Bitcoin Forum

Hi, as a newbie I want to move a question I put recently in the middle of another thread, because I think it deserves its own discussion. Sorry if this thing has been answered before, I have been reading the forum for several hours so far but did not find the answer yet. If it was answered elsewhere, please post the link.

Is decentralized mining power important for the security and long term independence of bitcoin?

I have read a lot about transactions being decentralized as a built-in feature of bitcoin, but what about decentralized block creation? The bitcoin architecture does not guarantee decentralized mining at all. In fact, the network could in theory work "as well" with nothing more than one powerful miner, or pool of miners. Am I right?

If concentration of mining-power increases (because of bitcoin difficulty increasing faster than moore's law, leading to bigger hardware investments needed to be in the game, profitability decreasing, and economies of scale kicking in) ^(Note1), can a few miners produce all the blocks in the network without compromising the security and independece of the project? Is it possible to avoid excesive concentration of mining power? I dont see how in the current configuration of the system.

I read somewhere that Bitcoin assumes never a 50%+ of the mining power will be concentrated in one hand or in one cartel. That's the principle behind the honesty validation of the longest chain by "proof of work". Correct me if my newbie understanding is wrong on this. To assume that this concentration of computing power will never happen is ludicrous to my current level of understanding of bitcoin and human behavior.

This raises some further questions. As difficulty changes every 2 weeks, what happens if a Google-like company with bad intentions gets into the game suddenlly with 10x the total combined power of current miners? Could this sudden change of rules endanger bitcoin? Destroy it? I mean lets consider this wild posibilities. For big corporations this move would be peanuts. Powerful states overthrow smaller goverments all the time, big corporations eat small corporations all the time.

Hope to hear some thoughts from the experts out there.


(Note1): Thinking about the issue of increasing bitcoin difficulty, let's remember that  by design difficuly increases when mining power increases, in order to keep the creation rate at 10 minutes per block. So, any powerful organization that wanted to gain control of Bitcoin, could do it easily by injecting enormous amounts of mining power to the network, and by doing so, effectively reducing the rest of the miners relative power, and at the same time putting them out of business, because the difficulty would be so high, that mining would be generated below cost (subsidy). Knowing the enormous level of concentration of economic resources in the current world, this hypothesis seems in fact the most likely outcome. Predatory competition is a reality in todays market. I predict honest miners will be subjected to predatory competition if powerful economic powers decide to take control of Bitcoin.

Following this line of thought, I see Bitcoin could never become what it promises: a descentralized and free currency, if it is left alone in the wild "free market". I hope someone can find flaws in my arguments, or present ideas to correct this flaw. By the way, I have a decent amount of money put in this project, so I feel sad to become aware of this potential vulnerability. If people agree this is a serious vulnerability, lets get into "troubleshooting mode".

EDIT:

For those interested, I have been searching previous threads where this issue was specifically covered. I will post them here for convenience:

Stopping an attacker who has >50% of the hashing power
http://forum.bitcoin.org/index.php?topic=7166.msg105218#msg105218

Bitcoin resitance to network failures
http://forum.bitcoin.org/index.php?topic=4575.0

What's the plan about the Sybil attack?
http://forum.bitcoin.org/index.php?topic=8051.0

Is it possible to detect double spending in the > 50% network takeover scenario?
http://forum.bitcoin.org/index.php?topic=1481.0

50%+ Attack Nodes
http://forum.bitcoin.org/index.php?topic=435.0

Manipulating the mining system via strategic scheduled withholding of CPU power
http://forum.bitcoin.org/index.php?topic=11133.0

If an attacker gets more than 50 % of mining power
http://forum.bitcoin.org/index.php?topic=24996.0;all

POLL: What are the most likely things that may cause bitcoin to fail ? (merged thread)
http://forum.bitcoin.org/index.php?topic=25026.0

My Response to Ben Laurie’s ‘Last Word’ on Bitcoin
http://forum.bitcoin.org/index.php?topic=25760.0

This thread (and the link inside) covers some problems by too powerful pools. Remember this dosent fix the more fundamental problem of hashing power attack, because as already discussed in this thread, you dont need to own a pool to attack the network. But is goes in the right direction of reducing the vulnerabilities.

The 50% total hashing power - pooling flaw?
http://forum.bitcoin.org/index.php?topic=11424.0

This thread discusses a different problem that could have implications to this discussion, what happens if the internet partially fails, or different parts of the world become isolated because of some temporal connection failure. Gavin gives an interesting answer.

Bitcoin resitance to network failures
http://forum.bitcoin.org/index.php?topic=4575.0

Mining on existing hardware or adding hardware to an existing computer is cheaper than building a purpose built mining rig. Therefore I think the small bitcoin miner will always be competitive with the big ones. Medium size bitcoin miners may face problems.

Also small miners can more easily deal with or during the winter benefit from the waste heat of mining.

If one person or group controls too much of the mining power they can block or with enough mining power reverse transactions.

So if this is correct, would it be imperative to create incentives for "democratic" mining across the population to prevent excessive concentration? For example creating and promoting the use of electric "Bitcoin stoves" in cold regions, that prevent you and your wallet of suddenly "getting a cold"? I am not kidding :)

Proposal: http://forum.bitcoin.org/index.php?topic=11541.msg162881#msg162881
Inception: https://github.com/bitcoin/bitcoin/issues/296
Goal: Decentralization and formation of revitalization communities.
Means: Code, donations, and brutal criticism. I've got a thick skin.

AntiVigilante, do you think that the current mining centralization potential in Bitcoin as it is currently implemented could be a serious problem if nothing is done to change this?

You ignore electiricty. In most countries there is sles tax fr private people, not businesses. TIn the EU that is a 20% differeence, Plus large sclae mining  can ask for industrial power contracts, which again are a LOT cheaper. Where i live the difference makes out over 50% in power costs.

I have been thinking the same.

What happens once the mining does not pay for itself? Then people will stop mining and the network get insecure?

Unless some big companies have invested in the money and gives it power only to keep it safe?

Due to bitcoin's software architecture does deperess miners by exponential manner, by design, total number of miners are reaching the saturation point these days. At this point, only electricity pilferers & large corporations will survive.

Even now, miners should group in mining pools, because individual miner with typical hardware should wait for block generation & 50 BTC reward some months, due to probability manner of mining.

Relationship & communication protocol between pools and individual miners are not formalized and guarantied, that miner will receive his profit. Pool admins, being FEW anonymous persons, have TOTAL control on mining, even today.

Mining pools are the same large goverment corporations, bitcoin system 'fights' against, esxcepting they are completely illegal & unguarantied.

Found another thread discussing a similar attack against Bitcoin.

Here https://forum.bitcoin.org/index.php?topic=2436.100

Look for "Men-in-black attack" in page 5.

I am crosslinking the threads.

Found funny how so few people seem concerned about a fatal flaw of bitcoin. Am I wrong?

andes, i think your points about economy of scale are correct. The total mining revenue at current valuations is in the millions of dollars per month. If sustainable, that budget is enough to motivate a player to invest in optimized ASICs, and once that happens it's game-over for the GPU crowd. The ASIC miner has a 10:1 better capital and energy efficiency and would quickly overpower and bankrupt the competition, gaining a constant revenue stream for himself while denying it for the competition. Without sizeable upfront investments it's almost impossible to catch-up.

You should however consider the failure mode of the network: double spend is made possible at the discretion of the kingpin. It cannot print money, nor it can use other people's money. Moreover, the double spend would be self-evident and a clear proof the kingpin is corrupted (accepts double spend), leading people to flee from the currency. Why would the kingpin destroy his investment and revenue stream ?

BubbleBoy, thanks for your insights.

Answering your question, my thesis allows for a deliberate attack from current economic powers to debilitate the competing currency. Many people think that bitcoin weakens or threatens fiat currencies. The expenditure in destroying cryptocurrencies would be more than offset by the returns issuing and manipultaing fiat currencies without competition. In the end this is a game on controlling the allocation of the earth resources via control of money, a huge bussiness. If anti-banker advocates are right, now the bankers seem to be winning 1-0. Bitcoin could score a 1-1, which would not make bankers happy.

If some group controls mining, can this group change bitcoin rules, and by so doing, destroy its intrinsic virtues? I need expert opinion on this, as I am not a programmer, nor experienced bitcoin member.

Bitcoin reward decreases. Mining profits go poof. Mining stops. CPU miners wait a week and then dive in.

So, from the above comments, the conclusion is that any powerful company or government could shut down Bitcoin at will by committing enough computer resources to mining. If they have 51% of the mining power, and want to shut down Bitcoin, its game over for Bitcoin.

On the other hand, I think there is a good chance Bitcoin will succeed because many governments and companies will be more than happy have an anonymous currency. It gives anyone so much more flexibility. What will happen with the Fiat monopoly, it remains to be seen. Anyways, I think everybody wants to let this experiment unfold to see its ramifications. The head of Bitcoin development (Gavin) has a meeting with CIA this week I think. So everybody seems to be interested. http://forum.bitcoin.org/?topic=6652.0

So my current bet is that Bitcoin will succeed, but not for the reasons most people think. Bitcoin will never be really independent from the establishment, in fact it will exist under its approval, unless something changes in the way Bitcoin is designed. This does not change very much the reality for end users, only the moral and social implications at large.

Any thoughts?

Making such statements turns people off. Ultimately in reacting this way you are saying someone is not taking into account a threat but the threat is projected from your analysis. People tend to see that as emotional parasitism.

Creating the 100th thread on the same subject that has been talked about, dealt with, and has some solutions, oh brother.

AntiVigilante, I dont see any problem by the posibility of some people being turned off. Truth is more important than ignoring facts to keep everybody happy, dont you think? And I dont see any excess of pessimism in the bitcoin comunity right now, considering the largest profits ever seen in the history of the universe! ...  :o  ;D

Regarding your last comment, could you point out the solutions you mention for what you say has been discused in 100 threads? You offered a solution scenario in this thread and it was proven wrong by other poster. I would be extremely interested in the solutions. I am invested in this too, as yourself. But I have found no solutions to this Bitcoin vulnerability. I now trust the establishment will allow bitcoin to operate, or even better, bitcoin will be upgraded to overcome this weakness.

My noob self has to agree...the central "what happens if a pool/operator gets 51% and double spends" hasn't been touched in many of these replies.

Seems like a good test to see if you actually understand btc.

Simple. Stop calling it fatal. The double spend window is 10 minutes. After which you wasted all that processing power to cheat when you would have made more by mining or trading.

Second, cuddlefish's modification destroys the 51% problem.

Third, my work is for something entirely different.

And lastly, prove, fatal, guaranteed, death by 1000 puns. You confuse a dispute with proving wrong and you use the word fatal for a 10 minute breach. Right. Sorry. And most people require several confirmations so that 10 minute window buys you nothing.

Truth is people know about the problem and when it gets there people quickly leave that pool. There's a community here not just a bunch fat bearded men.

AntiVigilante, again, your "10 minute breach" theory was proven wrong in this thread. There is no limit to how long an attacker could stop the network from working. It solely depends on the attacker wishes. If he wants to stop Bitcoin for 1 month, and he has the resources, he can.

I dont think so. What you write has to do with the inner workings of pools. An attacker does not need to control pools of honest miners, only owning computing power in the form of mining nodes. Readers, please correct me if I am wrong.

Moving on. Having isolated the problem and starting to explore lines of solution.

Currently Bitcoin mining depends on the probability of a block being solved. This means the whole paradigm of Bitcoin security is subjected to who has more computing power to solve a certain problem. Statistically, as long as the honest users are in control of more than 50% of the network computing power, Bitcoins remains working as intended. The minute honest users loose the 50%+ advantage the system starts crumbling.

I see two forks of solutions here:

1. We keep using the Mayority-of-Computing-Power-Wins paradigm for security
2. We discard this paradigm and go for something more sophisticated that does not need the control of the mayority of computing power to be secure.

As long as Bitcoin security depends on honest miners owning the mayority of computing power, I see no power balance innovation here. This is history repeating itself for thousands of years. Those who control the mayority of economic resources control the whole system. There is no guarantee for true decentralization of power under the current Bitcoin implementation.

If we could come up with some new paradigm that is based exclusively in trust between parties, without having to rely on third parties. Of course if most users would become miners, and the total mining power would be greater than any external threat, this could be solved, but I see a much more difficult adoption curve in this case. The other option would be local mining trust comunities, but that would be also subjected to control sooner or later from larger entities. If thats not the case, we will allways end up with dangerous concentration of power in mining.

Lets keep thinking...

Um no actually he can't. He has to keep up as the probability of success implodes with each confirmation.

I dont think so. What you write has to do with the inner workings of pools. An attacker does not need pools, only mining nodes. Readers, please correct me if I am wrong.
[/quote]

No person in the world will ever have 51% of network power. Jesus. That's impossible. Only a rogue pool can do that. And that would require convincing half the GPU miners to raid the whole network. And then convince them to split up the winnings.

I don't see it as a significant threat because:

The 51% attack is very costly to pull off.

It is easy to detect.

There is a huge amount of global computing power that can be brought to bear to defend against such an attack if it happens.

I also think economically, distributed control of network power is more efficient than concentrated control, for the reason already mentioned by dude655: regular people have existing hardware that can be used for mining at no extra cost. There are also many places in the world with surplus electricity being generated during certain times of the day where hashing could become very cheap or even free. This is especially the case with people who have access to electricity from renewable energy sources, as it is often very intermittent.

I'm gonna say it again. That attitude only labels you a cranky reckless authoritarian technocrat who would have precisely the moral malfunction to do the attack.

Sorry, but you just sound creepy, and I'd like to believe you're not. "Moving on." Who you?


While you were working on that I've already proposed one that discourages the accumulation of power and prevents others from raping the smaller mining pools.

Hmm.. I dont understand this, but if true, would be fantastic. Could you elaborate for a newbie to understand?  :)

Here you clearly dont get it. The attacker organization dosent need to convince any miner. He only needs to beat a bunch of amateur people with 3D gaming cards. Any one or two decent supercomputers in the world could do that. And there are thousands.

In fact I would love to see a statistic on total computer power in the world vs Bitcoin mining total computing power. I would guess it is in the order of magnitude of 1:10000.

No need for personal attacks dude. If you feel frustrated kick your computer instead.

Bitcoin miners already have more hashing power than all of the top 500 supercomputers combined.

This is an excelent point!

Man thats an incredible statistic, it prooves my estimation wrong. Which sources are you using? Thanks.

this is still an unresolved concern, and the community does not take it seriously enough. in any other open-source cryptographic project, these sorts of concerns drive everyone's enthusiasm for solutions; here, they're met with obstinacy. my conjecture is that the same financial motivations that helped drive bitcoin's adoption tend to discourage critique and lead people to fear change, which is unfortunate and potentially devastating for the technology (and incidentally for the value in the currently prominent block chain). many good analysts have repeatedly issued this warning and given sophisticated critiques, but the response is almost a kind of cultural conservatism, which is odd in a community like this.

in any event:

1. as has been pointed out many times, the attack is not expensive, nor does the fact that mining is profitable mean that a strategic attack on a valuable block chain won't be far more profitable. this neglect of the strategic value of an attack is the only well-known significant mistake in satoshi's original paper, one that the analyst going by the name 'computerscientist' in various online forums has pointed out in detail.

2. the attack is not easy to detect. please outline a mechanism for detection in the general case if you think you have one. the general problem is that the only response to a proof-of-work attack is greater work; it's very difficult in practice to distinguish 'good' work from 'bad' work.

3. the probability of success does not 'implode with each confirmation'; you're misapplying satoshi's proof of the difficulty of rewriting the past block chain starting in the present. it does not apply to the probability of continuing to generate blocks in the present.

4. two or three types of attack in the same vein may be practical without even 51% of the hashing power, as bytecoin and "s" have pointed out.

5. andes is correct that cuddlefish's response to cartel power by pools is inapplicable to the general case of this attack.

6. the attack has implications broader than denial-of-service, both in terms of direct double-spending (defeating the only purpose of the block chain other than as a way of distributing initial allocation of coins) and in terms of second-order economic effects on the marketplace. the latter aren't a direct threat to the technology, but they are indeed a direct threat to the value in the currently prominent block chain.

what's unfortunate is that there are potential solutions to these problems, but there seems to be no will to explore them because they require minor changes to bitcoin. for example, one potentially robust solution to the double-spending problem is to develop redundant mechanisms for invalidating the ability of one private key to spend coins. the block chain is one, but any other mechanism that provides the equivalent of certificate revocations in a distributed pki could be another. alternatively, a protocol could prevent control of the network unless an attacker was able to demonstrate proof of work along multiple vectors at once (e.g., by multiplexing several styles of proof of work at once in the same block chain), which would likely make an attack significantly more expensive.

i think your concessions, andes, were premature.

the oft-repeated statistic about bitcoin being the largest supercomputer or exceeding 500 others is silly and almost intentionally misleading. many 3d-intensive games are much larger 'supercomputers' on the same metric, as probably is the global dns system or smtp. it's a laughably bad piece of marketing that should be stopped because it makes bitcoin look foolish to anyone willing to see past the initial gleam of the claim. in the world of uncritical bloggers, it may not make much difference, but any legitimate journalist would research that claim and end up calling an academic computer scientist who would explain how misleading it is to call a group of a few thousand gpus 'the world's largest supercomputer'.

as to reserve hashing power, it's unlikely that there's a significant amount of it that could easily be deployed. and it works both ways: what stops an anti-bitcoin lobbying group (say, one that opposes some illegal site that uses bitcoin) from distributing an attack? there are relatively few people who stand to make fortunes from bitcoin, and there are many more who potentially benefit from an attack. i wouldn't want to play those odds; instead, i'd want to develop alternative mechanisms for proof of work that make cpus impossible to use as an attack vector. (gpus do this already to some extent, fortuitously. but they have other problems.)

for the record, i say all this as a strong supporter of the technology, albeit one consistently disappointed by the extremism in this forum and the unthinking defenses of bitcoin often offered. like anything or anyone we like, bitcoin has problems and is not perfect.

Tens of millions of dollars for hardware, and millions more for manpower is expensive for most groups in the world.


What do you mean many 3d-games have more hashing power than the top 500 supercomputers? You mean 3d MMOG server farms? Do you have any statistics on this? I'd like to learn more.


What's unlikely about there being 10s of millions of computers that can contribute to the network by simply visiting a web-based miner using WebCL?


I think that's highly unlikely but it's difficult to provide any solid evidence for why. I think that an attack would be far more likely to come from a closed organization than a grassroots movement, especially a web-savvy grassroots movement who are the most likely group of people to share in bitcoin's ideals of allowing p2p monetary transfers without the need of going through large banking intermediaries.


A strategic attack would not be profitable because it would benefit not only the attacker, but the attacker and all competing currencies. If an attack is done by someone with a stake in a bitcoin variant, it would undermine the very concept and be unprofitable.


A strategic attack could certainly be valuable to someone for ideological/non-monetary reasons, I just don't see any reason to think it could be profitable.


People start complaining about bitcoins they received suddenly being unconfirmed.

Unk, thanks for your extensive, clear and organized information. It was the most comprehensive answer so far to my questions.

Could you point to other groups of discussion / forums / websites where I can find people discussing this issues, and/or developing sound bitcoin alternatives? I would love to learn more about this fascinating area. The nicknames you mention are mostly found in this forum?

by all the calculations given in other discussions, it's not nearly that expensive. i'm pretty sure i have the resources to do it myself, if i were of such a mind. many small corporations could easily do it.


than bitcoin. many games are likely running the equivalent of more than a few thousand gpus at any given moment.


this is too glib an objection. what if the variant is not subject to that particular attack vector?

you seem to want a 'magic bullet' response to all my points, but there isn't one, and the search is in vain. instead, what matters are overall likelihoods. you can respond with a better theoretical threat assessment, but mere dismissal of attacks by this community is not going to serve the technology well.


pump-and-dump spam for a penny stock may cost a lot, but it can have significant gains from market manipulation if it escapes regulation. the same is true of many attacks on bitcoin.


and among the several possibilities, which of the complainers are 'honest' and which are part of the attack? by what (non-bitcoin, non-proof-of-work) procedure is meta-consensus reached? do we go by reputation in the forum? (if so, is that for sale, and at what price?) an attack like the overflow bug in october(?) would, if it happened today, practically be irreversible unless we want to give up a significant part of bitcoin's decentralisation. and a bug like that, if timed strategically by an intelligent market manipulator, could divest the currently prominent block chain of almost all its value.

yes. i recommend looking up the posting history of the user 'bytecoin' and, though i don't want to flatter myself, you can look up mine as well if you'd like. it may also be worthwhile, if you have time, to read all satoshi's old posts; they exhibit more perspective and nuance than the way they're commonly echoed in this forum.

ben laurie's discussion and the comments to it at his blog at http://www.links.org may also be helpful in general.

So far only an ideological attack is really a concern. Supercomputers would have to dump whatever they were doing and stick to hashing. Amazon won't do that. Google might and blame Anonymous for slow search speed.

And yes it is easy to detect. Sometimes a canary (a victim) is better detection than whatever gas sniffing nanobots (some scheme or other) we could put in the mine.

The web of trust on #bitcoin-otc is pretty good.

Maybe my forkless towncoin idea can be applied here.

Man you cant be serious.  ;D As said, the game here is the allocation of worlds resources via the control of the monetary system. And you say that tens of millions of dollars is a lot of money?

To put that in perspective:
Do you know how many people have a net worth of 1 million or more in the US? 10 million people.
Do you know how many people have a net worth of 5 million or more in the US? 1 million people. A handfull of these could finance tens of millions of dollar.
Do you know how much one single F22 Raptor plane costs? 350 Million. Just one.  Source http://www.time.com/time/photogallery/0,29307,1912203,00.html
Or think about how much money drug dealing makes.
Or illegal arms trading.
And the list goes on...

cmon!

Any links to these discussions?


You mean the people running the games? That wouldn't surprise me given there are millions of people playing 3d games. I don't see how it invalidates the point about the amount of hashing power that bitcoin miners have relative to supercomputers. Yes, cumulatively, gamers have a lot of hashing power too..


That's a good point, but it would have to be a variant not-dependent on proof-of-work, which leaves only one based on a decentralized PKI, which IMO is not feasible.


An attack is of course possible I just think unlikely. Point taken that dismissal of the threat doesn't serve the technology well. I'll also add that worrying about an unlikely threat could also be counter-productive by scaring people whose participation could help bitcoin's security.


It'll become readily apparent when people that the bitcoin community trusts say their transactions are not going through. There is a social element that is more important to bitcoin's security than the hashing power being contributed to it.


I'm not trying to cavalierly dismiss your concerns, I just don't think it's likely that the community can or will be corrupted by any likely attacker through bribery or other means.

And where are your statistics amincd? You did not answer my question regarding computing power. I am really interested in them.

Thanks man! Will spend some time reading your suggestions.

Satoshi must have been trembling when he typed bitcoind getwork for the first time.

This thread is surreal. But hey if Bitcoin can survive an attack by the Minbari Empire, please go ahead. Check out my signature: first two links point to a quick and easy change that would allow millions to enter the network.

andes, the combined hash rate of the top 500 supercomputers can be seen here:

http://forum.bitcoin.org/?topic=7675.0

The total hash rate of bitcoin miners can be seen here:

http://www.bitcoinwatch.com/

Thanks, will check it out.

Interesting statistics, although to evaluate a well organized attack on cryptocurrencies its not fair to compare supercomputers to Hashing GPUs, as they are made for very different purpouses. GPUs are really cheap dumb simple number crunchers. Supercomputers are much more expensive complex pieces of hardware to manipulate information.

The key point is compare the resources of each side. If the total combined mining infrastructure of the network is 50 million dollars worth, an attack is trivial. Even a country like Lichtenstein could beat our computing power. They would buy the gpus in the market, or sign a contract with China to build the GPUs over a period of months.

Really, there is no point in deluding oneself that a security system like Bitcoin based on brute hasing power is invulnerable. Right now Bitcoin is at the mercy of any small group of wealthy individuals that decided to attack.

Thats not necessary the end of the world. Most companies and groups in the world are in a similar position. But its important to be clear that Bitcoin is not going to change the power balance of the world without the consent of the establishment at this time. It can only survive if the establishment wants to. To me, right now, Bitcoin is just an extra layer of technology for our lives, that can make us early adopters rich, but that wont have any lasting impact in how this world is managed on a global scale.

Which means that like CPUs much of their capabilities involve functions inefficient at hashing. This debate is about hashing power. Supercomputers are being outgunned.


Moving the goal posts again. Bitcoins in total are worth 2x that. The amount of capital necessary to create the bitcoin system is [X Tflops / (Tflops / Thash)] * (Cost / Thash).

For $4000 you could get 2Ghash/s using 3 6990s + PSU + cooling. So $8M for 4Thash/s. If a supplier offered GPUs in Bitcoins - the community could create a network 12.5x the size it is right now in a matter of weeks. Hell distributing the coins and GPUs to the BTC militia would be the bottleneck.

With my community modification (bet it's in the 2 digit range of lines of code) the bitcoin network would be back up and running in no time. An attack on the network would result in a major backlash and a huge strengthening of the network. At which point hashing speed would be ridiculous and BTC value would be even more absurd.

It's not a technology problem. It's a community commitment problem.


1 internet is worth 1000. Telecomix and Anonymous revived Egypt's Internet in days. A Bitcoin crash would only be a reboot. Nothing more.

Couldnt agree more.

But social change is difficult in the current world. Thats why us geeks have so much hope in technology coming to the resucue. But I guess this time technology alone wont cut it. Lets find a hybrid solution. But I see lack of awareness in the bitcoin comunity of this shortcommings. Too much blind enthusiasm.

The final power is in peoples hand, the problem is that they give their power away to the system.

Tell you what, help me get a draft of my towncoin (forkless because the difficulty / block reward is heavily yoked down) modification as a plugin. I only want to make it optional. The whole machine crumbles if we apply the possibilities. Due to the sharp reward drop the square root is necessary as a stretchy ratio rather than the hard drop.

Three new bitcoind options:
--accept_dynamic_difficulty_blocks
--enable_dynamic_difficulty
--enable_soft_gradient

The links are here:
Proposal: http://forum.bitcoin.org/index.php?topic=11541.msg162881#msg162881
Inception: https://github.com/bitcoin/bitcoin/issues/296

I'll have a pull request in the morning.

Dude, first of all, I like technology, but I am not precisely a programmer.

Second, you insulted me for nothing a couple of posts ago, and you expect now that I work for you? For starters, you should learn to be polite, and then buy me a couple of beers, or send me the bitcoin amount of those beers, preferably adding the price of a pizza too. Only then could we start taking about business.  ;)

Ok, its late here, I logout for today.

Well


I'm a bulldog for Bitcoin. I get a bit suspicious when the topic moves faster than those participating in the discussion. I do apologize. It'll probably happen again. I'm very defensive of this community. They've proven themselves.

And I don't expect people to work for me. I'm putting in drafts for plugins, loans, community building just like everyone else.


cue Harvey Keitel in Pulp Fiction: Pretty please with sugar on top.


The future of this network is worth at least a million times that. Cya tomorrow.

Uh, comrades?

The existing computing power of Bitcoin is 61 PFlops. To execute such an attack, wouldn't someone need ANOTHER 61 PEtaflops?

There are two versions of the 51% attack, and I have made proposals that would address both of them.

The first is the live attack, where an attacker starts working on the next block, and publishes it as soon as it is ready, and then keeps doing so even while the honest network finds blocks that reveal the double spend, causing the chain to flap between the two branches.  This is of limited value, as it would be very visible, and the attack window would be very short, like 10 minutes to an hour, depending on the actual hashing power of the attacker.  I proposed chain flap dampening, but I'm not sure any more if there is any point.

The second is the dead attack, where the attacker starts working on a new chain, but doesn't publish it until it is very long.  At this point, the transaction the attacker wants to reverse is deep in the chain, and considered very safe by everyone, but since the new chain is longer, it will reverse everything after the start of the attack.  For this one, I proposed exponential difficulty (http://forum.bitcoin.org/index.php?topic=11464.0) for a deep block chain reversal.

Oh, and by the way, neither of these attacks are anywhere near as easy, nor as useful as popularly imagined.  And we really have read 100 threads on the topic.

How I understand this issue

I'm going to intentionally use made up numbers to make the math easier. Concepts should remain the same. Also going to use http://en.wikipedia.org/wiki/Alice_and_Bob (http://en.wikipedia.org/wiki/Alice_and_Bob) terminology.

Imagine combined honest rate is 100. That would mean Eve needs at least a rate of 100+ herself. If she has that, she could announce a bitcoin transaction for buying something from Bob. At the same time she announces a different transaction to her own mining pool. Both the honest pool and Eve's pool start computing their block chain. At some point Bob will accept the transaction as verified. Let's say this occurs at block x.

At this point, three possibilities exist: Eve's block chain could be longer than the honest one, it could be equal, or it could be shorter. Depending on the ratio of Eve's rate vs the honest rate, one of these cases will become more probable, but the chance exists it will either of these.

When Eve's block chain is longer than the honest chain, her attack is complete. She announces the longer chain to the world, the world sees a longer chain and believes this is the correct chain and continues as normal.

When Eve's block chain is shorter than or equal to the honest chain, she can continue to compute until she has a longer chain. If she has more computing power than the honest pool, she will eventually reach such state. If she has not, her attack will fail.

Eve could change all transactions she sends out without an extra cost during the period of the attack.

So what does this mean: this attack is profitable for Eve from the moment the value of all her transactions combined are greater than the cost of running a mining pool. So Bob should wait until the transaction to him is verified by enough blocks so he believes the cost of running an attacking mining rig is greater than the gain from reversing the transaction.

Since the cost of running a mining rig is somewhat expensive, most transactions will not be bothered by this kind of attack. When Alice and Bob do receive transactions from Eve that are worth reversing, that would probably mean Alice and Bob have some huge resources as well. Since they are relying on Bitcoin infrastructure for large transactions, they should be mining themselves to protect their transactions.

Monitoring when such an attack occurs is quite trivial I believe, so we would know when it has happened. We would also know which address(es) were sending the revoked transactions. In a lot of cases, these could possibly be traced back to who owns them. The people who receive the money probably know already. Proving it was them would be relatively simple. That would mean that, should a legal framework exist, it would be quite easy to punish Eve accordingly.

Therefor I believe this hack is very unlikely to happen.

For those interested, I have been searching previous threads where this issue was specifically covered. I will post them here for convenience. Here is the first one:

Stopping an attacker who has >50% of the hashing power
http://forum.bitcoin.org/index.php?topic=7166.msg105218#msg105218

This thread (and the link inside) covers some problems by too powerful pools. Remember this dosent fix the more fundamental problem of hashing power attack, because as allready discussed in this thread, you dont need to own a pool to attack the network. But is goes in the right direction of reducing the vulnerabilities.

The 50% total hashing power - pooling flaw?
http://forum.bitcoin.org/index.php?topic=11424.0

I have seen other people claim that this attack is not easy nor useful, but when asked to explain why their argument crumbles. By the way, I saw this post from kjj in another thread:


Several orders of magnitude more computing power than the rest of the world combined to manipulate the chain? Hmmm. One thing is clear, you only need 50% or less of the total mining capacity (supposedly currently worth 50 million dollar or less) to create lots of problems. And this would be the most expensive attack possible. Obvioulsy you could come up with more cost efficient ways to attack. Clearly, you dont need alien technology.

Another related thread:

What's the plan about the Sybil attack?
http://forum.bitcoin.org/index.php?topic=8051.0

This thread discusses a different problem that could have implications to this discussion, what happens if the internet partially fails, or different parts of the world become isolated because of some temporal connection failure. Gavin gives an interesting answer.

Bitcoin resitance to network failures
http://forum.bitcoin.org/index.php?topic=4575.0

Yet another relevant thread.

Is it possible to detect double spending in the > 50% network takeover scenario?
http://forum.bitcoin.org/index.php?topic=1481.0

Another ones

50%+ Attack Nodes
http://forum.bitcoin.org/index.php?topic=435.0


Manipulating the mining system via strategic scheduled withholding of CPU power
http://forum.bitcoin.org/index.php?topic=11133.0

It isn't easy because of the gigantic amount of resources necessary for the attack.  For example, you could not purchase enough hashing power today to do the attack, because it does not exist in the world in purchasable form.  I would even say that there is only one government in the world that would even have the potential ability to confiscate enough hashing power by sending armed troops into peoples houses and stealing their video cards.  Someone would notice that.  It would require months or years of gathering resources, all while the network is growing, and even a slow acquisition would likely be noticed.

And it isn't useful, because your payback for spending all of this time and money gathering hashing power is the ability to turn back a few transactions.  What possible transaction would you reverse that was worth your 50 million dollar investment?  Keep in mind that as the value of future transactions grows, so will the cost of doing the attack.  Right now you would need to own roughly a quarter of all existing bitcoins, and spend all of them within the attack window, to beat the cost of your investment.  That ratio will probably change somewhat in the future, but the attack will never make sense unless you already control a non-trivial fraction of the bitcoins in the world, and can find enough victims to accept all of them in a short period.

And that other thread you link isn't about this sort of attack at all.  It is about difficulty and price manipulation.

And again, exponential difficulty (http://forum.bitcoin.org/index.php?topic=11464.0) can make these attacks even more costly.

The reason we don’t come to the same conclusion is not because of technical disagreements regarding Bitcoin, but instead because of the assumptions we are making about the nature, the resources, and the goals of the attacker. If you are interested, you can read this thread from the beginning to understand what the scenario I am considering is, and why I think it is a probable scenario. But to summarize, I am considering a very wealthy attacker, for example a banking cartel, one or more central banks, one or more big governments. Add to this lots of organization, and preparation. And finally a strategic, not financial goal.

The people who issue and control the money are the most powerful group in this planet. They are worth trillions. Money is their fundamental power source. You take away that power from them, and they will react. Bitcoin could be a revolution that changes the way the monetary power is distributed in the world. Wars have been fought for the control of Money.

You are assuming the attack is done to gain a direct financial gain in terms of bitcoins. You also assume the attacker would use the installed base of 3D gaming cards. In the scenario I am considering, this is not the case. This attacker could buy or build 10 factories of hashing hardware in China, could design his own hashing hardware and software, could pay the best programmers and engineers on planet earth, spend months, or even a couple of years preparing the attack. More easily, they could end up buying the majority of the miners in the market, or putting them out of business by predatory competition. They could sustain the attacks for days, months, or years. For the attacker in this scenario, the price does not matter, they can operate below cost. For all practical purposes they have unlimited financial resources. If they fall short, the just print more money to buy more things.

One mistake I have read, is saying that Bitcoin is as resilient as Napster, by being p2p. We cannot equate Bitcoin with Napster. Napster has no single point of failure; it is truly decentralized information and decentralized functionality. In Bitcoin, on the other hand, we have a defacto centralization on mining power. You mess with mining power and you render the system useless. It doesn’t mater that the user base is decentralized, if we cannot assure mining stays decentralized and honest. As I am trying to point out, the dependence on miners is the weakest link, and the single point of failure of Bitcoin right now, if we consider the possibility of attack from the establishment.

Anyone else sees the logic in my arguments, or shares my concern for this scenario?

Ahh, I get your point now.  I haven't given much consideration to a griefer attack.  I will ponder it.

would it be possible to detect such an attack and "vote the attacker out of the network"?

just random thoughts... like upgrading to a client that limits haspower within a certain region or ip-range...

The first point would be wonderful if feasible.

Regarding the second point, take into consideration that the whole paradigm of security/honesty of Bitcoin is based on brute hashing power. Reducing hashing power means getting weaker to attacks. What you say would require changing the whole security paradigm of Bitcoin. Not saying its not possible, but would need some of out of the box thinking IMO. But then again, I am just a newbie here.

IMO, Seeing this network grow, learning and profiting from it would be better to these groups that attacking it.

The "current" network could only protect itself if these superpower start competing at the same time.

Given the resources available and the small ratio of ASIC/GPU making up the total, I would not expect an attack to be imminent.  We're nowhere near parity with electrical cost on 40 nm ASIC.

Napster was not a pure p2p program. It relied on a central server, and thus had a single point of failure. Bitcoin does NOT have a central point of failure. You literally need more hashing power than all of the honest nodes to disrupt the network.

Related topic

Inevitable development into mining elite?
http://forum.bitcoin.org/index.php?topic=15345.0

Storage is decentralized.

Mining is centralized. Entry is as well.

Trading is centralized. Decision making is also.

There's your vulnerabilities.

Nah you're all wrong, turns out bitcoins realkryptonite is a nerd making a post on an internet forum about how the price of bitcoins is crashing and how all the greasy neckbearded libertarians who believe in their currency based on cheeto dust should bail out of it before they're reduced to penniless hobos.

Couldn't the 51% be raised, to say 95% instead?

There is no way that any single entity/organization could ever have 95% of the computing power of the network...

By design, Bitcoin's "true" block chain is not determined by voting (say 95%) but by "proof of work", the chain with more "proof of work" wins. This is a probabilistic issue. Another way to see it, is as a competition issue. The team that dominates 50%+ of the power can outperform the rest.

If you own more than 50% of the hashing power, you will probably be able to produce the longest chain measured in CPU power (you will beat the rest more times in the mining lottery). If you are not honest, you will mess the whole network, until the honest guys regain control. That does not mean you will own the chain, or that you can do a long term damage to the chain, but you can cause a lot of trouble in the meantime, especially if you can sustain the attack for a long time. Think about if you could not trust the confirmations you get after doing a transaction. This would damage the confidence in the network.

That is an unresolved weakness in the Bitcoin paradigm, in my opinion.



EDIT: More related links:

If an attacker gets more than 50 % of mining power
http://forum.bitcoin.org/index.php?topic=24996.0;all

POLL: What are the most likely things that may cause bitcoin to fail ? (merged thread)
http://forum.bitcoin.org/index.php?topic=25026.0

My Response to Ben Laurie’s ‘Last Word’ on Bitcoin
http://forum.bitcoin.org/index.php?topic=25760.0

What happens if someone commits fraud / computer fraud / theft / computer theft / wire fraud / wire theft, in other words?

I think there might be some legal rulings or precedents already on the books in various jurisdictions about such activities.

Without getting into specifics, I can say that in general they do seem to me to tend to frown upon such activities.

Possibly the main problem would be ensuring that by the time you are able to convert whatever recompense you might be awarded by the courts back into bitcoin it does actually come out as about the amount it was intended by the court to amount to.

How anonymous, in reality, are people who control >50% of the hashing power, typically?

-MarkM-

so, when this thread was arguing the possible flaws of one person generating all the blocks, did anyone bother to notice that 1/3 of the coins are already in existence?

The last time I did the "back of the envelope" calculations (about two weeks ago), it would cost about $12,000,000 to reach 50%. That's the cost to design, contract, receive, and hookup fully-custom ASICs to build a hashmonster.  I believe it was 200 blades, each with 24 ASICs. Each ASIC would have 32 2xSHA256 cores running at 350Mhz, each with the hashes fully-implemented as custom gates, pipelined. (So while we're doing round 3 of the 3rd nonce, we're doing round 2 of the 2nd, and so on.) Each core, once its pipeline was full, could churn out one doublehash every 8 clock cycles. The total hashing power: 6.7THash/s. (That's from memory.)

However, this would only give you half if it was already half. Which it might be, for all we know. ;)

Andes, to have control of 50% of the network you need to deploy 101% processing power (you´ll end up having 50,5%)

But, why thinking there will only be 1 dishonest entity?  If there is one, there could be more, each one of them would have their own self-interest on controlling the network.   If a lot of "dishonest" entities with great processing power try to control the network, they would make the 51% attack less probable themselves.

But for the situation to be realistic we have to assume that the honest miners would already be using the same technology. Otherwise your scenario is only valid in the concrete moment when the technology is evolving.

Honest miners are not using this technology today because they can't afford to develop and build it. The return on investment would come from the attacks, not from mining revenue. You can't afford tech like this for honest mining. This plan only works on an economy of scale. You can't do it with FPGAs.

And, by the way, we have no way to know whether or not dishonest miners already have this technology and are using it. They could be feeding into any number of pools and running as independents as we speak -- making us think the network is much more secure than it really is. (I don't think this is actually happening, but it can't be ruled out.)

You couldn't even start on something like this with less than $2,000,000.

As a Newbie, I have also had the same thought like you had. And on june 24th, started this thread in the newbie section : Google $ CO. Mining ? http://forum.bitcoin.org/index.php?topic=21905.0

At the end of the story, no conclusions at all. Now the thread is buried....Have you managed to get to any conclusion in your thread ? This will save me a lot of reading...Thanks.

I think the only people we have to worry about are angry governments. They could set up an undercover pool and offer some incentive to miners who join it, whether it is lower fees or whatever. This would divert hashing power away from honest pools and create a starting point so it wouldn't be as costly. I'd imagine that with good marketing, one could get at least 25-30% hashing power like this. After that, they could buy the rest of the hardware for a few million and cause the market to crash. The Wall Street types would say "I told you so" and most people would lose interest in this type of currency. The reason I don't think greedy individuals would be interested in this is because Bitcoins would be worth next to nothing after the attack (assuming it would be detectable).

If it is ever revealed that militant groups are holding large amounts of Bitcoins, Mossad and the CIA would easily justify whatever costs are necessary to diminish it's value. Because it is inevitable that some powerful person's enemy will use Bitcoin, I think this is something to be concerned about.

Hi Michele,

I insist in my previous post. Why thinking there will only be 1 dishonest entity?  If there is one, there could be more, each one of them would have their own self-interest on controlling the network.   

If a lot of "dishonest" entities with great processing power try to control the network, they would make the 51% attack less probable themselves.

That's because putting "newbies" into a special, quarantine cage is a terrible idea for so many reasons, not least of which is that no one on the outside ever goes there and so any great ideas, which new people often bring to the party, are dropped on the floor forever!

That assumes that the dishonest entities hash even when they're not up to something. It is also possible that they would let their processing power sit idle until they were ready to do something awful. Thus there could be a dozen such dishonest entities each capable of a 51% attack at the current hash level each waiting for the ideal instant to do something nefarious. (Though I think that's unlikely in the extreme.)

You guys forget one thing: Currently bitcoin is rewarding 50 extra coins per block (worth roughly 650$), that's what pays for the quite large current total hashrate of about 11,000 Ghash per second.

These 50 blocks are rewarded only temporarily, bitcoin is designed to run on transaction fees only, currently roughly 0.13$ per block.

Please redo your calculations based upon a hashrate that is about 500 times lower.

So, you want them to assume that neither the transaction fees nor the exchange rates increase in the future?  Huge coincidence that both of those assumptions favor your side in the debate?

"To assume is to be deceived." (Yiddish proverb)

I wouldn't want anyone to assume anything. Just saying that 99.8% of current total hashing power is payed for by the temporal generation of 50 bitcoins per block. And that it would be reasonable not to take these into account if (normal) bitcoin operation is discussed.

With all the DDoS's to the major pools, this got me thinking...

If a dishonest entity or pool owner wanted to attack Bitcoin and they had a pretty large amount of resources, could they just DDoS the top 5-10 pools to make it a lot easier? The Bitcoinwatch "other" category consists of about 15% of the network's hashing power, so it would probably take down quite a bit of . I ask this because I don't see the point to people DDoS'ing pools unless I'm missing something. Are they just bitter kids who are mad that they have an nVidia card?

Complicating this would be the mass migration of miners to this dishonest pool (if it were not known that they were actually dishonest) as it would still be up. How long would they need to be at >51% to cause major damage?

My thoughts exactly, more likely it would be the NSA, which I don't think all of our CPU power combined right now could compete with.

Manuel, lets address the scenario where several powerful groups want to destroy bitcoin (not simply manipulate it one way or another).

Under this scenario, the goal of all groups is the same, so the "the enemy of my enemy is my friend" principle would apply. Why compete if we can cooperate? It does not matter if there is one or many powerful groups that want to destroy bitcoin, the result would be the same, as long as they have enough combined power.

...Which takes us to the obvious conclusion: bitcoin cannot survive in its current configuration without the support (implicit or explicit) from a decent percentage of the worlds economic powers (establishment).

Why? Because a successful attack on bitcoin cannot be prevented if the attacker (or attackers) have enough economic resources.

Why? Because the whole paradigm of the integrity of the system is based on brute force hashing. I.e. mine is bigger than yours paradigm. As long as successful attacks can be carried out simply by the means of brute force, Bitcoins will never deliver the promise to subvert the current economic powers.

So for one; to all anarcho capitalists out there, bitcoin is not the answer to your prayers. Bitcoin is not a resilient decentralized system per-se, and probably never will in its current incarnation, until the brute force paradigm is replaced for something else, that is really resilient to attacks by the means of force.

This is the greatest misconception in bitcoin right now, as I see it. It is sold as being the solution for the corruption of the banks and governments, which it is not. Banks and governments can render bitcoin unusable at their whim any time, if they ever perceive bitcoin as a real threat.

Better wake up.

Nobody is saying attack like this is not possible. However, that would not mean destruction of Bitcoin per se. Trust would be diminished, sure, but we would still have Bitcoin. Attack only prevents/modifies transactions or in worst case, rewrites some history. Pre-attack blockchain would still exist, software could be modified to bootstrap from it. I think something like that happened in august 2010, when somebody generated billions of bitcoins due to a software bug. In case attack would be long running, we could establish reputation based supernode network or something like that. It would be pain-in-the-ass, but as long as idea of Bitcoin is alive, anything is possible.

Another remark: let's not forget an attack like this is illegal. If entity like government or a bank would openly attack, it could mean the end of government (bank) and stronger Bitcoin. In case attack would be secret operation, they still gamble... Bitcoin hacker (the good kind  ;)) could connect the dots and expose them, or somebody could leak their plan. WikiLeaks is still very much alive and kicking.