Bitcoin Forum
November 10, 2024, 05:16:09 PM *
News: Latest Bitcoin Core release: 28.0 [Torrent]
 
   Home   Help Search Login Register More  
Pages: « 1 [2]  All
  Print  
Author Topic: 51% attack is a myth  (Read 3133 times)
Transisto
Donator
Legendary
*
Offline Offline

Activity: 1731
Merit: 1008



View Profile WWW
May 12, 2013, 11:53:17 PM
 #21

You can also make a double spend with 1% of hashrate if you are really lucky,

It has never really been 51%,
datz
Sr. Member
****
Offline Offline

Activity: 295
Merit: 250


"to survive, we must live and fly"


View Profile
May 13, 2013, 02:20:38 AM
 #22



i'm not seeing much of a problem.

This is all good and well - even if we maintain an insurmountable hash rate (to a 51% attacker) we are wasting massive resources.

I have read the "51% attack" referred to as a "democracy." The key difference is that in a true democracy, a single individual or organization cannot buy votes.

In all actuality, succeeding with a 51% attack will reap exponential returns provided the attack is not immediately detected and does not cause an exodus from Bitcoin.

Executed correctly, a 51% attack will reap greater returns than directing that 51% of hashing power to mining.
Stephen Gornick
Legendary
*
Offline Offline

Activity: 2506
Merit: 1010


View Profile
May 13, 2013, 02:24:43 AM
Last edit: May 13, 2013, 02:35:46 AM by Stephen Gornick
 #23

a 10% or 51% attack is possible

Ok, let's clarify one thing.

This claim that getting a miner having 10% of the hashing capacity to be able to reject transactions is referring only to being able to get six blocks in a row.    This is no different than coin flip trials ... yes eventually you will get six tails in a row.  Eventually you will get sixteen tails in a row.    Eventually you will get six thousand tails in a row (though chances are none of us would live long enough to see it happen).

Now, because there is a financial penalty for each failed attempt (as you are using expensive hardware and consuming elecricity, but not earning any bitcoins on the failed attempts) then there is less and less chances that you will make this attempt.  The logic is, if you have 10% of mining capacity you might as well mine and earn 10% of the bitcoins issued.

Next, let's say that someone does take their million dollars worth of ASICs and do this to prove a point.  OK, so they try for an entire month and do actually get six blocks in a row.   They won't get seven though.  Not with only 10%.  So at best, this attack will cause double spending to occur for transactions in the first block for each side of the blockchain fork.     But the attacker is going for an entire month of trials, not knowing which block will be the one that the attacker follows by mining five more in succession.  

So sure, you might get six blocks in a row.  But you aren't going to be causing much financial harm as a result.  Every exchange has AML policies requiring identity for any significant amounts of funds (e.g., amounts over $1K USD per day withdrawal).   You might be able to get a withdrawal out.  It won't be a significant amount though.

So yes, an evil miner with 51% attack with 51% of the hashing power would be terrible for bitcoin.  

But an evil miner with 10% of the hashing power and a good string of luck would simply be providing a learning lesson (e.g., for an exchange/E-Wallet provider to start requiring more than six confirmations for larger transfer amounts ...  something one might realize might have already been put in-place. if you have your ear to the ground.)

Unichange.me

            █
            █
            █
            █
            █
            █
            █
            █
            █
            █
            █
            █
            █
            █
            █
            █


Stephen Gornick
Legendary
*
Offline Offline

Activity: 2506
Merit: 1010


View Profile
May 13, 2013, 02:29:16 AM
 #24

In all actuality, succeeding with a 51% attack will reap exponential returns provided the attack is not immediately detected and does not cause an exodus from Bitcoin.

Executed correctly, a 51% attack will reap greater returns than directing that 51% of hashing power to mining.

For a 51% attack to be successful at double spending the attacker needs to hold solved blocks and then broadcast them all at once and overtake the longest chain in which confirmed transactions (6 blocks) are double spent.  How do you do that and it not be immediately detected?

Unichange.me

            █
            █
            █
            █
            █
            █
            █
            █
            █
            █
            █
            █
            █
            █
            █
            █


datz
Sr. Member
****
Offline Offline

Activity: 295
Merit: 250


"to survive, we must live and fly"


View Profile
May 13, 2013, 02:43:59 AM
 #25

In all actuality, succeeding with a 51% attack will reap exponential returns provided the attack is not immediately detected and does not cause an exodus from Bitcoin.

Executed correctly, a 51% attack will reap greater returns than directing that 51% of hashing power to mining.

For a 51% attack to be successful at double spending the attacker needs to hold solved blocks and then broadcast them all at once and overtake the longest chain in which confirmed transactions (6 blocks) are double spent.  How do you do that and it not be immediately detected?


Where there is a will there is a way - 51% hashing power and distributed clients/nodes create many profitable options besides simple double spending attacks. Granted, you will probably be detected immediately with a double spend and could really only gain from arbitrage prior to and after the fallout.

My main problem with the 51% vulnerability is not only the aftermath of such an attack, but the wasteful, preventive measures we have to take because the vulnerability exists.
oakpacific
Hero Member
*****
Offline Offline

Activity: 784
Merit: 1000


View Profile
May 13, 2013, 09:34:14 AM
 #26

a 10% or 51% attack is possible

Ok, let's clarify one thing.

This claim that getting a miner having 10% of the hashing capacity to be able to reject transactions is referring only to being able to get six blocks in a row.    This is no different than coin flip trials ... yes eventually you will get six tails in a row.  Eventually you will get sixteen tails in a row.    Eventually you will get six thousand tails in a row (though chances are none of us would live long enough to see it happen).

Now, because there is a financial penalty for each failed attempt (as you are using expensive hardware and consuming elecricity, but not earning any bitcoins on the failed attempts) then there is less and less chances that you will make this attempt.  The logic is, if you have 10% of mining capacity you might as well mine and earn 10% of the bitcoins issued.

Next, let's say that someone does take their million dollars worth of ASICs and do this to prove a point.  OK, so they try for an entire month and do actually get six blocks in a row.   They won't get seven though.  Not with only 10%.  So at best, this attack will cause double spending to occur for transactions in the first block for each side of the blockchain fork.     But the attacker is going for an entire month of trials, not knowing which block will be the one that the attacker follows by mining five more in succession.  

So sure, you might get six blocks in a row.  But you aren't going to be causing much financial harm as a result.  Every exchange has AML policies requiring identity for any significant amounts of funds (e.g., amounts over $1K USD per day withdrawal).   You might be able to get a withdrawal out.  It won't be a significant amount though.

So yes, an evil miner with 51% attack with 51% of the hashing power would be terrible for bitcoin.  

But an evil miner with 10% of the hashing power and a good string of luck would simply be providing a learning lesson (e.g., for an exchange/E-Wallet provider to start requiring more than six confirmations for larger transfer amounts ...  something one might realize might have already been put in-place. if you have your ear to the ground.)

Out of curiosity, what's the longest trail of blocks being mined by a single entity, after the network achieved a significant size?

https://tlsnotary.org/ Fraud proofing decentralized fiat-Bitcoin trading.
oakpacific
Hero Member
*****
Offline Offline

Activity: 784
Merit: 1000


View Profile
May 13, 2013, 09:44:50 AM
 #27

10 more minutes of wait and it costs you three times more in electricity to double-spend me, not bad indeed. At 9 confirmations, you will need to run your mining farm for 3 years with millions of dollars spent in electricity(assuming you are using the most sophisticated ASICs), not to say the cost in buying mining rigs to keep up with the growth of the network,  hmmm...I guess for anything over $10,000 I can wait for another half an hour. Grin

https://tlsnotary.org/ Fraud proofing decentralized fiat-Bitcoin trading.
Come-from-Beyond (OP)
Legendary
*
Offline Offline

Activity: 2142
Merit: 1010

Newbie


View Profile
May 13, 2013, 10:11:04 AM
 #28

10 more minutes of wait and it costs you three times more in electricity to double-spend me, not bad indeed. At 9 confirmations, you will need to run your mining farm for 3 years with millions of dollars spent in electricity(assuming you are using the most sophisticated ASICs), not to say the cost in buying mining rigs to keep up with the growth of the network,  hmmm...I guess for anything over $10,000 I can wait for another half an hour. Grin

I suspect u r wrong.
https://bitcointalk.org/index.php?topic=202804.msg2130008#msg2130008
Nagato
Full Member
***
Offline Offline

Activity: 150
Merit: 100



View Profile WWW
May 13, 2013, 10:15:38 AM
 #29

By increasing the blocksize limit miners spend more money the overhead of handling those blocks, like expensive VPS servers at datacenters, and less money on actually mining. Gavin for instance thinks we'll very soon see it impossible to run a validating node without spending around $100/month on a fast rented server in a datacenter. That's money I could have spent on my mining rig defending Bitcoin against an attacker.

Of course that isn't going to magically make fees low either. All that fancy equipment has to be paid for someone, and you'll soon find you can't even access the Bitcoin network without paying access fees:

https://bitcointalk.org/index.php?topic=197169.0

This is what a few of us have been trying to point out in the Block Size thread, a too-large block size increases the barrier to entry to mine when you need a minimum of gigabit connections to mine competitively and encourages centralised pool mining and makes decentralised solutions like p2pool unattractive due to "unproductive" non-hashing setup costs. For every second wasted for a block to propogate, the miner who found the current block gets a headstart on finding the next block while the rest of the network sits idle downloading the block.

But we have our fair share of Krugmans who claim that "block size does not matter, terabyte disks and terabit connections are already here and Moore's Law will take care of the future growth".

oakpacific
Hero Member
*****
Offline Offline

Activity: 784
Merit: 1000


View Profile
May 13, 2013, 10:35:45 AM
 #30

10 more minutes of wait and it costs you three times more in electricity to double-spend me, not bad indeed. At 9 confirmations, you will need to run your mining farm for 3 years with millions of dollars spent in electricity(assuming you are using the most sophisticated ASICs), not to say the cost in buying mining rigs to keep up with the growth of the network,  hmmm...I guess for anything over $10,000 I can wait for another half an hour. Grin

I suspect u r wrong.
https://bitcointalk.org/index.php?topic=202804.msg2130008#msg2130008

Quote

Odds that Alice will find 2 block in a row to fork the blockchain after Bob sees 2 confirmations
60% * 60% = 36%

According to Satoshi's paper, it's not how the probability is calculated.

https://tlsnotary.org/ Fraud proofing decentralized fiat-Bitcoin trading.
Come-from-Beyond (OP)
Legendary
*
Offline Offline

Activity: 2142
Merit: 1010

Newbie


View Profile
May 13, 2013, 10:37:12 AM
 #31

10 more minutes of wait and it costs you three times more in electricity to double-spend me, not bad indeed. At 9 confirmations, you will need to run your mining farm for 3 years with millions of dollars spent in electricity(assuming you are using the most sophisticated ASICs), not to say the cost in buying mining rigs to keep up with the growth of the network,  hmmm...I guess for anything over $10,000 I can wait for another half an hour. Grin

I suspect u r wrong.
https://bitcointalk.org/index.php?topic=202804.msg2130008#msg2130008

Quote

Odds that Alice will find 2 block in a row to fork the blockchain after Bob sees 2 confirmations
60% * 60% = 36%

According to Satoshi's paper, it's not how the probability is calculated.

No. I just mentioned a common mistake others do when calculate probability to find a block during 51% attack.
oakpacific
Hero Member
*****
Offline Offline

Activity: 784
Merit: 1000


View Profile
May 13, 2013, 10:43:30 AM
 #32

10 more minutes of wait and it costs you three times more in electricity to double-spend me, not bad indeed. At 9 confirmations, you will need to run your mining farm for 3 years with millions of dollars spent in electricity(assuming you are using the most sophisticated ASICs), not to say the cost in buying mining rigs to keep up with the growth of the network,  hmmm...I guess for anything over $10,000 I can wait for another half an hour. Grin

I suspect u r wrong.
https://bitcointalk.org/index.php?topic=202804.msg2130008#msg2130008

Quote

Odds that Alice will find 2 block in a row to fork the blockchain after Bob sees 2 confirmations
60% * 60% = 36%

According to Satoshi's paper, it's not how the probability is calculated.

No. I just mentioned a common mistake others do when calculate probability to find a block during 51% attack.

So why was I wrong? The Poissonian summing tells you that for mining power not close to 50% of the total hashrate, the chance of you get n+1 blocks in a row is about 1/4 of n blocks in a row. I didn't mean your OP is probelmatic, I was talking about someone else's idea of "10% attack".

https://tlsnotary.org/ Fraud proofing decentralized fiat-Bitcoin trading.
melvster
Sr. Member
****
Offline Offline

Activity: 350
Merit: 250


View Profile
May 13, 2013, 10:46:14 AM
 #33

a 10% or 51% attack is possible

Ok, let's clarify one thing.

This claim that getting a miner having 10% of the hashing capacity to be able to reject transactions is referring only to being able to get six blocks in a row.    This is no different than coin flip trials ... yes eventually you will get six tails in a row.  Eventually you will get sixteen tails in a row.    Eventually you will get six thousand tails in a row (though chances are none of us would live long enough to see it happen).

Now, because there is a financial penalty for each failed attempt (as you are using expensive hardware and consuming elecricity, but not earning any bitcoins on the failed attempts) then there is less and less chances that you will make this attempt.  The logic is, if you have 10% of mining capacity you might as well mine and earn 10% of the bitcoins issued.

Next, let's say that someone does take their million dollars worth of ASICs and do this to prove a point.  OK, so they try for an entire month and do actually get six blocks in a row.   They won't get seven though.  Not with only 10%.  So at best, this attack will cause double spending to occur for transactions in the first block for each side of the blockchain fork.     But the attacker is going for an entire month of trials, not knowing which block will be the one that the attacker follows by mining five more in succession.  

So sure, you might get six blocks in a row.  But you aren't going to be causing much financial harm as a result.  Every exchange has AML policies requiring identity for any significant amounts of funds (e.g., amounts over $1K USD per day withdrawal).   You might be able to get a withdrawal out.  It won't be a significant amount though.

So yes, an evil miner with 51% attack with 51% of the hashing power would be terrible for bitcoin.  

But an evil miner with 10% of the hashing power and a good string of luck would simply be providing a learning lesson (e.g., for an exchange/E-Wallet provider to start requiring more than six confirmations for larger transfer amounts ...  something one might realize might have already been put in-place. if you have your ear to the ground.)

Wouldnt it be more profitable for the attacker to be notionally short BTC?
jdbtracker
Hero Member
*****
Offline Offline

Activity: 727
Merit: 500


Minimum Effort/Maximum effect


View Profile
May 13, 2013, 04:37:25 PM
Last edit: May 13, 2013, 06:13:15 PM by jdbtracker
 #34

Block size does matter, regardless of how fast your connection is, everyone becomes equal when they can easily transfer that amount over a cellphone network. Smiley

Speed! vs Size

A small block size guarantees that someone over a slow dial up can still connect using the old infrastructure, like little gateways that behave in unpredictable ways, and cell phones Boom! they travel at the speed of light(more or less depends on radio propagation,protocol, etc Wink

I`m thinking this 500K limit we have now is guaranteeing it is a level playing field, takes so long to confirm a hash, being faster than the hash confirmation is key. Different elements working.

But hey what if someone floods the network with 1 dollar fees on 1kb transactions, They could do a denial of service attack to good nodes over a specific corridor using a high speed vpn network; Propagate simultaneously and begin a double spend attack from the origin of the vendor in question or if they are transferring to another wallet, lets not assume they`ll try to defraud someone else, they`ll defraud themselves! Smiley over a perimeter.

guarantee your block gets in the next chain, propagate to your network over a metropolitan area using high speed fiber optics connections or lasers if you`ve got line of sight. have them cycle 1388 the maximum transactions per block at .36kb/transaction. begin analyzing the network to see where there are gaps in defence, plug them nearby with a node, develop a zone of control and begin the double spend attack.

Your only attacking yourself, so you never have to worry about losing a dime!

The further you progress the closer you get to creating the perimeter necessary for the perfect network.


I bet you we can simulate this on one computer, just make an insane amount of threads like 600 of them over a random area inside a virtual Network and start seeing if a small group of 60 nodes in an area could effectively create a double spend attack on a target within it's perimeter. vary the block size, speed of nodes and see what causes a succesful attack and once the attack stops does the rest of the network recover?

If you think my efforts are worth something; I'll keep on keeping on.
I don't believe in IQ, only in Determination.
Pages: « 1 [2]  All
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!