“Zero Cost” Majority Attacks on Permissionless Proof of Work Blockchains

Abstract

The core premise of permissionless blockchains is their reliable and secure operation without the need to trust any individual agent. At the heart of blockchain consensus mechanisms is an explicit cost (e.g., mining cost) for participation in the network and the opportunity to add blocks to the blockchain. A key rationale for that cost is to make attacks on the network, which could be theoretically carried out if a majority of nodes were controlled by a single entity, too expensive to be worthwhile. We demonstrate that a majority attacker can successfully attack with a negative net cost when accounting for the mining rewards the attacker collects during the attack. This shows that the protocol mechanisms are insufficient to create a secure network, emphasizing the importance of socially driven mechanisms external to the protocol. At the same time, negative cost enables a new type of majority attack that is more likely to elude external scrutiny.