Attack Vectors: Selfish Mining Attack. Part 1 of 3

This is Part 1 of my conversation with Robert about well-known attacks against blockchains and the types of defense taken by DFINITY. Selfish Mining involves creating a chain in secret and releasing it, which depends on the progress of the official chain. Block withholding in DFINITY is prevented by the notarization and the BlockTime delay.

Video Transcript:

Welcome back to another episode of Inside DFINITY. Today we’re going to jump right in and today Robert and I are going to talk about different attacks and attack vectors, that are common in blockchain systems and are currently being discussed. Before I spoil anything, welcome to the show. Second – what are the attacks that we’re going to talk about today?

Selfish Mining Attacks:

Robert: Thank you for having me, Cedric, the three attacks, well known attacks – the first one is the infamous Selfish Mining Attack, the second is Nothing-at-Stake Attack and the third is Long Range Attack. I will try to give you a short overview of all these three attacks and show how DFINITY defends its system against these types of attacks. We cannot go into the details for each attack, but let’s see how they work in general.

Cédric: Sounds good, so we’re going to talk briefly about how these three attacks work and then also what measures DFINITY built in order to counter these attacks.

Selfish Mining Attack

Robert: Great, so let’s start with the first attack with Selfish Mining. So Selfish Mining is not a real attack; it can also be considered more like a strategy for miners which want to optimize their profit, which is what every miner tries to do. And it turns out that there can be situations where miners can optimize their mining strategy in a way, which hurts the other miners, which hurts their peers.

Honest Mining Strategy

Robert: Let’s see how that’s possible. And for that we need to start with the Honest Mining Strategy that’s implemented in Bitcoin and many other blockchains.  So in Bitcoin and other proof-of-work blockchains you have a chain, and this chain can have like natural forks because it can always happen that two miners release their blocks at approximately the same time, so other miners will pick up two different blocks to build their blocks.

Longest Chain Rule

Robert: Now Bitcoin resolves forks by applying a very simple rule, which is the Longest Chain Rule. This rule means that when an honest miner sees this, so this is chain A, and this is chain B, then chain A has one block more than B. So the honest miner will append his block here – on chain A. There is another situation, which can occur, like the beginning of a fork, which means that we have two separate chain ends with the same height. Then, the normal strategy applied by Bitcoin is the so called First-Seen Rule, which means that you as a miner would choose the block that you have seen first. If you’ve seen this block first, you will append your block here. So this is quite simple.

Now there was a paper back in 2013 by Emin Gün Sirer and others, who discovered that this strategy is not the most profitable strategy in every situation. There can be situations, which depend on the amount of hashing power that you own as a miner, and which also depends on your network connectivity, so on the speed of your block propagation. Depending on these two parameters, there can be situations where you can apply a mining strategy that’s more profitable than the longest chain rule and the first seen rule.

Block Timing and Withholding

Robert: I cannot go into the details, but the strategy just involves timing and withholding blocks from the other miners. This means that you build a fork in secret without releasing your blocks to the network of miners, and then based on the progress of the official chain that has been propagated by the other miners. Based on that progress, you will decide whether to release your block or not. So if you don’t release your block, that means that you would keep on appending blocks in secret and maybe release your chain fork later. And you can show mathematically that if you have sufficiently high adversarial power or if you have like a sufficiently high mining power in the network and sufficiently high network connectivity, then this strategy can be more profitable than just the original mining rules.

Cédric: Basically it means I need to have a huge amount of mining power? Because it means I need to find a first block and then another block without showing my first block, and I can build this like hidden fork and I only release it later on and I collect all the rewards that come with that.

Robert: Yes, so what’s interesting about is it that your strategy is more about working the progress of other nodes. Relatively speaking, you will destroy some rewards of the other miners. So, you will have a higher relative reward than the other miners, which on the long run due to the Bitcoin’s difficulty adjustment rule will lead to a situation where you can make more profit on the long run. Not for every block but just statistically if you perform this strategy long enough, you can have a higher profit then by just following the original rules.

DFINITY’s Approach to Block Building and Validation

Cédric: Got it, and so how does DFINITY incentivize miners not to follow the strategy but to be honest?

Robert: Yes, so DFINITY is quite different in how blocks are built and in how blocks are validated because we not only have in our system blocks, but we also have notaries, which need to collectively threshold sign or notarize and validate every block. So for every block we need to have some kind of validation by a group of nodes.

Random Beacon Chain

Robert:  What we also have as an additional mechanism to the chain is a random beacon chain which is also built in parallel to the blockchain which gives us a random list of block makers, for every block height. So the random beacon outputs, a random list of nodes that can get the right or some priority to create a block for the respective round.

Block Time

Robert: What we also have in our system is a BlockTime, which is a delay or a pause. So to say, where the notaries wait some time in order to give the block makers enough time to create and publish their blocks. With this mechanism, you have some kind of synchrony and also that the block makers should have enough time to create and publish their block. These block makers can create blocks and because of this BlockTime and because of the fact that the network runs synchronously or somewhat synchronously. And there are no race conditions between the block makers. So it doesn’t matter so much whether you have a fast connectivity as a block maker or somewhat slower connection; if the BlockTime is chosen large enough, this is chosen like more than three Delta.


Robert: Delta means the maximum network traversal time for a block, really the highest block  maker. The highest ranked or priority block maker has a fair chance or has the chance to get his block appended to the official blockchain. The important aspect with this is that if this block maker just hides his block like in Selfish Mining and it really relies on the fact that you build a chain in secret and you release your chain only maybe three blocks later that couldn’t work in this system because in our system every block needs to get notarized.

If you release your block too late, then it would be too late to get it notarized, so your block would get wasted or orphaned. So we have two things here – we have no race conditions – so you have enough time as a block maker to publish your block and if you misbehave and just wait too long like to try some strategy, then your strategy we’ll be a losing strategy. Because you will not get any block rewards.

Cédric: If it doesn’t get notarized, you’re not rewarded for it and you have an incentive to work quickly and publish your blocks instead of holding them back.