MAD-DAG: Protecting Blockchain Consensus from MEV

TL;DR

MAD-DAG is a novel blockchain protocol designed to resist selfish mining attacks under adverse conditions like MEV and network delays, improving security thresholds over existing protocols.

Contribution

This paper introduces MAD-DAG, the first practical DAG-based blockchain protocol that counters selfish mining under adverse conditions, with a new ledger function and a tractable selfish mining model.

Findings

MAD-DAG withstands adverse conditions where Colordag and Bitcoin fail.

Security threshold for MAD-DAG ranges from 11% to 31%.

Colordag and Bitcoin have a 0% security threshold under similar conditions.

Abstract

Blockchain security is threatened by selfish mining, where a miner (operator) deviates from the protocol to increase their revenue. Selfish mining is exacerbated by adverse conditions: rushing (network propagation advantage for the selfish miner), varying block rewards due to block contents, called miner extractable value (MEV), and petty-compliant miners who accept bribes from the selfish miner. The state-of-the-art selfish-mining-resistant blockchain protocol, Colordag, does not treat these adverse conditions and was proven secure only when its latency is impractically high. We present MAD-DAG, Mutually-Assured-Destruction Directed-Acyclic-Graph, the first practical protocol to counter selfish mining under adverse conditions. MAD-DAG achieves this thanks to its novel ledger function, which discards the contents of equal-length chains competing to be the longest. We analyze selfish mining in both Colordag and MAD-DAG by modeling a rational miner using a Markov Decision Process (MDP). We obtain a tractable model for both by developing conservative reward rules that favor the selfish miner to yield an upper bound on selfish mining revenue. To the best of our knowledge, this is the first tractable model of selfish mining in a practical DAG-based blockchain. This enables us to obtain a lower bound on the security threshold, the minimum fraction of computational power a miner needs in order to profit from selfish mining. MAD-DAG withstands adverse conditions under which Colordag and Bitcoin fail, while otherwise maintaining comparable security. For example, with petty-compliant miners and high levels of block reward variability, MAD-DAG's security threshold ranges from 11% to 31%, whereas both Colordag and Bitcoin achieve 0% for all levels.