Decentralization Cheapens Corruptive Majority Attacks

TL;DR

This paper demonstrates that decentralization can significantly reduce the cost of corruptive majority attacks on blockchains, challenging previous cost bounds and highlighting vulnerabilities in highly decentralized networks.

Contribution

It introduces a new scheme for cheap corruptive majority attacks and shows that previous cost bounds are loose, especially when most miners are small and decentralized.

Findings

Cheaper attack schemes are possible under certain conditions.

Budish's cost bound is loose and can underestimate attack costs.

Decentralization can lower the cost of corruptive attacks.

Abstract

Corruptive majority attacks, in which mining power is distributed among miners and an attacker attempts to bribe a majority of miners into participation in a majority attack, pose a threat to blockchains. Budish bounded the cost of bribing miners to participate in an attack by their expected loss as a result of attack success. We show that this bound is loose. In particular, an attack may be structured so that under equilibrium play by most miners, a miner's choice to participate only slightly affects the attack success chance. Combined with the fact that most of the cost of attack success is externalized by any given small miner, this implies that if most mining power is controlled by small miners, bribing miners to participate in such an attack is much cheaper than the Budish bound. We provide a scheme for a cheap corruptive majority attack and discuss practical concerns and consequences.