How to destroy Bitcoin with a 10% attack: Roadmap for a Central Bank Takeover

[Brandsen]

Recently the ECB (European Central Bank) officially warned about the dangers of bitcoin: http://www.zerohedge.com/news/2016-10-19/ecb-wants-curb-bitcoin-use-over-fears-it-may-lose-control-over-money-supply

So lets imagine that a central bank wanted to take control of the bitcoin network..

Note that the following attack only works if the blocks are not full.

To understand this, we must first focus on the economics in the fee market:

If the blocks are full = the price is set by users:
Miners are simply filling blocks based on the fees that are payed by users.
Users are competing for blockspace, and the price of blockspace is determined by how much the users are willing to pay to send a transaction.

If blocks are not full = the price is set by miners:
Miners are competing to offer the lowest possible price for blockspace. They try to include as many transactions as possible while at the same time excluding those that pays too little in fees.
The price of blockspace is determined by how little the miners are willing to demand in fees.

So lets say that the block size is increased and that the blocks are no longer full...

As a result “The 5 Step Roadmap To Destruction” becomes possible:

Step 1:
Wait 7.5 years, by then the block reward will have dropped to only 3.125 bitcoin per block.
At this point the miners have become dependent on fees as their main source of income.

Step 2:
Get control of 10% of the total hash-power in the network.

Step 3:
Start processing all transactions for free.
This will have a global effect on the fee marked. The price of blockspace will simply collapse. Users are no longer required to pay to get their transactions into a valid block.
The result is that all miners loose their main source of income. 

Step 4:
Since the attacker is a central bank, they have access to unlimited resources.
The attack is continued until all other miners are bankrupt due to the lack of income from fees.

Step 5:
The central bank becomes the central processing entity of bitcoin. All other miners are now out of business since they are no longer able to collect fees.

Conclusion:
To avoid this attack we must keep the blocks full so that the price of blockspace is set by the users and not by the miners.

Please let me know what you think about my attack scenario. Thank you for reading this post!

[ranochigo]

If the blocks are full = the price is set by users:
Miners are simply filling blocks based on the fees that are payed by users.
Users are competing for blockspace, and the price of blockspace is determined by how much the users are willing to pay to send a transaction.

If blocks are not full = the price is set by miners:
Miners are competing to offer the lowest possible price for blockspace. They try to include as many transactions as possible while at the same time excluding those that pays too little in fees.
The price of blockspace is determined by how little the miners are willing to demand in fees.

Actually, full or not, miners usually prioritize the highest fees/kb first. The higher fees paid per kb, the more interested the miner would be in including your transaction. Due to the transaction spam, many miners do not include fees that are too low and that's it. As long as you pay some fee that is more or less reasonable, miners will include them.

So lets say that the block size is increased and that the blocks are no longer full...

As a result “The 5 Step Roadmap To Destruction” becomes possible:

Step 1:
Wait 7.5 years, by then the block reward will have dropped to only 3.125 bitcoin per block.
At this point the miners have become dependent on fees as their main source of income.

Step 2:
Get control of 10% of the total hash-power in the network.

Step 3:
Start processing all transactions for free.
This will have a global effect on the fee marked. The price of blockspace will simply collapse. Users are no longer required to pay to get their transactions into a valid block.
The result is that all miners loose their main source of income.  

Step 4:
Since the attacker is a central bank, they have access to unlimited resources.
The attack is continued until all other miners are bankrupt due to the lack of income from fees.

Step 5:
The central bank becomes the central processing entity of bitcoin. All other miners are now out of business since they are no longer able to collect fees.

Conclusion:
To avoid this attack we must keep the blocks full so that the price of blockspace is set by the users and not by the miners.

Please let me know what you think about my attack scenario. Thank you for reading this post!

If you control 10% of the hashrate, you would, in theory, be only able to generate 10% of the blocks in the period. In every 10 blocks, you get 1 block. Users will still be inclined to pay fees since they would have to wait for a long time for their transaction to confirm if they don't.

Reference nodes do have a policy in which they require the transaction to have at least 0.00005BTC/KB by default to relay the transaction if it does not qualify for free transaction.

[CIYAM]

Whilst I agree that 10% is probably not going to be enough to make a huge dent if the percentage starts to get a lot more than that (i.e. approaching 25-30%) and the block size has managed to vastly increase in size (as many supporters of BU seemingly are fine with) then this scenario does end up becoming a possibility.

In short a "fee market" needs to exist in order to ensure that a large enough number of different mining operations continue to confirm transactions.

Also the fact that a shit-load of non-fee paying txs (or too low fee paying) are flooding the network at the moment (as has happened a few times before) is perhaps proof that those wanting to do exactly what the @OP fears they are trying to do are pushing hard at that (by trying to convince people that we need much bigger blocks).

[IIOII]

This scenario doesn't make too much sense in my opinion. Controlling 10% of the hashpower in 7.5 years might be much harder than controlling 50% today, because the difficulty may be 100x or 1000x times higher than what it is today. The number of big mining operations will certainly increase in the coming years.

If Central Banks wanted to control the network, they could still do it now for chump change (related to their asset dimensions). But maybe the question is not about money alone. It could also be one of technical expertise. The officials at Central Banks don't know how to set up a mining operation.

[0xfff]

10% control leaves 90% of the blocks being mines left to be filled with higher fee transactions. I doubt this would make much of a difference. It would just reflect in 10% less transactions being processed.

[shorena]

10% control leaves 90% of the blocks being mines left to be filled with higher fee transactions. I doubt this would make much of a difference. It would just reflect in 10% less transactions being processed.

Well 10% less of those with fees. If the attacker here is only mining transactions without fee there is no reliable way to secure a spot in these blocks. Maybe they use priority. Whatever they do, it would reduce the available space in blocks for those paying a fee. If demand stays the same, this attack would increase the price of fees needed to secure a spot in the 9/10 blocks left.

[0xfff]

10% control leaves 90% of the blocks being mines left to be filled with higher fee transactions. I doubt this would make much of a difference. It would just reflect in 10% less transactions being processed.

Well 10% less of those with fees. If the attacker here is only mining transactions without fee there is no reliable way to secure a spot in these blocks. Maybe they use priority. Whatever they do, it would reduce the available space in blocks for those paying a fee. If demand stays the same, this attack would increase the price of fees needed to secure a spot in the 9/10 blocks left.

I find it very unrealistic that some group would attack bitcoin by only accepting no fee txs inorder to increase the fees. If they went back to accepting the highest fees then the price of fees would go down.

[Quickseller]

Another way an entity could destroy Bitcoin could be to broadcast a sufficient number of transactions to bid up the cost of getting a transaction confirmed to be uneconomical. The entity could first broadcast 1 MB worth of transactions every 10 minutes with fees averaging 70 sat/byte, then increase this average to 80 sat/byte, and so on.

This attack could have little to no cost to an attacker with a small minority of the network hashpower (or even be net profitable).

[philipma1957]

Another way an entity could destroy Bitcoin could be to broadcast a sufficient number of transactions to bid up the cost of getting a transaction confirmed to be uneconomical. The entity could first broadcast 1 MB worth of transactions every 10 minutes with fees averaging 70 sat/byte, then increase this average to 80 sat/byte, and so on.

This attack could have little to no cost to an attacker with a small minority of the network hashpower (or even be net profitable).

worse yet combine both the op's tactic's and your idea  in a good cop bad cop method.

Switching from one method to another

[HostFat]

Since the attacker is a central bank, they have access to unlimited resources.

Does this means that the bank is going to unlimited inflationate its currency?

This will make the price of Bitcoin going higher and higher.

Maybe your roadmap doesn't work very well...

[CIYAM]

Another way an entity could destroy Bitcoin could be to broadcast a sufficient number of transactions to bid up the cost of getting a transaction confirmed to be uneconomical. The entity could first broadcast 1 MB worth of transactions every 10 minutes with fees averaging 70 sat/byte, then increase this average to 80 sat/byte, and so on.

This attack could have little to no cost to an attacker with a small minority of the network hashpower (or even be net profitable).

If you are paying X per byte in fees then how on earth can that possibly have *no cost*?

(five left - not sure I should waste them on stupid things)

[Quickseller]

Another way an entity could destroy Bitcoin could be to broadcast a sufficient number of transactions to bid up the cost of getting a transaction confirmed to be uneconomical. The entity could first broadcast 1 MB worth of transactions every 10 minutes with fees averaging 70 sat/byte, then increase this average to 80 sat/byte, and so on.

This attack could have little to no cost to an attacker with a small minority of the network hashpower (or even be net profitable).

If you are paying X per byte in fees then how on earth can that possibly have *no cost*?

(five left - not sure I should waste them on stupid things)

Say for example, that miners can include 1,000,000 bytes worth of transactions in each found block (the actual number is slightly less, however this makes the math a little bit easier).

Conforming with the OP's scenario, say that the attacker/spammer controls ~10.416% (15 blocks found per day) -- this is slightly above the 10% indicated by the OP to make the math simpler -- of the network hashrate. Also assume that the average cost of including a transaction into a block is 50 sats/byte, which means that blocks will have, on average 0.5BTC worth of tx fees in each found block. Also assume that there is demand of 950kb worth of transactions every 10 minutes that is willing to pay up to 201 sats/byte to have their transactions included in a block, but will only pay the average fee necessary to have their transactions included in a block -- there is also a demand of 50 kb worth of transactions every 10 minutes that is willing to pay no more then 50 sats/byte ("spam transactions").

Prior to the attacker launching the attack, his income from mining would be as follows:
*Found blocks: 15
*TX fee revenue: 7.5BTC
*cost of attack: 0.0BTC
*revenue from attack: 0.0 BTC
*net income from attack: 0.0BTC

At first the attacker creates transactions so that users need to pay at least 70 sats/byte to get their transactions confirmed -- they do this by creating 1 MB worth of transactions every 10 minutes that include tx fees in the amount of 70 sats/byte. Users are slow to react, so, on the first day of the attack, 50% of confirmed transactions are that of the attacker, however the other 50% of transactions do in fact include tx fees averaging 70 sats/byte.

After one day, the attackers revenue is as follows(per day):
*Found blocks: 15
*TX fee revenue: 10.5BTC
*revenue from attack: 3BTC
*cost of attack: 50.4BTC
*net income from attack: (47.4BTC)
*transaction backlog: 64,800,000 bytes = 64,800 kb

The attacker will have spent 50.4BTC in transaction fees, however some of that is mitigated by the fact that the attacker received 10.5BTC worth of transaction fees in the blocks they confirmed, which is 3BTC more then what the attacker would have received had the attack not happened.

On day two, users realize they must now pay a higher transaction fee, and start paying 70 sats/byte to get their transactions confirmed. Since the current price of transaction fees is too high for the spam transactions, there is only 950 kbs worth of demand for block space that is paying 70 sats/byte (excluding the attacker's transactions). This means that the attacker only has 5 kbs worth of transactions paying 70 sats/byte included in their transactions.

After day two, the attacker's revenue is as follows (per day):
*Found blocks: 15
*TX fee revenue: 10.5BTC
*revenue from attack: 3BTC
*cost of attack: 5.04BTC
*net income from attack: (2.04BTC)
*transaction backlog : 64,800,000 bytes = 64,800 kb -- unchanged

On day two, the transaction backlog remained unchanged because users who attempted to send transactions on day one used RBF to pay a higher fee, however a similar number of additional transactions are unable to get confirmed. The transaction backlog does not include transactions from the attacker.

On day three, the attacker increases the tx fees on the transactions they broadcast to 90 sats/byte. Again, users are slow to react, although not as much as they were on day one because they are aware that transaction fees are rising, so only 30% of the transactions confirmed on day three are that of the attacker, and 70% are that of other users, that are paying an average fee of 90 sats/byte.

After day three, the attacker's revenue is as follows (per day):
*Found blocks: 15
*TX fee revenue: 13.5BTC
*revenue from attack: 6BTC
*cost of attack: 38.88BTC
*net income from attack: (32.88BTC)
*transaction backlog: 108,000,000 = 108,000 kb -- an increase of 43,200,000 = 43,200 kb

On day four, users start paying 90 sats/byte in masse, and the attacker again only has 5% of the transactions confirmed on day four belong to him. The increase in the transaction backlog is that of the transactions that the attacker outbid that otherwise needed to get included in blocks.

After day four, the attacker's revenue is as follows (per day):
*Found blocks: 15
*TX fee revenue: 13.5BTC
*revenue from attack: 6BTC
*cost of attack: 6.48BTC
*net income from attack: (0.48BTC).

On day 5, the attacker increases the tx fees on the transactions they broadcast to 120 sats/byte. Again, users are slow to react, so only 30% of the transactions confirmed on day three are that of the attacker, and 70% are that of other users, that are paying an average fee of 120 sats/byte.

After day 5, the attacker's revenue is as follow (per day):
*Found blocks: 15
*TX fee revenue: 18BTC
*revenue from attack: 10.5BTC
*cost of attack: 51.84BTC
*net income from attack: (41.34[btc)
*transaction backlog: 151,200 kb -- an increase of 43,200,000 = 43,200 kb

On day 6, users start paying 120 sats/byte in masse, and the attacker again only has 5% of the transactions confirmed on day four belong to him. The increase in the transaction backlog is that of the transactions that the attacker outbid that otherwise needed to get included in blocks.

After day 6, the attacker's revenue is as follows: (per day):
*found blocks: 15
*TX fee revenue: 18BTC
*revenue from attack: 10.5BTC
*cost of attack: 8.64BTC
*net income from attack: 1.86BTC

At this point, the attacker is making 1.86BTC per day from the attack -- this is because they would make 7.5BTC worth of tx fees absent their attack, and is making 18BTC worth of transaction fees as a result of the attack, and is only paying 8.64BTC worth of transaction fees in order to keep the average transaction fee as high as it is. Prior to the this day, the attacker has already "invested" 82.8BTC into the attack, and does not want to wait 1.5 months to break even, so they continue to raise the TX fees of their transactions.

On day 7, the attacker increases the tx fees on the transactions they broadcast to 150 sats/byte. Again, users are slow to react, so only 30% of the transactions confirmed on day three are that of the attacker, and 70% are that of other users, that are paying an average fee of 150 sats/byte.

After day 7, the attacker's revenue is as follows (per day):
*found blocks: 15
*TX fee revenue: 22.5BTC
*revenue from attack: 15BTC
*cost of attack: 64.8BTC
*net income from attack: (49.8BTC)
*transaction backlog: 194,400 kb -- an increase of 43,200,000 = 43,200 kb

On day 8, users start paying 150 sats/byte in masse, and the attacker again only has 5% of the transactions confirmed on day four belong to him. The increase in the transaction backlog is that of the transactions that the attacker outbid that otherwise needed to get included in blocks.

After day 8, the attacker's revenue is as follows (per day):
*found blocks: 15
*TX fee revenue: 22.5BTC
*revenue from attack: 15BTC
*cost of attack: 10.8BTC
*net income from attack: 4.2BTC
*total income from attack: (126.54BTC)

On day 9, the attacker increases the tx fees on the transactions they broadcast to 200 sats/byte. Again, users are slow to react, so only 30% of the transactions confirmed on day three are that of the attacker, and 70% are that of other users, that are paying an average fee of 200 sats/byte.

After day 9, the attacker's revenue is as follows (per day):
*found blocks: 15
*TX fee revenue: 30BTC
*revenue from attack: 22.5BTC
*cost of attack: 86.4BTC
*net income from attack: (63.9BTC)
*total income from attack: (190.44BTC)
*transaction backlog: 237,600 kb -- an increase of 43,200,000 = 43,200 kb

On day 10, users start paying 200 sats/byte in masse, and the attacker again only has 5% of the transactions confirmed on day four belong to him. The increase in the transaction backlog is that of the transactions that the attacker outbid that otherwise needed to get included in blocks.

After day 10, the attacker's revenue is as follows (per day):
*found blocks: 15
*TX fee revenue: 30BTC
*revenue from attack: 22.5BTC
*cost of attack: 14.4BTC
*net income from attack: 8.1BTC
*total income from attack: (182.34BTC)

The attacker would need to continue to keep broadcasting transactions with an average tx fee of 200 sats/byte for ~22.5 additional days until he breaks even on the attack. After the attacker stops broadcasting his attack transactions, an additional 50 kb worth of block space (per block) would become available to reduce the backlog, or roughly 7,200 kb per day. This results in it taking roughly 33 days to clear the backlog, during which time, transaction fees should stay at roughly 200 sats/byte, and after the backlog is cleared, the average necessary TX fee should crash back to 50 sats/byte that it was originally.

tl;dr -- you control a small portion of the miners, benefit from the increased transaction fees that everyone else is forced to pay because you bid up the price of transactions for everyone.

[pedrog]

the implications would be huge, putting aside the fact that someone would need to convince a board of directors/shareholders that wasting a shit load of money would make any sense, bitcoin does not belong to a country, so if someone or institution decided to do that it would affect people and businesses all over the world, that would probably be illegal and against all the treaties out there.

Cyber warfare is conducted with extreme secrecy, and institution trying to make an attack like the one you describe could not make it in secret, plus the attack could always be mitigated.

[Brandsen]

10% control leaves 90% of the blocks being mines left to be filled with higher fee transactions. I doubt this would make much of a difference. It would just reflect in 10% less transactions being processed.

Well 10% less of those with fees. If the attacker here is only mining transactions without fee there is no reliable way to secure a spot in these blocks. Maybe they use priority. Whatever they do, it would reduce the available space in blocks for those paying a fee. If demand stays the same, this attack would increase the price of fees needed to secure a spot in the 9/10 blocks left.

Have you ever heard about the relationship between supply and demand?

Lets be clear:

Miners are selling blockspace

Users are buying blockspace

So let us talk a little bit about housing instead..

What do you think would happen if the government gave everybody a house for free every 10th year?

What do you think would happen to the prices of real estate?

Do you think it will be easy to sell your house during the 9 years in between?

Do you think people will be willing to pay good money for your house?

[shorena]

10% control leaves 90% of the blocks being mines left to be filled with higher fee transactions. I doubt this would make much of a difference. It would just reflect in 10% less transactions being processed.

Well 10% less of those with fees. If the attacker here is only mining transactions without fee there is no reliable way to secure a spot in these blocks. Maybe they use priority. Whatever they do, it would reduce the available space in blocks for those paying a fee. If demand stays the same, this attack would increase the price of fees needed to secure a spot in the 9/10 blocks left.

Have you ever heard about the relationship between supply and demand?

Lets be clear:

Miners are selling blockspace

Users are buying blockspace

So let us talk a little bit about housing instead..

What do you think would happen if the government gave everybodya few random people a house for free every 10th year?

FTFY.

What do you think would happen to the prices of real estate?

Houses are a bad metaphor as their most valuable property tends to be the land they stand on.

Do you think it will be easy to sell your house during the 9 years in between?

Do you think people will be willing to pay good money for your house?

Lets try it away and assume the location is not important for some reason and houses could be easily interchanged. The number of houses that are given away is limited. The places the free houses are build on are removed from the land and house building markets. Less places to build houses on, but the still the same amount of people that need a place to live. Buy a house now or hope for a lucky chance in 9 years?

You seem to forget that blocks are limited in size (everyone gets a house) and that without a fee you have no way to know for sure your transaction will be confirmed. I have no doubt that this attack would significantly increase the amount of free transactions, but I doubt it would have a meaningful impact on the other transactions. After all all the attackers can offer is a lucky chance. People that want to do business can not rely on lucky chances.

[Brandsen]

You seem to forget that blocks are limited in size (everyone gets a house) and that without a fee you have no way to know for sure your transaction will be confirmed. I have no doubt that this attack would significantly increase the amount of free transactions, but I doubt it would have a meaningful impact on the other transactions. After all all the attackers can offer is a lucky chance. People that want to do business can not rely on lucky chances.

The whole meaning of my post was that we must keep the blocks limited in size.
If we increase the block size to much then we risk that the blocks are no longer full.

If the blocks are never full then it does not matter what the upper limit is.

I’m not saying that the block size should never be raised. I’m just saying that the size should never be so big that most of the blocks are no longer full.

The blocks must stay full for the fee market to function properly.

If the blocks are full = the price is set by users:
Miners are simply filling blocks based on the fees that are payed by users.
Users are competing for blockspace, and the price of blockspace is determined by how much the users are willing to pay to send a transaction.

If blocks are not full = the price is set by miners:
Miners are competing to offer the lowest possible price for blockspace. They try to include as many transactions as possible while at the same time excluding those that pays too little in fees.
The price of blockspace is determined by how little the miners are willing to demand in fees.

The attack I have stated is not possible as long as the price of blockspace is set by the users (and not the miners)

[HostFat]

Miners aren't working for free.
Even with an unlimited blocksize all the miners will try to get as much possible as they can, by limiting them self the blocks as they did until now.

If there is a state/central bank that starts to mine blocks by accepting even free tx, then they are going to lose money on the long run, and they'll need to inflate their currency to maintain this status.

This will then make bitcoin more valuable. (so the other miners will be even richer, as the holders ...)
You will see all the population moving from the fiat currency to bitcoin, until even the energy will be preferred to be sold in exchange of bitcoin instead of fiat currency

I don't think that we will never arrive to the last step, this "attack" idea will break way before...

[ArcCsch]

I’m just saying that the size should never be so big that most of the blocks are no longer full.

If blocks are not being filled, as long as the size is not unreasonably large, the transaction price will drop, and they will soon be filled with micro-payments, colour meta-data, proof-of-knowledge, smart-contracts, mix-nets, ...
If the blocks are raised to 8MB (when is that happening?), transaction process would probably decrease by a factor of about 8 (I am not an economist) and the miners would still get their fees.
As Bitcoin is growing, it needs help from Moore's Law to be able to handle transactions to the scale of fiat transferrers, otherwise nodes would require an expensive data centre (something most people don't have).
If Moore's Law betrays us, one idea would be to reserve some space in blocks for node operators and to have them prove they have a node (scrypt-like system over the blockchain).
My point is, empty blocks are not something we should be worried about, people will always find data to fill them with.
Therefore, all this government can do is fill blocks with low-fee transactions instead of high-fee transactions, I doubt that would help them.

[Kakmakr]

If what you are saying is true, that banks have unlimited funds to buy 10% of the hashing power, then why just go for 10% then? They could just buy a whole mining pool and cripple the whole network with a 51% attack. The double spend, will pay for the whole operation and everything will collapse.

Unfortunately that is not how it works. Banks have shareholders and they will have to account for their actions. Once something like this is leaked, people will support the next Bitcoin even more. People will query these "free" transactions and realize what is going on, and they will react to it. If they push, we will push back harder. ^smile^

[QuestionAuthority]

This seems like a silly and expensive way of screwing with the network. I've never understood why no one has figured out how to hack the 16 minute protection for device time changes to the unencrypted network time protocol. Just turn the network time back a couple of days and watch the whole thing come crashing down for almost no cost. A man-in-the-middle-attack between the Bitcoin network and the Network Time Protocol would be catastrophic. I'm sure some 12 year old kid will figure it out eventually.