Does anyone have estimates of the cost of a 51% attack at various times?

[minarchist]

I am interested in the estimated cost, in USD, of a 51% attack as a function of time.  Granted, there will be variability in this number depending on the party responsible, but use an educated guess of the most likely suspect(s).  What would the estimated cost of such an attack have been from the most likely suspect(s) every New Year's Day since 2010?

[mufa23]

I am estimating about 11+ Million USD for the beginning of Jan 2013. That would allow you to purchase 45k ATI HD 7950's which would bring you about 30 TH/s. This only includes the cost of the actual videocards. The rest of the computer would be a few more million. You'd have to host all this at some massive data center. And supply it with power and proper cooling. Even hire a staff to run everything.

Realistically, we're looking at 30 million USD, then millions more for the power and employment costs each month. And this was as of 8 months ago. I personally don't worry about a 51% attack anymore. Even if you had the money, nobody is producing enough equipment for you to buy it.

[minarchist]

The market cap at that time was about 140 million USD, meaning that the cost of the attack was about 20% of the market cap.  What's your estimate of the current cost of such an attack?

Regarding your lack of a concern at this point, have you discounted the possibility that the government of a major power could set up its own facilities for manufacturing mining hardware?

[Kazu]

If somebody attempted to do it, people would likely chase difficulty up with them.

[crazyates]

If somebody attempted to do it, people would likely chase difficulty up with them.

You obviously don't know what you're talking about. No 51% attack would be made near the end of a diff-recalc cycle unless there was no choice. And even then, you would still own 51% of the hashrate.

IIRC, someone did a study a while back analyzing a double-spend attack. 51% guaranteed you a 100% success rate at a double spend, but your chanced were still pretty good at lower hashrates. Example: You still had like a 90% chance of completing a double-spend attack if you only had like 40% of the network. It was within reason for someone with only 30-35% of the network to do this, but the odds were much lower.

There have been multiple times where a single pool has aproached 35%, which I consider to be dangerous for the above fact. You wouldn't need to spend 30Million USD to attack the network, you'd just need to attack and take control of the biggest pool. Or a few of the top pools where you controlled a good percentage. If any 5 out of the top 10 pools got attacked, we'd be screwed.

This is also just assuming you're attacking pools to take control of them. someone coordinating an attack this big would also attack any pools they couldn't take over, effectively removing their entire hashrate from the network.

We're coming up on 500TH/s. If someone were to take out BTCGuild and 50BTC, that's almost 200TH/s between the two of them. Of if they were to take over BTCGuild and then take out the next 3, they would own 130TH/s out of a 350TH/s network. That's enough to double-spend. I love eleuthria and slush, but what if their families were taken or harmed? You really think they would give up their children to protect Bitcoin? (note: I don't even know anything of their personal lives. I don't know their real names or if they even have children. This is hypothetical, and I"m making a point)

TL;DR I wouldn't be worried about how much it would take a theoretical entity to design/develop/produce/assemble/initiate their own ASICs to attack the network. I would worry about the security of the biggest pools.

[mufa23]

+1 what Crazyates said.
If would be much more cost effective to attack the pools.

have you discounted the possibility that the government of a major power could set up its own facilities for manufacturing mining hardware?

Billions of dollars. Government's themselves typically don't produce stuff. They contract companies to manufacture stuff for them. I figure it would be hard for them to keep it a secret, but possible. Mass producing tech and attacking pools is within the realm of possibility.

But once they actually "destroy Bitcoin", they have billions of dollars worth of paper weights, and we all move over to Litecoin. It would be an endless waste of money to constantly keep attacking crypto-currencies.

[minarchist]

+1 what Crazyates said.
If would be much more cost effective to attack the pools.

have you discounted the possibility that the government of a major power could set up its own facilities for manufacturing mining hardware?

Billions of dollars. Government's themselves typically don't produce stuff. They contract companies to manufacture stuff for them. I figure it would be hard for them to keep it a secret, but possible. Mass producing tech and attacking pools is within the realm of possibility.

But once they actually "destroy Bitcoin", they have billions of dollars worth of paper weights, and we all move over to Litecoin. It would be an endless waste of money to constantly keep attacking crypto-currencies.

Would the Bitcoin mining hardware require expensive modifications in order to be converted over to Litecoin?

[minarchist]

How can mining pools be used in an attack when they generally consist almost entirely of what Satoshi Nakamoto referred to as "honest nodes" in his paper?   

[crazyates]

How can mining pools be used in an attack when they generally consist almost entirely of what Satoshi Nakamoto referred to as "honest nodes" in his paper?   

Pools don't hash. Pools send work out to the miners, and the miners return any valid results. If a pool has 2,000 miners, and each of them is mining at 10GH/s pool, then they have a 20TH/s pool. If that pool was taken over, and it's mining software adapted or replaced, you would then have 20TH/s of miners happily receiving intentionally malicious work and sending back the results. The miner wouldn't know the difference, but the pool would.

[Stephen Gornick]

Even if you had the money, nobody is producing enough equipment for you to buy it.

Exactly.  Unless the attacker created an ASIC or has had 50% of the orders in with the existing manufacturers there's simply no amount of money that will yield enough hardware to get 50% of the hashing capacity out there.   Perhaps a globally coordinated seizure of output from all the ASIC vendors might get the attacker that much hardware but then the chance of a "surprise" (necessary for executing a successful 51% for the purpose of double spending) drops to zero.

[minarchist]

How can mining pools be used in an attack when they generally consist almost entirely of what Satoshi Nakamoto referred to as "honest nodes" in his paper?  

Pools don't hash. Pools send work out to the miners, and the miners return any valid results. If a pool has 2,000 miners, and each of them is mining at 10GH/s pool, then they have a 20TH/s pool. If that pool was taken over, and it's mining software adapted or replaced, you would then have 20TH/s of miners happily receiving intentionally malicious work and sending back the results. The miner wouldn't know the difference, but the pool would.

As soon as it became obvious that mining pool x was run by malicious asswipes, then essentially all of the pool members would leave.  

Edit:  Additionally, is it conceivable that miners would stop joining a pool that was getting close to 50% of the hash rate share, out of principle?

[eleuthria]

Edit:  Additionally, is it conceivable that miners would stop joining a pool that was getting close to 50% of the hash rate share, out of principle?

Yes.  When BTC Guild was getting way too close to 51% during the first half of 2013, some users did start to leave in order to spread out the hash rate.  However, the pool was still growing larger as a percentage of the whole network due to new users joining faster than other users leaving out of principle.  There were *many* posts requesting people to voluntarily leave, and the pool didn't lose any overall share of the network until fees were increased on the PPS payment system.

[notung]

In case of attack the pool admin just needs to shutdown the pool (of course, first he needs to know that it was attacked...)