Doppelganger in Bitcoin Mining Pools: An Analysis of the Duplication Share Attack

Bitcoin is a cryptocurrency based in peer-to-peer network that uses a blockchain. To maintain the blockchain without trusted third parties, a player called a miner proves that he has completed a proofof-work. As the difficulty of proof-of-work is increasing, mining pools, consisting of a number of miners, have become major players compared with solo miners. Most mining pools consist of a manager and miners. All miners who belong to a mining pool submit their shares to the manager and get paid in proportion to the amount of their shares. Therefore, the manager has to pay all miners fairly. However, many Bitcoin mining pools were ruined by an attack called the Duplicate Share Attack (DSA) in 2015. In this paper, we analyze DSA in multiple directions. First, we mathematically analyze DSA against one mining pool and multiple mining pools. As results of our analyses, we derive the optimal attacker’s strategy, which shows that DSA can give a large extra profit to an attacker with little computational power. Because the duplicate share vulnerability has been already fixed in a few large mining pools after DSA was introduced, DSA may not be considered a threat any more. However, we show that several small mining pools are still vulnerable to DSA and an attacker can unfairly earn a large extra profit using these unpatched small mining pools. In summary, we argue that honest miners in Bitcoin network are not yet free from DSA.