by Aljosha Judmayer, Alexei Zamyatin, Nicholas Stifter and Edgar Weippl (SBA Research)
Exploring the real-world security of Bitcoin cryptocurrencies and alternative applications.
Bitcoin introduced a novel randomised consensus approach based on proof-of-work (PoW) which works with an unknown number of participants. The underlying concepts and techniques are collectively referred to as “blockchain”. The first and still predominant use-case for blockchain technologies are crypto-currencies.
In the context of the “Alternative Applications for Bitcoin (A2Bit)” project, we research how the fundamental principles and techniques of cryptocurrencies can be successfully applied to other problem domains, where replacing the reliance on a trusted third party can increase security, e.g., identity management and public key exchange.
Sovereignty regarding secret key management is the foundation of all security concepts based on blockchain technologies. As a first step, we performed the first large-scale empirical study to investigate how people perceive and experience the Bitcoin ecosystem in terms of security, privacy, and anonymity . We surveyed 990 users of Bitcoin to determine the management strategies to protect their bitcoins and associated cryptographic keys. About half of the survey participants use exclusively web-based solutions. Also, many do not use all security capabilities offered by the Bitcoin management tool of their choice. Furthermore, they have significant misconceptions about how to remain anonymous and protect their privacy in the Bitcoin network. Twenty-two percent of the participants had already experienced monetary loss (lost bitcoins) due to security breaches and self-induced errors.
Today, more than 650 different cryptocurrencies are in circulation. The new cryptocurrencies provide additional features (e.g., Namecoin and Ethereum), alternative PoW algorithms (e.g., Litecoin and Dash), and new distributed consensus approaches . The security of block-chains in a multi-PoW blockchain world has not yet been sufficiently studied.
A major challenge for introducing a new cryptocurrency is how to attract the interest of a critical mass of participants during the bootstrapping period. If not enough honest miners or mining pools join the new cryptocurrency at this crucial phase, the latter becomes vulnerable to dishonest miners and mining pools. Meanwhile, existing honest mining nodes do not have an incentive to split their effort to secure multiple PoW-based blockchains.
Alternative cryptocurrencies (e.g., Namecoin and Dogecoin) have opted for "merged mining", an approach that allows concurrent mining for multiple blockchains without requiring additional PoW effort. That way, the mining power of an established (parent) cryptocurrency (e.g., Bitcoin) can contribute to increase the security of a new (child) cryptocurrency (e.g., Namecoin). In principle, this increases the security of the child cryptocurrency.
We performed a detailed analysis on two pairs of cryptocurrencies. Our findings indicate that through merged mining the child difficulty increases (see Figure 1). However, only a portion of the parent mining pools join merged mining. In Bitcoin, mining pools cannot collect a significant share of the processing power i.e., mined blocks (see Figure 2). In contrast, there are long periods where in child blockchains, some mining pools enjoy shares way beyond the theoretical limits for building a true distributed consensus (cf. Figure 3). The actual effects and implications for the mining ecosystem as well as appropriate defences are currently a work in progress.
Figure 1: Difficulty development of Namecoin (green) and Bitcoin (blue) over time. Difficulty on a linear (light green/blue) and logarithmic scale (dark green/blue).
Figure 2: Distribution of Bitcoin blocks per pool over time. Each data point resembles the share among 2,016 blocks.
Figure 3: Distribution of Namecoin blocks per pool over time. Each data point resembles the share among 2,016 blocks.
The project A2Bit is a collaborative project of SBA Research, nic.at (the DNS registrar for .at), and the Austrian State Printing House (Österreichische Staatsdruckerei GmbH) supported by the Austrian Research Promotion Agency (FFG) under the BRIDGE Early Phase programme.
 K. Krombholz, A. Judmayer, M. Gusenbauer and E.R. Weippl: “The Other Side of the Coin: User Experiences with Bitcoin Security and Privacy”, FC 2016.
 A. Judmayer, N. Stifter, K. Krombholz, and E.R. Weippl: “Blocks and Chains: Cryptographic currency technologies and their consensus systems”, Morgan & Claypool Publishers, 2017
 A. Judmayer and E.R. Weippl: “Condensed Cryptographic Currencies Crash Course (C5)”, ACM CCS 2016.
SBA Research, Austria
+43 (1) 505 36 88