How does the Finney attack work 1

Would a shorter block generation time make the Finney attack more difficult?

Assuming all other values ​​are the same (same network hashrate, etc.), the attacker still represents the same percentage of the total hashrate and can therefore claim the same percentage of the blocks for his attack. A faster block time increases the total number of blocks, reduces the difficulty and ensures that the attacker has more opportunities to land an attack with the same hashrate. However, this also reduces the detection time for such an attack and narrows the window.

In the standard Bitcoin network, a block is found approximately every 10 minutes, but realistically they are found along normal distributions with their peaks at 10 minute intervals. A block can be found immediately after another block, or it can take 20 minutes to find the next block. However, these are not typical cases. I don't have any data showing what a standard deviation from the 10 minute mark would look like, but I can say that an attacker would be statistically confronted if the block time were reduced to such an extent that it is within the +/- 1 standard deviation range slightly overlaps significant risk of a block being found before he or she can carry out the Finney attack. I have no idea what other effects this could have on the network, and it would take significant testing to confirm its feasibility.

Even if the +/- 1 SD region does not overlap, the distance between their boundaries is effectively the amount of time it would take for an attacker to carry out an attack. Anything that narrows this gap makes a Finney attack less effective.

The active question, which I still haven't found the answer to, is: does the value of σ² for the distribution of block finds change along with the average block time, or is it somewhat static? If σ² stays the same, reducing the blocking time will drastically affect an attacker's ability to use this method. However, if it decreases in proportion to the blocking time, the only effect the blocking time has on such an attack is the additional requirement for greater precision in timing.

To edit:I have received confirmation that the block generation is not a normal distribution but a Poisson distribution and that the time window for a Finney attack scales linearly with the block time.Reduced blocking time does not provide any for this purpose statistical Advantages over the normal blocking time, but requires an increase in precision on the part of the attacker.Since I've never heard of anyone carrying out a Finney attack, even as a proof-of-concept, it is questionable to what extent the precision requirements would help prevent attacks, although the effectiveness of such an attack is likely more dependent on the merchant / business model than in the network itself.

David Perry

Just noticed that some browsers may not display "σ²" correctly - for those who get blocky nonsense instead of pretty Greek letters that are "sigma squared" or the variance of the normal.


Small correction / addition: The time between two blocks is not normally distributed, but follows an exponential distribution with λ = 10min ^ (- 1). The standard deviation of this distribution corresponds to the mean time between successive blocks - it therefore overlaps regardless of the block time.


Sorry, please ignore the last sentence above - I was too slow to edit. What I wanted to add: Since block generation is itself a Poisson process, the probability that a block will be found within a fixed-length time interval is always the same. The time window for a possible Finney attack therefore scales linearly with the average time between blocks.

David Perry

Good to know, I'll edit my post with this new information. Many Thanks!

Chris Moore

I've tried calculating the standard deviation of the time it takes to find blocks, but it's tricky because the timestamps on blocks are not accurate. Sometimes the timestamp on a block is earlier than the timestamp on the previous block. For example, see blocks 163966 (2012-01-26 19:52:37) and 163967 (2012-01-26 18:41:05). With this in mind, the average for the past year is 546 seconds and the standard deviation is 593 seconds.