A newly-published study from the Bank of Canada on incentive-based mining has confirmed what many cryptocurrency supporters have long argued: the risk of double spend attacks is relatively low on high-hashrate networks like Bitcoin and Ethereum, though smaller networks may not be quite so safe.
The study, which was conducted by Jonathan Chiu and Thorsten V. Koeppel, applied game theory to incentive compatibility on the blockchain in an attempt to discover the security of Proof-of-Work (PoW) consensus protocols and, specifically, whether users can trust that the information in the public ledger is immutable.
To conduct this evaluation, they gamed a hypothetical double spend attack, an event in which a miner successfully re-writes blockchain data to erase one transaction and replace it with another, thus allowing them to “spend” the same funds multiple times. This usually occurs at a cryptocurrency exchange, where the funds can quickly be laundered and withdrawn.
These attacks require a significant amount of computing power, which is why they are generally associated with 51 percent attacks, which occur when an individual miner or mining cartel accumulates a majority of a network’s hashpower and can theoretically force the remaining nodes to accept their version of the blockchain as valid.
According to the report’s authors, it is “unrealistic” that such attacks will occur, at least on large networks, since these attacks -- which may or may not succeed -- force would-be attackers to incur a “large, irretrievable sunk cost.”
“However, from an economic point of view, this requires that a dishonest miner has deep pockets and is risk neutral. These assumptions tend to be unrealistic and, in practice, users have little economic incentives to launch such an attack, especially when the computational investment by other miners is large.”
That’s not to say that double spend attacks never occur. In fact, as CCN has reported, they have become increasingly common among small-cap cryptocurrencies in recent months, particularly those that share a hashing algorithm with Bitcoin or can be mined profitably using GPUs.
To decrease their sunk cost, attackers rent hashpower from “cloud mining services” -- often by the hour. There is far too little surplus hashpower available for an attacker to attack large coins like Bitcoin or Ethereum, but it’s often alarmingly cheap to execute 51 percent attacks on cryptocurrency networks worth hundreds of millions of dollars.
The bank notes that cryptocurrency exchanges and other payment recipients concerned about double spend attacks can mitigate the risk of becoming a victim to one by increasing “confirmation lag,” or the number of blocks that they require to pass before they deliver the service or goods associated with a transaction.
Indeed, once a successful double spend has been identified, the first action that developers advise exchanges and other high-value targets to take is to drastically increase confirmation lag -- at least temporarily -- to increase the difficulty of rewriting the blockchain.
Moreover, cryptocurrency exchanges that suffer double spend attacks are often found to have credited user deposits after too few confirmations, making them prime targets for these attacks.
Altogether, the Bank of Canada study did not break any new ground on mining incentives, but it should further validate what cryptocurrency supporters have long said about this particular network security model.
Images from Shutterstock