Received: from sog-mx-1.v43.ch3.sourceforge.com ([172.29.43.191] helo=mx.sourceforge.net) by sfs-ml-2.v29.ch3.sourceforge.com with esmtp (Exim 4.76) (envelope-from ) id 1VdjwQ-0002h4-47 for bitcoin-development@lists.sourceforge.net; Tue, 05 Nov 2013 16:57:22 +0000 Received-SPF: pass (sog-mx-1.v43.ch3.sourceforge.com: domain of gmail.com designates 209.85.215.43 as permitted sender) client-ip=209.85.215.43; envelope-from=stanga@gmail.com; helo=mail-la0-f43.google.com; Received: from mail-la0-f43.google.com ([209.85.215.43]) by sog-mx-1.v43.ch3.sourceforge.com with esmtps (TLSv1:RC4-SHA:128) (Exim 4.76) id 1VdjwO-0004Nx-KT for bitcoin-development@lists.sourceforge.net; Tue, 05 Nov 2013 16:57:21 +0000 Received: by mail-la0-f43.google.com with SMTP id ec20so1413994lab.16 for ; Tue, 05 Nov 2013 08:57:14 -0800 (PST) X-Received: by 10.112.168.105 with SMTP id zv9mr1924598lbb.48.1383670633889; Tue, 05 Nov 2013 08:57:13 -0800 (PST) MIME-Version: 1.0 Sender: stanga@gmail.com Received: by 10.112.105.35 with HTTP; Tue, 5 Nov 2013 08:56:53 -0800 (PST) From: Ittay Date: Tue, 5 Nov 2013 11:56:53 -0500 X-Google-Sender-Auth: wD84oHaSoSmuaHJ-_32eGhXXw5M Message-ID: To: Bitcoin Dev Content-Type: multipart/alternative; boundary=001a11c259aa9e856804ea70ecfa X-Spam-Score: -0.5 (/) X-Spam-Report: Spam Filtering performed by mx.sourceforge.net. See http://spamassassin.org/tag/ for more details. -1.5 SPF_CHECK_PASS SPF reports sender host as permitted sender for sender-domain 0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider (stanga[at]gmail.com) -0.0 SPF_PASS SPF: sender matches SPF record 0.0 URIBL_BLOCKED ADMINISTRATOR NOTICE: The query to URIBL was blocked. See http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block for more information. [URIs: arxiv.org] 1.0 HTML_MESSAGE BODY: HTML included in message 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature X-Headers-End: 1VdjwO-0004Nx-KT Cc: Gavin Andresen , =?ISO-8859-1?Q?Emin_G=FCn_Sirer?= Subject: [Bitcoin-development] BIP proposal - patch to raise selfish mining threshold. X-BeenThere: bitcoin-development@lists.sourceforge.net X-Mailman-Version: 2.1.9 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 05 Nov 2013 16:57:22 -0000 --001a11c259aa9e856804ea70ecfa Content-Type: text/plain; charset=ISO-8859-1 Hello, Please see below our BIP for raising the selfish mining threshold. Looking forward to your comments. Best, Ittay --- Bitcoin Improvement Proposal Owners: Ittay Eyal and Emin Gun Sirer We suggest a change in the propagation and mining algorithm for chains of the same difficulty, to raise the threshold on Selfish Mining attacks. * Current situation: When a miner is notified of a new chain of the same difficulty as the one it is mining on, it will ignore it. * Background: The selfish mining attack and its implications were described in detail in the following research paper: http://arxiv.org/abs/1311.0243v1 * Proposal: To thwart selfish mining attacks launched by less than 25% of the mining power, we propose the following change to the protocol: When a miner learns of more than one chain of the same difficulty, it should propagate all of them, and choose one of them to mine on uniformly at random among all chains of the same difficulty. When hearing of a chain of maximal difficulty that it did not know of before: 1. Add it to a local list of maximal difficulty chains. 2. Propagate it to its neighbors. 3. Choose a branch uniformly at random from the local list, and mine on it. * Example: t0: learn of chain A of difficulty x. propagate A to neighbors. start mining on A. t1: learn of chain B of difficulty x. propagate B to neighbors. toss a coin between A and B; if B wins, switch to mining on B. t2: learn of chain C of difficulty x. propagate C to neighbors. toss a 3 faced coin among A, B, and C; switch to mining on the winning chain. * Concerns and answers: 1. No harm to miners when all are honest. Mining blocks is a random Poisson process, which is memoryless. Having mined on the block in the past does not provide an advantage in locating a solution in the future. Therefore, a miner is not harmed by switching the chain on which it mines. 2. No new vulnerabilities introduced: Currently the choice among equal-length chains is done arbitrarily, depending on network topology. This arbitrariness is a source of vulnerability. We replace it with explicit randomness, which is at the control of the protocol. The change does not introduce executions that were not possible with the old protocol. 3. Complete backward compatibility: Any subset of the miners can switch to the proposed protocol. 4. Progressive improvement: Each miner that adopts the change raises the threshold a little bit. The threshold will reach 25% with universal adoption. --001a11c259aa9e856804ea70ecfa Content-Type: text/html; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable
Hello,=A0

Please see below o= ur BIP for raising the selfish mining threshold.=A0
Looking forwa= rd to your comments.=A0

Best,=A0
Ittay= =A0

---=A0

Bitcoin Improvement Proposal= =A0

Owners: Ittay Eyal and Emin Gun Sirer=A0
=

We suggest a change in the propagation and mining algor= ithm for chains of the same difficulty, to raise the threshold on Selfish M= ining attacks.=A0

* Current situation:=A0
When a miner is notif= ied of a new chain of the same difficulty as the one it is mining on, it wi= ll ignore it.=A0

* Background:=A0
The se= lfish mining attack and its implications were described in detail in the fo= llowing research paper:=A0

* Proposal:=A0
=
To thwart selfish mining attacks launched by less than 25% of the mini= ng power, we propose the following change to the protocol:=A0
When a miner learns of more than one chain of the same difficulty, it = should propagate all of them, and choose one of them to mine on uniformly a= t random among all chains of the same difficulty.=A0

When hearing of a chain of maximal difficulty that it did not know of = before:=A0
1. Add it to a local list of maximal difficulty chains= .=A0
2. Propagate it to its neighbors.=A0
3. Choose a b= ranch uniformly at random from the local list, and mine on it.=A0

* Example:=A0
t0: learn of chain A of difficu= lty x.=A0
=A0 =A0 propagate A to neighbors.=A0
=A0 =A0 = start mining on A.=A0
t1: learn of chain B of difficulty x.=A0
=A0 =A0 propagate B to neighbors.=A0
=A0 =A0 toss a coin between A and B; if B wins, switch to mining on B.= =A0
t2: learn of chain C of difficulty x.=A0
=A0 =A0 pr= opagate C to neighbors.=A0
=A0 =A0 toss a 3 faced coin among A, B= , and C; switch to mining on the winning chain.=A0

* Concerns and answers:=A0
1. No harm to mine= rs when all are honest.=A0
Mining blocks is a random Poisson proc= ess, which is memoryless. Having mined on the block in the past does not pr= ovide an advantage in locating a solution in the future. Therefore, a miner= is not harmed by switching the chain on which it mines.=A0

2. No new vulnerabilities introduced:=A0
Curr= ently the choice among equal-length chains is done arbitrarily, depending o= n network topology. This arbitrariness is a source of vulnerability. We rep= lace it with explicit randomness, which is at the control of the protocol. = The change does not introduce executions that were not possible with the ol= d protocol.=A0

3. Complete backward compatibility:=A0
Any su= bset of the miners can switch to the proposed protocol.=A0

4. Progressive improvement:=A0
Each miner that adopts th= e change raises the threshold a little bit. The threshold will reach 25% wi= th universal adoption.=A0

--001a11c259aa9e856804ea70ecfa--