All-out Attack: Optimal Block Withholding Under Pay-Per-Share Scheme
2026-07-01 • Cryptography and Security
Cryptography and SecurityDistributed, Parallel, and Cluster ComputingInformation Theory
AI summaryⓘ
The authors study a type of cheating called Block Withholding (BWH) attacks in cryptocurrency mining pools that pay miners immediately for shares instead of only after finding blocks. They show that in Pay-Per-Share (PPS) and Full-PPS (FPPS) schemes, attackers can gain by only submitting partial proof work but hiding full blocks, which hurts the pool operator. This strategy, called All-out Attack, allows attackers to profit especially after the network adjusts mining difficulty. The authors also find that more complex variants of BWH attacks do not give the attacker extra benefits.
Block Withholding (BWH)Pay-Per-Share (PPS)Full-PPS (FPPS)Proof-of-Work (PoW)Mining poolHashpowerMining difficultyNakamoto consensusFork After Withholding (FAW)Blockchain incentives
Authors
Mustafa Doger, Sennur Ulukus
Abstract
Classical Block Withholding (BWH) attacks have been extensively studied in block-dependent reward schemes, where pool members are compensated upon a block discovery within the pool. However, most contemporary mining pools operate under share-based scheme wherein participants are paid immediately upon submission of valid shares. In this paper, we analyze BWH under Pay-Per-Share (PPS) and Full-PPS (FPPS) schemes for Nakamoto-style blockchains and prove that these mechanisms are not incentive compatible -- contrary to claims in prior literature. Under PPS/FPPS, the optimal strategy for a BWH attacker is the All-out Attack (AoA): the adversary allocates its entire hashpower toward the victim pool, submitting only partial Proof-of-Work shares (pPoW) while withholding all valid blocks, i.e., full Proof-of-Work (fPoW). Under AoA, prior to the first difficulty adjustment, the adversary incurs negligible loss due to the withheld fPoWs. After the first difficulty adjustment, which reduces block difficulty, the adversary generates more pPoWs per unit time, achieving a relative gain of $\fracα{1-α}$ compared to pre-adjustment rates, where $α$ is the fraction of adversarial hashpower. Moreover, per unit time and per unit hashpower, all honest miners benefit at the same rate as the adversary. In contrast, the victim pool operator incurs losses: it pays the attacker out-of-pocket for pPoW submissions but receives no fPoW compensation in return. Finally, advanced variants of BWH, such as Fork After Withholding (FAW), do not yield additional profit to the attacker.