Select Language

BM-PAW: A Profitable Mining Attack in PoW-based Blockchain Systems

Analysis of BM-PAW, a novel blockchain mining attack using bribery to outperform existing strategies like PAW, with equilibrium analysis and countermeasures.
hashratecurrency.com | PDF Size: 1.5 MB
Rating: 4.5/5
Your Rating
You have already rated this document
PDF Document Cover - BM-PAW: A Profitable Mining Attack in PoW-based Blockchain Systems
View PDF Document Download PDF Translate PDF
Home » Documentation » BM-PAW: A Profitable Mining Attack in PoW-based Blockchain Systems

Table of Contents

1 Introduction

Bitcoin, introduced by Satoshi Nakamoto in 2008, revolutionized digital currency through decentralized blockchain technology. Unlike traditional currencies, Bitcoin relies on Proof of Work (PoW) consensus mechanisms where miners solve cryptographic puzzles to validate transactions and earn rewards. However, the security of PoW-based systems faces challenges from various mining attacks that exploit deviations from honest mining practices.

2 Background

2.1 Proof of Work and Mining

In PoW-based blockchain systems, miners compete to solve cryptographic puzzles. The first miner to solve the puzzle generates a new block and receives block rewards (currently 3.125 Bitcoins as of November 2024). Mining pools have emerged to combine computational resources, providing more stable income for participants through shared rewards.

2.2 Existing Mining Attacks

Previous research has identified several profitable mining attacks:

  • Selfish Mining: Miners withhold discovered blocks to gain advantage
  • Block Withholding (BWH): Attackers submit partial proofs to sabotage pool efficiency
  • Fork After Withholding (FAW): Combines withholding with strategic forking
  • Power Adjusting Withholding (PAW): Dynamically adjusts mining power allocation

3 BM-PAW Attack Strategy

3.1 Bribery Mechanism

BM-PAW introduces a novel approach where attackers offer bribe money (BM) to miners in target pools. This financial incentive encourages compliance with the attacker's directives, creating a coordinated attack strategy that outperforms traditional approaches.

3.2 Mathematical Formulation

The BM-PAW attack can be modeled using game theory. Let $\alpha$ represent the attacker's mining power, $\beta$ the target pool's mining power, and $BM$ the bribe amount. The attacker's profit function can be expressed as:

$P_{attack} = R \cdot \frac{\alpha + \gamma \cdot \beta}{\alpha + \beta + \gamma \cdot \beta} - BM$

where $R$ is the block reward and $\gamma$ is the compliance rate of bribed miners.

4 Equilibrium Analysis

In a two-pool BM-PAW game scenario, we find that the attacker can circumvent the "miner's dilemma" through strategic bribery. The Nash equilibrium depends on the attacker's mining power $\alpha$ and the optimal bribe amount $BM^*$ that maximizes profit while ensuring target pool compliance.

5 Experimental Results

Our simulations demonstrate that BM-PAW consistently outperforms PAW across various network conditions. When the attacker controls 30% of total mining power and offers optimal bribes, BM-PAW achieves 15-25% higher profits compared to PAW under the same conditions.

Performance Comparison

BM-PAW vs PAW Profit Increase: 15-25%

Optimal Bribe Range: 0.5-2% of block reward

Minimum Attack Power for Profitability: 15% of network

6 Countermeasures

We propose several practical countermeasures to mitigate BM-PAW attacks:

  • Enhanced pool monitoring for unusual reward distribution patterns
  • Cryptographic commitment schemes to prevent strategic withholding
  • Dynamic pool membership policies to detect coordinated attacks
  • Reputation systems for miner behavior tracking

7 Original Analysis

一针见血:BM-PAW represents a fundamental escalation in blockchain attack economics—it's not just about technical exploitation anymore, but about creating financial incentives that corrupt the very incentive structure that makes Proof of Work work.

逻辑链条:The attack follows a clear economic logic: traditional attacks like selfish mining or PAW rely solely on technical manipulation of mining power. BM-PAW introduces a bribery layer that creates a prisoner's dilemma scenario—individual miners are economically rational to accept bribes even when it harms the collective system. This mirrors the tragedy of the commons problem observed in other decentralized systems, similar to how flash loan attacks in DeFi exploit economic incentives rather than technical vulnerabilities.

亮点与槽点:The brilliance of BM-PAW lies in its recognition that blockchain security isn't just cryptographic—it's game theoretical. The authors correctly identify that miners' economic rationality can be weaponized. However, the paper's major weakness is its limited exploration of real-world implementation challenges. As noted in the Ethereum Foundation's research on miner extractable value (MEV), most sophisticated attacks face practical deployment hurdles including miner coordination costs and detection risks. The assumption that bribery can be efficiently implemented at scale deserves more scrutiny.

行动启示:For blockchain developers, this research signals an urgent need to move beyond pure cryptographic security. Projects must incorporate economic security layers and assume rational economic actors will exploit any profitable deviation. The countermeasures proposed are a start, but as Vitalik Buterin has argued regarding Ethereum's roadmap, long-term solutions may require fundamental protocol changes that make such attacks economically unviable through mechanisms like proof-of-stake or more sophisticated consensus designs.

Compared to traditional attacks documented in the Bitcoin whitepaper and subsequent research like Eyal's selfish mining paper, BM-PAW represents a maturation of attack sophistication—from technical exploits to economic manipulation. This evolution parallels what we've seen in traditional cybersecurity, where attacks progressed from technical vulnerabilities to social engineering and now to economic manipulation.

8 Technical Details

The BM-PAW attack relies on sophisticated mathematical modeling. The optimal bribe calculation considers multiple factors:

$BM^* = \arg\max_{BM} \left[ R \cdot \frac{\alpha + \gamma(BM) \cdot \beta}{\alpha + \beta + \gamma(BM) \cdot \beta} - BM \right]$

where $\gamma(BM)$ represents the compliance rate as a function of bribe amount, typically modeled as a sigmoid function.

9 Code Implementation

While the paper doesn't provide specific code, the BM-PAW algorithm can be conceptualized as:

BM-PAW Algorithm:
1. Calculate current mining power distribution
2. Identify potential target pools
3. Compute optimal bribe amount BM*
4. If BM* < expected profit increase:
5.    Initiate bribery campaign
6.    Adjust mining power allocation
7.    Monitor compliance and adjust strategy
8. Else: Continue with traditional PAW

10 Future Applications

The BM-PAW concept has implications beyond cryptocurrency mining:

  • DeFi Security: Similar bribery attacks could target decentralized exchanges or lending protocols
  • Consensus Evolution
  • Regulatory Considerations: May influence how securities laws apply to blockchain incentive structures
  • Cross-Chain Security: The approach could be adapted to attack bridge protocols between different blockchains

11 References

  1. Nakamoto, S. (2008). Bitcoin: A Peer-to-Peer Electronic Cash System
  2. Eyal, I., & Sirer, E. G. (2014). Majority is not Enough: Bitcoin Mining is Vulnerable
  3. Luu, L., et al. (2015). A Secure Sharding Protocol For Open Blockchains
  4. Buterin, V. (2021). Why Proof of Stake
  5. Bitcoin Hash Rate Statistics. Blockchain.com
  6. Ethereum Foundation. (2023). Miner Extractable Value Research