Fork After Withholding (FAW) Attack on Bitcoin

[yujin_k]

The BWH attack is shown to have Miner’s dilemma by Eyal in 2015.
Selfish mining is shown to be impractical.
Fork After Withholding (FAW) attack, on the other hand, overcomes both problems.
In other words, in FAW attack, a larger pool can always beat smaller pool, when two pools attack each other.

For more details, please refer our paper accepted to ACM CCS 2017.
Camera-ready version: https://syssec.kaist.ac.kr/pub/2017/kwon_ccs_2017.pdf
Longer version at Arxiv: https://arxiv.org/abs/1708.09790

P.S. I sent an email to Bitcoin Core team 3 days ago, but I have not heard anything from them yet.

[aleksej996]

Well, thanks for the information about this new attack, if it turns out to be valid.
I would like to ask you to spare us the worrying and tell us if there is an economical incentive for large mining pools not to cooperate with the rest of the network in mining or something similar, since possible attack isn't always the profitable attack.

[yujin_k]

Well, thanks for the information about this new attack, if it turns out to be valid.
I would like to ask you to spare us the worrying and tell us if there is an economical incentive for large mining pools not to cooperate with the rest of the network in mining or something similar, since possible attack isn't always the profitable attack.

We report to this forum, as there is no proper mechanism for vulnerability disclosure process in Bitcoin.
As long as I know, the attack has not been used in practice.
The attack is always profitable unlike selfish mining.
The attack is stealthy. The victim may notice that it is being attacked maybe due to higher fork rate, but it is hard to pinpoint the attacking pool or miner.

[cr1776]

Well, thanks for the information about this new attack, if it turns out to be valid.
I would like to ask you to spare us the worrying and tell us if there is an economical incentive for large mining pools not to cooperate with the rest of the network in mining or something similar, since possible attack isn't always the profitable attack.

We report to this forum, as there is no proper mechanism for vulnerability disclosure process in Bitcoin.
As long as I know, the attack has not been used in practice.
The attack is always profitable unlike selfish mining.
The attack is stealthy. The victim may notice that it is being attacked maybe due to higher fork rate, but it is hard to pinpoint the attacking pool or miner.

See:
Step 1. https://bitcoin.org/en/bitcoin-core/contribute/issues#disclosure  which leads to:
Step 2. https://bitcoincore.org/en/contact/

which is what you may have done - but there is a proper mechanism for people who look at this later.

[yujin_k]

Well, thanks for the information about this new attack, if it turns out to be valid.
I would like to ask you to spare us the worrying and tell us if there is an economical incentive for large mining pools not to cooperate with the rest of the network in mining or something similar, since possible attack isn't always the profitable attack.

We report to this forum, as there is no proper mechanism for vulnerability disclosure process in Bitcoin.
As long as I know, the attack has not been used in practice.
The attack is always profitable unlike selfish mining.
The attack is stealthy. The victim may notice that it is being attacked maybe due to higher fork rate, but it is hard to pinpoint the attacking pool or miner.

See:
Step 1. https://bitcoin.org/en/bitcoin-core/contribute/issues#disclosure  which leads to:
Step 2. https://bitcoincore.org/en/contact/

which is what you may have done - but there is a proper mechanism for people who look at this later.

Yes, I sent email to security@bitcoincore.org.