Bitcoin Forum

[not sure if this is technical enough, but I find this subforum more sensible. If the mods find it too light, please feel free to move to the general discussion]

Assume that, close to the block reward halving, the following conditions hold:
1) mining technology is saturated, so that no significantly improvement in efficiency happens nor is expected to happen soon
2) the price is relatively "stable" and no major jumps are expected soon
3) tx fees make for but a small part of the block reward


As a consequence, miners operate on a very small margin, spending most  of the reward on electricity.

Then after the block halving, mining profitability nearly halves, and many miners have to switch off their equipment. The equilibrium is reached when half the miners switch off.

The market of mining equipment is over-supplied, the prices drop to almost zero. Thus one can buy all those switch-off miners - that represent half the network hash power-  for a very small cost.
I don't know what's "very small" (there are always at least shipping or acquisition  expenses to consider), but
let's just call it N for now.

Assume an attacker acquires all this equipment. Now that he  has 50%  hashing power, what's the cost of running the attack?

Let's say he wants to mine k consecutive blocks. With 50% power he should
expect to wait 2^k blocks before he gets these.  Running half the network for that long costs (since we assumed miners operated on low margin before the halving)  1/2 2^k BR in electricity where BR is the block
reward before halving.   Since during this time he also gets half of the new block rewards,  the total  cost is 3/4 2^(k-1) BR + N

Putting some numbers here: current BR=25 BTC;  we can take k=6 (now some big exchanges accept as little as 3 confirmations, I guess all the big ones accept less than 6), we get 3/4 * 800 BTC + N.   Now given the discussion above I think it's not unreasonable to assume N<200BTC, bringing the total to 800BTC.

Note that the last time the block reward halved, assumptions 1 and 2 were not satisfied, while 3 was.
Next time 1 and 2  are quite likely to be satisfied, and 3 is satisfied currenlty. One can also calculate waht is the effect of the tx fees; but it's easy to see that for it has to be of the same order as block reward to be significant.


what do you guys think? Did I make any major mistake in this calculation? Has this been discussed and dismissed before?

The major flaw I see with this is the fact that being able to hold 3 or more blocks before someone else solves them is pretty unlikely. This would work for a p2p trade if you were able to hold a block and get away before someone else solved it

I've always wondered what is a 50 or 51% attack?

Here is one explanation:
https://en.bitcoin.it/wiki/Weaknesses#Attacker_has_a_lot_of_computing_power

The gist of it is that if someone has too many miners, he can chargeback(reverse) his own transactions, plus other unsuspecting people's transactions too. Only if he's a bad guy/woman though ;)

EDIT: inefficient -> efficient, whoops

This is interesting, and gets more interesting if there is an efficient rental market for cloud hashing.

The attacker doesn't need to actually buy the hardware, they just need to rent it for a few hours or a day or whatever - just long enough to launch a 51% attack and steal money from a major exchange.

1. Rent enough hardware to create a temporary 51% pool.
2. start mining a private fork that gets ahead
3. Send in $X worth of currency A to the exchange (darkcoin say)
4. sell all of the A-coin for $X worth of B-coin (BTC)
5. withdraw all of the B-coin and wait for that to clear on the B-network
6. reveal your private fork to roll back the transactions and get all of your A-coin back

The attacker nets: $X + mining_revenue - mining_rental

In an efficient market, the mining rental cost becomes the same as mining revenue, so this scheme almost doubles the attacker's money.

The somewhat good news for bitcoin is that this attack is still easier for smaller market-cap coins, which would presumably start suffering from it first.

Its basically, a single pool mining most the coins, and having very high hashing power ,
more than 50% of the total hashing power used.

All I can say is WOW! it is absolutely crazy how people come up with this kind of stuff.  Another question,  I heard a story about someone using miners to hack into I think it was home depot system.  Would this attack method be the same for something like that?

lol good luck at 50%ing BTC need much power for that and at least 50% of intir network hash and then some. People tried and failed many times before and more hash coming on would be a mission imposable to do such an attack unless you had a big massive amount of people to follow it but highly doubtful. Maybe the government and NSA might able pull something off like that but still I doubt would happen as Bitcoin getting very big now.

I think this is and interestin idea. However, while I find it easy to agree with the quoted assumption when we are speaking about small amounts of hash power, once it's about half the network it becomes dubious. No matter how efficient the  market is,  if you want to buy half of all the supply you'd be moving the price a lot.

That's why my original argument involves a mojor external event: block reward halving.

i think you mean efficient market

It's worth adding that since miners' costs basically track USD, the conditions described by the OP don't just hold on the reward halving, they also hold when the value of bitcoin takes a dive, as it does every now and then.

If there's really some kind of network-weakening incentive-breakage under these conditions then a price dive seems like a more likely trigger than the block reward halving, because the risk of incentive-breakage could reduce the usefulness of bitcoins, and feed back into an ever-lower bitcoin price.

Note that the 51 % attack only allows you to double spend or to invalidate other people's transactions. It does not enable you to steal any coins from other people's addresses.


So the real risk for 800 BTC (now around $300k) here is not people using this to steal money, but big players (governments) trying to DoS the network.

I think your idea is interesting, the rental idea is orthogonal and could be combined with it.

I agree that in the current market, renting half of the hashing power for Bitcoin would be really tough.  But that is only because the Bitcoin ASIC market is inefficient in the economic sense.

The rental attack idea probably already works - and may have already been used - for GPU mining coins.  Even there though there really isnt yet an efficient market for GPU computation - at least not yet.

An efficient market for GPU computation would be the situation where almost everyone runs some smart app on their GPU which is intelligent about earning money through any means - renting out compute time for any of a wide variety of coins/projects/etc when they are asleep/away, but only when the pay is worth the power cost, etc.

I think that market efficiency will tend to increase over time.

I think you meant to say that mining revenue halves.  If they were already operating on a tight margin, then profitability is eliminated and until enough hash power is shut off, everyone is operating at a loss.


Actually, equilibrium will be reached when half of the hash power is shut off.  This could be more than half the miners, it could be less than half the miners.  Since the most inefficient mining equipment is most likely to be shut off the earliest, the number of "miners" will largely depend on how many miners are running older more inefficient equipment.


Except that if a single person is trying to buy ALL the available mining power, this would be a huge increase in DEMAND.  So, while the supply would increase, the demand would be increasing along with it.  This huge demand would drive prices for the equipment through the roof and make it extremely expensive to purchase this left over equipment.  Those with access to extremely cheap electricity would also be competing with the potential attacker to purchase this equipment, making it exceedingly difficult for a single entity to gain control of 100% of the equipment that was shut off.  I think you'll find that acquiring more than 50% of the entire global hash power will not be a "very small cost".  Furthermore, the equipment that is available to purchase will be the most inefficient (and therefore most expensive to actually operate).




Remember that the equipment that was sold off was the most inefficient equipment.  The more efficient equipment would still be in the hands of the original owners and still running in locations with competitive electricity costs.  Therefore, the cost to operate the most inefficient 50% of the pre-halving hash power should be significantly more than 1/2 2^k BR.


You are mistaken.  In order to successfully perform a 50%+1 attack, the attacker would receive 100% of the new blocks during the attack.

Therefore, the attacker would gain 1/2(2^k)(BR) in revenue. Theoretically, if the attacker wasn't running inefficient equipment, this would exactly offset the 1/2(2^k)(BR) in operating costs.  In addition to the fact that the attacker is running inefficient equipment, an additional catch is that the costs would be incurred at the time that the equipment is running, and the revenue wouldn't be available until the attack was over.  Once the attack is over, the revenue is worth significantly less (due to loss of faith in bitcoin security).  The attacker will still need to pay for their operating costs in non-BTC currency, but will not have earned enough BTC value to cover those costs.


As we've already explained, your "3/4 2^(k-1) BR + N" is incorrect.  Even if it was correct, you got the math wrong:

2⁶ = 64
64 * 25 = 1600 (not 800)
3/4 * 1600 = 1,200
If we are willing to accept your unlikely prediction of N<200, you are still looking at a total cost (using your formula) of nearly 1,400 BTC.

This means that the attacker would need to successfully complete an attack that allows them the opportunity to steal at least 1,400 BTC and would need to cash out those 1,400 BTC before the attack was noticed and the exchange rate crashed.  This overlooks all the logistics costs of transporting, housing, and connecting all that equipment.


50%+1 attacks are a common concept re-introduced by people that don't take the time to consider all the ramifications.  It's been discussed in hundreds of ways.  You made some mistakes in your calculations, and you made some very unlikely assumptions.

not all, but one half. The half that was switched off and that is not worth switching on, so its cost is near 0.

assuming the mining market was in a state of equilibrium, all the running equipment would be equally efficient




This is already accounted for in my calculations. I think what you are missing is that
the cost of running the equipment is that from before the halving, but the rewards are halved.


I think the only new part in my post was to consider the 50% attack near  block reward halving.
The rest is indeed well-discussed

That is all the "available" mining power. ("available" meaning available to be purchased) Cost is determined by both SUPPLY and DEMAND.  You are assuming that the price will drop to zero because there will be a sudden increase in supply.  You are ignoring the fact that the attacker is creating a sudden increase in demand.  You are also assuming that there will only be a single person in the entire world that will be willing to buy any of the turned off equipment.  If there is even one other person (and there will certainly be more than that) that is interested in buying some of the equipment that is turned off, then there is competition that will drive the price up.


That is not true. Even at equilibrium:

• Some miners have access to cheaper electricity.
• Some miners are willing and able to operate with slightly smaller profit margins.
• Some miners are hobbyists that are willing to operate at a slight loss for the sake of their hobby.
• Some miners gain an "economy of scale" for larger operations

I don't see where it is accounted for in your calculations. I was aware that the cost if from before the halving, I just don't see where you accounted for it in your revenue calculations.

You use 1/2 (2^k)(BR) in costs (where BR is the pre-halving block reward).  The 1/2 is because the miner is running half of the network, right?

But the revenue is also 1/2 (2^k)(BR), because the attacker gets to keep 100% of the blocks, and each block reward is 1/2(BR).


And I'm confident that market forces will make an attack near  block reward halving prohibitively expensive as I've already pointed out.

Another way to think of it is that if mining is in a pure equilibrium the mining ongoing cost and equipment cost will equal the value of the coins to produced over time as well.  Or put differently in the run up to the halving the halving would be factored into miner planning and production/ordering.  My point is this won't be a singular event but would start affect decision making well in advance of the event.  Older equipment won't be replaced, less new equipment ordered etc.  

So in the run up to the halving you'd see a combination of:
- reduction in price of mining equipment of specified efficiency (or being taken off the market)
- improvement in hardware efficiency
- reduction in overall hash rate
- reduction in the number of miners with higher electricity costs, reducing the average miner electricity cost

You need all or some of these to happen to maintain the equilibrium.

A combination of the above seems most likely, so you are unlikely to see 50% reduction in the hash rate over months.  Not to speak about fast enough to enable an attack in quick enough way to be effective.

Some of the bitcoin crashes have effectively (in USD terms) halved the block reward.  This should be far more catastrophic as these are not possible to plan for and are thus more likely to result in potential for a hash rate take-over. edit: and this hasn't resulted in massive hash rate drop (or a 50% attack).

This attack will probably always be viable in some sense once the rapid pace of ASIC development slows down to a (relative) crawl.

When dark hashpower is >> hashrate, anyone can buy and spin up hardware, with the marginal cost being electricity.

Groups will most likely hold onto miners even if they aren't being used in case the hashrate dips too much or they get invested in a block race.

I don't think the costs will be quite as low as you expect. Even if the cost of the miners themselves drops to 0, there could still be significant other costs involved with bringing that hardware back online. If a company owns its facility and is solvent at the time it wants to shut off, the attacker might just be able to buy it out and seamlessly change over to a different fork. That's not guaranteed to happen though, many of the failed companies might end up like Cointerra where they have not paid their bills and the hosting company is in the possession of the equipment. Even if they own their own buildings and the equipment is ready to turn back on, you might have pushback from the power utility if the previous owner has stuck them with an unpaid 6 figure power bill.

No numbers to back it up, but I would guess to costs related with gaining control of half the network hashrate would be significantly higher than the actual market value of the XXX PH/s you're buying.

I still didn't get something on that link , why do they mean by "An attacker that controls more than 50% of the network's computing power" , what does it mean ? :o
Means he have a lot a lot a lot of Miners and he have more then 51% ? don't get it

That is the important fact. Satoshi's system has a lot of incentives and disincentives that make it logical to game. For example, people sometimes are concerned about some actor "buying all the coins cheap". Of course the more aggressively one buys, the more expensive each coin becomes.

You are pretty close with your analysis but there are a few practical flaws which you are overlooking.

One, you have to assume that the miners that are switched off are also being sold.

Two, the switched off miners that make up the total 50% of the entire mining force are allocated in one place of at least geographically near to each other.

Three, the 'attacker' will be buying all the switched off miners from wherever they maybe located in the world - which is practically impossible.


This single purposed functionality of ASIC hashers have always been concerning to me as they become nothing more than paperweights once their mining days are over, at least with older FPGA units you could repurpose them for other encryption and decryption tasks.

i think thats really hard to believe when DoS attack has been begin

Take another look at the premises here.
At reward halving, when the reward comprises >99% of the mining income, if price is stable or declining...  then we may see a lot of miners idling equip.
Thus if reward halves, and idle equipment is roughly 50% of the equipment before the reward halving, it may be rented and an attack launched.

If the premise conditions are met, it would not take a massive amount of people, or a government.  It would merely require a great concentration of wealth.  If other resources are added to this (force of law, hacking, massive data centers, governments, etc)  That just makes it easier to reach the threshold.

One method to defend against this, major commercial stakeholders (exchanges, etc) ought require more confirmations around this time.  Many exchanges are also limiting transactions, and requiring identifications so even if it is attempted and successful, the malicious miners may not 'get away' with it.

Other alt coins have more advanced coinbase reward systems that smoothly adjust rather than halving to accommodate for this.

You're premise that miners can be expected to idle their machines when the reward halves is wrong.

With miners needing to sell most of 3600 new coins per day, the only thing that keeps the price of bitcoin even relatively stable at a given price point is a roughly equal rate of new money flowing in. When the price holds for a stretch you can bet the reason is that at least one whale feels the current price can be sustained by the incidental rate of incoming new money plus their own willingness to buy at that level. They view the need to buy mined bitcoin each day as an obligation, since failure to do so will cost them even more in terms of a falling price.

Anyone who's wrestled with the decision of how much more money to invest in Bitcoin to support the current price level should have realized that there's a balance to be struck between how many bitcoins are mined each day and how many bitcoins are purchased by new money each day.

The long price decline since Q4 2013 shows that bitcoin holders would rather be pushing $0.8M of new money into bitcoin each day than $4M (if the price were to go back to $1000). Think of it as the savings rate of the true bitcoin believers of which there are probably between 250,000 and 500,000 globally at the moment (https://bitscan.com/bitnews/item/how-many-people-really-own-bitcoins-and-why-does-it-matter). Most of these people are limited in how much new money they can pump into bitcoin each day by their ability to earn non-bitcoin money each day.

Back to your premise: When the block reward halves, all other things remaining equal, you should expect the price to double. More specifically, if the price at the time of the halving truly reflects the savings rate of bitcoin holders, then the price should double.

Why? Because the savings rate is the sustainable rate of new money flowing in to buy mined bitcoins. The same amount of new money after the halving will buy half as many bitcoin at twice the price. Miners should just hold off selling until the price rises to that level. They should absolutely NOT turn off their equipment.

Of course when the price level is rising during a span of excessive exuberance, or falling due to a contagion of anxiety, what will determine the new price level once the dust settles is the new savings rate of the new/remaining pool of bitcoin holding believers.