Bitcoin Forum

Hey all here's another write up I just completed: https://medium.com/@levandreessen/8c3410377fe6

It tries to understand from first principles what a 51% attack can and can't accomplish from the perspective of someone who's trying to figure this out for the first time and isn't satisfied with just being given a list of answers i.e. you want to know **why** you can only double spend vs doing something way more extreme.

Please let me hear any feedback and any corrections to statements i've made. Should be a short read!

Thanks.

A 51% attack would be disastrous even if they only double spent one satoshi. It's the loss of confidence in the technology that's the harm. Bitcoin relies on people believing in it to be a secure store of value.

I think that if someone will do a successful 51% attack and do a doublespending, the price will crash but it will eventually recover after some time.

it will recover but, if the double spending persist then it may kill bitcoin or reduce it to 10 dollar or below, like every dead coin out there

I think a 51% attack would be a disaster. But someone with 51% of the hashing power does not necessarily mean they are attacking.

I liked your article.  I also thought  THIS  (http://hackingdistributed.com/2014/06/16/how-a-mining-monopoly-can-attack-bitcoin/) was a pretty decent layout of what opportunistic miners could do. 

I agree that 51% isn't necessarily the end, but it would be sufficiently bad that bitcoin would lose what little mainstream credibility it has.  However, miners don't have to get to 51% to cause issues.

A 51% attack on BTC looks harmless after recovery but its degrading for the value of Bitcoin. if we don't it to end up a dead coin its best no done during mining.

Thanks! Agreed on the credibility point, though i think that would be short term. Actually read that article..pretty good and shows that the attacks that will/could happen in practice will be more about the subtle ways attackers can torment the network than some wholescale crazy action that kills the price.

It is like a terorist attack.

Kills a few, but everyone panics and the repercussions can be thousand of times greater than be damage done by the act itself.

Isn't it true that if you have 51% of the hashpower you can mine ALL of the blocks?  You would be able to orphan all other mined blocks, because you would always be able to produce the longest chains making your blocks the winner every time, no?

It means the whole thing is just a roller coaster ride...up and  down 8) 8)

It's no more disastrous than the safety deposit boxes at a Wells Fargo getting robbed. I would have to believe their security was lax enough to entice robbers. Knowing they're a target might make me rethink using Wells Fargo safety deposit boxes.

It would be disastrous but it would also very likely spawn new chain acceptance rules that make this type of attack at lot more difficult. 

See:
http://gavintech.blogspot.ch/2012/05/neutralizing-51-attack.html

So it would basically be a one-off.  Either bitcoin would recover or a more robust altcoin would take its place.  Either way they attacker would fail in destroying the technology.

Having a majority hashpower means you get to decide how future blocks are constructed. If you have more hash power than the rest of the network, you will always persevere in a race to construct a longer blockchain. If I have and maintain a 50.1%+ hash rate and start mining blocks now, ignore blocks mined by others, and do something detrimental like ignore all pending transactions, eventually if not immediately I will have a longer blockchain that will replace the community chain. The certainty that I win becomes higher the more time passes.

What's even more fun is if I withhold my longer empty chain until later. If I have been mining a month silently and am ahead of the network, I can announce my blockchain and wipe a month's mining and transactions. I mine all the bitcoins, but even better, I can get back all the bitcoins I previously owned but spent during that month. This would be a bitcoin killer, 99% of clients immediately wipe the orphan chain data, and it would be a challenge to construct a client ignoring the new chain and get it out to every user before Bitcoin is declared dead.

Think of companies such as merchants and payment processors that have no way of reclaiming their payments if the sender does not retransmit after such a mass block-replace. Such a massive orphanarium will likely break the majority of Bitcoin accounting software running behind sites, maybe even in a history-wiping way depending on how the backend was programmed. The current hashrate is massive, it would take the NSA's million-square-foot Utah facility being converted into all-ASIC miners to have a chance. However, all we need is for a nation state or three-letter-agency to seize the operations of some of the biggest miners to reduce their impact or turn them against us.

Please tell me you don't own GHash.IO. You're a dangerous bastard. lol

This is the real danger of a 51% attack. I hope people read your post and think about it. I've heard people minimize a 51% attack as "someone can double spend for 10 minutes," but it can be much worse than that.

The chances of profiting from a 51% attack are just ridiculously low. Most exchanges need you to wait 3 or 6 confirmations. So basically the one attacking has to find the block 6 times in a row to be able to doublespend properly. Even if that would happen most exchanges would notice that the payment is a double spend. Chances of finding the block 6 times in a row aren't that high, even with 50% net work hashrate.

Basically you have a 50% chance to find the block.. 6 times in a row.

With lower hashrate you still have a chance to do it, but I would rather you'd pick up gambling instead. Your chances might be higher to win there.

Would 1 satoshi really do it though?

For example, I go to a bar and buy a drink for 1 satoshi (somehow) and it turns out that my satoshi is counterfeit.  How would anyone find out it was counterfeit, and once they did do you really think that bar would turn it into national bitcoin news?  Think about real counterfeit money, we know it exists, but we don't let it affect the value of our currency, we accept all money as if it's good real money. If it turns out to be counterfeit then one person may be screwed and pissed, but it sure as hell doesn't make the news.  Not even the local news, much less the national news.  1 satoshi is probably not a problem.

I completely agree with you!
GHash have is the only pool that can reach that 51% but I think we can trust them!
I really hope that no one get 51% of power!

You cannot counterfeit bitcoin. What the closest thing to counterfeiting you can do is to double spend a TX. It is also not possible to spend only 1 satoshi at this time as the smallest TX that the network will accept is I believe 5160 satashi.

There are some double spend transactions that have occurred in the past and the confidence of bitcoin was not destroyed.

Exactly my point.

"Rational Bitcoin Attackers want to see Bitcoin succeed": this is dodgy. Insofar as Bitcoin becomes a significant part of western infrastructure, it will become a target for those who want to harm the west. Think of the attack that brought down the World Trade Centre. Claiming such people are irrational isn't helpful.

"crank up average transaction fees on the entire network by deciding not to verify a transaction if a certain amount isn’t sent in fees": personally I think this is the most likely in practice, to the point of being almost inevitable. Expect it after a block-reward halving. The fees will still be significantly lower than credit card fees, so the network won't be destroyed.

It doesn't take a single entity having 51%, 100% of the time, to enforce. If enough miners agree to reject transactions with low fees, and further agree to reject blocks by other miners that include low fees, then miners that disagree with the policy will feel obliged to go along with it to prevent their blocks being occasionally orphaned. The usual argument is that if a miner rejects a transaction with a low (but non-zero) fee, another miner will pick it up and the first miner loses out. Hence the claim is that competition between miners limits fees. However, with 51% and/or enough solidarity between miners, that no longer applies.

We may not need to see many blocks actually rejected. Knowing a cabal has the power and declared intent will be enough to get most other miners on board. Especially as they all stand to benefit from higher fees in the long run. Few miners are altruists mining for the good of Bitcoin. They can say they are merely making up for income lost due to the block reward halving. Network security has to be paid for somehow. They'll talk themselves into it.

This is awesome scary.  In the article I cited earlier it talked about a miner withholding their chain while waiting for the next block to be found and then publishing it - e.g. I have 51%, I find the next block before anyone else, but I don't publish, rather I start working on next block for a say a minute and then publish the block, as long as no one else found the block and published it, I now have a minute head start on the next block, rinse and repeat.   But can they really hold it for a whole month?

Yeah, spending a single satoshi would be as easy as double-spending 10000 BTC. I don't know what background the author of the post has, but when high-profile people behind Bitcoin's development claim that a 51% attack is a potential danger, I do believe them. From what I understand, it really poses a certain threat to Bitcoin!

A 51% attack would be something that could be pulled back from but it would take a long time. It definitely would cause a lot of problems that is for sure if there was an attack of this size, people would lose confidence and it would take a long while for that confidence to be regained.

There is code that will prevent the 51% attack custom built into Goldcoin. It's open source. Enjoy!  :D

my 2 cents


You have described what is called the Selfish Miner attack, by Eyal and Sirer from their paper Majority is not Enough: Bitcoin Mining is Vulnerable.  You find the block, but hold on to it for a bit while you work on the next block to improve your chances at getting the next block since you have more time to mine it. Imagine that on a 51% scale.  You will increase your earnings, your pool performs better, you attract more to your pool with the promise of riches.....rinse and repeat.  You could potentially become the only minter of new bitcoins. Why even double spend when you can get the monopoly on minting every new coin?  There would technically be no flaw in the protocol, you are just taking a chance as to when to publish the block.


The Goldfinger attack, described in the paper The Economics of Bitcoin Mining, of Bitcoin in the Presense of Adversaries by Kroll, Davey and Felten, comes to mind here.  Goldfinger uses his vast resources to destabilise Bitcoin which causes it to crash, be it in owning say the monopoly on power companies and increasing power prices, or buying available BTC and selling cheap, or having political clout and declaring it illegal, or having a trusted reputation and saying Bitcoin is "bad." An interesting concept with the Goldfinger attack is that it is possible to do with just the threat of using your resources. Reflexivity and/or self fulfilling prophecy come to mind.