While the bitcoin community obsesses over 51% attacks, Cornell Professor Emin Gün Sirer and post-doc Ittay Eyal have spent years examining a different threat to the network's security. They called it
While the bitcoin community obsesses over 51% attacks, Cornell Professor Emin Gün Sirer and post-doc Ittay Eyal have spent years examining a different threat to the network's security. They called it selfish mining, and they detailed the attack in a 2013 paper that's resurfaced in recent discussions, including an episode of the Epicenter Bitcoin podcast at the end of April.
The mechanics are straightforward. A miner discovers a valid block but doesn't broadcast it. Instead, they keep working on top of their secret chain, building extra blocks while the rest of the network mines on the previous known block. The attacker only reveals their chain when timing favors them. Ittay Eyal explained the payoff on the podcast: "You know that blocks are generated one after the other. When a miner generates a block, it's supposed to publish it to the network, and then everybody works to try to create a block that will follow this original block. With selfish mining, the attacker keeps the block to itself and mines on top of it without exposing it to the network. [The selfish miner] only exposes this secret chain — the local secret chain — when it has to in order to maximize its revenue. It turns out by doing that a miner can actually increase its revenue and earn more than it should, more than its fair share of the mining power, and this is the essence of the attack."
Host Brian Fabian Crain framed it differently: a selfish miner essentially forces other miners to waste computational resources on blocks that won't be part of the longest chain. Sirer and Eyal confirmed this understanding. The tactic tricks honest miners into extending the wrong history of transactions while the attacker gains a head start on the next block.
The threat level turns out to be worse than most assumed. Consensus held that bitcoin remained safe as long as the majority of miners—more than 50 percent—remained honest. Eyal and Sirer's research challenged that assumption. "What we found out is that you actually need at least two-thirds of the miners to be honest," Eyal said on the show. They also noted that this figure represents an optimistic case. Without certain assumptions, the threshold could drop even further.
The minimum hashrate required to execute the attack remains unclear. Sirer suggested it could be as low as 5 or 10 percent of total network power. Members of mining pools could potentially detect if their contributed hashing power was being used for selfish mining by comparing their work against the known blockchain, which might discourage operators from attempting the attack. But Sirer dismissed the idea that miners would voluntarily refrain to protect bitcoin's value: "These sort of counter-arguments that a selfish miner would never do that because [he or she] wouldn't want to hurt the network — they don't really make sense. They all rely on assuming a whole lot of things about what the selfish miner wants in the long term."
Sirer and Eyal did produce a fix. The drawback: it only raises the barrier to 25 percent of network hashrate. Their solution introduces randomization into the block propagation process to eliminate the advantage a selfish miner gains from withholding blocks. Sirer described it: "The fix adds some randomization into the network that currently people took for granted that the selfish miner takes advantage of. Essentially what we do is make sure that when there are certain battles inside the network — sort of block races inside the network — we randomize who wins. That is, someone who preplaces his blocks, somebody who gets rid of the delay from his node . . . he doesn't have an advantage over the honest nodes. That ensures that a selfish miner has to be at least 25 percent big before he can succeed."
The code exists, but bitcoin core developers have deprioritized it in favor of other work. Bitcoin remains an ongoing experiment in many respects, and further security refinements will likely take years to implement across the network.
