edmundedgar
|
|
June 06, 2013, 12:37:46 PM |
|
You will need more than 100% of the current hash power, i.e. 120TH/s to attempt a 51% attack on the current network.
The way to do this would be to attack miners' incentives, not just try to win with brute hashing power. You'd make it known that you were willing and able to spend as much as it takes to raise the block difficulty to the point where other miners aren't making money any more. If you pull off an attack it'll reduce the value of Bitcoin, but that works in your favour at this point, because you haven't spent any money yet - you're just trying to scare the competition out of the business. The upshot is that you could spend considerably less than 20 million dollars (assuming that number is right) and the more damage the attack would do to the value of Bitcoin the less you'd have to spend. The countermeasure would be existing Bitcoin holders and miners cooperating to defeat your attack by funding "honest" nodes or running them at a loss, rather than relying on the narrow economic incentives from block rewards and transaction fees.
|
|
|
|
aaaxn
|
|
June 06, 2013, 12:46:53 PM |
|
No, long before you cross into the 51% domain, people will start noticing, when you are at 40%, you already would have more than 60% of chances to mine 6 blocks in a row, you have no excuse. And people will abandon the network not because they don't believe you ,but because it makes no sense economically to mine anymore, when you get all the blocks. And if you fancy being the sole miner in a network and still confident to be able to somehow lure people into use it, why not just fork? It's only one day's work after all.
And what if attacker will extremely clever (;]) and won't reveal he controls 51% by splitting his power in 10 different pools?
|
|
|
|
bluemeanie1
|
|
June 06, 2013, 01:00:38 PM |
|
Given the current 'state of the union' in this case I think probably what would happen is that BTC users and owners would collectively decide on some organization to manage the block chain by, yes, FIAT. This certainly would be more attractive than the alternatives. Also someone who sought to monopolize mining wouldn't necessarily announce to the world that they've done it. They would just start selling 'mining shares' and the like. Then they are in a unique position. They could for instance, rather than just shutting down BTC, could create disruptions and profit from them. Short BTC(or sell), Create a bad block or a double spend, watch price plummet, PROFIT. Keep doing this until the public no longer plays along. All the while taking in the traditional gains associated with mining, etc. More than likely people will exploit the enthusiasm of BTC for all it's worth. Were in a phase right now of public enthusiasm, and there are plenty of people(even on this board) exploiting that to the hilt. -bm Just a quick reminder that even though we are 10 times faster than the 500 fastest super computers on earth (in doing what we are doing), we are far from out of reach to a dedicated attacker.
If I had the job to destroy bitcoin, I would borrow $20 million to build my own little asic mining op. $20 million is about what people claim BFL raised, right? Ok, make it 40 million then, but as I said, the money will come back. I only need it temporarily.
Lets assume you can mine almost at a profit, which is the case. Ok, lets do that. Lets increase our hashing power to 51% for $40 million. This is possible as there hasn't been more money invested in current ASICs. If we haven't been profitable before, now we are profitable because we can drive all the competition out of the market. All block rewards are ours. We don't interfere with any transaction as by that we would discriminate our blocks and the devs could counter our attack. We just mine all the bitcoins and behave but let the world know that nobody will mine except for us. We sell the mined coins to pay back our debt and divert hashing power that's being freed to other block chains that surely will come up. Now we can set the rules and have inflation at will.
Am I off by some millions? Am I missing some basic protection against such an attack? Are there really more miners that would try to overpower this attacker than there are miners that would just leave once it turned out this thing was ongoing? I doubt it.
I'm afraid this can only be countered by some proof of stake. Too sad PPCoin is not an option. I kind of hope that such an attack would drive the original bitcoin to proof of stake.
<tinfoilhat>Maybe we already operate at the mercy of IMF, FED, world bank, etc., we already have full approval and bitcoin is meant to replace the dollar. Not being destroyed long ago is a very bullish sign. What would be the sense in destroying Bitcoin rather later than sooner, now that VCs are entering the field? All investors are going to be pissed about whoever destroys bitcoin, so why have more enemies than necessary?
|
|
|
|
oakpacific
|
|
June 06, 2013, 02:48:58 PM |
|
No, long before you cross into the 51% domain, people will start noticing, when you are at 40%, you already would have more than 60% of chances to mine 6 blocks in a row, you have no excuse. And people will abandon the network not because they don't believe you ,but because it makes no sense economically to mine anymore, when you get all the blocks. And if you fancy being the sole miner in a network and still confident to be able to somehow lure people into use it, why not just fork? It's only one day's work after all.
And what if attacker will extremely clever (;]) and won't reveal he controls 51% by splitting his power in 10 different pools? Then you will be working on 10 different chains, each with 5% of the network hashpower behind it? I was unclear in the quoted post, if you don't store'em blocks and suddenly flood the network with a longer branch, you can't attack the network, your blocks will be in the main chain the first time.
|
|
|
|
runam0k
Legendary
Offline
Activity: 1092
Merit: 1001
Touchdown
|
|
June 06, 2013, 04:49:49 PM |
|
Either way, these figures are loose change, probably even pocket fluff, to the big banks. If bitcoin ever went mainstream - and assuming controlling the network and raking in the tx fees would be sufficiently profitable, or protecting bank business sufficiently compelling - surely one or more big banks would step in. They could buy the biggest miners outright and barely put a dent in their usual monthly profits. Or am I missing something? (I suspect I am. )
|
|
|
|
DeathAndTaxes
Donator
Legendary
Offline
Activity: 1218
Merit: 1079
Gerald Davis
|
|
June 06, 2013, 05:16:52 PM Last edit: June 06, 2013, 05:28:11 PM by DeathAndTaxes |
|
Either way, these figures are loose change, probably even pocket fluff, to the big banks. If bitcoin ever went mainstream - and assuming controlling the network and raking in the tx fees would be sufficiently profitable, or protecting bank business sufficiently compelling - surely one or more big banks would step in. They could buy the biggest miners outright and barely put a dent in their usual monthly profits. Or am I missing something? (I suspect I am. ) Well ASICs are "brand new" for miners so expect hashing power to increase by a factor of 10x or more over next year or so. The efficiencies of ASIC all but ensure that it is only a question of how long. Suddenly $200M (if realistic which I doubt because $200M operation has a lot of overhead) is more of hit to a bank's annual profits. Still banks or government could destroy Bitcoin. Then in about a day a developer could take the last block prior to the attack create a snapshot of current balances, encode that in a genesis block, change the hashing algorithm and launch a drop in replacement "Bitcoin2". So banks spent $200M and developer spent what $1,000. Kind of like trying to kill your enemies by using bombers to dumps mountains of cash on them. So what is next spend $1B to makes some scrypt ASICs to kill Bitcoin2. Ok drop in replacement Bitcoin3. Note: this doesn't mean you as an individual can't lose money. The system will recover, adapt, evolve but a 99%+ drop in the fiat exchange rates in a panic is certainly not impossible and so is selling at the bottom. Killing the system by outspending it though? It can't be done.
|
|
|
|
Gabi
Legendary
Offline
Activity: 1148
Merit: 1008
If you want to walk on water, get out of the boat
|
|
June 06, 2013, 05:18:52 PM |
|
No, long before you cross into the 51% domain, people will start noticing, when you are at 40%, you already would have more than 60% of chances to mine 6 blocks in a row, you have no excuse. And people will abandon the network not because they don't believe you ,but because it makes no sense economically to mine anymore, when you get all the blocks. And if you fancy being the sole miner in a network and still confident to be able to somehow lure people into use it, why not just fork? It's only one day's work after all.
And what if attacker will extremely clever (;]) and won't reveal he controls 51% by splitting his power in 10 different pools? If you use pools then pools admin create the blocks, not you. Or do you mean the attacker would create 10 new pools?
|
|
|
|
Transisto
Donator
Legendary
Offline
Activity: 1731
Merit: 1008
|
|
June 06, 2013, 05:26:44 PM |
|
My strategy is to hold LTC at least until SHA2 rate is in the 2+ PetaHash/s range.
A 2 billion market cap can't be secured by ~5m$ in hardware.
|
|
|
|
1krona
Member
Offline
Activity: 94
Merit: 10
|
|
June 06, 2013, 05:32:00 PM |
|
You don't even know what a 51% attack is
It´s when you start reversing the transactions which you can do when you control over 50% of the network, right? OP is right that you can buy a couple of hundreds of ASICs and then you could start reversing transactions and thous creating panic, for example I could buy 1000 Jupiters from KNCminer to get 350 tH/s (over 350 % of the total current network) for 7 million USD. This is a real risk, and it have to be taken seriously. Although I doubt that any institution will try this.
|
|
|
|
Operatr
|
|
June 06, 2013, 06:41:19 PM |
|
I would say the cost and scale required at this point to kill Bitcoin with a 51% would be quite an effort and is extremely unlikely.
Even if they did, well, we start a new blockchain, call it something else, and continue on. 51% may be a very unlikely but possible against a single coin, but no 51% attack will kill the idea. If it did happen, Bitcoin 2 would be built more robust to deny these attacks, or some other coin.
Overall, nothing to worry about I think. Government institutions are too busy trying to keep fiat currency alive anyway to worry about the pithy $1 Billion market of Bitcoin.
|
|
|
|
kokojie
Legendary
Offline
Activity: 1806
Merit: 1003
|
|
June 06, 2013, 06:49:32 PM |
|
By reading your post, I feel my IQ has dropped at least 10 points.
|
btc: 15sFnThw58hiGHYXyUAasgfauifTEB1ZF6
|
|
|
Stephen Gornick
Legendary
Offline
Activity: 2506
Merit: 1010
|
|
June 06, 2013, 06:52:37 PM |
|
OP is right that you can buy a couple of hundreds of ASICs and then you could start reversing transactions and thous creating panic,
So when you have this 51% and want to do a double spend attack, who do you actually send your coins that you will later be double spending to? Remember, this attack cost you $5 million in ASICs or something like that so you need to recoup a lot of money. Exchanges don't let you withdraw much unless you have your identity verified. Additionally, even if you have many anonymous accounts there will be limits to how many coins the exchange has in their hot wallet thus your hopes to withdraw coins before unleashing the 51% double spend attack will give little value. The reason there hasn't been a malicious 51% attack is because there's no economic incentive to do so. But this ASIC blast certainly is a nail biter if you consider how so few wafers are needed to top the current hashing capacity. Technically and financially it is definitely doable. There's just no payoff from carrying it out.
|
|
|
|
giszmo (OP)
Legendary
Offline
Activity: 1862
Merit: 1114
WalletScrutiny.com
|
|
June 06, 2013, 07:00:54 PM |
|
(I just thought I had a brilliant idea on how to solve the problem by not forgetting actual proof of work but unfortunately it works both ways. The problem is that orphaned blocks are wasted proof of work, so people defending the block chain against an attacker would work for nothing unless they have more hashing power than the attacker. In such a scenario of fighting back an attacker, the bitcoin community would mobilize all sleeping miners to mine on some fight-back-day and see if the attacker can be overthrown but if that fails, all the proof of work would just be waste of energy.
My thought was that if I could lower my personal difficulty by 90% of the difficulty I have tackled before, I would not loose that prior proof of work. Imagine a miner who mined an orphaned block, may use this "I mined a block and can proof it" as a one time voucher or a proof of prior work taken into account at some percentage of the actual difficulty mastered back then. This way pools with many orphaned blocks would get higher and higher priority to mine the next block and an attacker would need more and more hashing power to keep these blocks from making it into the block chain.
Unfortunately some rule like that would work both ways. The attacker could now declare this new block and some of his other blocks orphaned and reclaim the hashing power of these now orphaned blocks to create a new main line.
I found this thought noteworthy nevertheless as it might solve other problems than the actual 51% security issue. We had the subject "mining on mars". With the suggested addition, miners on mars (or Tibet/Iran/Polynesia) could avoid wasting significant resources on orphans.)
|
ɃɃWalletScrutiny.com | Is your wallet secure?(Methodology) WalletScrutiny checks if wallet builds are reproducible, a precondition for code audits to be of value. | ɃɃ |
|
|
|
giszmo (OP)
Legendary
Offline
Activity: 1862
Merit: 1114
WalletScrutiny.com
|
|
June 06, 2013, 07:01:19 PM |
|
And to all those who say it will not be economical to pull off these double spending attacks: I never talked about an individual trying to buy a Porsche with a double spend attack.
To the IMF it is very economical to destroy any competition at any price whatsoever as long as it's payable with their funny-money.
|
ɃɃWalletScrutiny.com | Is your wallet secure?(Methodology) WalletScrutiny checks if wallet builds are reproducible, a precondition for code audits to be of value. | ɃɃ |
|
|
|
aaaxn
|
|
June 06, 2013, 07:57:23 PM |
|
Then you will be working on 10 different chains, each with 5% of the network hashpower behind it?
I was unclear in the quoted post, if you don't store'em blocks and suddenly flood the network with a longer branch, you can't attack the network, your blocks will be in the main chain the first time.
If you use pools then pools admin create the blocks, not you. Or do you mean the attacker would create 10 new pools?
What I mean is that one could silently accumulate more than 50% network power and no one would be able to notice it. It could be happening even now. If and when he will use it for something bad is entirely at his discretion.
|
|
|
|
atomium
Donator
Sr. Member
Offline
Activity: 406
Merit: 252
Study the past, if you would divine the future.
|
|
June 06, 2013, 08:16:38 PM |
|
could someone describe the 51% attack in its simplicity so I can educate others on this "theory" that I don't think will ever happen.
|
|
|
|
niko
|
|
June 06, 2013, 08:41:01 PM |
|
It is technically impossible to "destroy bitcoin" as described. You cannot "change the rules at will," no matter how much hashing power you have. You can change your own rules, but my client will not be relaying nor accepting your transactions and blocks, as they would be invalid. All you can do is not include my transactions in your fork. Whatever. It wouldn't be long before your "attack" is rendered irrelevant by the community action. My coins are perfectly safe. You cannot touch them, you cannot spend them.
One valid point from OP is that taking over >50% of the network really doesn't cost much. Ultimately, it is determined by the value of block reward over the miners' expectations of the RoI period - this is the total investment of the mining industry. There is a catch, though. The value of said coins increases as adoption increases, meaning the cost of attack increases in proportion with the disruption it causes to those old-school institutions thay are stupid enough not to play along, and to try to resist the technological leap and all the opportunities it offers.
|
They're there, in their room. Your mining rig is on fire, yet you're very calm.
|
|
|
|
atomium
Donator
Sr. Member
Offline
Activity: 406
Merit: 252
Study the past, if you would divine the future.
|
|
June 06, 2013, 08:57:13 PM |
|
awesome, thanks for that!
|
|
|
|
giszmo (OP)
Legendary
Offline
Activity: 1862
Merit: 1114
WalletScrutiny.com
|
|
June 06, 2013, 08:57:54 PM |
|
It is technically impossible to "destroy bitcoin" as described. You cannot "change the rules at will," no matter how much hashing power you have. You can change your own rules, but my client will not be relaying nor accepting your transactions and blocks, as they would be invalid. All you can do is not include my transactions in your fork. Whatever. It wouldn't be long before your "attack" is rendered irrelevant by the community action. My coins are perfectly safe. You cannot touch them, you cannot spend them. It is technically feasible to destroy bitcoin this way. LukeJR has proven this. The attacker can make the block chain look however he pleases and while he can't mess with your coins, he can undo any of your payments and disrupt the market to the point where maintaining his attack costs nothing. Miners will leave. Investors will leave. You will keep your worthless private keys to data nobody cares about.
|
ɃɃWalletScrutiny.com | Is your wallet secure?(Methodology) WalletScrutiny checks if wallet builds are reproducible, a precondition for code audits to be of value. | ɃɃ |
|
|
|
|