DB Bug Example of 51% Network Takeover?

[TransaDox]

Hi all.

I've been on the periphery of bitcoins for quite a while and must admit, whilst quite enthusiastic I have wondered about the 51% since the beginning. My understanding is a little sketchy in places, so please point out any incorrect assumptions/analysis.

On March 12th 2013. A bug was revealed in the 0.7 software which caused a hard fork in the bitcoin chain between 0.7 and 0.8 clients. Whilst the system is designed to do this so that new forks (read, new currencies) can be created, in this instance it was undesirable. The bitcoin gurus recognised the issue rapidly and, as an excellent example of on-line collaboration between devs and traders/miners, the issue was rapidly resolved. My question, however is in the way it was resolved.

During the height of the issue, there existed two divergent forks. The 0.7 fork could be assimilated by the 0.8 clients, however, the 0.8 fork could not be assimilated by the 0.7 clients. Since the 0.8 fork had most of the hashing power, the 0.7 fork could never catch up so that it could be assimilated into the main block chain. The response to the issue was that, since most of the hashing power was on the 0.8 software, a temporary switch to majority hashing on the 0.7 version was conducted by asking the major players to downgrade their software (i.e. 51% of the network switched to the 0.7 fork.). This enabled the 0.7 block chain to overtake the 0.8 one at which point the 0.7 chain would become the main chain and the 0.8 clients switch over to it (presumably all the miners then immediately upgraded).

This is troubling though. If it was fairly straight forward for a few individuals to "agree" to switch over to a different fork and effectively take over 51% of the network (albeit in a good cause) . Then what of a government backed attempt to do the same. What is to stop a government or even an institution (read bank) putting 10,000 asic miners in a building and subverting the network to their new chain?

More over. Can anyone explain (in laymen terms) if that were to happen, what would be the effect on the current bitcoin chain and clients, the rules that the current clients abide by and the implications/impact of the 21e10^6 limit?

If it has already been answered elsewhere, my apologies, However I would appreciate some some links since I do not know my way around the board as yet.

[Gabi]

What is to stop a government or even an institution (read bank) putting 10,000 asic miners in a building and subverting the network to their new chain?

Nothing.

There are some suggestions about what to do in this case and how to avoid the attacker chain to be used by the clients but well, so far nothing serious.

Technically a 51% attacker can rebuild the chain from where he want and do what he want with all the transactions, keep them or reject them.

[TransaDox]

What is to stop a government or even an institution (read bank) putting 10,000 asic miners in a building and subverting the network to their new chain?

Nothing.

There are some suggestions about what to do in this case and how to avoid the attacker chain to be used by the clients but well, so far nothing serious.

Technically a 51% attacker can rebuild the chain from where he want and do what he want with all the transactions, keep them or reject them.

Well. According to the Wiki

An attacker that controls more than 50% of the network's computing power can, for the time that he is in control, exclude and modify the ordering of transactions. This allows him to:

    Reverse transactions that he sends while he's in control. This has the potential to double-spend transactions that previously had already been seen in the block chain.
    Prevent some or all transactions from gaining any confirmations
    Prevent some or all other miners from mining any valid blocks

The attacker can't:

    Reverse other people's transactions
    Prevent transactions from being sent at all (they'll show as 0/unconfirmed)
    Change the number of coins generated per block
    Create coins out of thin air
    Send coins that never belonged to him

It's much more difficult to change historical blocks, and it becomes exponentially more difficult the further back you go. As above, changing historical blocks only allows you to exclude and change the ordering of transactions. It's impossible to change blocks created before the last checkpoint.

Since this attack doesn't permit all that much power over the network, it is expected that no one will attempt it. A profit-seeking person will always gain more by just following the rules, and even someone trying to destroy the system will probably find other attacks more attractive. However, if this attack is successfully executed, it will be difficult or impossible to "untangle" the mess created -- any changes the attacker makes might become permanent.

I suppose what I am not comfortable with is the line "it is expected that no one will attempt it". I know of some people in the banking sector that would do it just for laughs if it became mainstream and, if you can "print" fiat, cost is no problem (hell, how many ASICS does a bankers bonus buy!).

[Gabi]

  Reverse other people's transactions
    Send coins that never belonged to him

I don't agree with this. As far as i know, yes he can!

[Stephen Gornick]

  Reverse other people's transactions
    Send coins that never belonged to him

I don't agree with this. As far as i know, yes he can!

You might be confusing the term "reverse transaction" with "reverse confirmations".    An attacker with 51% can release a blockchain that started a number of blocks back and invalidates a number of blocks.  For any transactions that the attacker does not include in the new longest chain, those transactions will simply sit as 0/unconfirmed.   That's technically not "reversing" the transactions.

And for part two of that, "Send coins that never belonged to him", I'm not sure why you would think that an attacker with 51% could do that.

I know of some people in the banking sector that would do it just for laughs if it became mainstream

They'ld throw twenty million+ dollars away?  I doubt their shareholders would think it wise.

Anyways, two years ago when bitcoin had just hit parity with the dollar, (giving a total dollar valuation of about $7 million USD) and the cost to do a 51% attack was probably less than $1 million of hardware this same argument came up then.   "If bitcoin becomes mainstream, $1 million would be nothing for a government or big bank".   Which probably is true, but nothing happened.    Now the cost is 20X that, ... no longer something that would be done "just for laughs".    A few more months, that might be $40 million.    They better hurry, because this thing is starting to look like it could go mainstream.

[TransaDox]

They'ld throw twenty million+ dollars away?  I doubt their shareholders would think it wise.

Well.
a) It's not their money they are playing with (unless they use their bonus).
b) 20 million is chicken feed when you can create fiat.
c) Market manipulation would make it worthwhile (if that is the possibility).

We all know the other markets are manipulated using high frequency trading. Bitcoin "could" be the next "wheeze".

I think the difference between now and, say, a year or so ago, is that it is now on the radar and the market has been shown to be fairly resilient. Couple that with a deep mistrust of the current banking system and the sector is seriously looking at how to exploit BC. I have looked quite a bit at the technology and really like it (especially the lesser known transactions for escrow etc). It's just the 51% that causes me concern. Especially as it was effectively what was used to address the forking issue.