Computer science researchers at Cornell University claim to have found a way to subvert the system driving production of the digital currency Bitcoin.

The researchers call their technique “selfish mining,” through which individuals or groups of Bitcoin miners can collect more than their fair share of the currency. This could cause a chain reaction collapsing the system.

Ittay Eyal and Emin Gun Sirer published their findings Monday on the open e-print archive arXiv in a paper titled "Majority is not Enough: Bitcoin Mining is Vulnerable."

"The Bitcoin ecosystem is open to manipulation, and potential takeover, by miners seeking to maximize their rewards," Eyal and Sirer wrote.

This vulnerability challenges the decentralized nature of Bitcoin, a key tenet of the currency. Bitcoin is supposedly free from manipulation since it's not controlled by a government or centralized group.

The stakes are particularly high right now, as Bitcoin prices are approaching the all-time high set in April.

The Bitcoin Production Process

The Bitcoin production process is called "mining." Miners aim to uncover new blocks, which are then published in a public ledger known as the "blockchain." Blocks carry a certain value of Bitcoin, which can then be used as money depending on exchange rates. Currently, one block is worth 25 BTC, and one Bitcoin is worth about $220.

Mashable's senior tech analyst Christina Warren described mining as a lottery. "Computers connected to the network (known as miners) aim to find the solution to a certain mathematical problem," she wrote. "If they successfully solve the problem, a new block is created."

The more computer power a miner lends to the system, the more likely he is to solve the problem and collect Bitcoin. Under this system, it is assumed that roughly, miners benefit proportionally to the amount of computer power invested.

It's important to note that the blockchain is just that — a chain. To discover a new block, miners dedicate computing power to solving a puzzle based on the most recently published block. The chain can fork, too, since there are multiple solutions to these puzzles.

"The formation of branches is undesirable since the miners have to maintain a globally-agreed totally ordered set of transactions," Eyal and Sirer wrote.

The 'Selfish-Mine' Strategy

When the blockchain forks, protocol calls for miners to follow "the longest chain they know of, or the first one they heard of if there are branches of equal length," according to the Cornell researchers.

Conventional wisdom and protocol calls for miners to publish blocks to the blockchain upon discovery. The sooner a miner publishes a block, the more likely he is to profit.

Strategically withholding blocks can result in a disproportionate profit, according to the research. While a solitary miner could theoretically benefit from this technique, it is more effective for a pool of selfish miners who combine resources.

How It Begins

While all miners work from the most recently discovered block (think of it as the "original" block), the selfish mining process begins when a pool of miners discovers a new block and doesn't publish it. The selfish pool then begins working on discovering yet another block, mining from this hidden one. Meanwhile, the rest of the "honest" miners are still wasting resources mining from the original block.

Under ideal circumstances, the selfish pool can discover a second block before the honest miners discover an alternate solution to the original block. The more of a lead the selfish miners can establish, the more they will benefit. When the honest miners eventually publish a solution to the original block, the selfish miners can quickly publish two blocks, making it the longer branch. Then, the rest of the miners will follow this longer branch.

If the honest miners discover and publish a solution to the original block before the selfish miners can discover subsequent blocks, the selfish miners can quickly publish their block anyway. With branches of equal length, all the miners will work on both new branches until one establishes itself as the longer branch. The selfish miners, along with an unknowing portion of the honest miners, will work on the selfish miners' branch. If it becomes the accepted part of the chain, the selfish miners can collect Bitcoin.

What Happens Next

Since using this technique supposedly allows miners to benefit disproportionally, other miners have an incentive to join the selfish pool. The selfish pool, in turn, is inclined to accept these new miners; the larger the selfish pool, the greater its ability to discover blocks ahead of the group of honest miners.

As the research paper states:

The selfish pool would therefore increase in size, unopposed by any mechanism, until it becomes a majority. Once a miner pool, selfish or otherwise, reaches a majority, it controls the blockchain. The Selfish-Mine strategy then becomes unnecessary, since the others are no longer faster than the pool. Instead, a majority pool can collect all the system's revenue by following the prescribed Bitcoin protocol, and ignore blocks generated outside the pool; it also has no motivation to accept new members. At this point, the currency is not a decentralized currency as originally envisioned.

Fixing the Problem

The Cornell researchers proposed a change to the mining protocol as a partial solution to their alleged exploit. They say in the case of forked branches of equal length, miners should choose which block to follow "at random." By their calculations, the researchers state this change in the protocol would make it harder, but still not impossible, to take advantage of the selfish mining technique.

A large enough group — one that controls at least 25% of the total mining resources — could still successfully game the system. Indeed, a group of that size exists. BTC Guild currently mines more than a quarter of the blocks on a given day, according to Blockchain.info.

According to the research, no group is currently employing the Selfish-Mine strategy, large mining pools are a threat to the system.

"Miners should therefore break off from large pools until no pool exceeds the threshold size, and so no pool can benefit from the Selfish-Mine strategy," Eyal and Sirer wrote.

The Cornell researchers plan to submit their work to a peer-reviewed journal for further scrutiny, but they have not yet named which one. For specific details, you can view the paper in its entirety below:

Bitcoin Mining Vulnerability Paper

Image: Flickr, Antana