Be Selfish and Avoid Dilemmas: Fork After Withholding (FAW) Attacks on Bitcoin

In the Bitcoin system, participants are rewarded for solving cryptographic puzzles. In order to receive more consistent rewards over time, some participants organize mining pools and split the rewards from the pool in proportion to each participant's contribution. However, several a acks threaten the ability to participate in pools. e block withholding (BWH) a ack makes the pool reward system unfair by le ing malicious participants receive unearned wages while only pretending to contribute work. When two pools launch BWH a acks against each other, they encounter the miner's dilemma: in a Nash equilibrium, the revenue of both pools is diminished. In another a ack called sel sh mining, an a acker can unfairly earn extra rewards by deliberately generating forks. In this paper, we propose a novel a ack called a fork a er withholding (FAW) a ack. FAW is not just another a ack. e reward for an FAW a acker is always equal to or greater than that for a BWH a acker, and it is usable up to four times more o en per pool than in BWH a ack. When considering multiple pools -the current state of the Bitcoin network -the extra reward for an FAW a ack is about 56% more than that for a BWH a ack. Furthermore, when two pools execute FAW a acks on each other, the miner's dilemma may not hold: under certain circumstances, the larger pool can consistently win. More importantly, an FAW a ack, while using intentional forks, does not su er from practicality issues, unlike sel sh mining. We also discuss partial countermeasures against the FAW a ack, but nding a cheap and e cient countermeasure remains an open problem. As a result, we expect to see FAW a acks among mining pools. CCS CONCEPTS •Security and privacy → Distributed systems security; Economics of security and privacy;