FORTIS: Selfish Mining Mitigation by (FOR)geable (TI)me(S)tamps

Abstract

The selfish mining (SM) attack of Eyal and Sirer allows a rational mining pool with a hash power (α) much less than 50% of the whole Bitcoin network to steal from the fair shares of honest miners. This attack has been studied extensively in various settings in order for its optimization and mitigation. In this context, Heilman proposes a defense “Freshness Preferred”, based on timestamps, which are issued routinely by a timestamp authority. In contrast, we consider the case where timestamps are generated by no authority; instead every miner includes the current time into a block freely. However, due to two attacks that we discover, this turns out to be a non-trivial task. These attacks are Oracle mining , which works by cleverly setting the timestamp to future, and Bold mining , which works by generating an alternative chain starting from a previous block. Unfortunately, these attacks are hard to analyze and optimize, and to our knowledge, the available tools fail to help us for this task. To ease this, we come up with generalized formulas for revenue and profitability of SM attacks. Our analyses show that the use of timestamps could be promising for selfish mining mitigation. Nevertheless, Freshness Preferred in its current form is quite vulnerable, as any rational miner with α > 0 can directly benefit from our attacks. To cope with this problem, we propose a novel SM mitigation algorithm Fortis without an authority, which protects the honest miners’ shares against any attacker with α < 27.0 against all the known SM-type attacks. By building upon the blockchain simulator BlockSim, we simulate our Oracle and Bold mining attacks against Freshness Preferred and Fortis . Simulation results also demonstrate the effectiveness of these attacks against the former and their ineffectiveness against the latter.