Resolution: Bitcoin block timestamp protection rules

Author: BitMEX team

(Source: Pexels)

Bitcoin time problem

One might think that time is not an important consideration for the Bitcoin network, because each block references the hash of the previous block, so these blocks are already in order. The Bitcoin block also contains transactions (inputs, outputs, and values), the Merkle Tree of the derived block header, and the block hash value itself to prove the workload. On the surface, this may be enough for trading and consistency systems. However, there are problems with adjustment difficulties . If too many miners join the network, the block time may become too fast, or if too many miners leave, the block time may become too slow, making the network unreliable.

In order to solve this problem, the mining difficulty is adjusted every two weeks to achieve a target time of ten minutes between blocks. Unfortunately, in order to calculate the time of two weeks, it is necessary to introduce the concept of time into the blockchain and become part of the consistency system. So blocks must contain timestamps, and one can think of bitcoin as the world's first distributed electronic clock.

Block timestamp security rule

When a Bitcoin block is generated, it essentially involves two times:

1. The time in the head of the block is placed by the miner

2. The actual time the block was generated.

Of course, these two times should be almost the same. After all, miners must have reasonable and accurate clocks. Why do they lie in time?

Miners do have incentives to lie in time. For example, a miner may add a future timestamp. For example, if it takes 10 minutes to produce a block, the miner can claim to spend 15 minutes by adding a 5 minute timestamp to the future. If this five-minute increase lasts for the entire two-week difficulty adjustment cycle, the average block time will look like 15 minutes, which is actually shorter than this. Then the difficulty of the next cycle may be adjusted downwards, increasing mining revenue due to faster block time. Of course, the problem with this approach is that the movement of the Bitcoin clock continues to move farther and farther than the real time.

In order to solve or alleviate the above problems, Bitcoin has two mechanisms to prevent miners from tampering with time stamps.

1. Past Time Median (MPT) Rule – The timestamp must be higher than the median of the past 11 blocks. The median of the 11 blocks means that the six blocks can be reorganized and the time is still not moving backwards. Some might think this is consistent with the example provided in Meni Rosenfeld's 2012 report , ie for 10% An attacker with network power must perform six confirmations to reduce the probability of success of the attack to less than 0.1%.

1. Future block time rule According to the -MAX_FUTURE_BLOCK_TIME constant, the timestamp cannot appear more than 2 hours in the future compared to the median time from the peer node. The maximum allowable difference between the time provided by the node and the local system clock is 90 minutes (another security measure). It should be noted that unlike the MPT rules above, this is not a fully agreed rule. Blocks with timestamps that are too far away in the future are invalid, but they may become effective as they move forward with time.

Rule one ensures that the blockchain continues to move forward in time, while rule two ensures that the blockchain does not move too far forward. These time protection rules are not perfect. For example, miners can still move the timestamp forward by generating a future timestamp within two weeks, but the impact of this operation is limited.

As indicated by the ratio above, since the two hours are only a small part of two weeks, the impact of this operation on network reliability and mining profitability may be limited. This is equivalent to reducing the time between blocks from 10 minutes to 9 minutes 54 seconds within two weeks of difficulty adjustment. Moreover, it is only a one-time change, because once a two-hour time has elapsed, the forward movement cannot occur again unless it is moved backwards first. At the same time, miners may consider a margin of safety before moving forward for two hours to reduce the risk of block rejection by the network.

According to our judgment, these rules have proven to be reasonably effective in preventing miners from tampering with bitcoin timestamps in a malicious manner.

Theoretical block time problem of bitcoin cash

As we mentioned first in September 2017, Bitcoin cash is an alternative currency that was split from Bitcoin in August 2017. Its main purpose is to increase the block size limit. One of the concerns of Bitcoin cash developers at the time was that many miners would not exploit Bitcoin cash, so the time difference between blocks might be too large. So the so-called "Emergency Difficulty Adjustment" (EDA) was implemented to alleviate this concern. We won't discuss it in detail here, but it's enough to show that this mechanism is very complicated and proves to be fundamentally flawed. This algorithm means that if a certain number of blocks are not found within a certain period of time, the difficulty will be reduced. This policy is particularly radical because it means that the longer the time difference between blocks, the greater the difficulty of adjusting downwards. The miners can deliberately leave a large time difference to manipulate the network, causing a large change in difficulty, followed by a low difficulty period of generating blocks at very high frequencies. Then the network becomes unreliable.

Due to this embarrassment, the generated bitcoin cash block exceeded expectations and the miners' revenue increased during this period. Bitcoin cash has built about 5,000 block leads based on Bitcoin, and one lead still exists today. A few months later, in November 2017, the final repair was made. The EDA was removed and replaced by a new difficulty adjustment system (a simpler 24-hour rolling system). However, this is still different from Bitcoin's two-week window system. Bitcoin cash systems are more dynamic and faster to adjust. While this means that bitcoin cash may have more fluctuating difficulties in the short term, this currency pair can be adjusted more quickly, and time difference correction in bitcoin can take longer.

(Source: BitMEX Research)

In the new difficulty adjustment algorithm for Bitcoin cash, many people may have overlooked one thing, that is, its relationship with the two-hour time protection rule. As far as we know, Bitcoin cash retains a 2-hour constant.

The two-hour period is now 8.3% of the calculation period. This is equivalent to reducing the time between blocks from 10 minutes to 9 minutes and 10 seconds. This does seem to be potentially important and, if utilized, could lead to changes in the profitability of miners. Bitcoin cash may therefore be somewhat vulnerable to miners tampering with time stamps, or at least be more vulnerable than bitcoin. On the other hand, although Bitcoin cash is more vulnerable to bitcoin in the face of miners' time stamp tampering attacks, the problem is solved faster.

in conclusion

The apparent vulnerability of Bitcoin cash time protection rules may not be exploited, and the reflection of the time protection rules for Bitcoin is so perfect. To the best of our knowledge, these time protection rules have existed since the launch of Bitcoin in 2009. When designing the system, Satoshi Satoshi must innovate at least at three depth levels:

Verification of the working system → Difficulty adjustment system → Perfect time protection rules

Although this may not be particularly delicate today, we have 10 years of experience with these systems. We believe that Satoshi Nakamoto has thoroughly considered this before any such network, which is very remarkable.