3. (i) POW Blockchain and (ii) Security


The framework of This Study:To analyze the security and performance implications of different consensus and network layer protocol author has prepared a quantitative framework to carry out this study. Author’s framework is a combination of two key elements.Figure:6 Components of Study Framework ** Pictures taken from ETH Zurich Research Report.They are (i) POW Blockchain and (ii) Security Model. A blackchin instance is a proof of work blockchain instantiated by consensus layer and network layer parameter. As discussed earlier a consensus mechanism is what all the blocks in the network follow to validate a transaction.

We Will Write a Custom Essay Specifically
For You For Only $13.90/page!

order now

For example, Bitcoin uses a POW consensus layer mechanism which searches for a nonce value such that the current target value should be lesser than the hash value. In network layer two most important parameters for POW blockchain is Block size: This defines how many transactions can be put into each block. If the block size is bigger then block propagation speed decreases.

On the other side, it increases the stale block rate.Information Propagation mechanism: This shows how information is delivered in peer to peer network. There are four types of standard information propagation mechanism:Send Headers: Peers can directly issue a send header to directly receive block headers from its peer in future.Unsolicited Block Push: A mechanism of broadcasting blocks by the miners without advertisement.

Relay Networks: It enhances the synchronization of miners of the common pool of transaction. Hybrid Push/Advertisement System: A system which combines the use of push and advertisement system.In the left-hand side, POW blockchain takes consensus and network parameters as input and gives output like block propagation time, throughput. To realistically capture the output of this POW based blockchain authors have put this blockchain on the simulators they have developed. These simulators take input parameter such as block interval, mining power as well as block size, propagation protocol, the location of miner’s etc. Stale block rate is an important output from this POW based blockchain because it gives the efficiency of peer to peer connection of an honest network.

This Stale block rate is taken as an input to Security model. This model also takes different security parameters as input such as adversarial mining power, mining cost, number of required confirmation. The main objective of this model is to holistically compare the security and performance of different POW blockchain with different parameters as input. This security model is based on Markov decision Process and provides an optimal adversarial strategy for double spending and selfish mining as an output.

3.1Security Model: Parameters for the Security Model:Stale Block Rate: Stale block rate captures information propagation mechanism.Mining Power: This is typically used in the study model to capture the fraction of the total mining power possessed by the adversary. Block Confirmation Number: Total number of blocks required to confirm a transaction.Impact of Eclipse Attack: This study model accounts for eclipse attack as well.3.

2 Markov Decision Process: (MDP)The right tool for a problem which deals with “states” and “discrete events” with a certain probability is a Markov Decision Process (MDP). MDPs are a mathematical model which decides the best policy means in what sequence the actions should be implemented to maximize a goal. An MDP model has multiple states and actions. Actions are the transitions between states. In MDP each transition can happen with some probability. In this model, some actions might provide a reward or loss to occur. Figure 7 shows a graphical depiction of a Markov Decision Process.

In the intended security and performance of POW study, MDP is based on four tuples. It is represented as follows M:=<S, A, P, R>. Where S represents state space, A is for representing actions, P is the stochastic transition matrix and R is the reward matrix.Figure 7: A graphical depiction of MDP with states s_0, s_1, S_2 and action a_0, a_1.

The two rewards are -1 and +5. (Figure created by MistWiz on WikiCommons).In this model an adversary can perform the below actions:Adopt: If an adversary thinks it can never win over an honest miner then it performs this action.Override: If adversaries chain is longer than the honest miner then it overrides the honest mining chain.Match: if the length of adversarial chain and honest chain are same then adversary perform this action.Wait: If an adversary has not yet found a block then it continues mining until it finds one.Exit: This action is performed during the double-spending attack.

Now state space S also has four-tuple namely length of honest chain, length of adversarial chain, blocks mined by eclipsed victim and fork. In the research, paper authors built MDPs for a rational attacker and asked what the attacker should do to successfully double-spend or selfish mine.Selfish Mining vs Double Spending: Main goal in selfish mining is to increase the relative share of the adversarial block in the main chain. In double spending, the adversary is more focused on earning maximum revenue. It is also found in the study that selfish mining is not always rational.

Following an adversarial strategy for mining 1000 blocks with 30% hash power, an adversary can mine 209 blocks, but an honest miner can mine 300 blocks. In honest mining, an adversary can earn by mining a block. It also loses it’s reward if a block is adopted by the main chain. As the main chain poses maximum hash power, the probability is always high for an adversary to lose the competition. Eclipse Attack: In this type of attack attacker takes control of peer to peer network and obscure target node’s view of the blockchain. The researcher has found attacker can saturate the connection to a target victim.

It means all the connection to the victim would be bottlenecked and passed through attacker nodes so that it can manipulate the connections. Following eclipse attack scenarios are captured by our model: No Eclipse Attack: This study model captures this case. Isolate the Victim: This captures those cases where total mining power decreases. In return, it increases the fraction of mining power possessed by an adversary.Exploit the eclipsed victim: Adversary uses victims mining power to expand its own chain.3.

3 Selfish Mining MDP: As discussed previously the main goal of a selfish miner is to increase the relative number of adversary block in the main chain. In this study, the model author has captured that by optimizing the relative revenue. But there is a problem of applying single player MDP in this particular case because selfish miner deals with relative revenue. To overcome this problem the author has applied Sapirshtein el.

Sapirshtein el proposes that an adversary with less than 33% of total hash power can make a profit from the network. This model captures various parameter such as block propagation time, block generation interval, block size and eclipse attack.3.

3.1 Optimal Strategies For Selfish Mining : Authors have used MDP solver for finite state space MDP’s. The output author received from the model is below.

Here the author tries to find the impact of stale block rate on selfish mining. Figure 8: Selfish mining (Relative revenue vs Adversarial mining power)** Pictures taken from ETH Zurich Research Report. In Figure 8 author tries to understand how adversarial mining power influences the relative revenue of an attacker. For this he has put the adversarial mining power is in X-axis and relative revenue in the Y axis. The graph is drawn for a stale block rate of 1% and 10%. It is seen from this diagram that relative revenue increase with the increase of adversarial mining power.

An upper bound is also taken in this diagram to understand the cases when the relative revenue of a selfish miner maximized by overriding a block of an honest chain. Figure 8 shows the upper bound exceeded when network delays and parameters are captured.Figure 9: Relative revenue vs Stale rate** Pictures taken from ETH Zurich Research Report.In Figure 9 author tries to understand the relationship between stale block rate and relative revenue.

He compares relative revenue in Y axis with stale block rate in X-axis for a mining power ? of .1 and .3 respectively.

This diagram suggests a nonlinear relationship between relative revenue and stale block rate.Author has also studied the impact of the eclipse attack in selfish mining. Figure 9 explains the relationship between eclipsed mining power ? and adversarial mining power ?. In this study the cases considered are 1. where adversary uses victims mining power ?2. When an adversary uses honest miners blocks to advance its own chain.

It is seen for higher ? values selfish mining capability also increases. In this graph, an exceptional case is also observed for ?=.3 and ?=.38. For this situation, it is more profitable for an adversary not to include some of the victim’s blocks. Here victim’s blocks are accounted as a reward for the honest chain.

This, in turn, reduces the block share of an adversary. Figure 10: Eclipsed mining power vs Adversarial mining power ** Pictures taken from ETH Zurich Research Report.3.4 Double Spending MDP: As discussed earlier in the double-spending rational adversary tries to maximize its profit.

In double spending, it is assumed that loss in operational cost is less because the adversary can earn some goods or money in exchange for a transaction. In double spending, exit state can only be reached if the length of an adversarial chain is at least a block longer than the honest chain (la ; lh ) after k block confirmation for an honest chain with 1?? mining power. This is described in the below table 2. A question can arise during this study as the adversary is rational it is hard to reach an exit state. But it is found that in exit state adversary can earn a reward of blocks.** Pictures taken from ETH Zurich Research Report.3.

4.1 Optimal Strategies for Double Spending: To create optimal strategies author has used the pymdtoolbox library and applied PolicyIteration algorithm. By this block confirmation value, k is received which is sufficient to make a safe transaction in presence of rational adversary in the network. To decide in a certain scenario if a rational adversary would do double spend or selfish mining, a minimum value of double spend vd must be determined. For achieving that author start with high double spending value so that exit state is reachable in optimal double spending strategy. Author has done this because the presence of exit state in policy ensures high profitability for doubles spending strategy otherwise honest mining is more profitable. In this below Table -3 an example is shown for optimal strategy.

Table 3: Optimal Strategies for double spending.** Pictures taken from ETH Zurich Research Report.Here ? = 0.

3,? = 0,rs = 0.41%,cm = ?,? = 0 and vd = 19.5. Length of adversary chain is la, taken as rows.

Length of honest chain is lh. Three values of each entry are irrelevant, relevant and active. * means unreachable and w, a, e represents wait, adopt and exit respectively. In this example cut off value for honest chain and adversarial is taken as 20. This suggests both this chain length cannot be greater than the defined cut-off value. So what is the main goal of this analysis? The attacker must exceed a threshold if it successfully wants to double spend for a fixed number of block confirmation k. Otherwise, honest mining is more profitable.

This result is illustrated in Figure 10. The x-axis shows how the adversarial mining power is influencing the threshold. Different values of k (the desired number of confirmations) lead to different curves.The y-axis in Figure 10 shows how many successive blocks are needed to be mined before a double spending attack to be successful. For an adversary, around 30% mining power needs 6 block confirmation and the expected number of blocks is roughly 100.An adversary with mining power of more than .

25 needed less than 1000 blocks to successfully carry out double-spending attack. Figure:10 Expected blocks for double spending rs = 0.41%, ? = 0, cm = ? and ? = 0.** Pictures taken from ETH Zurich Research Report.

Here stale block rate is represented by rs. ?, cm represents the propagation parameter and maximum mining costs respectively.Impact of Propagation Parameter: Propagation parameter signifies the connectivity efficiency in an adversarial chain.

It suggests if connectivity increases in the adversarial network then adversarial mining power also increases. Author has put adversarial mining power in the X-axis and shown double spending transaction should have a threshold value. If transaction value is more than the threshold value, then only double spending is profitable. It can also be seen from Figure 11 that higher the propagation parameter ? lower the transaction value an adversary expects to double spend.

Figure:11 Impact of propagation parameter ? with respect to double spending transaction value.** Pictures taken from ETH Zurich Research Report.In this graph double spending value(vd) is taken in Y-axis and adversarial mining power(?) in the X-axis. If ? increase vd decreases.Impact of mining costs: From the study, it is found that mining cost has a negligible impact on adversarial strategy. It is shown by the below Figure 12.

Figure 12: Impact of mining cost.** Pictures taken from ETH Zurich Research Report.Value of double spend (Vd) is in the Y-axis and adversarial mining power(?) in the X-axis. rs = 0.

41%, ? = 0, ? = 0 Cm represents maximum mining cost ?vd is the difference in costs.Impact of Stale Block Rate: In Figure 13 impact of stale block rate is explained for double spending. This below experiment is carried out for a mining power of .1 and .3 respectively.

It can be seen if stale block rate grows the value of double spend decreases. Author has found double spending value of an adversary decreases from 9.2 to 6.4 block reward with mining power .3 and a stale block rate of 10% and 20 %. Figure:13 Impact of stale block rate.

** Pictures taken from ETH Zurich Research Report.Here Vd is the value of double spend in the Y-axis, Stale block rate in X-axis and adversarial mining power is represented by ?.Impact of Eclipse Attack: The impact of eclipse attack is represented by Figure 14. It is assumed that an adversary attacks an honest block with ? eclipsed mining power.

It can be observed eclipsed mining power increases with the increase of adversarial mining power. So eclipse attack is beneficial for an adversary. For example, an adversary with an adversary with ?=.025 and ? =.

1 reduces the double spending value (vd) from 880 block reward to .75 block.Figure 14: Full eclipse attack ** Pictures taken from ETH Zurich Research Report.

In Figure 14 eclipse mining power ? is in Y axis and adversarial mining power is in X axis and , rs = 0.41%, ? = 0 and cm = 0.Bitcoin vs Ethereum: Figure 15 shows the reward required for a double spending attack to make a profit. The y-axes show the reward required from fraudulent behavior as multiples of the block reward, i.

e. multiples of the reward of non-fraudulent behavior. The figure also contrasts between Ethereum and Bitcoin.

As a consensus algorithm both this chain uses proof of work, but the key difference is the block time. i.e. the duration between the generation of two blocks. Stale block rate increases because of shorter block times. It means the time gap between finding two blocks is much shorter in Ethereum.

Thus, participant blocks more often return finding the same block which increases the stale block rate in the network.Below points are observed by the author in the study. First: Figure 15 shows 6 Bitcoin block confirmation is more resilient to double spending than that of 12 Ethereum block.Second: Ethereum’s double spending resilience is better only for an adversary with less than 11% hash power.

Third: If block reward goes up blockchain is more resilient to double spending attack. Figure 15: Double spending resistance of Ethereum vs Bitcoin** Pictures taken from ETH Zurich Research Report.Block reward is in the Y-axis and Adversarial mining power in the X-axis. Ethereum (k ?{6,12}) vs. Bitcoin (k = 6).

Author has also tried to compare both this block chains by equalling their stale block rate. It is observed that Ethereum’s security is lower in caparison to bitcoin Figure 16 explains the following.Figure 16: Comparison between Ethereum and Bitcoin.** Pictures taken from ETH Zurich Research Report.

Value of double spend is on the Y-axis and Adversarial mining power is in the X-axis. Here k is 6, rs = 6.8% and their difference is ?vd.4.Blockchain Simulator and Results: The simulator author has developed for this study capture parameter like block size, block interval, propagation mechanism by measuring stale block rate, block propagation times. In this simulator point to point connections are established between nodes.

Global IT latency statistics of Verizon are used to capture latency in the network. Regular nodes and miners are distinguished in this network. Bitnode’s geographical node location is adopted and used for the nodes in this simulator. Author has also used blockchain.info’s mining pool distribution and used it in this simulator. In Table 4 all the parameters which are captured by the simulator are listed.

Table -4 Parameters of Simulator** Pictures taken from ETH Zurich Research Report.4.1 Evaluated Result:Simulator Validation: In order to validate the performance of this study author has adjusted the parameters of table 4 with the real world deployed blockchain. For determining the stale block rate author has crawled 24000 Bitcoin,1000,000 Litecoin, and 240,000 Dogecoin blocks. The performance achieved from this model is quite like the real world blockchain. Stale block rates of Dogecoin and Litecoin are particularly close and Bitcoin’s stale block rate falls in some cases like where relay network and unsolicited block push is not used by the miner.Figure 17: Geographical Location of Bitcoin miner’s in study simulator.

** Pictures taken from ETH Zurich Research Report.Block Interval: Author has tested block interval with a range of .5 sec to 25 minutes in the simulator. It is tested for four different block request management system namely 1. Standard block request management 2. Standard block request management enhanced by unsolicited block push from miners 3 Standard propagation mechanism with relay network 4.

Send header mechanism with unsolicited block push and relay network.For standard block request management system with 10 minutes block interval study simulator produces stale block rate 1.85 % in comparison to 1.69 % reported by Wattenhoffer.

Stale block rate reduces significantly after the introduction of unsolicited block push for miner because of two main reason—a. miners profit most out of unsolicited block push because they are interconnected b. propagation method is crucial to reach most of the network rapidly. To measure the impact of the block interval author has fed the resulting stale block into MDP models. It is found for an adversary with 30% of total mining power relative revenue is inversely proportional to consensus time.Impact of Block Size: From the study, it is found block propagation time has a linear relationship with block size. But this linear relationship is valid up to 4 MB block size.

From 4 MB to 8 MB stale block rate increases exponentially with propagation times. If block size increases the relative revenue of selfish miner also increase but double spending value decreases. Author has also found an efficient block propagation mechanism to increase the security of the blockchain. The results of this study for four previously discussed block request management system is shown in table 5.Table 5: Impact of the block size on the median block propagation time (tMBP) in seconds** Pictures taken from ETH Zurich Research Report.The stale block rate is rs, vd, and rrel, given the current Bitcoin block generation interval and an adversary with ? = 0.3 and k = 6.

Throughput: Author has varied block size (.1 MB-8 MB) and block interval (.5 second-25 Minutes) to capture different blockchain throughput. Throughput is calculated in transaction per second (tps). Stale block rate and infer are represented with vd and rrel.

The result author has got is shown in the below table -6.Table 6: Impact of throughput for K=6 and 16 mining pool with 30% adversarial mining power.** Pictures taken from ETH Zurich Research Report.From this table, it can be seen 60tps throughput can be achieved with existing security in the bitcoin by changing the input parameters like block size and block interval.

5. Related Work: There were many who have worked on the double-spending attack, but no one has worked on adversarial strategies before the author. Eyal and Sirer in their study show relative revenue of a selfish miner can be increased by not publishing their blocks directly. Courtois and Bahack study is related to subversive mining. Author’s work is similar to Sapirshtein et al’s study. The only difference lies between their study is the author captures the optimal double spending strategies by considering the mining cost of an adversary, number of block confirmation and double spending value which Sapirshtein did not.

6. Conclusion: In this study author has proposed a quotative framework to measure the security and performance of different POW based blockchains. The impact of network level parameters on the security of blockchain is evaluated in this study.

From the study, it is found 37 Ethereum block confirmation equals 6 Bitcoin block confirmation. It means Bitcoin blocks are more secured than Ethereum’s. It is also proved that 60 tps of Bitcoin throughput can be achieved without sacrificing the existing security by varying input the parameters.7.Reference:1.

On the Security and Performance of Proof of Work Blockchains by Arthur Gervais, Ghassan O. Karame, Karl Wüst, Vasileios Glykantzis, Hubert Ritzdorf, Srdjan ?Capkun.2. https://vimeo.com/1271955253. https://steemit.

com/blockchain/@cryptonik/what-are-orphaned-and-stale-blocks-blockchain-techology-explained4. https://www.cryptocompare.com/coins/guides/what-is-bitcoin-selfish-mining/5. https://medium.

com/@chrshmmmr/a-guide-to-dishonesty-on-pow-blockchains-when-does-double-spending-pays-off-4f1994074b526. https://www.youtube.com/watch?v=dTdXljsLiUs


I'm Gerard!

Would you like to get a custom essay? How about receiving a customized one?

Check it out