Secret mining of Bitcoin
Mining of Bitcoin important concern in a cryptocurrency system is a buyer’s double
spending attempts When trading, the buyer needs to make a
payment d to the seller. To do so, he has to send out an instruction to miners to update the
Blockchain with the transaction. However, this is insufficient to ensure that the seller receives a
payment. A buyer can engage in secret mining by attempting to mine a block in which his payment
did not occur.
A seller can protect himself from not receiving the payment by waiting to deliver
the goods until the payment has been incorporated into the blockchain.
Such confirmation of the payment in the Blockchain however may still be not enough. A buyer
can secretly mine a different Blockchain which could be released some periods after the seller has
delivered the good replacing the original Blockchain.
When such secret mining succeeds, the
17The total number of miners is estimated to be within the range of 5000 to 100,000 (https://goo.gl/TPFBvA). In
addition, according to blockchain.info, there are altogether 14 mining pools that individually can account for at least
1% of the total hashrate. Finally, it is feasible for miners to use their existing mining capacities to mine different
cryptocurrencies. For example, ASICs (Application-specific integrated circuits) manufactured for Bitcoin can be used
to mine altcoins that use SHA-256 as the hashing algorithm (e.g., Namecoin and Peercoin).
18The secret mining can be done either by the buyer himself or by hiring a miner to mine a block with the instruction
that the payment did not occur.
19Notice that, with such secret mining, the buyer cannot spend the balances of any other agent because, to spend
other agents’ balances, one would need to obtain the digital signature of other agents. He can only (i) change the
payment instructions of his own transaction and (ii) remove other payment instructions from being mined – and,
hence, confirmed – in the block. Hence, in reality a buyer trying to double spend has to remove his own payment
and all other payment instructions involving his original balance being spent.
buyer keeps his original balances and the goods while the seller will be left empty handed. In
response, the seller can choose to postpone the delivery of the goods and wait for N confirmations.
This confirmation lag can potentially deter double spending by the buyer. The idea is that, to undo
a transaction with a confirmation lag of N subperiods, a dishonest buyer needs to win the mining
game N + 1 times in a row. As the number of lags increases, the total PoW required to revoke
a transfer is increasing, making it more costly for a buyer to double spend. Furthermore, secret
mining is deterred by miners’ investments in computing power MQ which, according to Lemma
1, is increasing in the reward R. We look next into the incentives to double spend and call an
offer (x, d, N) double spending proof (DS-proof) if the buyer has no incentive to engage in double
spending in subperiod 0 after the acceptance of the offer.