EFAW: a new mining attack model combining FAW attacks with the Eclipse attack

3.1. Attack overview

We combine FAW attacks with the eclipse attack to propose a new attack model called EFAW attacks. The attacker dispatches his computational power into two parts: honest mining and infiltration mining. The attack behaviors of these two parts of computational power are the same as in FAW attacks. At the same time, the attacker launches an eclipse attack on the nodes within the victim pool to gain control over the information of these affected nodes (including both incoming and outgoing data). The purpose of the attack is to control the PoWs submitted by these affected nodes. For a PPoW, the attacker has the option to choose not to include it in the consensus process. This means that the workload submitted by that node will not be accepted and confirmed by other nodes, thereby increasing the attacker’s share of rewards from the infiltration computational power within the victim pool. For an FPoW, the pool manager retains it and strategically releases it to create a branch in the system for additional rewards. This paper proposes an EFAW attack model for a single pool and two pools, provides an expression of the expected reward, and compares it with the original FAW reward. Next, we will provide a detailed description of this attack tactic.

3.2. Attack overview

To simplify our analysis, we made some reasonable assumptions about the variables in the experiment.

$$ \bullet $$ We have normalized the total computational power in the entire blockchain system to 1, and the computational power of any participant is necessarily less than 1;

$$ \bullet $$ The computing power of any miner or pool in the system must be less than 0.5 to avoid the possibility of a “51% attack” in the network;

$$ \bullet $$ There is only one attacker in the system, and there is no hybrid model of multiple attacks or any other form of attack other than EFAW attacks;

$$ \bullet $$ We have standardized the actual reward for each valid block to 1 instead of using the current system’s actual reward of 12.5 Bitcoins, and we represent it in terms of expected probabilities;

$$ \bullet $$ In this system, unintentional forks do not exist. Moreover, the probability that a miner will find a valid block is equal to its normalized computing power;

$$ \bullet $$ The pool manager broadcasts the block generated by the miner in the network, and if a block is successfully added to the main chain and confirmed, then the pool will earn a reward for the response. Finally, the manager will distribute the rewards based on the number of shares (FPoWs and PPoWs) submitted by each miner in this round.

4.1. Theoretical Analysis

The model for the attacker launching an EFAW attack against an honest mining pool is depicted in Figure 1. The model includes two mining pools: pool A is the attack pool, and pool B is the victim pool. The manager of pool A divides their computational power into two parts: one part is used for honest mining, and the other part is dispatched as infiltrating miners in pool B. At the same time, pool A launches the eclipse attack on pool B; those miners who are controlled by pool A are called eclipsed miners. Note that honest miners and infiltrator miners in pool A submit FPoWs and PPoWs to pool A’s manager. However, the FPoWs and PPoWs submitted by the eclipsed miners are also controlled by the pool A manager. The manager immediately publishes the FPoW submitted by honest miners, discards the PPoWs submitted by eclipsed miners, and retains the FPoWs submitted by infiltrator miners and eclipsed miners. The specific strategies will be detailed in this section, with the relevant parameters listed in Table 1.

Figure 1. EFAW attacks against a single mining pool. The left is the EFAW attack pool A, and the right is the victim mining pool B. EFAW: Eclipse Fork After Withholding; FPoW: Full Proof-of-Work; PPoW: Partial Proof-of-Work.

In this case, the attacker allocates $$ 1-\tau \alpha $$ computational power for honest mining in their mining pool and $$ \tau \alpha $$ computational power for infiltrating mining in the victim pool. The computational power of the victim pool is denoted as $$ \beta $$ (excluding the infiltrating computational power), including the computational power of the eclipsed miners, denoted as $$ \text{q}\beta $$. The parameter $$ \text{c} $$ is closely related to the network capabilities of both the attacker and the Bitcoin network’s topology^[32]. It is a coefficient that accounts for the relationship between the attacker’s network capabilities and the topology of the Bitcoin network.

Firstly, we analyze the attack pool A, where neither the infiltration miners nor the eclipsed miners find an FPoW. At this point, when an honest miner finds an FPoW, the manager immediately submits the FPoW. Three cases will occur when the infiltration miner or the eclipsed miner finds an FPoW: (1) If the honest miner from pool A finds an FPoW, the pool A manager will discard the FPoW found by the infiltration miner or the eclipsed miner; (2) If the honest miner from pool B finds an FPoW, the manager will also discard the FPoW found by the infiltration miner or the eclipsed miner; (3) If another honest miner submits a valid block, the manager immediately submits the retained FPoW, resulting in a fork in the Bitcoin network. This action is part of the EFAW attack strategy to disrupt the consensus and potentially gain extra advantages or rewards for pool A.

In conclusion, when an attack launches the EFAW attack against a victim pool, there can be five possible cases in the Bitcoin network, and the total probability of these five cases sums up to 1 [Figure 2]. Next, we analyze the reward for the EFAW attack strategy and give the expected reward expression for pool A.

Figure 2. The possible consequences of an EFAW attack against a single mining pool. The green blocks represent the attacker can earn rewards, so he can earn rewards in four cases: Cases A-D. EFAW: Eclipse Fork After Withholding.

Theorem 4.1. The rewards that the attack pool A can earn by launching an EFAW attack against pool B:

Proof: Firstly, the attack pool A can earn block rewards through honest mining and infiltration mining. As shown in Figure 2, when an honest miner in pool A submits a valid block, they earn the full reward, and the probability is $$ \frac{1-\tau \alpha }{1-\tau \alpha -\text{q}\beta } $$ (Case A in Figure 2). The PPoWs submitted by the eclipsed miners are discarded by the attacker; this part of the computational power cannot earn a reward. Therefore, the reward ratio that the attack pool A can earn when the victim pool B submits a valid block is $$ \frac{\tau \alpha }{1-\text{q}\beta +\tau \alpha } $$. Three cases can happen, as shown in Cases B-D: The reward that the attacker can earn is $$ \frac{(1-q)\beta }{1-\tau \alpha -q\beta }\cdot \frac{\tau \alpha }{1-\text{q}\beta +\tau \alpha } $$ (Case B in Figure 2). The attacker submits that the FPoW found by an infiltration miner generates a fork in the system, and the FPoW the attacker submitted is selected as the main chain. At this point, the reward is $$ c\tau\beta \cdot \frac{1-\alpha -\beta }{1-\tau \alpha -q\beta }\cdot \frac{\tau \alpha }{1-\text{q}\beta +\tau \alpha } $$ (Case C in Figure 2). The attacker submits the FPoW found by the eclipsed miner to generate a fork, and the FPoW is selected as the main chain. The reward is $$ cq\beta \cdot \frac{1-\alpha -\beta }{1-\tau \alpha -q\beta }\cdot \frac{\tau \alpha }{1-\text{q}\beta +\tau \alpha } $$ (Case D in Figure 2). Therefore, the attacker’s rewards can be expressed in Equation (1).

To maximize the reward, the attacker will reasonably allocate her computational power to infiltration miners and honest miners. We set the ratio of computing power for $$ {{R}_{A}} $$ maximization to $$ \overline{\tau } $$, and we can obtain the optimal $$ \overline{\tau } $$ by solving this equation $$ \frac{\partial {{R}_{A}}}{\partial \tau }=0 $$.

Theorem 4.2. The reward of the EFAW attack is greater than or equal to FAW attacks, and when the eclipse attack does not isolate the victim pool’s miner nodes, the EFAW attack will degrade into an FAW attack.

Proof: Compared to the FAW attack, the key feature of the EFAW attack is the combination of eclipse attacks. Control the network view of some nodes and use the computing power of these nodes to illegally mine for more rewards. Firstly, since the PPoWs submitted by the eclipsed nodes are discarded by the pool A manager, the reward for miners in pool A who participate in infiltration mining increases. Secondly, the attacker will strategically release the FPoW submitted by the eclipsed miner to create forks in the blockchain. If the block wins in the competition, the infiltration miners earn more rewards in pool B. Therefore, the reward for launching an EFAW attack is higher than for an FAW attack. However, when the attacker has not controlled miner nodes by the eclipse attack, the reward for the EFAW attack is equal to the reward for the FAW attack.

As described in Theorem 4.2, the attacker can earn more rewards by combining FAW attacks with the eclipse attack, and this extra reward comes from the victim pool B. Next, we analyze the loss of rewards from the victim pool B and give the expected reward expression.

Theorem 4.3. The rewards that the victim pool B can earn under the EFAW attack strategy:

Proof: The victim pool B can be rewarded in the following three cases. In the first case, an honest miner in pool B finds a valid block with a probability of $$ \frac{(1-q)\beta }{1-\tau \alpha -\text{q}\beta } $$. In the second case, the valid block submitted by an infiltration miner wins the competition with a probability of $$ c\tau \alpha \cdot \frac{1-\alpha -\beta }{1-\tau \alpha -\text{q}\beta } $$. In the third case, the block submitted by an eclipsed miner is chosen as the main chain with a probability of $$ cq\beta \cdot \frac{1-\alpha -\beta }{1-\tau \alpha -\text{q}\beta } $$. Since the PPoWs submitted by the eclipse victim miners are discarded by the manager of pool A, the proportion of rewards that pool B can earn is $$ \frac{(1-q)\beta }{(1-q)\beta +\tau \alpha } $$. Thus, the expected reward of pool B is shown in Equation (2).

4.2. Quantitative analysis and simulation

To analyze the reward of the attack pools A and B, we introduce a relative extra reward (RER) under the EFAW attack model on a single mining pool, defined as the ratio of extra reward to honest mining reward. Pool A can be represented by Equation (3) and pool B by Equation (4). $$ RER_h $$ represents the reward earned by the pool for honest mining. It is worth noting that when RER is negative, it means that the pool’s reward is lower than that of honest mining under this attack model.

Firstly, we consider a specific situation: the computational power of the attack pool A and the computational power of the victim pool B are both 0.2, the proportion of the eclipsed miners is not more than 0.5 (0 $$ \leq $$ q $$ \leq $$ 0.5), and the probability of the FPoW submitted by the infiltration miner or the eclipsed miner being selected as the main chain is not greater than 1 (0 $$ \leq $$ c $$ \leq $$ 1). At this point, we observe the changes in the RERs $$ RER_A^{'} $$ and $$ RER_B^{'} $$ of pools A and B [Figure 3].

Figure 3. The changes in RERs when an attacker launches an EFAW attack against a single mining pool. (A) Changes in the attacker’s relative additional rewards when launching an EFAW attack against a single mining pool; (B) Changes in the victim pool’s relative additional rewards when launching an EFAW attack against a single mining pool. A negative number in the victim pool on the right represents a loss of rewards. EFAW: Eclipse Fork After Withholding; RERs: relative extra rewards.

Following Figure 3A, the EFAW attack has a greater increase in RERs than FAW attacks. We observe that the $$ RER_A^{'} $$ is an increasing function of $$ \text{q} $$. Because the more victim pool miners the attacker intercepts, the greater the proportion of the penetration computational power that the attacker puts into the victim pool according to the optimal penetration ratio to the total computational power of the victim pool, the more rewards the attacker earns. When q reaches the threshold of 0.5, the attack pool can gain up to a maximum of 32.54% RERs. However, when $$ \text{q}=\text{0} $$, the EFAW attack reverts to FAW attacks.

Additionally, Figure 3B indicates that in the presence of an EFAW attack, the victim pool always incurs losses, and the reward for loss increases with the increase of the proportion of the eclipsed miners. This is because the PPoWs are discarded by the attacker, leading to no rewards for them. As $$ \text{c} $$ increases, the loss of the victim pool gradually decreases since it can also gain rewards from the block selected as the main chain.

Similarly, we give a comparison of the RERs between an EFAW attack and an FAW attack. Considering the consumption of resources required to launch an eclipse attack, we set $$ \text{q} $$ as 0.05 in the experiment, which is a reasonable value. Assume pool A’s computational power is 0.2. We show the expected RER of the attack pool to launch the EFAW attack against the victim pool with 0.1, 0.2, and 0.3 computational power, respectively, corresponding to Cases 1-3 in Figure 4. It indicates that when we combine an FAW attack with an eclipse attack to form an EFAW attack, we can earn more rewards. Even if $$ \text{c} $$ is 0, the EFAW attack is still better than FAW attacks.

Figure 4. Comparison of RERs (%) that launch the EFAW attack and an FAW attack against a single mining pool. The solid line represents the EFAW attack, and the dashed line represents the FAW attack. EFAW: Eclipse Fork After Withholding; FAW: Fork After Withholding; RERs: relative extra rewards.

4.3. Simulation experiments

To further validate the accuracy of our quantitative analysis results, we used the following system setup: Intel® Core™ i5 – 93000H CPU @ 2.40 GHz, 16 GB RAM, and 64-bit processor on Windows 10. We use this setup to implement a Monte Carlo simulator to verify our theoretical analysis. We follow the basic steps of the Monte Carlo method, simulate the process of generating blocks and the fork competition process, and combine it with matlat implementation to conduct simulation analysis.

Firstly, simulate the block generation process. New blocks may be discovered by five subjects: honest miners in the attacking pool, honest miners in the victim pool, infiltration miners, eclipsed miners, and other miners. Among them, the probability of discovery by each subject is proportional to its computing power. In this paper, we simulate a scenario involving competition among five subjects by generating a random number r [r = rand ()] of the average price distribution between (0, 1) and determine whether the r value falls within a specific range; that is: (1) $$ \text{r}\in [0, (1-\tau )\alpha] $$, it is considered that the attacker’s honest miner discovers a new block; (2) $$ \text{r}\in ((1-\tau )\alpha , (1-\tau )\alpha +(1-q)\beta ) $$, it is considered that the victim pool’s honest miner discovers a new block; (3) $$ \text{r}\in ((1-\tau )\alpha +(1-q)\beta , \alpha +(1-q)\beta ) $$, it is considered that the infiltration miner discovers a new block; (4) $$ \text{r}\in [\alpha +(1-q)\beta , \alpha +\beta] $$, it is considered that the eclipsed miner discovers a new block; (5) $$ \text{r}\in (\alpha +\beta , 1) $$, it is considered that another miner discovers a new block. If a new block is discovered by an infiltrator or an eclipsed miner, a random number simulation is performed in this case, and the simulated time fork competition is the case. Set the reward to $$ R $$, $$ R=R+1 $$ when the block submitted by the honest miner of the attack pool is selected as the main chain, and $$ R=R+\frac{(1-q)\beta }{1-\tau \alpha -q\beta }\cdot \frac{\tau \alpha }{1-\text{q}\beta +\tau \alpha } $$ when the block submitted by the victim pool’s honest miner, the infiltration miner, or the eclipsed miner is selected as the main chain; When the block submitted by another miner is selected as the main chain, then $$ R=R $$. For the three cases in Figure 4, we run the simulator for $$ 10^{9} $$ rounds. The results are shown in Table 2, and the RER (%) of the attacker who launched the EFAW attack is almost the same as expected, confirming the calculation results.

5.1. Theoretical analysis

Firstly, we introduce a model in which an attacker attacks two honest mining pools [Figure 5]. In this model, there are two honest mining pools labeled B and C, respectively. The EFAW attack pool is represented by A. Similarly, the pool A manager divides the computational power into two parts; one part is for honest mining, and the other part is dispatched to victim pools B and C as infiltration miners to do infiltration mining. The attacker simultaneously launches the eclipse attack on pool B and pool C to control all peer connections of some victim nodes. As in Section 4, the attacker discards the PPoWs submitted by the eclipsed nodes, keeps its FPoW submitted by the infiltration miner, and strategically releases it at the opportune time.

Figure 5. EFAW attacks against two victim mining pools. The one in the middle is EFAW attack pool A, the left is victim mining pool B, and the right is victim mining pool C. EFAW: Eclipse Fork After Withholding; FPoW: Full Proof-of-Work; PPoW: Partial Proof-of-Work.

Let the computational power of the attack pool A be $$ \alpha $$, and the computational power of the victim pool B and pool C be $$ {{\beta }_{1}} $$ and $$ {{\beta }_{2}} $$, respectively. The pool A manager dispatches $$ {{\tau }_{1}} $$ and $$ {{\tau }_{2}} $$ the proportion of computational power to infiltration mining in pool B and pool C, respectively, while the remaining $$ (1-{{\tau }_{1}}-{{\tau }_{2}})\alpha $$ proportion of computational power is used for honest mining. At the same time, the attack pool A launches the eclipse attack on pool B and pool C to control their $$ {{\text{q}}_{1}} $$ and $$ {{\text{q}}_{2}} $$ proportion computational power, respectively. $$ c_{i}^{'} $$ and $$ c_{i}^{''} $$ indicate the probability that pool B and pool C will be chosen as the main chain in the case of two or three branches. Table 3 lists the parameters.

In our model, when an attacker launches the EFAW attack against two mining pools, the Bitcoin network may generate a fork of two branches or a fork of three branches [Figure 6]. If the FPoW submitted by an infiltration miner or eclipse victim miner in pool B or pool C is retained by the pool A manager, when other honest miners submit blocks, the manager will immediately submit the FPoW to generate a fork. Next, we analyze the rewards earned by the attack pool A in this model. The rewards are as follows:

Figure 6. The possible consequences of an EFAW attack against two victim mining pools. The green blocks represent the attacker can earn rewards, so he can earn rewards in six cases: Cases A-F. EFAW: Eclipse Fork After Withholding.

Proof: Pool A can earn block rewards through two parts: honest mining and infiltration mining. This is shown in Figure 6: If an honest miner of pool A submits a valid block, the pool earns the full block reward: $$ \frac{(1-{{\tau }_{1}}-{{\tau }_{2}})\alpha }{1-({{\tau }_{1}}+{{\tau }_{2}})\alpha -{{q}_{1}}{{\beta }_{1}}-{{q}_{2}}{{\beta }_{2}}} $$ (Case A in Figure 6). When an honest miner finds an FPoW in the victim pool B, the reward is $$ \frac{(1-{{q}_{1}}){{\beta }_{1}}}{1-({{\tau }_{1}}+{{\tau }_{2}})\alpha -{{q}_{1}}{{\beta }_{1}}-{{q}_{2}}{{\beta }_{2}}}\cdot \frac{{{\tau }_{1}}\alpha }{(1-{{q}_{1}}){{\beta }_{1}}+{{\tau }_{1}}\alpha } $$ (Case B in Figure 6). When an honest miner in pool C finds an FPoW, the reward is $$ \frac{(1-{{q}_{2}}){{\beta }_{2}}}{1-({{\tau }_{1}}+{{\tau }_{2}})\alpha -{{q}_{1}}{{\beta }_{1}}-{{q}_{2}}{{\beta }_{2}}}\cdot \frac{{{\tau }_{2}}\alpha }{(1-{{q}_{2}}){{\beta }_{2}}+{{\tau }_{2}}\alpha } $$ (Case C in Figure 6). If the FPoW found by the infiltration miner or eclipse victim miner in pool B is submitted by the attacker manager and wins the competition. At this point, the reward is $$ c_{1}^{'}({{\tau }_{1}}\alpha +{{q}_{1}}{{\beta }_{1}})\cdot \frac{1-\alpha -{{\beta }_{1}}-{{\beta }_{2}}}{1-{{\tau }_{1}}\alpha -{{q}_{1}}{{\beta }_{1}}}\cdot \frac{{{\tau }_{1}}\alpha }{(1-{{q}_{1}}){{\beta }_{1}}+{{\tau }_{1}}\alpha } $$ (Case D in Figure 6). Similarly, the pool A manager submits an FPoW found by an infiltration miner or eclipse victim miner in pool C to earn the reward, which is $$ c_{2}^{'}({{\tau }_{2}}\alpha +{{q}_{2}}{{\beta }_{2}})\cdot \frac{1-\alpha -{{\beta }_{1}}-{{\beta }_{2}}}{1-{{\tau }_{2}}\alpha -{{q}_{2}}{{\beta }_{2}}}\cdot \frac{{{\tau }_{2}}\alpha }{(1-{{q}_{2}}){{\beta }_{2}}+{{\tau }_{2}}\alpha } $$ (Case E in Figure 6). Next, we discuss the case where three forks arise in the system (Case F in Figure 6). If an infiltration miner or the eclipsed miner in pool B wins in the fork competition, the attack pool A can earn the following rewards: $$ c_{1}^{''}({{\tau }_{1}}\alpha +{{q}_{1}}{{\beta }_{1}})\cdot \frac{{{\tau }_{2}}\alpha +{{q}_{2}}{{\beta }_{2}}}{1-{{\tau }_{1}}\alpha -{{q}_{1}}{{\beta }_{1}}} $$$$ \cdot \frac{1-\alpha -{{\beta }_{1}}-{{\beta }_{2}}}{1-({{\tau }_{1}}+{{\tau }_{2}})\alpha -{{q}_{1}}{{\beta }_{1}}-{{q}_{2}}{{\beta }_{2}}}\cdot \frac{{{\tau }_{1}}\alpha }{(1-{{q}_{1}}){{\beta }_{1}}+{{\tau }_{1}}\alpha } $$, and if an infiltration miner or eclipse victim miner in pool C wins, the rewards that pool A can earn is $$ c_{2}^{''}({{\tau }_{2}}\alpha +{{q}_{2}}{{\beta }_{2}})\cdot \frac{{{\tau }_{1}}\alpha +{{q}_{1}}{{\beta }_{1}}}{1-{{\tau }_{2}}\alpha -{{q}_{2}}{{\beta }_{2}}} $$$$\cdot \frac{1-\alpha -{{\beta }_{1}}-{{\beta }_{2}}}{1-({{\tau }_{1}}+{{\tau }_{2}})\alpha -{{q}_{1}}{{\beta }_{1}}-{{q}_{2}}{{\beta }_{2}}}\cdot \frac{{{\tau }_{2}}\alpha }{(1-{{q}_{2}}){{\beta }_{2}}+{{\tau }_{2}}\alpha } $$. Thus, the total rewards for pool A can be represented by Equation (5).

To earn more rewards, the attackers should choose the appropriate $$ {{\tau }_{1}} $$ and $$ {{\tau }_{2}} $$ to maximize their rewards. $$ {{\tau }_{1}} $$ and $$ {{\tau }_{2}} $$ can be obtained by solving the optimization equation: $$ \overset{\arg \max }{\mathop{{{\tau }_{1}}, {{\tau }_{2}}}}\, {{R}_{A}} $$. Among them, it can be deduced that the values of $$ {{\tau }_{1}} $$ and $$ {{\tau }_{2}} $$ are related to $$ {{q}_{1}} $$, $$ {{q}_{2}} $$, $$ {{\beta }_{1}} $$, and $$ {{\beta }_{2}} $$, and the relationship between them can be expressed as $$ \frac{{{\tau }_{1}}\alpha +{{q}_{1}}{{\beta }_{1}}}{{{\beta }_{1}}}=\frac{{{\tau }_{2}}\alpha +{{q}_{2}}{{\beta }_{2}}}{{{\beta }_{2}}} $$.

5.2. Quantitative analysis

Next, we use a specific case to show the RER(%) that an attacker can earn by launching an EFAW attack against two mining pools. For ease of calculation, we set the computational power $$ \alpha $$ of the attack pool A to 0.2. The computational powers of the victim pools B and C are 0.1 and 0.2, respectively. $$ c $$ represents the ratio of the probability of winning the competition to the number of branches of valid blocks intercepted and submitted by the pool A manager $$ (0\le c\le 1) $$. At the same time, we assume that both pools have the same proportion of mining power by eclipsed miners, expressed by $$ \text{q} (0\le {{q}_{1}}={{q}_{2}}\le 0.5) $$.

Figure 7 shows that it is always profitable for an attacker to launch an EFAW attack against two mining pools and earn a higher reward than an FAW attack. Similarly, the RER for launching an EFAW attack against two mining pools is proportional to $$ {{q}_{{}}} $$, and the maximum rewards can even reach 43.16% when $$ q=0.5 $$ and $$ c=1 $$.

Figure 7. The changes in RERs when an attacker launches an EFAW attack against two victim mining pools. The rewards earned by the attacker gradually increase from dark blue to light yellow. EFAW: Eclipse Fork After Withholding; RERs: relative extra rewards.

Secondly, we compare the RERs for launching an EFAW attack against two mining pools with an FAW attack. We also assume that the computational power of the attack pool A $$ \alpha $$ is 0.2 and launch attacks on the victim pools B and C in the following three cases, respectively. Cases 1-3 represent two victim pools with computational power ($$ {{\beta }_{1}} $$, $$ {{\beta }_{2}} $$) equal to (0.1, 0.1), (0.1, 0.2), and (0.2, 0.2), respectively. We set $$ {{q}_{1}}={{q}_{2}}=0.05 $$ and change the probability $$ c $$ of a malicious fork submitted by an attacker being chosen as the main chain. At this point, the RER of pool A is shown in Figure 8. It is clear that same as attacking a single mining pool when an eclipse attack controls and exploits a subset of the victim nodes, the attacker can always earn a higher reward by launching the EFAW attack than an FAW attack, and the larger of $$ c $$, the higher the RER.

Figure 8. The changes in RERs when an attacker launches an EFAW attack against two victim mining pools. The solid line represents the EFAW attack, and the dashed line represents the FAW attack. EFAW: Eclipse Fork After Withholding; FAW: Fork After Withholding; RERs: relative extra rewards.

5.3. Simulation experiments

Similarly, we validate our theoretical analysis through Monte Carlo simulators. As with the previous experiment, the difference is that this experiment has eight subjects: honest miners in the attacking pool, honest miners in the victim pool B, honest miners in the victim pool C, infiltration miners in the victim pool B, infiltration miners in the victim pool C, eclipsed miners in the victim pool B, eclipsed miners in the victim pool C, and other miners. We run $$ 10^{9} $$ rounds of simulation for the three cases in Figure 8, and the results are shown in Table 4. The RER of the attacker who launched the EFAW attack was almost the same as expected, confirming the calculations.

Acknowledgments

We have received quite a bit of support and help throughout the writing of this article. First of all, we would like to thank Wu Senkai and Xiao Zihan for their valuable suggestions on the ideas and arguments of this article. Their insightful feedback has facilitated the improvement of our thought process and improved the quality of my work. In addition, we would like to thank Wenjie He and Xuesheng Zhang for their suggestions on the format of the paper.

Authors’ contributions

Made substantial contributions to the conception and design of the study, reviewed this paper, and provided administrative, financial, and technical support: Wang J

Significantly contributed to the idea of this paper, conducted experimental data collection, and wrote this paper: Wang Z

Availability of data and materials

The data that support the findings of this study are available upon reasonable request from the corresponding author, Wang J.

Financial support and sponsorship

None.

Conflicts of interest

All authors declared that there are no conflicts of interest.

Ethical approval and consent to participate

Not applicable.

Consent for publication

Not applicable.

Copyright

© The Author(s) 2023.