Bitcoin Forum

As we've been discussing things about Bitcoins, I'd like to know more (or I'd say an in-depth as well as detailed) analysis about the 51% attack. Can anyone here explain me that how it could actually affect the whole network and how it makes the whole thing centralized? The times when we witnessed even $100 as transaction fees should be considered as such attacks only that might have taken place to rise the value of fees to such incredible levels? Is there anything to prevent such attacks when quantum computing takes place? I know that quantum computing will just give the power to the institution to grab the privkeys directly, still if they want to go the ^legal^ way, can they ruin it for everyone?

It's centralised as any entity controlling over 50% of the network's hashing power will be able to generate blocks faster than anyone else and hence no one would have a chance to get any blocks against them. This doesn't allow them to violate any protocol rules. Bitcoin functions on trusting the longest valid chain as the main chain and disregarding any other. As a result, they can potentially spend a coin twice by making nodes discarding the chain with the original transaction in and including the chain with their own transaction that spends the same inputs.
No 51% attacks has happened on Bitcoin.
No.
Not exactly. Anyone with a quantum computers can crack public keys within a reasonable timeframe but they are only exposed when UTXOs are being spent. If you just send Bitcoins to an address that has never been used, it is not possible for anyone to steal your coins with a quantum computer.

When you have more than 50% of the hashrate, you make more than 50% of the blocks. That means, your chain of blocks will always been the longest. Since the network generally trusts the longest chain, the blocks of all other miners can't compete against you. Therefore you can manipulate the chain long enough to fabricate your own transaction history and trick nodes into thinking that an amount you already spend is still unspend and thus you can run a double-spend attack (the very thing the blockchain is supposed to prevent).

The network is still decentralized but in a dysfunctional way, means your miner will control the whole blockchain no matter what everyone else on the network claims.

Quantum computers can run multiple guesses parallel and that enables them to guess a private key to an address with no effort at all. If quantum computers exist, all hashing and encryption methods that are industry standard today become useless. However when that happens, we need quantum resistant algorithms anyhow everywhere on the internet and Bitcoin can implement one of these algorithms too. Quantum computers can steal your coins by just guessing your private key if they know your public address, since every public address is generated from a private key. It's an one-way function that means, calculating a public key from a private is simple but the other way around is extremely difficult, however quantum computers can do it by just trying in literally no-time.

I think it's important to point out that the big problem with 51% attacks is when they can effectively use this premise in the generation of new blocks to deceive exchanges with Double-spending. Increasing the number of confirmations can make such an attack difficult, even so, if someone controls> 50% it could still succeed regardless of the number of confirmations required.

In the beginning, there was a kind of signal that was sent to the devs when a problem occurred. Nowadays I do not know how the exchanges would be alerted. I think Bitcoin is the only project where the devs have no direct contact with the exchanges. And that's good. It proves that decentralization is sufficient thus far to ensure network security.

51% can be used to rewrite history, but this kind of attack become more and more expensive depending on how many blocks you have to rewrite.
if you want to doublespend a transaction with 3 confirmations you have to find 4 blocks if you want to doublespend a transaction with 6 confirmations you have to find 7 consecutive blocks. If you only have 51% you will find a block approx each 19 minutes. this make doublespending very expensive, and likely non profitable.

from what I know pow will survive to quantum computers, difficulty will adjust to have a block each 10 minutes.



this is false. ripmed offer e very strong protection for your coins. to be safe simply do not reuse addresses.

So, this means that as more bitcoins are mined, and if bitcoin price keeps growing, a 51% attack is more unlikely because it becomes more expensive right?

More Bitcoins being mined doesn't mean that it would be more susceptible to a 51% attack.

If Bitcoin becomes more expensive, it would be a possibility. They would be able to get a larger profit of fiat if they execute a 51% attack for the same amount of Bitcoins. The main factor affecting the cost of Bitcoin is the network's hashrate. If more people are mining, it is harder for anyone to be able to control 51% of the network as it would require more hashrate and money.

Only if you acquired a majority of the network’s hashing power could you reliably execute such a 51 percent attack against transaction history (although, it should be noted, that even less than 50% of the hashing power still has a good chance of performing such attacks).

https://bitcoin.org/en/developer-guide#term-51-attack

It called too a Majority Attack.


https://bitcoin.stackexchange.com/questions/658/what-can-an-attacker-with-51-of-hash-power-do

Good to know:
The mining pool ghash.io briefly exceeding 50% of the bitcoin network's computing power in July 2014, leading the pool to voluntarily commit to reducing its share of the network. It said in a statement that it would not reach 40% of the total mining power in the future.

This image describe well what is 51% attack:
https://decenter.org/storage/posts/images/Mg0qkx0aOHhuBlke9d14hOB2CEO6DkeyXuJ1ugCd.jpeg
Source: https://decenter.org/mining/451-51-percent-attack-en

51% always works, no matter how many confirmations you wait, as long as you manage to provide 51% over that time. With 51% of the hashrate you always write the longest chain that, in a dispute, other nodes will always trust. That's why 51% has a 100% success rate.

In the current Bitcoin network it's nearly impossible for a single miner to get 51% since the global hashrate is at 34 Eh/s, that is ~3,000,000 of the best current antminers. However for a pool it's possible to reach that, the biggest 3 pools already have more than 51% of the hashrate and pools getting to 51% have happened in the past.

With the old mining-protocol getwork, pools could just use their workers to manipulate the chain for them at literally zero cost since getwork only gives to the miners the blockheader to work on and hides the content of the transactions from the worker. A malicious pool would be able to manipulate the transactions and let their miners provide the proof. That's why getblocktemplate was invented where miners get the whole block and thus a pool could not manipulate them. However getblocktemplate is not enforced by the network as the network only sees the pool issuing new blocks and checks the blockheader for correctness, it has no information about the miners behind that pool. So it's up to the miner's firmware to only accept getblocktemplate protocol.

Another story however is the power of miner manufactors like Bitmain who are estimated to provide 70% of the global hashrate. A backdoor/vulnerability in the miner's code could enable the manufactor or an attacker to manipulate blocks for them - again at basically zero costs. Bitmain had an open backdoor in their firmware that allowed Bitmain or an attacker to shut down miners from remote (http://www.antbleed.com/). This didn't enable a 51% attack directly but could have harmed the network like a massive dDoS on the hashrate. The backdoor is supposed to be closed but the general problem of a proprietary firmware providing the majority of the hashrate remains.

Sure, pow need time to be solved, so more confirmations means more time need to be spent mining a secret chain, more time means more resources. With pow you can not mine parallels chains for free, so you have to waste times and energy(resources).
This mean you can calculate the cost to rewrite a transaction confirmed some blocks ago, by doing a simple math:

n=numbers of confirmation
e=cost of mining a block
v=value of transactions to be doublespent

so you can calculate the cost to doublespend a transaction using the forumula: v-(n*e)>0

a quantum computer will reduce e alot, but e will never be zero, because time is money and difficulty can grow  a lot and keep doing his work.
If e is >0, waiting confirmations is the only way to prevent doublespend.
if e is =0, bitcoin comunity have to agree to a new algorithm to have e>0 and hardcode a checkpoint to be sure no one will rewrite old history.

I can remember at least 2 pool already owning directly more than 51%.
both are dead now.
deepbit was abbandoned asap.
cex was bouncing up and down 51% some time, until it was abbandoned too.

None of them tried to rewrite history, it is simply not profitable. Because e is > 0

In order to calculate how much money do you need to perform a 51 attack on bitcoin:

Current hashrate (Total network hashrate): 34630131,855 TH/S (From https://blockchain.info/stats)

We choose our miners from here:
https://en.bitcoin.it/wiki/Mining_hardware_comparison

Let's take for example: Antminer S9
Hashrate = 14 TH/S
Consumption = 1.375 kW

Cost of harwares:
Hardware = Current hashrate * Price of Antminer S9 / Hash produced by Antminer (per seconds)
Hardware = 34630131,855 * 2400$ / 14
Hardware ~=  5,936,594,032 $

Number of antminers = Hardware / 2400 ~= 2,473,580

Cost of electricity:
Electricity consumption per day = Number of antminers * consumption * 24
Electricity consumption per day = 2,473,580 * 1.375 * 24
Electricity consumption per day ~= 81,628,140 kWh

Electricity cost per day = Electricity consumption per day * Cost per 1kWh
Electricity cost per day = 81,628,140 * 0.045$ (Electricity pricing (https://en.wikipedia.org/wiki/Electricity_pricing) - Depend on countries)

So attacker have to pay 3,673,266 $ of electricity per day !

This without make calculation of transport, renting or buying local where to install all this stuff, without counting the difficulty to get this number of miners and electricity power required to get them working all.

And countring the risk that the attack will not be a success and many other factors ...

Guys, why is this 51% (or the majority) attack so popular?
It only allows double spend once, and some "censorship" while 51% hash-rate sustained, right?
Even they have 51% hash-rate, miners cannot violate protocol rules, right?

Thanks

As long as they have 51% of the hashrate, they can spend every single transaction again after its spent, no matter how many confirmations they have. They can double spend as many transactions, for as long as they want as long as they can sustain it.

They can't violate protocol rules but double spending is very damaging.

I will just like to add that 51% of total Network Hash Rate just make your probability =1 (sure shot success).

Bitcoin whitepaper never ruled out that somebody cannot attack the Network if it has less than 51 % of hash power.

I will like to quote the Bitcoin white paper here.


Bitcoin Whitepaper (https://bitcoin.org/bitcoin.pdf) explains very nicely under the heading "Calculations" . It is clearly defining what is your probability to change the chain , if you want to change 2 block or 6 block.

Formula shows that 51% is sure shot  attack but it does not mean somebody having 49% will have no chance in attacking the chain.

But I guess the probability of attacking the chain with 49% is least compared to 51% as it crosses more than half of the stakes for the upcoming blocks, right?

One more thing, why is only 51% a number that is considered so attackable? Is it like anyone can even go for a 95% or even a 100% attack (by trying to collect the biggest number of miners) and doing a hash of more than 100 times the current hashrate? Wouldn't that just end up getting all the remaining amount of Bitcoins mined in least time?

Depends on how many consecutive blocks you want to mine. You have a good chance to mine 2 consecutive block with say 30% of the hashrate but mining 3 consecutive blocks would be significantly harder, hence the formula.
Possible. Is it worth the effort though? As long as they have 51% of the network, they can outpace the entire network by themselves. The attack is somewhat covert since the attack is not known until it actually happens. Their main goal isn't to get the most amount of Bitcoin but it is to attack Bitcoin. Bitcoin wouldn't have much value after the attack anyways.

Difficulty changes every 2016 blocks and the time to mine the remaining of the total coins would still take about the same amount of time.

If you are a miner, and you know a block of size X can be processed by 85% of the network, but not 100%, do you mine it? If by 'network', we mean hashrate, then definitely! 85% is high enough that you'll be able to build the longest chain. The miners that can't keep up will be pruned, and then the target for '85% fastest' moves - now a smaller set of miners represents 85% and you can move the block size up, pruning another set of miners.

If by 'network', you mean all nodes... today we already have nodes that can't keep up. So by necessity you are picking a subset of nodes that can keep up, and a subset that cannot. So, now you are deciding who is safe to prune. Raspi's? Probably safe. Single merchants that run their own nodes on desktop hardware? Probably safe. All desktop hardware, but none of the exchanges? Maybe not safe today. But if you've been near desktop levels for a while, and slowly driving off the slower desktops, at some point you might only be driving away 10 nodes to jump up to 'small datacenter' levels.

i don't know if this is the correct thread to ask...but i'm wondering: who have the major hashrate and how much is this hashrate? I don't know...is it possible that right now someone owns more than 10% ot total hashrate?

This is definitely possible. Especially since there are pools with more than 10% hashrate each.
The majority of hashrate is being provided by Bitmain/BTC.com. You can find a graph containing pools with their hashrate here (https://blockchain.info/pools?timespan=4days).

thank you for your help!

BTC.com have more than 27% of the hashrate!
We are still far away from 51%, but what happened if one day two or three big pool decide to join? Or maybe they know that something like that can bring the death of btc?

Its not what you can do with transactions but the capability of causing massive amounts of panic and pushing the price down of Bitcoin as a result. If all the mining pools which have more than 10% merged together in an attempt of pushing prices down because of the panic which would result as soon as a 51% attack happens then it could both be lucrative for them and a lot of profit could be made.

The price would be pushed down because of the amount of people willing to now sell their coins in fear that Bitcoin is dying. Resulting in more people willing to lower their prices until they find a buyer and eventually the Bitcoin market would crash. Depending on the amount of time spent on the 51% attack depends on the profit that could be generated.

The attacker would have to time it perfect in order to not spend too much money on the resources required to have that amount of computational power directed towards a 51% attack.

Right now is actually a prime time for an attack to do just this. The Bitcoin market would eventually recover once everything evens out and the attack has stopped.

However a lot of trust would be lost with the pools mentioned and I'm not sure what the consequences of this would be.

Even if pools which combined have a total over 50% hash rate combined (which is unlikely due to different goals and agendas) it would not be the death of Bitcoin unless they would be able to continually  keep the hash rate above 51%. Well to be honest they would have to have more hash rate than that to be able to control the vast majority of the network. Something like 75% would likely render the network useless for the time it was being attacked.

51% attack is only effective for the time it is taking place. No one in the world has the motives or funds to tackle this 24/7. Its literally on the spectrum of nuclear war and flying pigs. Its just not worthwhile to anyone other than government operators that wish to take down Bitcoin because its a threat to politics and the banking system.

But then you have a huge amount of people which would be converted into hashing power that would be willing to combat it. These pools could be the ones to defend the network rather than the ones attacking it.

thank you for these more informations!

So in few words, they have to keep to have more than 51% for a long period...but in that period they can put what they want in the blocks that they mine...correct? And they block will be approved becouse they owns the majority of the hashpower of the network correct?

Well, if it's correct, i think that even few hours like that can be a real problem for the future of btc..

No, they can, "only", doublespend transactions recently spent . They can not put what they want. their transactions have to be valid. The only thing they can do: is start an hidden(secret) longer chain, so they, or their friends can spend bitcoin and recover them when the secret longer chain will be publicated.

ok, now it's more clear.
So if someone have more than 51% of hashpower for a long period they can only gain more money but they can't make other people lose their btc...!

correct?

I hope someone better that me will reply this.
if you get paid in the meantime, when the longest chain is publicated, it can include that transaction or not. if not, you have to rebroadcast that transaction and hope for some miner to include it asap, or the sender of that transaction can try to doublespend it.
Miners will not directly gain from this, but the situation will be unstable and your incoming transaction is not really safe until it is included in the longest chain.

I'm not better than @goddog but I'll try to answer based on various aantonop youtube video :D
As I said:

They cannot steal BTC because, in order to do that, they need to rework the previous POW blocks which are impossible. Actually, this censorship could be damaging. Let's say xxxwallet has 51% hash-power behind it and thus only include transaction from xxxwallet and discard all transaction from other wallets. This way xxxwallet can monopolize BTC and set high transaction fees for their own benefit.

No. No matter what you do, you cannot steal BTC. Spending BTC requires the correct signature to spend it. If the signature doesn't tally with the conditions for the inputs to be spent, then it isn't possible for anyone to spend any BTC. You can steal money in a sense that you can "re-spend" coins that were in another blockchain that is recognised by the merchant by essentially replacing that blockchain.
Bitcoin would be dead already before they start to censor transactions. No one would use a coin for which someone obviously has the say to which transactions they like.