust required between briber and miner Now: many competing cryptocurrencies and smart contracts

  24. GoldfingerCon Trustless Divert hashrate Payment Subsidy Whale transactions ✘ ✘ In band ✘ Script Puzzles ✔ ✔ Both ✘ Proof of stale block Out of band ✘ ✔ ✘ CensorshipCon In band ✔ ✘ ✔ HistoryRevisionCon In band ✔ ✘ ✔ GoldfingerCon Out of band ✔ ✘ ✘ Trustless - Briber and Briber only trust the smart contract Divert hashrate - All blocks are accepted into the attacked cryptocurrency Subsidy - No uncle blocks

  25. How can we reduce the utility of Bitcoin? Easy - reward miners for mining empty blocks … how to verify an empty block? Bitcoin Block Header Previous block hash Timestamp Merkle Tree Root Nonce

  26. All empty blocks have the coinbase transaction hash in their headers…. Bitcoin Block Header (Empty Block) Previous block hash Timestamp Replaced by Coinbase Transaction Hash Merkle Tree Root Nonce

  27. GoldfingerCon: Proof of Concept Implementation Purpose Gas Cost US$ Cost Create Contract 3,505,654 4.21 Submit block header 49,996 (checkpoint) 316,799 0.38 Submit block header 50,000 (out of order) 276,799 0.33 Submit block header 49,999 (out of order) 261,727 0.31 Submit block header 49,998 (out of order) 261,727 0.31 Submit block header 49,997 (in order) 314,017 0.38 Accept bribe for block 50,000 152,529 0.18 Around $0.56 to submit block header, coinbase transaction & accept bribe (October 2017)

  28. State of the art in “bribery-style attacks” Trustless Divert hashrate Payment Subsidy Whale transactions ✘ ✘ In band ✘ Script Puzzles ✔ ✔ Both ✘ Proof of stale block Out of band ✘ ✔ ✘ CensorshipCon In band ✔ ✘ ✔ HistoryRevisionCon In band ✔ ✘ ✔ GoldfingerCon Out of band ✔ ✘ ✘

  29. Future work ● What are the best strategies for ramping up the attack in order to achieve a majority of the hashrate? ○ Right now - we assume briber has managed to bribe a sufficient portion of miners ● What is the impact of selfish mining strategies in combination with bribery attacks for attacking and defending the network? ○ Rational miners vs bribed miners. Who will win? ● Can these bribery contracts be used in a proof-of-stake setting and is there any fundamental differences in the style of bribery? ○ Same coin can be used to both buy voting rights and pay bribes. Dangerous combo?

  30. Summary ● CensorshipCon ○ Briber relies on the uncle block reward policy to subsidse the attack ● HistoryRevisionCon ○ Contract verifies that history was reversed before rewarding the miner ● GoldfingerCon ○ Rewards a miner in one cryptocurrency for reducing the utility in another cryptocurrency Questions? github.com/stonecoldpat/briberycontracts alexander.hicks@ucl.ac.uk alexanderlhicks p.mccorry@ucl.ac.uk paddyucl s.meiklejohn@ucl.ac.uk

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Writing Smart Contracts Dionysis Zindros Smart Contracts Day Athens, March 2017 We talked all

Writing Smart Contracts Dionysis Zindros Smart Contracts Day Athens, March 2017 We talked all

Writing Smart Contracts Dionysis Zindros Smart Contracts Day Athens, March 2017 We talked all about what smart contracts are... ...but what does a real smart contract look like? Lets talk about writing actual Smart Contracts with code

809 views • 50 slides
Quantitative Analysis of Smart Contracts Krishnendu Chatterjee 1 Amir Goharshady 1 Yaron Velner 2 1

Quantitative Analysis of Smart Contracts Krishnendu Chatterjee 1 Amir Goharshady 1 Yaron Velner 2 1

Quantitative Analysis of Smart Contracts Krishnendu Chatterjee 1 Amir Goharshady 1 Yaron Velner 2 1 IST Austria 2 Hebrew University of Jerusalem ESOP 2018 Outline Smart Contracts Bugs in Smart Contracts Language Design Games and Abstraction

1.06k views • 73 slides
Smart Contract Security Florian Tramr Nicolas Kokkalis Agenda Smart Contract

Smart Contract Security Florian Tramr Nicolas Kokkalis Agenda Smart Contract

Smart Contract Security Florian Tramr Nicolas Kokkalis Agenda Smart Contract Verification Why? More examples of bugs! How? Beyond bugs in code: networks, miners and incentives Attacks by miners: reorder, delay,

405 views • 24 slides
EO-MINERS Earth Observation for Monitoring and Observing Environmental and Societal Impacts of

EO-MINERS Earth Observation for Monitoring and Observing Environmental and Societal Impacts of

E E E E miners miners miners miners EO-MINERS Earth Observation for Monitoring and Observing Environmental and Societal Impacts of Mineral Resources Exploration and Exploitation Project no: 244242, call 2009, Theme 6, Topic

480 views • 16 slides
Smart Contracts Jrgen Modin The two building blocks of smart contracts Digital signatures

Smart Contracts Jrgen Modin The two building blocks of smart contracts Digital signatures

Smart Contracts Jrgen Modin The two building blocks of smart contracts Digital signatures The blockchain What does the blockchain do? One timestamp, and one context for each signature You can detect if someone is promising

289 views • 7 slides
Smart Contracts and Ethereum Winter School on Cryptocurrency Loi Luu and Blockchain Technologies

Smart Contracts and Ethereum Winter School on Cryptocurrency Loi Luu and Blockchain Technologies

Smart Contracts and Ethereum Winter School on Cryptocurrency Loi Luu and Blockchain Technologies National University of Singapore Shanghai, Jan. 15-17 2017 Some slides are courtesy of Vitalik Buterin 1 Agenda Smart contracts and

1.12k views • 79 slides
Bitcoin Smart Contracts Saravanan Vijayakumaran sarva@ee.iitb.ac.in Department of Electrical

Bitcoin Smart Contracts Saravanan Vijayakumaran sarva@ee.iitb.ac.in Department of Electrical

Bitcoin Smart Contracts Saravanan Vijayakumaran sarva@ee.iitb.ac.in Department of Electrical Engineering Indian Institute of Technology Bombay August 26, 2019 1 / 17 Smart Contracts Computer protocols which help execution/enforcement of

288 views • 17 slides
Smart Contract Security Assessing Solidity smart contracts About Me Evangelos Deirmentzoglou

Smart Contract Security Assessing Solidity smart contracts About Me Evangelos Deirmentzoglou

Smart Contract Security Assessing Solidity smart contracts About Me Evangelos Deirmentzoglou Security Consultant Smart contract audits Nmap/Ncrack contributor Certs: OSCE, OSCP, OSWP Blockchain Basics Front Running

642 views • 30 slides
Designing Secure Ethereum Smart Contracts: A Finite State Machine Based Approach Anastasia

Designing Secure Ethereum Smart Contracts: A Finite State Machine Based Approach Anastasia

Designing Secure Ethereum Smart Contracts: A Finite State Machine Based Approach Anastasia Mavridou 1 and Aron Laszka 2 1 Vanderbilt University 2 University of Houston 2 Smart Contract Insecurity Smart contracts are riddled with bugs and

575 views • 21 slides
A Concurrent Perspective on Smart Contracts Ilya Sergey Aquinas Hobor 1st Workshop on

A Concurrent Perspective on Smart Contracts Ilya Sergey Aquinas Hobor 1st Workshop on

A Concurrent Perspective on Smart Contracts Ilya Sergey Aquinas Hobor 1st Workshop on Trusted Smart Contracts 7 April 2017 class ConcurrentQueue <E> { public synchronized void enqueue(E elem) {} public synchronized E dequeue()

605 views • 21 slides
Blockchain and Smart Contracts in the Energy Industry: A European Perspective Dr. Matthias Lang

Blockchain and Smart Contracts in the Energy Industry: A European Perspective Dr. Matthias Lang

Blockchain and Smart Contracts in the Energy Industry: A European Perspective Dr. Matthias Lang Bird & Bird LLP, Dsseldorf, Germany April 11, 2019 Table of contents I. Introduction II. Blockchain and Smart Contracts in a Nutshell

787 views • 41 slides
All about mining Joseph Bonneau Recap: Bitcoin miners Bitcoin depends on miners to: Store

All about mining Joseph Bonneau Recap: Bitcoin miners Bitcoin depends on miners to: Store

Lecture 4 All about mining Joseph Bonneau Recap: Bitcoin miners Bitcoin depends on miners to: Store and broadcast the block chain Validate new transactions Vote (by hash power) on consensus Who are the miners? Lecture 4.1: The

1.16k views • 99 slides
Verification of blockchains and smart contracts Formal Methods Update, 2018 BITS Pilani Goa

Verification of blockchains and smart contracts Formal Methods Update, 2018 BITS Pilani Goa

Verification of blockchains and smart contracts Formal Methods Update, 2018 BITS Pilani Goa Madhavan Mukund Chennai Mathematical Institute http:/ /www.cmi.ac.in/~madhavan Outline Introduction to blockchains Smart contracts

859 views • 37 slides
Ethereum Smart Contracts Saravanan Vijayakumaran sarva@ee.iitb.ac.in Department of Electrical

Ethereum Smart Contracts Saravanan Vijayakumaran sarva@ee.iitb.ac.in Department of Electrical

Ethereum Smart Contracts Saravanan Vijayakumaran sarva@ee.iitb.ac.in Department of Electrical Engineering Indian Institute of Technology Bombay September 4, 2018 1 / 14 Ethereum Contracts Contract = Collection of functions and state at a

179 views • 14 slides
Incentives in cryptocurrencies Joseph Bonneau Recap: Bitcoin miners Bitcoin depends on miners to:

Incentives in cryptocurrencies Joseph Bonneau Recap: Bitcoin miners Bitcoin depends on miners to:

ECRYPT Workshop on Cryptocurrencies Incentives in cryptocurrencies Joseph Bonneau Recap: Bitcoin miners Bitcoin depends on miners to: Store and broadcast the block chain Validate new transactions Vote (by hash power) on consensus

939 views • 68 slides
ECC (Part II) & Smart Contracts Sep. 16, 2019 Overview Cryptography with ECC How to

ECC (Part II) & Smart Contracts Sep. 16, 2019 Overview Cryptography with ECC How to

ECC (Part II) & Smart Contracts Sep. 16, 2019 Overview Cryptography with ECC How to send secret messages Bitcoins Stack Machine scripts Review Limitations Ethereums answer to those limitations

1.27k views • 58 slides
TRAIL Karl Stevens HWDT THE SEVENTH ARGYLL & THE ISLES TOURISM SUMMIT 7 MARCH 2019

TRAIL Karl Stevens HWDT THE SEVENTH ARGYLL & THE ISLES TOURISM SUMMIT 7 MARCH 2019

#WAA19 THE HEBRIDEAN WHALE TRAIL Karl Stevens HWDT THE SEVENTH ARGYLL & THE ISLES TOURISM SUMMIT 7 MARCH 2019 DRIMSYNIE HOTEL Argyll-Holidays Free Wifi #WAA19 WELCOME Iain Jurgensen Chair of AITC WILDABOUTARGYLLS KINTYRE GIN

927 views • 51 slides
GEAR INNOVATION-- WHATS BEEN DONE? Presentation for Entanglement Science Workshop -- September

GEAR INNOVATION-- WHATS BEEN DONE? Presentation for Entanglement Science Workshop -- September

GEAR INNOVATION-- WHATS BEEN DONE? Presentation for Entanglement Science Workshop -- September 1, 2020 By Fran Recht, Pacific States Marine Fisheries Commission frecht@psmfc.org , 541-765-2229 Information referred to in this presentation and

254 views • 6 slides
Whale Watching: Whale Watching: A Sustainable Solution A Sustainable Solution Whale Watching

Whale Watching: Whale Watching: A Sustainable Solution A Sustainable Solution Whale Watching

Whale Watching: Whale Watching: A Sustainable Solution A Sustainable Solution Whale Watching is the most sustainable Whale Watching is the most sustainable use of whales in the 21 st st century. century. use of whales in the 21

307 views • 12 slides
pyramid model of F2P design N Nicholas Lovell GDC Next Nicholas Lovell, GAMESbrief Author:

pyramid model of F2P design N Nicholas Lovell GDC Next Nicholas Lovell, GAMESbrief Author:

Where the Whales live: the pyramid model of F2P design N Nicholas Lovell GDC Next Nicholas Lovell, GAMESbrief Author: The Curve , How to Publish a Game, Design Rules for Free-to- Play Games Director, GAMESbrief Clients have

800 views • 55 slides
Object Detection using NVIDIA DIGITS Customization and Modification Deep Learning Institute

Object Detection using NVIDIA DIGITS Customization and Modification Deep Learning Institute

Object Detection using NVIDIA DIGITS Customization and Modification Deep Learning Institute NVIDIA Corporation 1 2 2 Introduction to Object Detection Detection by Combining Deep Learning with Traditional Computer Vision AGENDA Detection by

836 views • 34 slides
You and Your Research & The Elements of Style Philip Wadler University of Edinburgh Logic

You and Your Research & The Elements of Style Philip Wadler University of Edinburgh Logic

You and Your Research & The Elements of Style Philip Wadler University of Edinburgh Logic Mentoring Workshop Saarbr ucken, Monday 6 July 2020 Part I You and Your Research Richard W. Hamming, 19151998 Los Alamos, 1945. Bell

663 views • 19 slides
Full-Gradient Representation for Neural Network Visualization Suraj Srinivas Francois Fleuret

Full-Gradient Representation for Neural Network Visualization Suraj Srinivas Francois Fleuret

Full-Gradient Representation for Neural Network Visualization Suraj Srinivas Francois Fleuret Idiap Research Institute & EPFL Why Interpretability for Deep Learning? Why does the model think Deep this chest x-ray shows Pneumonia

556 views • 19 slides
Automatic Summarization Project - Deliverable 3 - Anca Burducea Joe Mulvey Nate Perkins May

Automatic Summarization Project - Deliverable 3 - Anca Burducea Joe Mulvey Nate Perkins May

Automatic Summarization Project - Deliverable 3 - Anca Burducea Joe Mulvey Nate Perkins May 19, 2015 Outline Deliverable 2 Summary System overview Sentence scoring Topic orientation Other methods Score combination Topic clustering

671 views • 26 slides

More recommend