Rigorous and Generalized Proof of Security of Bitcoin Protocol with Bounded Network Delay

TL;DR

This paper rigorously proves the security of the Bitcoin protocol under bounded network delay, generalizes the model to include blocks of varying scores, and corrects previous flawed approaches using random walk theory.

Contribution

It introduces a more general security proof for Bitcoin considering block delays and corrects prior flawed methods with a new punctured block process approach.

Findings

With probability one, honest blocks will infinitely appear if honest mining rate exceeds adversary rate.

The protocol prevents perpetual censorship of transactions by adversaries under the model.

A counterexample shows previous random walk-based methods are incorrect, and the new approach is validated.

Abstract

A proof of the security of the Bitcoin protocol is made rigorous, and simplified in certain parts. A computational model in which an adversary can delay transmission of blocks by time $\Delta$ is considered. The protocol is generalized to allow blocks of different scores and a proof within this more general model is presented. An approach used in a previous paper that used random walk theory is shown through a counterexample to be incorrect; an approach involving a punctured block arrival process is shown to remedy this error. Thus, it is proven that with probability one, the Bitcoin protocol will have infinitely many honest blocks so long as the fully-delayed honest mining rate exceeds the adversary mining rate. This means that an adversary cannot censor future transactions of a user in perpetuity, which would render the protocol useless.