Article

The mathematics of Bitcoin

Authors:
To read the full-text of this research, you can request a copy directly from the authors.

No full-text available

Request Full-text Paper PDF

To read the full-text of this research,
you can request a copy directly from the authors.

... У свою чергу, критики стверджують, що нова технологiя є нерегульованою i може дати можливiсть злочинним та терористичним органiзацiям та неприйнятним режимам здiйснювати фiнансовi операцiї. Вони також пiдкреслюють, що енергоємний майнiнг криптовалют негативно впливає на навколишнє середовище [6]. ...
Article
Full-text available
Криптовалюти еволюцiонували з цифрової новинки до технологiй на трильйон доларiв, що можуть за кiлька рокiв викликати значний вплив на глобальну фiнансову систему. Бiткоїн та сотнi iнших криптовалют стають все бiльш популярними як iнвестицiйний iнструмент, а також використовуються для оплати товарiв та послуг, вiд програмного забезпечення до нерухомостi [1]. В межах даної наукової роботи проведено кластеризацiю криптовалют з використанням рiзних методiв. Для проведення дослiдження використано реальнi данi iз сервiсу CryptoCompare. На першому етапi набiр даних нормалiзовано та стандартизовано. Далi проведено зменшення розмiрностi даних. На наступних етапах визначено оптимальну кiлькiсть кластерiв та проведено подiл криптовалют на вiдповiднi кластери. Для досягнення поставленої мети використано наступнi методи: EDA, PCA, t-SNE, k-means, метод лiктя та силуетний метод.
... The center would determine how much reward it can dispense per block based on its expected returns. Since block mining typically is a memoryless process, the time taken to mine a block is exponentially distributed (see Appendix A for details); the memoryless property of mining and the exponential distribution of the mining time are well accepted conventions in the literature (Liu et al., 2019;Biais et al., 2019;Dimitri, 2017;Grunspan and Pérez-Marco, 2020) . Since the expected duration of a segment is 1 β and the expected total reward dispensed per segment is r , the reward can be spread over a segment in a continuous form such that the reward dispensed per unit time is r β. ...
Article
Full-text available
We consider a distributed computing setting wherein a central entity seeks power from computational providers by offering a certain reward in return. The computational providers are classified into long-term stakeholders that invest a constant amount of power over time and players that can strategize on their computational investment. In this paper, we model and analyze a stochastic game in such a distributed computing setting, wherein players arrive and depart over time. While our model is formulated with a focus on volunteer computing, it equally applies to certain other distributed computing applications such as mining in blockchain. We prove that, in Markov perfect equilibrium, only players with cost parameters in a relatively low range which collectively satisfy a certain constraint in a given state, invest. We infer that players need not have knowledge about the system state and other players’ parameters, if the total power that is being received by the central entity is communicated to the players as part of the system’s protocol. If players are homogeneous and the system consists of a reasonably large number of players, we observe that the total power received by the central entity is proportional to the offered reward and does not vary significantly despite the players’ arrivals and departures, thus resulting in a robust and reliable system. We then study by way of simulations and mean field approximation, how the players’ utilities are influenced by their arrival and departure rates as well as the system parameters such as the reward’s amount and dispensing rate. We observe that the players’ expected utilities are maximized when their arrival and departure rates are such that the average number of players present in the system is typically between 1 and 2, since this leads to the system being in the condition of least competition with high probability. Further, their expected utilities increase almost linearly with the offered reward and converge to a constant value with respect to its dispensing rate. We conclude by studying a Stackelberg game, where the central entity decides the amount of reward to offer, and the computational providers decide how much power to invest based on the offered reward.
... Before diving into the modeling assumptions, it is important to state that mining is a Markov process, see [GP20]. Let γ n for n ∈ N represent the process modelling γ in discrete time, and consider the modified stochastic process indexed by N: ...
Preprint
Full-text available
Many of the recent works on the profitability of rogue mining strategies hinge on a parameter called γ\gamma that measures the proportion of the honest network attracted by the attacker to mine on top of his fork. These works, see arXiv:1808.01041 and arXiv.1805.08281, have surmised conclusions based on premises that erroneously treat γ\gamma to be constant. In this paper, we treat γ\gamma as a stochastic process and attempt to find its distribution through a Markov analysis. We begin by making strong assumptions on gamma's behaviour and proceed to translate them mathematically in order to apply them in a Markov setting. The aforementioned is executed in two separate occasions for two different models. Furthermore, we model the Bitcoin network and numerically derive a limiting distribution whereby the relative accuracy of our models is tested through a likelihood analysis. Finally, we conclude that even with control of 20% of the total hashrate, honest mining is the strongly dominant strategy.
... This probability converges exponentially to zero as increases. Grunspan and Perez-Marco [19] provides a closed form for this probability ...
Preprint
Full-text available
Blockchain enables a digital society where people can contribute, collaborate, and transact without having to second-guess trust and transparency. It is the technology behind the success of Bitcoin, Ethereum, and many disruptive applications and platforms that have positive impact in numerous sectors, including finance, education, health care, environment, transportation, and philanthropy, to name a few. This chapter provides a friendly description of essential concepts, mathematics, and algorithms that lay the foundation for blockchain technology.
... where Λ = 1 λ [9], [10], e is the Euler's number and t is time in seconds. ...
Preprint
Full-text available
In response to the bottleneck of processing throughput inherent to single chain PoW blockchains, several proposals have substituted a single chain for Directed Acyclic Graphs (DAGs). In this work, we investigate two notable DAG-oriented designs. We focus on PHANTOM (and its optimization GHOSTDAG), which proposes a custom transaction selection strategy that enables to increase the throughput of the network. However, the related work lacks a thorough investigation of corner cases that deviate from the protocol in terms of transaction selection strategy. Therefore, we build a custom simulator that extends open source simulation tools to support multiple chains and enables us to investigate such corner cases. Our experiments show that malicious actors who diverge from the proposed transaction selection strategy make more profit as compared to honest miners. Moreover, they have a detrimental effect on the processing throughput of the PHANTOM (and GHOSTDAG) due to same transactions being included in more than one block of different chains. Finally, we show that multiple miners not following the transaction selection strategy are incentivized to create a shared mining pool instead of mining independently, which has a negative impact on decentralization.
... Organization of this article. We start briefly recalling the mathematics of Bitcoin mining and the profitability model for comparing mining strategies [14,18]. Then, we review the selfish mining strategy and show the equivalence between the Markov chain approach and the martingale approach for the computation of profitabilities [8,14]. ...
Preprint
For a mining strategy we define the notion of "profit lag" as the minimum time it takes to be profitable after that moment. We compute closed forms for the profit lag and the revenue ratio for the strategies "selfish mining" and "intermittent selfish mining". This confirms some earlier numerical simulations and clarifies misunderstandings on profitability in the literature. We also study mining pairs of PoW cryptocurrencies, often coming from a fork, with the same mining algorithm. This represents a vector of attack that can be exploited using the "alternate network mining" strategy that we define. We compute closed forms for the profit lag and the revenue ratiofor this strategy that is more profitable than selfish mining and intermittent selfish mining. It is also harder to counter since it does not rely on a flaw in the difficulty adjustment formula that is the reason for profitability of the other strategies.
Article
Full-text available
With rapid development of blockchain technology as well as integration of various application areas, performance evaluation, performance optimization, and dynamic decision in blockchain systems are playing an increasingly important role in developing new blockchain technology. This paper provides a recent systematic overview of this class of research, and especially, developing mathematical modeling and basic theory of blockchain systems. Important examples include (a) performance evaluation: Markov processes, queuing theory, Markov reward processes, random walks, fluid and diffusion approximations, and martingale theory; (b) performance optimization: Linear programming, nonlinear programming, integer programming, and multi-objective programming; (c) optimal control and dynamic decision: Markov decision processes, and stochastic optimal control; and (d) artificial intelligence: Machine learning, deep reinforcement learning, and federated learning. So far, a little research has focused on these research lines. We believe that the basic theory with mathematical methods, algorithms and simulations of blockchain systems discussed in this paper will strongly support future development and continuous innovation of blockchain technology.
Article
Full-text available
Recently, global healthcare has made great progress with the use of Internet of Things technology. However, for there to be excellent patient care, there must be a high degree of safety for the IoT health system. There has been a massive increase in hacking systems and the theft of sensitive and highly confidential information from large health centers and hospitals. That is why establishing a highly secure and reliable healthcare system has become a top priority. In this paper, a security scheme for the IoT-enabled healthcare environment, LBSS, is proposed. This security scheme comprises three security mechanisms. The first mechanism is based on the blockchain technology and is used for transaction integrity. The second mechanism is used to store the healthcare system data in a secure manner through the distribution of its data records among multiple servers. The third mechanism is used to access the healthcare data after applying a proposed authorization test. To minimize the security overhead, the healthcare data is prioritized in regard to its importance. Therefore, each security mechanism has specific steps for each level of data importance. Finally, the NS3 package is used to construct a simulation environment for IoT-enabled healthcare systems to measure the proposed security scheme performance. The simulation results proved that the proposed healthcare security scheme outperformed the traditional models in regard to the performance metrics.
Research
Full-text available
Juridiquement, reste un fait, en apparence, bien ésotérique à observer, que celui de l’absence de définition légale stricte de la monnaie. Le Code monétaire et financier se restreindra à une formule évasive : « La monnaie de la France est l’euro », sans pour autant émettre de suggestions précises quant à une typologie de critères permettant la détermination de sa qualité. Au prisme de cette inconnue juridique, plusieurs questions peuvent alors être émises : quels sont, s’ils existent, les attributs nécessaires à un objet aux fins de l’acquisition de cette qualité ? La monnaie doit-elle être soumise à un formalisme particulier permettant sa transmission ou sa création ? Quelle sont les origines des monnaies modernes ? En la matière, le droit et l’économie ne sont plus les seules spécialités se saisissant des prérogatives monétaires, et il semble devenir indispensable au juriste d’apprécier avec rigueur les tenants et les aboutissants du déploiement de la technologique dans l’échange des valeurs. Sous cet angle, et dans une approche qui se révèle surprenante à l’égard des canons juridiques, nous soutiendrons que si l’existence matérielle d’un droit peut être confirmée par la grâce d’un régime qui le prévoit, bien souvent, la question de son ancrage réaliste se trouve finalement ignorée et se persiste dans la nécessité d’une démonstration non édulcorée des problématiques de la pratique. À cet effet, et dans une approche complémentaire à celle des économistes, il conviendra alors de se demander si : l’influence réciproque entre le droit et la réalité économique telle qu’elle transparait dans les usages permet d’émettre des conclusions concernant l’acquisition de la qualité monétaire aux devises cryptographiques ? Tout au long de ce travail de réflexion, nous nous sommes interrogés sur l’accession à la qualité monétaire par les monnaies cryptographiques, au miroir de l’étude complexe de leurs attributs fonctionnel, organique et symbolique, et de l’influence du droit sur les usages. Au terme d’une démarche fondamentalement empiriste, il résulte que la problématique de qualification reste une épreuve complexe, d’une part du fait que les monnaies cryptographiques cristalliseraient les sous-critères fonctionnels essentiels à la qualification monétaire, et d’autre part, feraient l’objet d’un rejet sans équivoque de la part du droit interne, consacrant le critère organique adossé à l’exigence de cours légal en élément d’essentialité dont nous avons nuancé la portée dans une approche comparée. Il ne fait néanmoins plus de doute que la monnaie cryptographique se conforme à une qualité de monnaie contractuelle, douée de caractéristiques propres. Sous l’angle d’un critère symbolique dont nous nous sommes essayés à une démonstration à l’interface de l’économie et du droit, nous avons, par ailleurs, cherché à consacrer l’idée selon laquelle le pouvoir libératoire attaché à un objet à vocation monétaire pouvait se trouver à émerger des usages, et se faisant, était conditionné au régime juridique en vigueur et aux tentatives de régulation visant ou ayant pour effet une limitation de son développement ou de son adoption. Notre raisonnement s’est alors fondé sur l’étude critique des conséquences associées au cadre légal, particulièrement fiscal, sur la réalisation des usages, étudiant finement ses limites et le confrontant aux innovations encore insoupçonnées par la doctrine, la loi ou la jurisprudence. Il en résulte qu’en l’état actuel du droit positif, la monnaie cryptographique bénéficie d’une qualification à demi-mesure, entrainant d’importantes difficultés d’appréciation. Table des matières : 1- Une tendance à l’érosion des différences fonctionnelles entre monnaie légale et monnaie cryptographique : vers un commerce juridique plurimonétaire en devenir ? 1.1- Réflexion sur les attributs fonctionnels de la monnaie ; 1.2- Un objet juridique hors des définitions traditionnelles du droit ; 2- Entre divergence des qualifications juridiques, ambitions régulatrices et perfectionnement des protocoles, quel cadre pour le développement des monnaies cryptographiques ? 2.1- Une qualité monétaire à l’épreuve de l’approche organique : pour un antagonisme renforcé par le droit positif en réaction à l’inflation des usages 2.2- Pour une appréciation particulière des monnaies cryptographiques : le constat d’un droit inadapté aux usages et à leur évolution.
Article
Nakamoto doublespend strategy, described in Bitcoin foundational article, leads to total ruin with positive probability. The simplest strategy that avoids this risk incorporates a stopping threshold when success is unlikely. We compute the exact profitability and the minimal double spend that is profitable for this strategy. For a given amount of the transaction, we determine the minimal number of confirmations to be requested by the recipient that makes the double-spend strategy non-profitable. This number of confirmations is only 1 or 2 for average transactions and for a small relative hashrate of the attacker. This is substantially lower than the original Nakamoto number, which is about six confirmations and is widely used. Nakamoto analysis is only based on the success probability of the attack instead of on a profitability analysis that we carry out.
Article
The Bitcoin cryptocurrency records its transactions in a public log called the blockchain. Its security rests critically on the distributed protocol that maintains the blockchain, run by participants called miners. Conventional wisdom asserts that the mining protocol is incentive-compatible and secure against colluding minority groups, that is, it incentivizes miners to follow the protocol as prescribed. We show that the Bitcoin mining protocol is not incentive-compatible. We present an attack with which colluding miners' revenue is larger than their fair share. The attack can have significant consequences for Bitcoin: Rational miners will prefer to join the attackers, and the colluding group will increase in size until it becomes a majority. At this point, the Bitcoin system ceases to be a decentralized currency. Unless certain assumptions are made, selfish mining may be feasible for any coalition size of colluding miners. We propose a practical modification to the Bitcoin protocol that protects Bitcoin in the general case. It prohibits selfish mining by a coalition that command less than 1/4 of the resources. This threshold is lower than the wrongly assumed 1/2 bound, but better than the current reality where a coalition of any size can compromise the system.
Article
Bitcoin is the first decentralized peer-to-peer (P2P) electronic currency. It was created in November 2008 by Satoshi Nakamoto. Nakamoto released the first implementation of the protocol in an open source client software and the genesis of bitcoins began on January 9th 2009. The Bitcoin protocol is based on clever ideas which solve a form of the Byzantine Generals Problem and sets the foundation for Decentralized Trust Protocols. Still in its infancy, the currency and the protocol have the potential to disrupt the international financial system and other sectors where business is based on trusted third parties. The security of the bitcoin protocol relies on strong cryptography and one way hashing algorithms.
Article
Bitcoin is the world's first decentralized digital currency. Its main technical innovation is the use of a blockchain and hash-based proof of work to synchronize transactions and prevent double-spending the currency. While the qualitative nature of this system is well understood, there is widespread confusion about its quantitative aspects and how they relate to attack vectors and their countermeasures. In this paper we take a look at the stochastic processes underlying typical attacks and their resulting probabilities of success.
Article
A purely peer-to-peer version of electronic cash would allow online payments to be sent directly from one party to another without going through a financial institution. Digital signatures provide part of the solution, but the main benefits are lost if a trusted third party is still required to prevent double-spending. We propose a solution to the double-spending problem using a peer-to-peer network. The network timestamps transactions by hashing them into an ongoing chain of hash-based proof-of-work, forming a record that cannot be changed without redoing the proof-of-work. The longest chain not only serves as proof of the sequence of events witnessed, but proof that it came from the largest pool of CPU power. As long as a majority of CPU power is controlled by nodes that are not cooperating to attack the network, they'll generate the longest chain and outpace attackers. The network itself requires minimal structure. Messages are broadcast on a best effort basis, and nodes can leave and rejoin the network at will, accepting the longest proof-of-work chain as proof of what happened while they were gone.
A combinatorial-probabilistic analysis of bitcoin attacks
  • E Giogladis
  • D Zeilberger
E. Giogladis and D. Zeilberger, "A combinatorial-probabilistic analysis of bitcoin attacks," Journal of Difference Equations and its Applications, vol. 25, no. 1, 2019.
On the profitability of selfish mining
  • C Grunspan
  • R Pérez-Marco
C. Grunspan and R. Pérez-Marco, "On the profitability of selfish mining," arXiv:1805.08281, 2018.
On the profitability of stubborn mining
  • C Grunspan
  • R Pérez-Marco
C. Grunspan and R. Pérez-Marco, "On the profitability of stubborn mining," arXiv:1808.01041, 2018.
On the profitability of trailing mining
  • C Grunspan
  • R Pérez-Marco
C. Grunspan and R. Pérez-Marco, "On the profitability of trailing mining," arXiv:1811.09322, 2018.
Bitcoin selfish mining and Dyck words
  • C Grunspan
  • R Pérez-Marco
C. Grunspan and R. Pérez-Marco, "Bitcoin selfish mining and Dyck words," arXiv:1811.09322, 2019.
  • C Grunspan
  • R Pérez-Marco
C. Grunspan and R. Pérez-Marco, "On profitability of nakamoto double spend," arXiv:1912.06412, 2019.
  • C Grunspan
  • R Pérez-Marco
C. Grunspan and R. Pérez-Marco, "Satoshi risk tables," arXiv:1702.04421, 2017.
  • C Grunspan
  • R Pérez-Marco
C. Grunspan and R. Pérez-Marco, "Selfish mining in Ethereum," arXiv:1904.13330, 2019.