The incentives of Selfish Mining

Selfish Mining has occuerd in MonaCoin.

Now let’s see the relation between incentives of selfish mining and hashrate, required confirmation, and transaction amount.

Model

Consider that \(h\) is ataccker’s hash rate, \(H\) is whole miners’ hash rate exclude the attacker, \(T\) is the block time, \(R\) is the mining rewards, and \(W\) is the cost of mining.

The probability of attacker successing a mining is

$$ p=\frac{hT}{\left(H+h\right)T} $$

The expected profit of mining can be described as

$$ pR-W $$

Then, the probability of attacher’s chain whose length is z blocks less than honest chain, can catch up with the honest chain, with competition for n blocks, can be described as

$$ p_{n,z}=\frac{\left(2n+z\right)!}{n!\left(n+z\right)}\left(1-p\right)^n p^{n+z} $$

By using them, the expected profit of mining \(n\) blocks can be described as

$$ n \times \left(pR-W\right) $$

and the expected profit of selfish mining \(n\) blocks can be described as

$$ n \times \left( p_{n,0} \times \left( R + x \right) – W \right) $$

where attacker transfer amount of \(x\) in every block to cancel in the future.

So, the incentive condition to attack is described as below.

$$ n \times \left(pR-W\right) < n \times \left( p_{n,0} \times \left( R + x \right) – W \right) $$

That is,

$$ p_{n,0} \times \left(R+x\right) -pR > 0 $$

The paper of Satoshi Nakamoto

Satoshi Nakamoto showed the probability of attacker’s chain catching up with honest chain with \(z\) blocks behind, by using Poisson distribution, but this way can’t express the \(n\) blocks competition, so I can’t use it now.

Let’s show with Octave

Now I plot the left side of above inequation as 3D graph.

If the z-value is more than 0, it means that there is an incentive to attack.

If you want to see my Octave code, come here

 

At the time when  researched, the hash rate of MonaCoin was 1750 GH/s and mining Reward was 25 Mona. So I set \(H=1750\) and \(R=25\).

 

First, I’ll show you the relation between the incentive and, the  hash rate  and required confirmation.

  • h=[1,1000]GH/s
  • H=1750GH/s
  • R=25Mona
  • x=100Mona
  • n=[1,100]conf

It can be said that the more confirmations are required, the less incentives there are.

Next, I’ll show you the relation between the incentive and, the transaction amount to cancel in the future and required confirmation.

  • h=600GH/s
  • H=1750GH/s
  • R=25Mona
  • x=[1,1000]Mona
  • n=[1,100]conf

It can be said that the more amount tranferred, the more confirmations are required to decrease the incentive to attack.

Conclusion

  • If required confirmation is few, the more hash rates attacker has, the more incentives to attack there are.
  • If required confirmation is few, the more amount transferred, the more incentives to attack there are.
  • Even attacker doesn’t have the hash rate share more than 51%, the incentives to attack can be exist.

So, the way of “accepting with few confirmations if the amount is few, and requiring many confirmations if the amount is large”, which can be thought up with intuition, is correct.

Furthermore, the partial differential coefficient of the left side of the inequation by \(R\) is negative, so raising mining rewards may be able to decrease the incentives to attack.

If you find the missing of my modeling, please tell me.

By the way, there is no relation between this problem and, PoW or PoS. If you want to finalize, I suggest you PBFT. However, PBFT need restriction of node entrance, so I recommend “Right algorithm in the right place”.

 

This article is the translated version of this article: セルフィッシュマイニングのインセンティブ