Can China destroy the number one cryptocurrency? The second part. In the first part, we looked at the phenomenon of empty blocks that Chinese miners were mining. We now continue our examination of the paper by Kaiser et al. and look at the dangers identified by the authors of the paper. For the classification we let ourselves be inspired by an important framework of quality management.
In our analysis of a possible threat to Bitcoin from China, we looked at the blocks. Together with the paper by Kaiser et al., we looked into the past and learned that between 2015 and 2016 an above-average number of empty blocks were mined by Chinese miners. The reason for this was the Great Firewall of China and the difficulty in exchanging large data packets between Chinese nodes and the rest of the world. The Bitcoin protocol was optimized in this respect so that the mining of empty blocks should no longer make sense.
With some concern, we had to see, however, that at least in the last days the proportion of empty blocks was again very high. To blame China as a whole would be unfair since we could classify Antpool as the main culprit. We, therefore, concluded by saying that the focus on China alone is somewhat narrow-minded and that each one of us should keep an eye on the Bitcoin blockchain for any anomalies according to the motto “Do Your Own Research”.
The main part of the paper analyses various attacks on the Bitcoin network and classifies them according to purpose, visibility, target, and prerequisites. As possible purposes, the authors see censorship, deanonymization, destabilization of consensus, and disruption of competing miners.
Censorship on the Blockchain – The Role of Miners
Selective forking or feather forking counts as attack vectors supporting censorship. In both cases, this is a control emanating from the miners. Selective forking means that a mining entity holding over 51 percent of the hashrate does not specifically integrate certain transactions whose addresses are on a blacklist, for example, into blocks.
It makes sense to describe Feather Forking as a “weak variant” of selective forking since 51 percent of the hashrate does not have to be controlled here. However, there can be a risk here if an attacker wants to feed his own version of the blockchain into the network without the transactions to be censored. If he succeeds often enough, this could lead to other miners joining the censoring consensus.
Both would be variants of 51 percent attacks and quickly visible in the network. Nodes would see a worrying correlation between chain reorganization and mining activity. Certain transactions would remain in the mempools so that the nodes would notice that something is in the bush.
A very powerful attacker could use an Eclipse attack to control the connections between miners and nodes or between the nodes themselves so that no censorship is apparent to the nodes. A similar approach is to control Internet traffic itself.
But a look at the worldwide distribution of full nodes also shows what the attacker is believed to be capable of for a global power. Of the current 10,000 or so nodes, 24 percent are in America, 19 percent in Germany and only seven percent in China. The remaining fifty percent is distributed over 110 other countries.
Deanonymization – hunting over the blockchain
I find it interesting that the paper devotes so much space to deanonymization. It is well known that Bitcoin is not the most anonymous of all blockchains. If you’re looking for something like this, you’ll find systems like Monero. Here again, the focus on China comes as a surprise. The fact that different nations and authorities follow the activity in the Bitcoin network is just as well-known as suggestions for improvement such as Taproot and Dandelion.
In any case, the authors see the clustering of wallet addresses or the monitoring of the network by associating wallet addresses with IP addresses as possible attack vectors. A powerful attacker like a government would not even have to do this work itself but could require traders and stock exchanges to release customer data. By using trackers, the attacker could also undermine the anonymity of Bitcoin users. After all, one could simply use the human factor and classic methods of denunciation.
Destabilizing the Bitcoin Consensus – An Attack on the Protocol
Immutability is part of the narrative of Bitcoin. A destruction of this would really harm Bitcoin. To question the immutability, the Bitcoin consensus on the order of transactions must be questioned. The classic double-spending attack, which a Miner possesses with over 51 percent of the hashrate, would be such an attack on immutability.
Two different variants of this double-spending attack are the race attack and the Finney attack, depending on whether the attacker wants to undo one or more blocks. Such attacks also include the brute force attack, in which the attacker mines his own blockchain.
A particularly mean type of double-spending attack is the balanced attack. Two different blocks are sent to different subsets of the miner, causing confusion. The attacker could then use his hashrate, which does not have to be 51 percent in this case, for the subset he has chosen and still receive “his” version of the blockchain. Unlike the classic 51 percent attacks, it would not be possible to tell whether a centralized party is organizing the chain reorganizations.
A Goldfinger attack is a variant of the 51 percent attack that is ideologically motivated. The attacker is not looking for any financial profit but wants to weaken the Bitcoin ecosystem by questioning its immutability.
Finally, there is selfish mining. A miner holds back found blocks until the cumulative proof of work is at least as large as the actual blockchain. The subsequent publication can lead to destructive forks and the rewriting of large parts of the Bitcoin history.
Except for the balanced attack, all these attacks require a very high hashrate. This prerequisite can be somewhat mitigated by executing an Eclipse attack in parallel.
Destabilizing the Miner Community
The above attacks target the users or the entire ecosystem. Other attack vectors can also be used to attack other miners. An entity with a large hashrate would receive most of the rewards. Thus, mining would no longer be profitable for others. Miners would then join the attacker’s Mining Pool with their Hashrate if necessary.
Besides the Selfish Mining shown above, the authors identify the retention of blocks as a possible attack vector. Miners on the attacker’s side would infiltrate another mining pool and send partial proofs of work there, but not the foundation blocks to the network. This would starve the pool itself, so other miners would leave the pool. Repeated use could destroy competing pools. In addition to withholding blocks until starvation, an attacker could publish his blocks to initiate a fork.
How can these attack vectors be classified?
So much for the attack vectors described in the paper. What can we make of them? We will use this classification, but extend it similar to the FMEA principles.
FMEA stands for Failure Mode and Effect Analysis. As part of quality management, these are used to assess possible sources of error in terms of their risk and to articulate measures on the basis of these. Individual hazards are assigned an evaluation with regard to risk or significance (B), a probability of residence (A) and a probability of detection (E).
A number between 1 and 10 is classically assigned to the three variables B, A, and E and a further key figure called “risk priority number” is formed by multiplying the three. However, more and more experts are reducing the scales for B, A, and E to only a few values such as “low”, “medium” and “high” and leaving the risk priority number intact.
We will go this way because the importance of risk is always the most important of all variables. Getting a crooked back from a bad desk chair is less relevant than electrocution on an open wire, to put it figuratively, even though it happens more often. We also look at the requirements that the attacker must meet, rather than the probability of occurrence. Since no product is formed from the values, we can assign concrete values to the meaning, the probability of occurrence and the probability of recognition.
The FMEA makes no dogmatic claim – neither to completeness nor to one hundred percent correctness. Especially the evaluations regarding significance, a probability of occurrence and probability of recognition are well-founded but subjective assessments. If something incorrect has crept in, constructive feedback is of course welcome.
Don’t panic, Bitcoin continues to develop
As matter-of-fact as the paper reads compared to the articles in the digital forest, there are two things one can accuse it of: The focus on China is quite confusing. China is probably interested in controlling Bitcoin, but similar accusations can be made against other states or powerful entities. Especially regarding deanonymization, it’s astonishing to see such measures as an attack on Bitcoin itself. The “Never-Ending Story” Silk Road shows very well that Bitcoin can live well without the cloak of anonymity and that states other than China are interested in deanonymization.
Secondly, it is quite alarmistic. “Destroying Bitcoin” is a very hard phrase that would have deserved a more precise concretization. It is obvious that such attack vectors and a possible worldwide Internet control could weaken Bitcoin and cause major problems. But that is not destruction. The paper also overlooks the fact that these attack vectors are known. Measures in such cases are known.
A complete FMEA would go beyond the scope, but the attack vectors discussed by the authors can be used accordingly.
The developers are also still working on the Bitcoin network. It is not a frozen ivory tower, whose gates are only waiting for a burglar. There is competition between attackers and developers. The above analysis shows that the most critical attack vectors can largely be solved with the same measures. Observing the blockchain and using TOR services are two tried and tested ways of mastering the aforementioned dangers. If such attacks are successful, further measures such as switching to a new proof of work or implementing a new checkpoint can be considered. This would be complex solutions, but Bitcoin would not be “destroyed” for a long time.
After all, nobody can forget the world beyond Bitcoin. With a look at the big world of cryptocurrencies, it is definitely too early to see a danger of death for Bitcoin and the entire cryptocurrency sector.