Cyril Grunspan

Cyril Grunspan, Ricardo Pérez-Marco

For a mining strategy we define the notion of "profit lag" as the minimum time it takes to be profitable after that moment. We compute closed forms for the profit lag and the revenue ratio for the strategies "selfish mining" and "intermittent selfish mining". This confirms some earlier numerical simulations and clarifies misunderstandings on profitability in the literature. We also study mining pairs of PoW cryptocurrencies, often coming from a fork, with the same mining algorithm. This represents a vector of attack that can be exploited using the "alternate network mining" strategy that we define. We compute closed forms for the profit lag and the revenue ratiofor this strategy that is more profitable than selfish mining and intermittent selfish mining. It is also harder to counter since it does not rely on a flaw in the difficulty adjustment formula that is the reason for profitability of the other strategies.

Cyril Grunspan, Ricardo Pérez-Marco

We survey recent results on the mathematical stability of Bitcoin protocol. Profitability and probability of a double spend are estimated in closed form with classical special functions. The stability of Bitcoin mining rules is analyzed and several theorems are proved using martingale and combinatorics techniques. In particular, the empirical observation of the stability of the Bitcoin protocol is proved. This survey article on the mathematics of Bitcoin is published by the Newsletter of the European Mathematical Society, vol.115, 2020, p.31-37. Continuation of arXiv:1601.05254 (EMS Newsletter, 100, 2016 p.32).

Cyril Grunspan, Gabriel Lehéricy, Ricardo Pérez-Marco

The ambition of the Lightning Network is to provide a second layer to the Bitcoin network to enable transactions confirmed instantly, securely and anonymously with a world scale capacity using a decentralized protocol. Some of the current propositions and implementations present some difficulties in anonymity, scaling and decentalization. The Ant Routing algorithm for the Lightning Network was proposed in \cite{GrunspanPerez} for maximal decentralization, anonymity and potential scaling. It solves several problems of current implementation, such as channel information update and centralization by beacon nodes. Ant Routing nodes play all the same role and don't require any extra information on the network topology beside for their immediate neighbors. The goal of LN transactions are completed instantaneously and anonymously. We study the scaling of the Ant Routing protocol. We propose a precise implementation, with efficient memory management using AVL trees. We evaluate the efficiency of the algorithm and we estimate the memory usage of nodes by local node workload simulations. We prove that the number of transactions per second that Ant Routing can sustain is of the order of several thousands which is enough for a global payment network.

Cyril Grunspan, Ricardo Pérez-Marco

Nakamoto double spend strategy, described in Bitcoin foundational article, leads to total ruin with positive probability and does not make sense from the profitability point of view. The simplest strategy that can be profitable incorporates a stopping threshold when success is unlikely. We solve and compute the exact profitability for this strategy. We compute the minimal amount of the double spend that is profitable. For a given amount of the transaction, we determine the minimal number of confirmations to be requested by the recipient such that this double spend strategy is non-profitable. We find that this number of confirmations is only 1 or 2 for average transactions and a small hashrate of the attacker. This is substantially lower than the original Nakamoto numbers that are widely used and are only based on the success probability instead of the profitability.

Cyril Grunspan, Ricardo Pérez-Marco

We study selfish mining in Ethereum. The problem is combinatorially more complex than in Bitcoin because of major differences in the reward system and a different difficulty adjustment formula. Equivalent strategies in Bitcoin do have different profitabilities in Ethereum. The attacker can either broadcast his fork one block by one, or keep them secret as long as possible and publish them all at once at the end of an attack cycle. The first strategy is damaging for substantial hashrates, and we show that the second strategy is even worse. This confirms what we already proved for Bitcoin: Selfish mining is most of all an attack on the difficulty adjustment formula. We show that the current reward for signaling uncle blocks is a weak incentive for the attacker to signal blocks. We compute the profitabilities of different strategies and find out that for a large parameter space values, strategies that do not signal blocks are the best ones. We compute closed-form formulas for the apparent hashrates for these strategies and compare them. We use a direct combinatorics analysis with Dyck words to find these closed-form formulas.

Cyril Grunspan, Ricardo Pérez-Marco

The main goal of this article is to present a direct approach for the formula giving the long-term apparent hashrates of Selfish Mining strategies using only elementary probabilities and combinatorics, more precisely, Dyck words. We can avoid computing stationary probabilities on Markov chain, nor stopping times for Poisson processes as in previous analysis. We do apply these techniques to other block withholding strategies in Bitcoin, and then, we consider also selfish mining in Ethereum.

Cyril Grunspan, Ricardo Pérez-Marco

We give a straightforward proof for the formula giving the long-term apparent hashrate of the Selfish Mining strategy in Bitcoin using only elementary probabilities and combinatorics, and more precisely, Dyck words. There is no need to compute stationary probabilities on Markov chain nor stopping times for Poisson processes as it was previously done. We consider also several other block withholding strategies.

Cyril Grunspan, Ricardo Pérez-Marco

We compute the revenue ratio of the Trail Stubborn mining strategy in the Bitcoin network and compare its profitability to other block-withholding strategies. We use for this martingale techniques and a classical analysis of the hiker problem. In this strategy the attacker could find himself mining in a shorter fork, but we prove that for some parameter values it is still profitable to not give up. This confirms previous numerical studies.

Cyril Grunspan, Ricardo Pérez-Marco

We compute and compare profitabilities of stubborn mining strategies that are variations of selfish mining. These are deviant mining strategies violating Bitcoin's network protocol rules. We apply the foundational set-up from our previous companion article on the profitability of selfish mining, and the new martingale techniques to get a closed-form computation for the revenue ratio, which is the correct benchmark for profitability. Catalan numbers and Catalan distributions appear in the closed-form computations. This marks the first appearance of Catalan numbers in the Mathematics of the Bitcoin protocol.

Cyril Grunspan, Ricardo Pérez-Marco

We review the so called selfish mining strategy in the Bitcoin network and compare its profitability to honest mining.We build a rigorous profitability model for repetition games. The time analysis of the attack has been ignored in the previous literature based on a Markov model,but is critical. Using martingale's techniques and Doob Stopping Time Theorem we compute the expected duration of attack cycles. We discover a remarkable property of the bitcoin network: no strategy is more profitable than the honest strategy before a difficulty adjustment. So selfish mining can only become profitable afterwards, thus it is an attack on the difficulty adjustment algorithm. We propose an improvement of Bitcoin protocol making it immune to selfish mining attacks. We also study miner's attraction to selfish mining pools. We calculate the expected duration time before profit for the selfish miner, a computation that is out of reach by the previous Markov models.

Cyril Grunspan, Ricardo Pérez-Marco

We present Bitcoin Security Tables computing the probability of success p(z,q,t) of a double spend attack by an attacker controlling a share q of the hashrate after z confirmations in time t.

Cyril Grunspan, Ricardo Pérez-Marco

We correct the double spend race analysis given in Nakamoto's foundational Bitcoin article and give a closed-form formula for the probability of success of a double spend attack using the Regularized Incomplete Beta Function. We give a proof of the exponential decay on the number of confirmations, often cited in the literature, and find an asymptotic formula. Larger number of confirmations are necessary compared to those given by Nakamoto. We also compute the probability conditional to the known validation time of the blocks. This provides a finer risk analysis than the classical one.