Bitcoin Selfish Mining Modeling and Dependability Analysis Bitcoin Selfish Mining Modeling and Dependability Analysis

Blockchain technology has gained prominence over the last decade. Numerous achievements have been made regarding how this technology can be utilized in different aspects of the industry, market, and governmental departments. Due to the safety-critical and security-critical nature of their uses, it is pivotal to model the dependability of blockchain-based systems. In this study, we focus on Bitcoin, a blockchain-based peer-to-peer cryptocurrency system. A continuous-time Markov chain-based analytical method is put forward to model and quantify the dependability of the Bitcoin system under selfish mining attacks. Numerical results are provided to examine the influences of several key parameters related to selfish miners’ computing power, attack triggering, and honest miners’ recovery capability. The conclusion made based on this research may contribute to the design of resilience algorithms to enhance the self-defense and robustness of cryptocurrency systems.


Introduction
Intensive research and development efforts from academia, industries and governments have been devoted to blockchain technology in the last decade (Ferrag et al., 2018;Kang et al., 2018;Dai et al., 2019;Bhushan et al., 2021). It has been applied to diverse applications, such as smart contracts, financial services, voting, supply chains, Internet of Things, energy trading, etc. (Akbari et al., 2017;Frizzo-Barker et al., 2020;Wongthongtham et al., 2021;Xing, 2020Xing, , 2021. Due to the safety-critical and security-critical nature of these applications, it is crucial to model the dependability attribute of the blockchain-based systems. In this work, we focus on the dependability modeling and analysis of Bitcoin, a blockchain-based peer-to-peer cryptocurrency network (Nakamoto, 2008).
In contrast to the traditional fiat currency, Bitcoin is a decentralized system where individuals can freely trade without engaging banks (Tschorsch and Scheuermann, 2016). Bitcoin is now widely utilized in diverse fields with a market cap of over $1trillion (Best, 2021). Due to its businesscritical nature, the Bitcoin network has become the target of many cyber-attacks. For instance, a malicious attacker may compromise the blockchain data availability by generating illegal or incorrect access to the data through tracking correspondences of different addresses like the Bitcoin and IP addresses (Koshy et al., 2014). An attacker may also temper the data by attacking the blockchain's consensus mechanism (Bag et al., 2016). Through tracking relationships between addresses of transactions in the Bitcoin open network, an attacker may access users' personal information (Reid and Harrigan, 2013). Other examples of security attacks launched to the Bitcoin system include but are not limited to selfish mining attacks (Eyal and Sirer, 2014), sybil attacks (Zhang and Lee, 2019), mining pool attacks (Bahack, 2013;Qin et al., 2020), miner attacks (Rosenfeld, 2011), re-identification attacks (Meiklejohn et al., 2013), eclipse attacks (Zhou et al., 2021a), and CryptoLocker-based attacks (Liao et al., 2016).
Many research efforts have been dedicated to defending the Bitcoin system against those security attacks. For instance, a mitigation approach based on modifying the Bitcoin protocol was proposed in Eyal and Sirer (2014) to defend Bitcoin against colluding selfish mining attacks. Several countermeasures (updating block advertisements, dynamic timeouts, penalizing non-responding nodes) were investigated in Gervais et al. (2015) to improve the Bitcoin network security. A hardware token was suggested in Bamert et al. (2014) to secure Bitcoin transactions. The weakness of Bitcoin in protecting privacy was first studied and an anonymous, decentralized payment mechanism was then suggested for privacy protection in Monaco (2015). The threat to Bitcoin from the pool mining was first discussed and Markov chains were then applied for stochastic analysis of a two-phase proof-of-work in Bastiaan (2015). Markov chains were utilized in Göbel et al. (2016) for possibly detecting block-hiding attacks through monitoring orphan blocks' production rate.
While existing works have mostly centered on studying impacts of the malicious behaviors or detecting and defending threats, some of the recent efforts have been expended in the quantitative performance evaluation of Bitcoin. For example, in Wang et al. (2020), a mathematical model was proposed to estimate the performance and effectiveness of selfish attacks quantitatively and investigated the relationship between the extra mining gain and computational power. In Motlagh et al. (2021), an analytical model was proposed for studying the effects of selfish mining on the Bitcoin network connectivity, node response time, block delivery time, and block arrival rate. In Zhou et al. (2021a), a continuous-time Markov Chain-based approach was suggested for assessing the dependability of a Bitcoin node subject to Eclipse attacks; this work was extended in Zhou et al. (2021b) through semi-Markov models for accommodating non-exponential state transition time distributions. In Yang et al. (2020), a Markov model was applied to evaluate the mining revenue, and potential risk of the Bitcoin system under selfish mining. In Xia et al. (2021), the impacts of multiple miners and propagation delay on selfish mining were studied, which found that the Bitcoin network with a higher orphan rate is more vulnerable. To the best of our knowledge, no works have been done to study the selfish mining behavior from the perspective of the Bitcoin network dependability and identify the attacking or defending parameters as well as their effects on the Bitcoin network dependability attribute.
In this paper, we advance the state of the art by examining the selfish mining behavior and considering this attack behavior in the quantitative dependability analysis of the Bitcoin network. We also investigate the impacts of several key parameters related to selfish miners' computing power, attack triggering and honest miners' recovery capability on the Bitcoin dependability through numerical results.
The rest of the paper is structured as follows: Section 2 presents the functioning mechanism of the selfish mining attack. Section 3 presents the state transition diagram of the Bitcoin system under the selfish mining attack. Section 4 derives the state probabilities and the Bitcoin dependability using the continuous-time Markov chain (CTMC)-based approach. Section 5 carries out a numerical analysis of several key model parameters and discusses their impacts on the Bitcoin dependability. Section 6 concludes our study results and discusses future research plans.

The Selfish Mining Attack
In the selfish mining attack (also known as the block withholding attack), selfish miners intentionally withhold the newly mined blocks. Instead of broadcasting the new blocks immediately, the selfish miners keep these blocks secretly and build their own branches. At a certain point, the selfish miners publish their private branch and gain unfair revenue.
In this research, we focus on the three-block strategy. Due to the limitation of computing power, it is often extremely hard to expand the lead. To realize the attack, an attacker always withholds the mined blocks and keeps mining on the private branch until the private branch is exactly three blocks longer than the main branch. When the honest miner finds the next block, the attacker publishes their private branch immediately. Because of the proof-of-work protocol, the attacker can successfully claim the rewards while the honest miner's computing power is wasted. Figure 1 shows the flowchart of a successful selfish mining attack. The realization of the selfish mining attack highly depends on the computing power. Some blockchain attacks like Eclipse attacks are capable of controlling the blockchain channels and information flows of more nearby nodes, and gradually controlling most of the blockchain network. Thus, a successful Eclipse attack can reinforce the selfish mining attack (Heilman et al., 2015).

State-Transition Diagram
Based on the working mechanism of the selfish attack presented in Section 2, we illustrate the state transition diagram of the Bitcoin system under the attack in Figure 2. Six major states are differentiated and defined: 0 (original or initial state), 0' (double branches), 1 (one block lead), 2 (two-block lead), 3 (three-block lead), and 4 (attack success). In the original state 0, there is only one main chain every miner is mining on. There is no branch. Under state 0, the malicious miner mines a block and keeps it secretly. As a result, a private branch is built and the system transits from state 0 to state 1 with transition rate of λ01. Under state 0, if the honest miner finds the block first, then the system remains in state 0 with µ00.
Under state 1, if the malicious miner successfully finds the next block on their private branch, then the system transits to state 2 with transition rate of λ12. Under state 1, if the honest miner finds the next block before the malicious miner, then the system transits to state 0' with transition rate of µ10'.
Under state 0' (the chain has two branches of length one), if the malicious miner finds the new block with rate λ0'1, the system transits to state 1 where the selfish miner's private branch is one block longer. If the honest miner finds the new block first, the system can transit back to the initial state 0 with rate µ0'0 .
Under state 2, the malicious miner can be the first one to find the next block with rate λ23, causing the system to transit to state 3. Under state 2, if the honest miner discovers the next block, the system can transit back to state 1 with rate µ21.
Under state 3, when the honest miner successfully finds the next block with rate λ34, the system transits to state 4. Under state 4, the selfish miner broadcasts their private branch, which becomes the main branch. Consequently, the selfish mining attack completes. Based on the state transition diagram, Section 4 derives the state probabilities and further the Bitcoin dependability based on the continuous-time Markov chain (CTMC) approach. Section 5 investigates the effects of some representative state transition rates on the Bitcoin dependability.

CTMC-based Dependability Evaluation
Based on the state transition diagram of Figure 2, we present the state equations in Eq. (1), which consists of a transition rate matrix, a state probability vector, and a vector of the derivative of the state probability. Particularly, ( ) denotes the probability that the Bitcoin is in state j (j = 0, 0', 1, 2, 3, 4), and ̇( ) denotes the derivative of the state j probability. Eqs.

Numerical Results and Impacts of Model Parameters
In this section, the effects of several key parameters on the Bitcoin dependability are investigated through numerical results. These results could help us gain a better understanding of the selfish mining mechanism.
Based on statistics and survey from Sapirshtein et al. (2016), seven sets of parameter values are designed in Table 1 for the transition rates in Figure 2, including rates related to the selfish miner's attacking behavior or power (λ01 , λ0'1 , λ12 , λ23 , λ34), and rates related to the honest miner's recovery capability ( 0′0 , 10′ , and 21 ).
In particular, we study the impacts of parameters λ01 , λ12 , λ34, 10′ , and 21 on the Bitcoin dependability using parameter sets of Table 1. Specifically, (λ01 , λ12) reflect the selfish miner's computing power; their impacts are studied via parameter sets a, b, and c in Table 1. λ34 models the Bitcoin system's trigger rate; its impacts are examined via parameter sets d, b and e. ( 10′ , 21 ) reflect the honest miner's recovery capability; their impacts are examined using sets f, b, and g in Table 1.

Impacts of Selfish Miner's Computing Power Parameters ,
The impacts of the selfish attacker's computing power are examined via parameter sets a, b, and c in Table 1, which model the selfish miner who has relatively low, medium, and high computing power, respectively. These malicious miners sometimes incorporate other attack methods like Eclipse attacks to reinforce their computing power dramatically. Table 2 presents the Bitcoin dependability under sets a, b, and c for several values of mission time. Figure 3 demonstrates the dependability results graphically.
It can be observed from Figure 3 that the Bitcoin dependability decreases with time. The Bitcoin system under set a (low computing power of the selfish miner) has the highest dependability D and the lowest decreasing speed. The Bitcoin system under set c (high computing power of the selfish miner) has the lowest dependability D and decreases with the highest speed. The Bitcoin dependability D under set b (average computing power of the selfish miner) has values between the former two cases. The above results are intuitive since it is more difficulty for the Bitcoin system to stay in the dependable state when the selfish attacker has a higher computing power. As time proceeds, the difference in the Bitcoin dependability between the low and high computing power cases becomes more significant due to the different declination speeds under these two cases.  Figure 3. Impacts of parameters 01 , 12 on the Bitcoin dependability.

Impacts of Trigger Parameter
In Table 1, the impacts of the attack trigger parameter 34 are examined via parameter sets d, b, and e with low, medium, and high trigger rates, respectively. Table 3 presents the Bitcoin dependability results computed using those three parameter sets. Figure 4 demonstrates the Bitcoin dependability results graphically.  It can be observed from Figure 4 that the Bitcoin system under set d (low trigger rate) has the highest dependability D and the lowest decreasing speed as time proceeds; the Bitcoin under set e (high trigger rate) has the lowest dependability D and the highest decreasing speed as time proceeds; the values of D under set b (medium trigger rate) are between the former two cases. These numerical results are intuitive since the higher trigger rate means it is more likely to realize the last attack step, which eventually leads to the successful selfish mining attack, and hence lower the system dependability. As time proceeds, the difference in the Bitcoin dependability between the low and high trigger rate cases becomes more noticeable at the beginning and then tends to become stable for the considered parameter settings.

Impacts of Recovery Capability Parameters ′ ,
The impacts of the recovery capability parameters 10′ , 21 on the Bitcoin dependability are examined via parameter sets f, b, and g in Table 1, where an honest miner has low, average/medium, and high recovery capability, respectively. Table 4 presents the Bitcoin system dependability results under sets f, b and g. Figure 5 demonstrates the results graphically. It can be observed from Figure 5 that the Bitcoin system under set f (honest miner with low recovery capability) has the lowest system dependability D and the highest decreasing speed as time proceeds; the Bitcoin under set g (honest miner with high recovery capability) has the highest values of D and the lowest decreasing speed among the three cases; the Bitcoin under set b (honest miner with average recovery capability) has values of D between the former two cases. From the above intuitive results, we can conclude that the Bitcoin system with honest miners having higher recovery capability is more dependable. Moreover, as time proceeds, the difference in the Bitcoin dependability between the low and high recovery capability cases becomes more notable due to the different declination speeds under these two cases.

Conclusion and Future Directions
The Bitcoin network is vulnerable to selfish mining attacks, during which a malicious miner withholds the mined block and mines on its own private chain secretly. The existing studies on selfish mining have mostly focused on cryptography and protocol designs, risk detection and damage estimation caused by the adversaries. To defend against selfish mining, it is crucial to study the behavior of selfish mining from the Bitcoin network dependability's perspective. This paper makes contributions to the state of the art by building an analytical dependability model based on the CTMC for the Bitcoin system subject to the selfish mining attack. Numerical results are provided to assess the impacts of several model factors (including selfish miners' computing power, the attack triggering parameter, and honest miners' recovery capability) on the overall Bitcoin dependability. The findings include 1) it is more unlikely that the Bitcoin system stays in the dependable state when the selfish attacker has a higher computing power; 2) the Bitcoin system tends to fail more quickly as the trigger rate increases; and 3) the Bitcoin system tends to be more dependable when its honest miners have better recovery capability.
While the findings from this research are mostly intuitive, the quantitative results and comparisons will provide effective guidance for us to develop resilience algorithms and protocols. Such algorithms can enhance the robustness of the current blockchain-based cryptocurrency network models, improving their self-defense capability against various malicious attacks. In the future study, we are also interested in extending our dependability analysis to non-exponential state transition times through exploring methods such as semi-Markov models (Zhou et al., 2021b) and multi-integral-based analytical methods (Zeng et al., 2019).