Selfish Mining is Brain Dead (or Adversarial Turtles All The Way Down)

I try to bring to all my articles the principle of charity, taking the best arguments my opponents have to offer, and strive to never straw man them. I often do this by taking the points they argue for as given, and then go behind their front lines, and looking for non-obvious ways that their arguments still fail. When most people argued about reducing block size and fees being more important than more people running full nodes, I took the importance of running full nodes at face value, and argued that lower fees and 0-confirmations will actually increase the number of full nodes.

So, this was the approach I planned on taking when writing this article… But I can’t.

I’ll leave the topology of the network to those who have more statistical analysis skills than myself, but this situation is almost the definition of a prisoner’s dilemma. The network has the capability to exact retribution against selfish mining, and any miner can ensure that they are never mistaken by anybody to be a selfish miner if they do one simple thing.

Include the last few added transactions in your mempool when mining a block and if found, release the block immediately. To illustrate, you simply need to answer 2 questions about this picture.

When was the earliest point at which block B could have been mined, and when was the earliest point at which block B’ could have been mined?

At this point, it should be obvious, but the answers are.

B could have been mined no earlier than point 10 in the timeline because it included nothing after transaction g.

B’ could have been mined no earlier than point 25 in the timeline because it included nothing after transaction r.

Because miners are watching transactions in the mempool, they know when they received each transaction. If the first time you receive a particular chain of blocks, and the earliest point it could have been mined was 15 minutes ago, you can safely assume that miner is selfishly mining.

Because every miner knows that other miners will safely assume that they are a selfish miner which hid a block for 15 minutes, every miner will include the last known transaction available to them. It doesn’t matter how many blocks are built on top of that chain. The perception of earliest possible block mining time is entirely in the control of the miner.

You may be thinking of ways to game this, such as the immediate thought that I had when I first heard this strategy for detecting selfish mining.

There are a couple problems with this (besides the fact that I consistently press ‘ when I pluralize abbreviations).

If you didn’t perfectly predict the timing with the honest mining block release, you’d have a bunch of transactions which were never in the mempool when you had to release the block, or you’d miss the release window and your block would seem again to have been selfish mined. That’s a very narrow window given the propagation of transactions across the network is in the milliseconds, and the highest probability of an honest miner finding a block is 15 minutes away.

Alternatively, honest miners could even coordinate with themselves a deterministic method to release their own small transactions spent to themselves, from their previously mined coinbase addresses in order to timestamp their blocks, and for every miner to include the latest that wasn’t released by themselves in their block. If your new block’s coinbase is an unknown address, include the last 10 timestamp transactions, or sign the block with a known coinbase private key. This becomes the price of entry to the honest mining chain. Done. Game over. No chance of undetected selfish mining.

Is this a protocol change?

No. Miners can already decide which blocks to mine on. They always could. You can’t specify in the protocol what block to mine on or even how to choose. Neither of those things can validate or invalidate a block. The protocol can only specify how they mine on whatever block they choose. This is why reorgs are even possible. Longest chain is convention, not consensus. Longest most profitable chain is the rule.

If I’m honest, I’m a little concerned that honest mining strategies have been so lightly discussed by people, that they think the protocol is broken. You want to call yourself adversarial thinkers, and then you don’t think as hard about being an adversary to your newly found adversary…

But I hope you feel adversarial toward my proposal. Please look for any flaws and point them out to me. I will always argue with you like my ideas are rock solid, because that’s the only way I learn when they aren’t.

Special thanks: @Matthew Zietzke for coming up with this idea of checking the transactions included in the block to when they appeared in the mempool, and who politely engaged when I started to think adversarially to his proposal.

Originally published at yours.org.