Modeling Bitcoin Mining and Denial of Service

January 5, 2015 16:50 UTC

The cryptocoin universe is more than a little like the American west at the end of the 19th century. There are boomtowns like Paybase turning into real cities, ghost towns of defunct altcoin scams, and banditry is all too common.

One form of banditry are attacks on mining pools, either by stealth or brute for DDoS. We know that this happens, but the nature of such conflict, as well as quantified fallout, are not well understood. When Bitcoin Mining Pools Run Dry (pdf) is a scholarly game theory paper on developing a model of mining pools in conflict.

Scenarios Studied

The study examined two scenarios, namely peaceful equilibria, where pools have no incentive to attack each other, and one-sided attack equilibria, where there is some benefit to attacking an opponent.

Peace is achieved when the cost of an attack, either in computer power, electricity, reputation or potential civil/criminal exposure is too great. Attacks employed have included computer intrusion, employing methods to siphon work from pools, or simply disabling them via DDOS.

Another paper cited in this one indicates that 29% of all mining pools have faced a DDOS and when the pool’s total share of capacity rises to 5% their likelihood of attack is 63%. When a DDOS attack is employed the competitor behind it may adjust their rates in order to capture disgruntled members of the pool who are looking for a change.

Modeling Miner Behavior

One of the biggest problems in building a game theory model of a complex system is how to abstract the behavior of humans into something that is quantifiable. You may be in a mining pool because a friend recommended it, you may stay in a mining pool that is underperforming simply because you are not focused on tuning that aspect of your participation in the cryptocoin market. Somehow these nuances all have to be distilled down into a set of probabilities. How often will you change pools? Is this always triggered by an attack, or do participants wander for other reasons? A correct model will capture this.

The 5% pool size describe above gives a minimum pool count of twenty, but the model only used a pair. The researchers’ prior efforts involved a single pool under attack, and this time they used a pair of pools and simulated many attack/quiet cycles, with different parameters for how often a participant would choose to switch.

Further Motivation

Studies like these can be an intellectual slog, particularly if they use a great deal of unfamiliar mathematics, which this one does, unless you happen to be a game theorist. There is still value to be found in reading them, for checking the assumptions against what you know and checking the conclusions to see if they help you better understand the rapidly changing cryptocoin market.

The concepts of decentralized currency and the blockchain itself are significant innovations, so much so that almost every bit of research is cross-disciplinary. There are few who have mastered the right breadth of skills, and they are the visionaries of the industry. With any luck, one of those visionaries is going to read this paper, and not long after that we’ll see a next generation blockchain with embedded features that make attacking mining pools unattractive.

Images from Shutterstock.

Last modified: January 6, 2015 15:57 UTC

More of: ddos
Show comments