Impact of ASICs on Bitcoin security

[shaunb]

Although the network hash rate has skyrocketed since ASICs have come online, the security of the Bitcoin network has declined substantially when considering the comparatively low cost of gaining 51% hashing power.  

In February, just prior to Avalon making their first shipment, the network hash rate was about 25-30 TH/s.  The network was being secured primarily by inefficient and expensive GPUs and it would have been very unlikely for someone to build the infrastructure to attack the network.  Perhaps not due to the cost of the hardware, but more likely the energy demands would make it next to impossible.

Cost of attacking the network at 30 TH/s prior to ASICs:

GPUs:  50,000 x 7950 @ $300 each = $15 million (add to this cost of power supplies, motherboards, memory...)
Energy consumption: 10,000,000+ watts

Cost of attacking the network today at 150 TH/s:

ASICs:  300 x BFL 500 GH/s @ $25,000 each = $7.5 million
Energy consumption: ~1,500,000 watts

So today it costs far less than half of what is did in February '13 to 51% the network while consuming only 15% of the energy.  

We used to think it was prohibitively expensive for any entity to destroy the network, but nowadays it's very feasible.  I'm quite concerned about this.

[1714749730]

1714749730

[1714749730]

1714749730

[1714749730]

1714749730

[1714749730]

1714749730

[jaywaka2713]

Time it takes for BFL to produce and ship 300 500GH/s rigs = 10 months to indefinite
Time it takes for BFL to finish current order chain = 10 months to indefinite
Hashpower increase once order chain is finished = Way more than 300 TH/s
Also, BFL has said that they won't sell enough hardware to 51% attack
So money required to create roughly 50 identities to purchase the 300 500Gh/s rigs? Millions of dollars.

[shaunb]

Time it takes for BFL to produce and ship 300 500GH/s rigs = 10 months to indefinite
Time it takes for BFL to finish current order chain = 10 months to indefinite
Hashpower increase once order chain is finished = Way more than 300 TH/s
Also, BFL has said that they won't sell enough hardware to 51% attack
So money required to create roughly 50 identities to purchase the 300 500Gh/s rigs? Millions of dollars.

Was just using the pricing from BFL as an example.  Obviously you wouldn't be ordering from them.  You could very quickly build custom hardware here in China for far less money.

[jaywaka2713]

Time it takes for BFL to produce and ship 300 500GH/s rigs = 10 months to indefinite
Time it takes for BFL to finish current order chain = 10 months to indefinite
Hashpower increase once order chain is finished = Way more than 300 TH/s
Also, BFL has said that they won't sell enough hardware to 51% attack
So money required to create roughly 50 identities to purchase the 300 500Gh/s rigs? Millions of dollars.

Was just using the pricing from BFL as an example.  Obviously you wouldn't be ordering from them.  You could very quickly build custom hardware here in China for far less money.

True, but the cost of also doing the research for manufacture of ASIC chips is very expensive. It would cost you about 3 million to just get that done, then another 5 or 6 million to manufacture the chips and hardware. Making ASICs isnt easy.

[tuheeden]

I will agree that every change to the hardware does open the door for the potential of a brute force attack.

However I think the "Could" has to be tempered by the "Would". Simply, ASIC's are shipping right now to legitimate miners and the hash rates are reflecting that. If you have followed Butterfly labs, I can tell you that the chance of ordering and receiving 300 units of that magnitude would require far more resources than just the 7.5M of cash (physically the ASIC's just are not available), so by the time someone could get that much hash power, they would need twice as much again.

But for the sake of argument, someone COULD get their hands on enough equipment and COULD overpower the network. Then they would not only have to outpace the blockchain building, but they would have to introduce something malicious to double spend or otherwise compromise the network. OK, lets say a government has all of this hardware, software and development power and has the will do to it, the end user community would only be "fooled" for a VERY short period of time (as soon as someone noticed a doublespend or other malice). At that point bitcoins would be worth nothing because everyone would know that they were hacked, so the entire effort probably could not have even repaid the cost of the hardware alone. To rectify the whole situation (and this has been done already), the blockchain could be forked by the "legitimate" development team, back to the point in time before the corruption began and let legitimate nodes and pools begin again with patched software and all of the previous bitcoins would be in tact.

It is a very real thing to consider, but I would be more afraid of Google Play being hacked and pushing out a corrupt wallet or other software that could easily constitute an economic majority in a matter of hours, and it would cost zero.

I dont think that the cost/risk/reward is there, since there are many other digital currencies and users could potentially just migrate (Mt Gox would be a perfect example)

Always good to keep doing the math though.

[jaywaka2713]

I will agree that every change to the hardware does open the door for the potential of a brute force attack.

However I think the "Could" has to be tempered by the "Would". Simply, ASIC's are shipping right now to legitimate miners and the hash rates are reflecting that. If you have followed Butterfly labs, I can tell you that the chance of ordering and receiving 300 units of that magnitude would require far more resources than just the 7.5M of cash (physically the ASIC's just are not available), so by the time someone could get that much hash power, they would need twice as much again.

But for the sake of argument, someone COULD get their hands on enough equipment and COULD overpower the network. Then they would not only have to outpace the blockchain building, but they would have to introduce something malicious to double spend or otherwise compromise the network. OK, lets say a government has all of this hardware, software and development power and has the will do to it, the end user community would only be "fooled" for a VERY short period of time (as soon as someone noticed a doublespend or other malice). At that point bitcoins would be worth nothing because everyone would know that they were hacked, so the entire effort probably could not have even repaid the cost of the hardware alone. To rectify the whole situation (and this has been done already), the blockchain could be forked by the "legitimate" development team, back to the point in time before the corruption began and let legitimate nodes and pools begin again with patched software and all of the previous bitcoins would be in tact.

It is a very real thing to consider, but I would be more afraid of Google Play being hacked and pushing out a corrupt wallet or other software that could easily constitute an economic majority in a matter of hours, and it would cost zero.

I dont think that the cost/risk/reward is there, since there are many other digital currencies and users could potentially just migrate (Mt Gox would be a perfect example)

Always good to keep doing the math though.

People do not tl;dr this. THIS right here is worth reading.

You bring up an excellent point. The one advantage Bitcoin has is that its history CAN be rewritten when 51% of the network agrees with you. Go back to before the attack happened and start from there again. If the attacker fixed his software as well, we could attempt to literally block his IP(s) but I don't know if that is possible from my understanding of p2p networking.

[crumbs]

[...]
I dont think that the cost/risk/reward is there, since there are many other digital currencies and users could potentially just migrate (Mt Gox would be a perfect example)

Always good to keep doing the math though.

This is all based on the assumption that BFL are incompetent.  They're not  thousands of 500Gh/s rigs are filling the racks of air conditioned data centers, waiting for that fateful flip of the switch.  Bwahaaaa

[btcrich]

While the market cap of Bitcoin might be around $1 billion, it would be difficult to create a double spend and "cash-out" $7.5 million to recoup costs. 

Anyone attacking the network in this manner is probably only looking to destroy the network at this point.

Yes, ASICs have unfortunately ruined Bitcoin.  If you're looking for security, use Litecoin.

[jaywaka2713]

While the market cap of Bitcoin might be around $1 billion, it would be difficult to create a double spend and "cash-out" $7.5 million to recoup costs. 

Anyone attacking the network in this manner is probably only looking to destroy the network at this point.

Yes, ASICs have unfortunately ruined Bitcoin.  If you're looking for security, use Litecoin.

Explain why you think ASICs have ruined Bitcoin. I think its actually good for it.

[btcrich]

While the market cap of Bitcoin might be around $1 billion, it would be difficult to create a double spend and "cash-out" $7.5 million to recoup costs. 

Anyone attacking the network in this manner is probably only looking to destroy the network at this point.

Yes, ASICs have unfortunately ruined Bitcoin.  If you're looking for security, use Litecoin.

Explain why you think ASICs have ruined Bitcoin. I think its actually good for it.

The network is being secured by fewer entities.  The whole principle of Bitcoin's security is that the hashing power be massively distributed.

[aceking]

in the next months hashing power will skyrocket

[jaywaka2713]

The network is being secured by fewer entities.  The whole principle of Bitcoin's security is that the hashing power be massively distributed.

That is also true. BTCGuild and 50 BTC are really way to big. Lets go to ozco.in and Eligius

[Buffer Overflow]

Yes, ASICs have unfortunately ruined Bitcoin.  If you're looking for security, use Litecoin.

Litecoin is not ASIC proof.

[Buffer Overflow]

While the market cap of Bitcoin might be around $1 billion, it would be difficult to create a double spend and "cash-out" $7.5 million to recoup costs. 

Anyone attacking the network in this manner is probably only looking to destroy the network at this point.

Yes, ASICs have unfortunately ruined Bitcoin.  If you're looking for security, use Litecoin.

Explain why you think ASICs have ruined Bitcoin. I think its actually good for it.

The network is being secured by fewer entities.  The whole principle of Bitcoin's security is that the hashing power be massively distributed.

I bet most people mine on a small handful of centralized pools in Litecoin. The hashing power is in the hands a few also.

They should be using decentralized pools like p2pool to migrate this risk.

[btcrich]

Sure, Litecoin may not be ASIC proof.  However, there is debate as to whether a scrypt ASIC can actually perform any better than a GPU.  Of course if an ASIC for scrypt is developed at some point in the future and proves to be radically superior in efficiency as we saw with Bitcoin, we will see the security of the Litecoin network diminish and folks will look to the next technology that can offer security.

As for Litecoin's hash rate distribution, you can find those stats at www.litecoinpool.org/pools if you're interested. 

[Littleshop]

Yes, ASICs have unfortunately ruined Bitcoin.  If you're looking for security, use Litecoin.

Litecoin is not ASIC proof.

In technicality is is not.  In reality it is.  ASICs would be a poor way to attack any scrypt coin as they would be more expensive then just buying off the shelf GPU's to carry out the same attack and useless after. 

As I see it, until the ASICs are more evenly held in the market, it is harder to do a 51% on LTC then on BTC.  My hope is that ASICs will become more evenly distributed to the mining community.  Right now they are in too few hands. 

[AliceWonder]

I think if anyone made the kind of order needed to 51% attack bitcoin, news would get out fast because supplies would dry up for all legitimate players before it could be accomplished.

[btcrich]

I think if anyone made the kind of order needed to 51% attack bitcoin, news would get out fast because supplies would dry up for all legitimate players before it could be accomplished.

Not when you are in control of the manufacturing process yourself.  I know several pcb assemblers here in China that could start mass producing ASICs tomorrow and you'd never hear a thing about it.

[Gabi]

ASICs would be a poor way to attack any scrypt coin

However, there is debate as to whether a scrypt ASIC can actually perform any better than a GPU

Do you really believe this bullshit or you just keep copy-pasting it trying to attract more people to LTC and make your coin moar expensive?  

[Shermo]

Not when you are in control of the manufacturing process yourself.  I know several pcb assemblers here in China that could start mass producing ASICs tomorrow and you'd never hear a thing about it.

If such entities existed they would already be selling ASICs and raking in tons of cash, no?