pith. sign in

arxiv: 2604.14135 · v2 · pith:VPNC3UNKnew · submitted 2026-04-15 · 💻 cs.CR · cs.DC· cs.IT· math.IT· math.PR

Temporary Power Adjusting Withholding Attack

Mustafa Doger , Sennur Ulukus This is my paper

Pith reviewed 2026-05-21 00:34 UTC · model grok-4.3

classification 💻 cs.CR cs.DCcs.ITmath.ITmath.PR
keywords block withholding attackmining poolsproof of worktemporary withholdingcryptocurrency securityadversarial miningpool vulnerability
0
0 comments X

The pith

Finite-time block withholding in pools gives small miners unbounded extra rewards over indefinite withholding.

A machine-rendered reading of the paper's core claim, the machinery that carries it, and where it could break.

The paper shows that the established Power Adjusting Withholding attack, which withholds blocks indefinitely, is not optimal for an adversary. A generalized strategy called Temporary PAW limits withholding to a finite maximum time T and produces extra rewards that grow without bound as the adversary's hash power fraction, the target pool size, and the adversary's network influence all shrink. This matters because the gains remain non-trivial even without difficulty adjustments, allowing small miners to profit immediately by attacking the very pools they join. The result reveals that pooled mining structurally turns its smallest participants into potential attackers rather than only contributors.

Core claim

We show that PAW attack corresponds to T→∞ and is not optimal. In fact, the extra reward of T-PAW compared to PAW improves by an unbounded factor as adversarial hash fraction α, pool size β and adversarial network influence γ decreases. For example, the extra reward of T-PAW is 22 times that of PAW when an adversary targets a pool with (α,β,γ)=(0.05,0.05,0). We show that honest mining is sub-optimal to T-PAW even when there is no difficulty adjustment and the adversarial revenue increase is non-trivial, e.g., for most (α,β) at least 1% within 2 weeks in Bitcoin even when γ=0. Hence, T-PAW exposes a significant structural weakness in pooled mining—its primary participants, small miners, are n

What carries the argument

Temporary Power Adjusting Withholding (T-PAW), the rule of withholding one full proof-of-work from the pool for at most a finite time T even when no other block appears, which reduces to standard PAW only in the limit T to infinity.

If this is right

  • Honest mining yields strictly lower revenue than T-PAW even in the absence of difficulty adjustment.
  • For most combinations of alpha and beta the adversary obtains at least a 1 percent revenue lift within two weeks when gamma is zero.
  • The ratio of extra reward from T-PAW over PAW grows without bound as alpha, beta, and gamma all approach zero.
  • Small miners become immediate potential adversaries rather than stable contributors to the pools they join.

Where Pith is reading between the lines

These are editorial extensions of the paper, not claims the author makes directly.

  • Pools could reduce exposure by adding detection rules that flag short-duration full-proof withholding rather than only long-term patterns.
  • The same finite-time strategy may apply to other proof-of-work systems that rely on pooled mining and similar reward sharing.
  • Larger pools or reward formulas that penalize brief absences might shrink the incentive for T-PAW without changing the core protocol.

Load-bearing premise

An adversary can precisely control and carry out finite-time withholding of a complete proof-of-work without the pool detecting it or making adjustments outside the parameters alpha, beta, and gamma.

What would settle it

A direct simulation of the Bitcoin block arrival process with alpha equal to 0.05, beta equal to 0.05, and gamma equal to 0 that measures whether the revenue ratio of optimal finite-T withholding to infinite withholding reaches approximately 22.

Figures

Figures reproduced from arXiv: 2604.14135 by Mustafa Doger, Sennur Ulukus.

Figure 1
Figure 1. Figure 1: Evolution of a T-PAW attack cycle. B. Relation to Existing Strategies First, note that when T = 0, the T-PAW reduces to honest mining strategy irrespective of p1, p2 values. On the other hand, when T → ∞, T-PAW reduces to PAW described in [9].3 Our analysis suggests that for many parameters, especially when α, β, γ are small, T → ∞ is not optimal and there is a large room for improvement compared to PAW. S… view at source ↗
Figure 2
Figure 2. Figure 2: Revenue ratio (ρA) maximization, γ = 0. A. Numerical Maximization of ρA We pick γ = {0, 0.5} and present the RERs for the adversary and the honest non-pool miners for all values of α + β < 0.5 (with ǫ = 0.003 increments in α and β) for both PAW and T￾PAW in [PITH_FULL_IMAGE:figures/full_fig_p005_2.png] view at source ↗
Figure 5
Figure 5. Figure 5: Revenue change maximization at t1, γ = 0. maximized relative values in [PITH_FULL_IMAGE:figures/full_fig_p006_5.png] view at source ↗
Figure 4
Figure 4. Figure 4: RER for PAW and T-PAW for 5 cases. with the T-PAW strategy is superior to honest strategy for those parameters even when there is no DAA. The RERs and profit lag curves suggest that for high β values the optimal values of PAW and T-PAW overlap. In fact, when we investigate the optimal p † 1 , p † 2 values obtained from PAW and p ‡ 1 , p ‡ 2 , T ‡ from T-PAW, we notice that there is a diagonal boundary line… view at source ↗
read the original abstract

We consider the block withholding attacks on pools, more specifically the state-of-the-art Power Adjusting Withholding (PAW) attack. We propose a generalization called Temporary PAW (T-PAW) where the adversary withholds a fPoW from pool mining at most $T$-time even when no other block is mined. We show that PAW attack corresponds to $T\to\infty$ and is not optimal. In fact, the extra reward of T-PAW compared to PAW improves by an unbounded factor as adversarial hash fraction $\alpha$, pool size $\beta$ and adversarial network influence $\gamma$ decreases. For example, the extra reward of T-PAW is 22 times that of PAW when an adversary targets a pool with $(\alpha,\beta,\gamma)=(0.05,0.05,0)$. We show that honest mining is sub-optimal to T-PAW even when there is no difficulty adjustment and the adversarial revenue increase is non-trivial, e.g., for most $(\alpha,\beta)$ at least $1\%$ within $2$ weeks in Bitcoin even when $\gamma=0$ (for PAW it was at most $0.01\%$). Hence, T-PAW exposes a significant structural weakness in pooled mining-its primary participants, small miners, are not only contributors but can easily turn into potential adversaries with immediate non-trivial benefits.

Editorial analysis

A structured set of objections, weighed in public.

Desk editor's note, referee report, simulated authors' rebuttal, and a circularity audit. Tearing a paper down is the easy half of reading it; the pith above is the substance, this is the friction.

Referee Report

1 major / 1 minor

Summary. The paper proposes Temporary Power Adjusting Withholding (T-PAW), a finite-time generalization of the Power Adjusting Withholding (PAW) attack on cryptocurrency mining pools. The adversary withholds a full proof-of-work for at most T time units. The authors claim that standard PAW corresponds to the limit T→∞ and is suboptimal, with the extra reward of T-PAW over PAW improving by an unbounded factor as adversarial hash fraction α, pool size β, and adversarial network influence γ decrease. Concrete claims include a 22-fold extra-reward improvement for (α,β,γ)=(0.05,0.05,0) and non-trivial revenue gains of at least 1% within 2 weeks in Bitcoin for most (α,β) even without difficulty adjustment when γ=0 (compared to at most 0.01% for PAW).

Significance. If the derivations hold under the model assumptions, the result would be significant for blockchain security research by showing that small miners can obtain immediate non-trivial benefits from temporary withholding, exposing a structural weakness in pooled mining. The explicit comparison of T-PAW to PAW, the unbounded-factor claim as parameters approach zero, and the concrete Bitcoin-scale gain estimates without difficulty adjustment are potentially impactful for understanding attack incentives and informing pool defenses.

major comments (1)
  1. [Attack Model and Revenue Calculations] The revenue model (abstract and subsequent analysis) assumes the adversary can execute finite-T withholding of a full proof-of-work while the pool continues to treat the miner as honest, with no term for detection via statistical tests on submission timing, share-to-block ratio, or rate anomalies. This assumption is load-bearing for the central claim of an unbounded extra-reward factor as α, β, γ → 0, yet for small α and β the longer inter-event times would make such tests more powerful; introducing any positive detection probability would reduce expected revenue and invalidate the unbounded improvement in the practical regime.
minor comments (1)
  1. [Abstract] The abstract introduces parameters α, β, γ without inline definitions or references to their precise meanings in the model equations, which could be clarified for readers.

Simulated Author's Rebuttal

1 responses · 0 unresolved

We thank the referee for the careful review and constructive feedback on our manuscript. We address the major comment below and will incorporate a partial revision to discuss detection considerations.

read point-by-point responses

  1. Referee: The revenue model (abstract and subsequent analysis) assumes the adversary can execute finite-T withholding of a full proof-of-work while the pool continues to treat the miner as honest, with no term for detection via statistical tests on submission timing, share-to-block ratio, or rate anomalies. This assumption is load-bearing for the central claim of an unbounded extra-reward factor as α, β, γ → 0, yet for small α and β the longer inter-event times would make such tests more powerful; introducing any positive detection probability would reduce expected revenue and invalidate the unbounded improvement in the practical regime.

    Authors: We appreciate the referee's point on the modeling assumptions regarding detection. Our analysis, like the original PAW work, derives revenues under the assumption that the attack proceeds undetected by the pool. This framework permits us to establish the mathematical result that the extra-reward improvement of T-PAW over PAW becomes unbounded as α, β, and γ approach zero, along with the concrete numerical examples such as the 22-fold gain at (0.05, 0.05, 0). We agree that statistical tests on submission timing, share-to-block ratios, or rate anomalies could become more effective for small α and β due to longer inter-event intervals, and that a positive detection probability would lower expected revenue and limit the practical relevance of the unbounded factor. At the same time, the finite bound T in T-PAW may reduce the duration of anomalous behavior relative to PAW's potentially unbounded withholding, potentially affecting detectability. To respond to this comment we will add a dedicated paragraph in the discussion section that explicitly acknowledges the no-detection assumption, outlines representative detection methods, and notes that a full analysis incorporating detection probabilities lies beyond the present scope. The core theoretical claims remain valid under the stated model and continue to illustrate the incentive misalignment for small miners in pooled mining. revision: partial

Circularity Check

0 steps flagged

Derivation of T-PAW revenue gains is self-contained

full rationale

The paper defines T-PAW as a finite-T generalization of PAW (with PAW recovered at T→∞), then derives comparative rewards via explicit modeling of withholding intervals and network parameters α, β, γ. The claimed unbounded improvement factor and non-trivial gains (e.g., ≥1% within two weeks) follow from algebraic limits and closed-form expressions on those parameters rather than from any fitted input, self-referential equation, or load-bearing self-citation. No step reduces the central claim to a tautology or prior unverified result by the authors; the analysis remains independent of the target quantities and is therefore non-circular.

Axiom & Free-Parameter Ledger

0 free parameters · 2 axioms · 0 invented entities

The analysis rests on standard probabilistic models of block discovery and reward distribution in pools; no new free parameters or invented entities are introduced beyond the attack parameters α, β, γ, and T.

axioms (2)
  • domain assumption Block arrivals follow a Poisson process with rate proportional to hash power fraction.
    Standard modeling assumption for mining processes invoked to derive withholding rewards.
  • domain assumption Pools distribute rewards proportionally to submitted partial work.
    Core operational rule of pooled mining used throughout the reward calculations.

pith-pipeline@v0.9.0 · 5778 in / 1523 out tokens · 44049 ms · 2026-05-21T00:34:21.155086+00:00 · methodology

Review history (2 revisions) →

discussion (0)

Sign in with ORCID, Apple, or X to comment. Anyone can read and Pith papers without signing in.

Lean theorems connected to this paper

Citations machine-checked in the Pith Canon. Every link opens the source theorem in the public Lean library.

What do these tags mean?
matches
The paper's claim is directly supported by a theorem in the formal canon.
supports
The theorem supports part of the paper's argument, but the paper may add assumptions or extra steps.
extends
The paper goes beyond the formal theorem; the theorem is a base layer rather than the whole result.
uses
The paper appears to rely on the theorem as machinery.
contradicts
The paper's claim conflicts with a theorem or certificate in the canon.
unclear
Pith found a possible connection, but the passage is too broad, indirect, or ambiguous to say the theorem truly supports the claim.

Reference graph

Works this paper leans on

24 extracted references · 24 canonical work pages · 2 internal anchors

  1. [1]

    Bitcoin: A peer-to-peer electronic cash s ystem,

    S. Nakamoto, “Bitcoin: A peer-to-peer electronic cash s ystem,” https://bitcoin.org/bitcoin.pdf, March 2008

    work page 2008

  2. [2]

    Analysis of bitcoin pooled mining reward systems,

    M. Rosenfeld, “Analysis of bitcoin pooled mining reward systems,”

    work page

  3. [3]

    Available: https://arxiv.org/abs/1112

    [Online]. Available: https://arxiv.org/abs/1112. 4980

    work page

  4. [4]

    Majority is not enough: Bitcoin m ining is vulnerable,

    I. Eyal and E. G. Sirer, “Majority is not enough: Bitcoin m ining is vulnerable,” Communications of the ACM , vol. 61, no. 7, p. 95–102, July 2018

    work page 2018

  5. [5]

    Optimal s elfish mining strategies in bitcoin,

    A. Sapirshtein, Y . Sompolinsky, and A. Zohar, “Optimal s elfish mining strategies in bitcoin,” in Springer FC , 2017

    work page 2017

  6. [6]

    Stubborn minin g: Gener- alizing selfish mining and combining with an eclipse attack,

    K. Nayak, S. Kumar, A. Miller, and E. Shi, “Stubborn minin g: Gener- alizing selfish mining and combining with an eclipse attack, ” in IEEE EuroS&P, March 2016

    work page 2016

  7. [7]

    Selfish mining re- examined,

    K. A. Negy, P . R. Rizun, and E. G. Sirer, “Selfish mining re- examined,” in Springer FC , 2020, pp. 61–78

    work page 2020

  8. [8]

    Be selfis h and avoid dilemmas: Fork after withholding (faw) attacks on bit coin,

    Y . Kwon, D. Kim, Y . Son, E. V asserman, and Y . Kim, “Be selfis h and avoid dilemmas: Fork after withholding (faw) attacks on bit coin,” in ACM SIGSAC CCS , October 2017

    work page 2017

  9. [9]

    Power adjusting and br ibery racing: Novel mining attacks in the bitcoin system,

    S. Gao, Z. Li, Z. Peng, and B. Xiao, “Power adjusting and br ibery racing: Novel mining attacks in the bitcoin system,” in ACM SIGSAC CCS, November 2019

    work page 2019

  10. [10]

    Incentive attacks in btc: Short- term revenue changes and long-term efficiencies,

    M. Doger and S. Ulukus, “Incentive attacks in btc: Short- term revenue changes and long-term efficiencies,” 2025. [Online ]. Available: https://arxiv.org/abs/2511.11538

    work page arXiv 2025

  11. [11]

    Profit lag and alterna te network mining,

    C. Grunspan and R. P´ erez-Marco, “Profit lag and alterna te network mining,” in Springer MARBLE , 2023, pp. 115–132

    work page 2023

  12. [12]

    Block withholding re silience,

    C. Grunspan and R. P´ erez-Marco, “Block withholding re silience,” Dig- ital Finance, vol. 7, no. 1, pp. 43–60, 2025

    work page 2025

  13. [13]

    On profitability of selfish mining

    ——, “On profitability of selfish mining,” 2019. [Online] . Available: https://arxiv.org/abs/1805.08281

    work page internal anchor Pith review Pith/arXiv arXiv 2019

  14. [14]

    On Subversive Miner Strategies and Block Withholding Attack in Bitcoin Digital Currency

    N. T. Courtois and L. Bahack, “On subversive miner strat egies and block withholding attack in bitcoin digital currency,” 201 4. [Online]. Available: https://arxiv.org/abs/1402.1718

    work page internal anchor Pith review Pith/arXiv arXiv

  15. [15]

    On power splitting games in distributed computation: The case of bit coin pooled mining,

    L. Luu, R. Saha, I. Parameshwaran, P . Saxena, and A. Hobo r, “On power splitting games in distributed computation: The case of bit coin pooled mining,” in IEEE CSF , July 2015

    work page 2015

  16. [16]

    Block withholding attack against the elig ius min- ing pool,

    wizkid057, “Block withholding attack against the elig ius min- ing pool,” https://bitcointalk.org/index.php?topic=44 1465.msg7282674# msg7282674, 2014, bitcointalk forum post reporting an esti mated 300 BTC loss due to a block withholding attack

    work page 2014

  17. [17]

    A type of blo ck withholding delay attack and the countermeasure based on ty pe-2 fuzzy inference,

    L. Liu, W. Chen, L. Zhang, J. Liu, and J. Qin, “A type of blo ck withholding delay attack and the countermeasure based on ty pe-2 fuzzy inference,” Mathematical Biosciences and Engineering , vol. 17, no. 1, pp. 309–327, 2020

    work page 2020

  18. [18]

    Anti-withhold ing reward system to secure blockchain mining pools,

    A. Sarker, S. Wuthier, and S.-Y . Chang, “Anti-withhold ing reward system to secure blockchain mining pools,” in IEEE CVCBT , 2019, pp. 43–46

    work page 2019

  19. [19]

    Silent timestamping for block chain mining pool security,

    S.-Y . Chang and Y . Park, “Silent timestamping for block chain mining pool security,” in ICNC, Feb 2019, pp. 1–5

    work page 2019

  20. [20]

    Efaw: a new mining attack model comb ining faw attacks with the eclipse attack,

    J. Wang and Z. Wang, “Efaw: a new mining attack model comb ining faw attacks with the eclipse attack,” Journal of Surveillance, Security and Safety , vol. 4, no. 4, pp. 180–195, 2023

    work page 2023

  21. [21]

    If you ca n’t beat them, pay them: Bitcoin protection racket is profitable,

    Z. Y ang, C. Yin, J. Ke, T. T. A. Dinh, and J. Zhou, “If you ca n’t beat them, pay them: Bitcoin protection racket is profitable,” in ACM ACSAC, December 2022, p. 727–741

    work page 2022

  22. [22]

    Bm-paw: A profitable mining attack in t he pow- based blockchain system,

    J. Hu and N. Ruan, “Bm-paw: A profitable mining attack in t he pow- based blockchain system,” in Blockchain and Trustworthy Systems, 2026, pp. 3–17

    work page 2026

  23. [23]

    Revisiting faw attack in an imperfect pow blockchain system,

    H. Zhu, X. Chang, J. Miˇ si´ c, V . B. Miˇ si´ c, and R. Y ang, “Revisiting faw attack in an imperfect pow blockchain system,” Peer-to-Peer Networking and Applications , vol. 15, no. 5, pp. 2430–2443, Sep 2022

    work page 2022

  24. [24]

    The miner’s dilemma,

    I. Eyal, “The miner’s dilemma,” in IEEE S&P , May 2015

    work page 2015