Probability of an attacker mining a certain number of blocks

In the previous article, we found the probability of double-spending. In this article, let’s look at the probability of an attacker mining a certain number of blocks with a hash rate of less than 50%. This will tell us how many blocks a recipient of a transaction should wait before accepting the transaction.

We know blockchain ensures that the time taken by nodes to mine a block stays constant throughout. Let M be the time nodes take to mine a block. Remember, this is utilizing the full hash rate of the network. But when an attacker tries to mine a block for their own chain, they wouldn’t be contributing their hash rate to the network. So, the honest nodes will be trying to mine with their own hash rate.

When 100% of the total hash rate is used to mine a block, the blocks mined per minute can be defined as,

\frac{1}{M} \text{ blocks per minute}

Since M is 10 minutes in Bitcoin, this is 0.1 blocks per minute.

Now, during an attack, only the honest nodes will be mining blocks on the legitimate chain. So, we need to find out the number of blocks they can mine per minute.

To do that, we need to find out the percentage of the hash rate of the honest nodes. If you could remember, this is also the definition of the probability of an honest node mining the next block. Since the probability of honest nodes mining the next block is p, let’s use p for our calculations.

By multiplying the blocks produced per minute when 100% of the hash rate is used by the value p, we can find out the number of blocks produced by the honest miners per minute.

(\frac{1}{M}). p \text{ blocks per minute}

\frac{p}{M} \text{blocks per minute}

Using this, we can calculate the time taken to produce one block by honest miners

\frac{1}{\frac{p}{M}} \text{ minutes}

\frac{M}{p} \text{ minutes for a block}

We can now calculate how long the honest miners will take to mine z number of blocks.

\frac{z.M}{p} \text{ minutes} \text{ ---(19)}

Now, let’s calculate the number of blocks the attacker can produce in zM/p minutes.

Let q be the probability of the attacker mining the next block. Let’s multiply the blocks produced per minute when 100% of the hash rate is used by the value q to find the number of blocks produced by the attacker per minute.

\frac{q}{M} \text{ blocks per minute}

Now, let’s calculate the number of blocks the attacker can produce in zM/p minutes.

\frac{q}{M}.\frac{z.M}{p}

z.\frac{q}{p} \text{ blocks} \text{ ---(20)}

Thus, as the honest miners mine z blocks, the attacker will mine z(q/p) blocks.

However, we need to remember that this is only the average. The number of blocks the attacker mines will actually vary.

Therefore, we need to find the probabilities of the attacker mining different numbers of blocks during the time honest miners mine z blocks. We can do this using the Poisson distribution.

We use the Poisson distribution to find the probability of a number of events occurring during a certain interval given the average number of events that occur during the same interval. For example, if a call center receives 100 calls per hour on average, we can find the probability of the call center receiving different numbers of calls, say 20 for instance, during an hour.

However, before modeling the probability of an event based on Poisson distribution, we need to make sure the event satisfies the following conditions:

Any number of events can occur during a given interval.
Every event is independent of one another and the occurrence of one event doesn’t affect the occurrence of another event.
The occurrence rate or the average number of events occurring during the interval remains constant.
The probability of two events occurring during a short interval is negligible.

The attacker can theoretically mine any number of blocks during an interval. This satisfies the first condition. Mining one block will not affect mining another block, so this satisfies the second condition. The number of blocks that can be mined on average remains constant. Fianly, the probability of two blocks being mined during a very short interval is also very low. Now that our problem satisfies the Poisson model, let’s try to find the probability of the attacker mining different numbers of blocks during the specified time period.

To that end, we need to use the Poisson density function. The Poisson density function is as follows:

P(X=k; Ÿ)= \frac{Ÿ^k . e^{- Ÿ}}{k!}

Here k is the number of events and Ÿ is the expected value. We call the expected value the average rate of occurrence. We can use this formula to find the probability of the attacker mining different numbers of blocks as the honest miners mine z number of blocks.

In equation (20), we found the expected number of blocks mined by the attacker. So,

Ÿ=z.\frac{q}{p}

Now, let’s try to find the probability of the attacker mining two blocks while the honest miners mine 5 blocks. Let’s assume

q = 0.3

p = 0.7

k = 2

z = 5

P(X=k; Ÿ)= \frac{(5\times\frac{0.3}{0.7})^2 . e^{- (5\times\frac{0.3}{0.7})}}{2!}

P(X=k; Ÿ)= 0.269

Once the attacker mines two blocks during the time honest miners mine 5 blocks, the attacker will be behind by 3 blocks. So, the attacker will have to mine 4 more blocks to overtake the honest chain. We can find the probability of this happening by using equation (18) from the previous article.

P_z = (\frac{q}{p})^z

(\frac{0.3}{0.7})^4

0.0337

Thus, the probability of the attacker mining two blocks is 0.269 and the probability of then overtaking the honest chain is 0.0337. We can multiply these two to get the probability of a double-spend attack succeeding while honest nodes mine 5 blocks during the interval.

0.269 \times 0.0337 = 0.0090653

So, an attacker with a hash rate percentage of 30 has a 0.009 chance of double spending if recipients are going to wait till 5 blocks before accepting transactions. However, there are a few caveats here. First, we can never know for sure the hash rate percentage of an attacker. Second, we cannot know how many blocks a miner will mine while honest nodes mine z blocks. We only know the probability of an attacker mining different numbers of blocks. So, how do we find out how many blocks a recipient should wait? Let’s find out in the next article.

2 Comments

The number of blocks to wait for before confirming transactions - The Armchair Criticsays:

June 5, 2023 at 11:04 pm

[…] looked at the probability of an attacker mining without 50% of the hash rate in the last article. Toward the end of the article, we found a way to find the probability of this attacker […]

Reply
The number of blocks to wait for before confirming transactions - Curtytimessays:

June 6, 2023 at 4:07 pm

[…] looked at the probability of an attacker mining without 50% of the hash rate in the last article. Toward the end of the article, we found a way to find the probability of this attacker […]

Reply

2 Comments

Leave a Reply Cancel reply