Simply delaying a transaction or making the network work harder wouldn't seem to be much of an attack but it matters for several reasons:
- The blockchain already has a relatively slow update frequency and so if it is to compete with other transaction systems it has to be sure of being as fast as it can be, and free from possible malicious slowing effects.
- The problem in the protocol is designed to become progressively harder to solve as time progresses so anything that adds to the computational power required in the network can only make it less economically for people to act as miners.
- If someone can disrupt your financial transaction engine, albeit just a delay, it will erode trust in the robustness of the system.
The incentives for conducting such attacks are not always that obvious but they are very real and make it an attractive endeavour. It was laid out very nicely in this paper in 2014 entitled "Majority is not Enough: Bitcoin Mining is Vulnerable".
The problem was further discussed by Ittay Eyal at the IEEE Syposium on Privacy and Security in 2015.
Several groups have been working on how to prevent these block withholding attacks, and in the last week one has produced a proposal called ZeroBlock. It is described in a paper entitled "ZeroBlock: Preventing Selfish Mining In Bitcoin".
The algorithm they propose is best summed up in this diagram from the paper:
ZeroBlock generation has to be conducted by a node known to be honest to prevent block withholding . First assume B2: B2 are generated by a selﬁsh node and kept until some delayed time ET2 and thus have expired as valid blocks. The Proof of Work of B2 includes only the hash of B1 and thus will be rejected by the honest node. As the honest node didn’t receive a new block until ET2 it generates a ZeroBlock. Now for Block 3 the Proof of Work will include the hash of (B1 + ZeroBlock) and will be accepted.
The "correctness" of the algorithms is proven and thereby develops 5 theorems which appear to be hold in the conditions discussed.
The million Bitcoin question is will this algorithm or a derivative make their way into the blockchain algorithm used in Bitcoin (or other cryptocurrencies)? Given the problems in agreeing something as simple as changing the size of the blocks in order to speed up transactions, I fear it may be some time.