3.The framework of This Study:
To analyze the security and performance implications of different consensus and network layer protocol author has prepared a quantitative framework to carry out this study. Author’s framework is a combination of two key elements.

Figure:6 Components of Study Framework
** Pictures taken from ETH Zurich Research Report.

They are (i) POW Blockchain and (ii) Security Model. A blackchin instance is a proof of work blockchain instantiated by consensus layer and network layer parameter. As discussed earlier a consensus mechanism is what all the blocks in the network follow to validate a transaction. For example, Bitcoin uses a POW consensus layer mechanism which searches for a nonce value such that the current target value should be lesser than the hash value. In network layer two most important parameters for POW blockchain is
Block size: This defines how many transactions can be put into each block. If the block size is bigger then block propagation speed decreases. On the other side, it increases the stale block rate.

Information Propagation mechanism: This shows how information is delivered in peer to peer network. There are four types of standard information propagation mechanism:
Send Headers: Peers can directly issue a send header to directly receive block headers from its peer in future.

Unsolicited Block Push: A mechanism of broadcasting blocks by the miners without advertisement.
Relay Networks: It enhances the synchronization of miners of the common pool of transaction.
Hybrid Push/Advertisement System: A system which combines the use of push and advertisement system.

In the left-hand side, POW blockchain takes consensus and network parameters as input and gives output like block propagation time, throughput. To realistically capture the output of this POW based blockchain authors have put this blockchain on the simulators they have developed. These simulators take input parameter such as block interval, mining power as well as block size, propagation protocol, the location of miner’s etc. Stale block rate is an important output from this POW based blockchain because it gives the efficiency of peer to peer connection of an honest network. This Stale block rate is taken as an input to Security model. This model also takes different security parameters as input such as adversarial mining power, mining cost, number of required confirmation. The main objective of this model is to holistically compare the security and performance of different POW blockchain with different parameters as input. This security model is based on Markov decision Process and provides an optimal adversarial strategy for double spending and selfish mining as an output.
3.1Security Model:
Parameters for the Security Model:
Stale Block Rate: Stale block rate captures information propagation mechanism.

Mining Power: This is typically used in the study model to capture the fraction of the total mining power possessed by the adversary.
Block Confirmation Number: Total number of blocks required to confirm a transaction.

Impact of Eclipse Attack: This study model accounts for eclipse attack as well.

3.2 Markov Decision Process: (MDP)
The right tool for a problem which deals with “states” and “discrete events” with a certain probability is a Markov Decision Process (MDP). MDPs are a mathematical model which decides the best policy means in what sequence the actions should be implemented to maximize a goal. An MDP model has multiple states and actions. Actions are the transitions between states. In MDP each transition can happen with some probability. In this model, some actions might provide a reward or loss to occur. Figure 7 shows a graphical depiction of a Markov Decision Process. In the intended security and performance of POW study, MDP is based on four tuples. It is represented as follows M:=<S, A, P, R>. Where S represents state space, A is for representing actions, P is the stochastic transition matrix and R is the reward matrix.

Figure 7: A graphical depiction of MDP with states s_0, s_1, S_2 and action a_0, a_1.The two rewards are -1 and +5. (Figure created by MistWiz on WikiCommons).

In this model an adversary can perform the below actions:
Adopt: If an adversary thinks it can never win over an honest miner then it performs this action.

Override: If adversaries chain is longer than the honest miner then it overrides the honest mining chain.

Match: if the length of adversarial chain and honest chain are same then adversary perform this action.

Wait: If an adversary has not yet found a block then it continues mining until it finds one.

Exit: This action is performed during the double-spending attack.
Now state space S also has four-tuple namely length of honest chain, length of adversarial chain, blocks mined by eclipsed victim and fork. In the research, paper MDPs were built such a way which could provide justification when a rational attacker successfully double-spend or selfish mine.

Selfish Mining vs Double Spending: Main goal in selfish mining is to increase the relative share of the adversarial block in the main chain. In double spending, the adversary is more focused on earning maximum revenue. It is also found in the study that selfish mining is not always rational. Following an adversarial strategy for mining 1000 blocks with 30% hash power, an adversary can mine 209 blocks, but an honest miner can mine 300 blocks. In honest mining, an adversary can earn by mining a block. It also loses it’s reward if a block is adopted by the main chain. As the main chain poses maximum hash power, the probability is always high for an adversary to lose the competition.
Eclipse Attack: In this type of attack attacker takes control of peer to peer network and obscure target node’s view of the blockchain. The researcher has found attacker can saturate the connection to a target victim. It means all the connection to the victim would be bottlenecked and passed through attacker nodes so that it can manipulate the connections. Following eclipse attack scenarios are captured by our model:
No Eclipse Attack: This study model captures this case.

Isolate the Victim: This captures those cases where total mining power decreases. In return, it increases the fraction of mining power possessed by an adversary.

Exploit the eclipsed victim: Adversary uses victims mining power to expand its own chain.

3.3 Selfish Mining MDP:
As discussed previously the main goal of a selfish miner is to increase the relative number of adversary block in the main chain. In this study, the model author has captured that by optimizing the relative revenue. But there is a problem of applying single player MDP in this particular case because selfish miner deals with relative revenue. To overcome this problem the author has applied Sapirshtein el. Sapirshtein el proposes that an adversary with less than 33% of total hash power can make a profit from the network. This model captures various parameter such as block propagation time, block generation interval, block size and eclipse attack.

3.3.1 Optimal Strategies For Selfish Mining :
Authors have used MDP solver for finite state space MDP’s. The output author received from the model is below. Here the author tries to find the impact of stale block rate on selfish mining.

Figure 8: Selfish mining (Relative revenue vs Adversarial mining power)
** Pictures taken from ETH Zurich Research Report.

In Figure 8 author tries to understand how adversarial mining power influences the relative revenue of an attacker. For this he has put the adversarial mining power is in X-axis and relative revenue in the Y axis. The graph is drawn for a stale block rate of 1% and 10%. It is seen from this diagram that relative revenue increase with the increase of adversarial mining power. An upper bound is also taken in this diagram to understand the cases when the relative revenue of a selfish miner maximized by overriding a block of an honest chain. Figure 8 shows the upper bound exceeded when network delays and parameters are captured.

Figure 9: Relative revenue vs Stale rate
** Pictures taken from ETH Zurich Research Report.

In Figure 9 author tries to understand the relationship between stale block rate and relative revenue. He compares relative revenue in Y axis with stale block rate in X-axis for a mining power ? of .1 and .3 respectively. This diagram suggests a nonlinear relationship between relative revenue and stale block rate.

Author has also studied the impact of the eclipse attack in selfish mining. Figure 9 explains the relationship between eclipsed mining power ? and adversarial mining power ?. In this study the cases considered are
1. where adversary uses victims mining power ?
2. When an adversary uses honest miners blocks to advance its own chain.

It is seen for higher ? values selfish mining capability also increases. In this graph, an exceptional case is also observed for ?=.3 and ?=.38. For this situation, it is more profitable for an adversary not to include some of the victim’s blocks. Here victim’s blocks are accounted as a reward for the honest chain. This, in turn, reduces the block share of an adversary.

Figure 10: Eclipsed mining power vs Adversarial mining power
** Pictures taken from ETH Zurich Research Report.

3.4 Double Spending MDP: As discussed earlier in the double-spending rational adversary tries to maximize its profit. In double spending, it is assumed that loss in operational cost is less because the adversary can earn some goods or money in exchange for a transaction. In double spending, exit state can only be reached if the length of an adversarial chain is at least a block longer than the honest chain (la ; lh ) after k block confirmation for an honest chain with 1?? mining power. This is described in the below table 2. A question can arise during this study as the adversary is rational it is hard to reach an exit state. But it is found that in exit state adversary can earn a reward of


** Pictures taken from ETH Zurich Research Report.

3.4.1 Optimal Strategies for Double Spending: To create optimal strategies author has used the pymdtoolbox library and applied PolicyIteration algorithm. By this block confirmation value, k is received which is sufficient to make a safe transaction in presence of rational adversary in the network. To decide in a certain scenario if a rational adversary would do double spend or selfish mining, a minimum value of double spend vd must be determined. For achieving that author start with high double spending value so that exit state is reachable in optimal double spending strategy. Author has done this because the presence of exit state in policy ensures double spending is highly profitable. In this below Table -3 an example is shown for optimal strategy.

Table 3: Optimal Strategies for double spending.

** Pictures taken from ETH Zurich Research Report.

Here ? = 0.3,? = 0,rs = 0.41%,cm = ?,? = 0 and vd = 19.5. Length of adversary chain is la, taken as rows. Length of honest chain is lh. Three values of each entry are irrelevant, relevant and active. * means unreachable and w, a, e represents wait, adopt and exit respectively. In this example cut off value for honest chain and adversarial is taken as 20. This suggests both this chain length cannot be greater than the defined cut-off value. So what is the main goal of this analysis? The attacker must overcome a threshold if it wants to double spend with profit for a fixed number of confirmed block k. In the other cases it is more profitable to do honest mining. This result is illustrated in Figure 10. The x-axis shows how the adversarial mining power is influencing the threshold. Different values of k (the desired number of confirmations) lead to different curves.

The y-axis in Figure 10 shows how many successive blocks are needed to be mined before a double spending attack to be successful. For an adversary, around 30% mining power needs 6 block confirmation and the expected number of blocks is roughly 100.

An adversary with mining power of more than .25 needed less than 1000 blocks to successfully carry out double-spending attack.

Figure:10 Expected blocks for double spending rs = 0.41%, ? = 0, cm = ? and ? = 0.

** Pictures taken from ETH Zurich Research Report.

Here stale block rate is represented by rs. ?, cm represents the propagation parameter and maximum mining costs respectively.

Impact of Propagation Parameter: Propagation parameter signifies the connectivity efficiency in an adversarial chain. It suggests if connectivity increases in the adversarial network then adversarial mining power also increases. Author has put adversarial mining power in the X-axis and shown double spending transaction should have a threshold value. If transaction value is more than the threshold value, then only double spending is profitable. It can also be seen from Figure 11 that higher the propagation parameter ? lower the transaction value an adversary expects to double spend.

Figure:11 Impact of propagation parameter ? with respect to double spending transaction value.

** Pictures taken from ETH Zurich Research Report.

In this graph double spending value(vd) is taken in Y-axis and adversarial mining power(?) in the X-axis. If ? increase vd decreases.

Impact of mining costs: From the study, it is found that mining cost has a negligible impact on adversarial strategy. It is shown by the below Figure 12.

Figure 12: Impact of mining cost.

** Pictures taken from ETH Zurich Research Report.

Value of double spend (Vd) is in the Y-axis and adversarial mining power(?) in the X-axis. rs = 0.41%, ? = 0, ? = 0 Cm represents maximum mining cost ?vd is the difference in costs.

Impact of Stale Block Rate: In Figure 13 impact of stale block rate is explained for double spending. This below experiment is carried out for a mining power of .1 and .3 respectively. It can be seen if stale block rate grows the value of double spend decreases. Author has found double spending value of an adversary decreases from 9.2 to 6.4 block reward with mining power .3 and a stale block rate of 10% and 20 %.

Figure:13 Impact of stale block rate.

** Pictures taken from ETH Zurich Research Report.

Here Vd is the value of double spend in the Y-axis, Stale block rate in X-axis and adversarial mining power is represented by ?.

Impact of Eclipse Attack: The impact of eclipse attack is represented by Figure 14. It is assumed that an adversary attacks an honest block with ? eclipsed mining power. It can be observed eclipsed mining power increases with the increase of adversarial mining power. So eclipse attack is beneficial for an adversary. For example, an adversary with an adversary with ?=.025 and ? =.1 reduces the double spending value (vd) from 880 block reward to .75 block.

Figure 14: Full eclipse attack
** Pictures taken from ETH Zurich Research Report.

In Figure 14 eclipse mining power ? is in Y axis and adversarial mining power is in X axis and , rs = 0.41%, ? = 0 and cm = 0.

Bitcoin vs Ethereum: Figure 15 shows the reward required for a double spending attack to make a profit. The y-axes show the reward required from fraudulent behavior as multiples of the block reward, i.e. multiples of the reward of non-fraudulent behavior.
The figure also contrasts between Ethereum and Bitcoin. As a consensus algorithm both this chain uses proof of work, but the key difference is the block time. i.e. the duration between the generation of two blocks. Stale block rate increases because of shorter block times. It means the time gap between finding two blocks is much shorter in Ethereum. Thus, participant blocks more often return finding the same block which increases the stale block rate in the network.

Below points are observed by the author in the study.
First: Figure 15 shows 6 Bitcoin block confirmation is more resilient to double spending than that of 12 Ethereum block.

Second: Ethereum’s double spending resilience is better only for an adversary with less than 11% hash power.

Third: If block reward goes up blockchain is more resilient to double spending attack.

Figure 15: Double spending resistance of Ethereum vs Bitcoin
** Pictures taken from ETH Zurich Research Report.

Block reward is in the Y-axis and Adversarial mining power in the X-axis. Ethereum (k ?{6,12}) vs. Bitcoin (k = 6).

Author has also tried to compare both this block chains by equalling their stale block rate. It is observed that Ethereum’s security is lower in caparison to bitcoin Figure 16 explains the following.

Figure 16: Comparison between Ethereum and Bitcoin.

** Pictures taken from ETH Zurich Research Report.

Value of double spend is on the Y-axis and Adversarial mining power is in the X-axis. Here k is 6, rs = 6.8% and their difference is ?vd.