Silent Treatment Attack — an extension of the Sybil Attack on Bitcoin

Update: this ‘attack’ already exists in the form of the ‘Selfish Mining Strategy’. There is a paper which has been published on this type of mining strategy.

Bitcoin is the first fully functional decentralized blockchain which uses the proof of work consensus algorithm. Bitcoin is also the name of the cryptocurrency which is used within the blockchain network and can be considered as a borderless protocol for money transfer. The role of the cryptocurrency, Bitcoin, within the network is very important not only as a reward system but also as a security mechanism for the whole network to operate normally. When we consider the fact that Bitcoin is an open blockchain without any restrictions on who can access or participate in the blockchain, it leaves the door wide open for nefarious actors to enter the system and try to manipulate and break it. The Bitcoin cryptocurrency acts as the fuel for a security mechanism which renders most of these attacks either impossible or ridiculously expensive to perform.

Bitcoin Mining

The security mechanism is enforced and maintained primarily by miners. Other participants like full nodes and partial nodes also hold an important role in the security of the network, but although they have a lot of useful features and uses, they are not as important as miners in terms of maintaining security of the system. Rewards are offered to miners as an incentive to perform proof of work operations, with the aim of creating the next block which will be added to the blockchain network. There is currently a huge competition in the mining activities of Bitcoin miners as demonstrated by the current hash rate of about 160 exahashes per second (at the time of writing). An exahash is one quintillion hashes per second (one followed by 18 zeros). An average asic miner (the most popular miner hardware) can reach an average of 100 terahashes per second (100 TH/s), which is one trillion hash calculations per second.

Bitcoin Block Propagation for Miners

The current block propagation system uses a very competitive algorithm for mining. When a miner is able to solve a proof of work problem, and can broadcast a new block, the miner will attempt to do that as quickly as possible so that its solution can be accepted by the Bitcoin network. A mining node will usually be connected to a set number of other nodes or miners and these connections will help in propagating the new-found block. This is also helpful for other miners because they now know that the current round has already been won by another miner and they can now just verify the new block, and start the new mining operation, which is effectively the next round. This competition and communication is very time-sensitive and a delay of 1 second will mean that some miners will be able to perform 100TH/s compared to those miners with the 1 second delay. This is assuming that miners have a single asic mining equipment, which is not usually the case. Minimizing the propagation time of a winning blocks is very important for the other miners. As such, to reduce this delay, Bitcoin uses the Fast Internet Bitcoin Relay Engine (FIBRE), which is a UDP-based relay network.

Sybil Attacks

A Sybil Attack, in the context of the Bitcoin blockchain is a special type of attack where a participant in the network spins up multiple nodes (mining or full nodes) with the aim of controlling a significant portion of the network. Sybil attacks can be used to isolate nodes on the network, effectively disconnect them and stop them from participating in the network at all. Bitcoin uses some mechanisms to reduce the effectiveness of this attack, by using specific rules for outbound connections.

Silent Treatment Attack

Sybil attacks are most often used to achieve one or more of these effects:

1. Disconnecting a node from the Bitcoin network
2. Create conditions for double-spending to happen for the affected node or nodes.

However, a mining node can also use Sybil Attacks to gain an unfair advantage over other miners in a more opaque way. If a group of miners which are acting together in a Sybil attack can isolate one or more miners, they will be able to manipulate the propagation of new blocks with the aim of gaining a head start of a few seconds, or if they are overly ambitious, a few minutes. The attack would work like this:

1. Complicit miners would work together to form a network (Attackers).
2. When a miner not in their network finds a new block, the miner will communicate the new block to the attackers.
3. Assuming that all the peers of the winning miner are found in the Attackers group, the latter can take the winning block, validate it but not propagate it to the other peers. This effectively stops the propagation of the winning block.
4. Since the Attackers already know the current winning block, they can start mining the next block on top of the winning block and wait, for example, 30 seconds before starting to propagate the winning block. This would mean that they now have a head start of 30 seconds over all the other miners.

There are numerous ways this attack would not work:

1. The fact that the Attackers are not propagating the winning block as soon as they get it means that this allows a higher probability for another miner elsewhere to find the next winning block.
2. For this attack to be effective on a large scale, the number of participating miners in the Attackers group would have to be very large.
3. The miner under attack would need to connect to a single node outside this group for the attack to fall apart.

The interesting point in this is that in none of these cases, will the Attackers be penalised. If a new block is found apart from the block which is being held among the Attackers, the latter would then only need to switch to the new block (a normal soft fork), because they probably know that the new block has already been accepted by a large number of miners.

The Attackers can use this attack at various levels, that is, even if they have 10 asic miners or a 100 asic miners. The probability of this attack to remain undetected for large periods of time also becomes a possibility. Most Bitcoin nodes reconnect or maintain connection to their most recent successful connections to reduce resource usage. This attack is effectively an extension of the Sybil attack, but differs from most existing attacks in the sense that all the interactions are normal apart from the fact that the winning blocks are not propagated quickly. This could be explained by network issues in most cases. This attack is more sneaky and would be very difficult to detect.

Additional note: I did some research to see how this attack could be avoided but found nothing specific. Feel free to drop me a message if you think that there are features on the propagation protocol or somewhere else which renders this attack unfeasible or useless.