Bitcoin Forum
December 05, 2016, 12:55:12 PM *
News: Latest stable version of Bitcoin Core: 0.13.1  [Torrent].
 
   Home   Help Search Donate Login Register  
Pages: [1] 2 3 »  All
  Print  
Author Topic: If an attacker gets more than 50 % of mining power  (Read 6363 times)
bcearl
Full Member
***
Offline Offline

Activity: 168



View Profile
July 01, 2011, 07:56:29 AM
 #1

What does that actually mean? Here have been a lot myths around, so I made some calculations.

What are possible attacks? When an attacker has more than 50 % of ressources, he may generate the longest block chain ignoring the other miners.

What does that mean?

If a miner has 50 % of computing power, he could reject transactions in half of the blocks generated. That means that for every good block there is an evil block. Which means that you have to wait for one block that does not include the transaction before your transaction gets included (all numbers mean the average!).

50 percent: transaction wait time doubled

You can calculate the numbers with the following formula for x %: c(x) = log_x (0.5)

Results:
50 % attacker power: wait 1 extra block before you get your transaction included
60 % attacker power: wait 1.36 extra blocks before transaction included
70 %: wait 1.94 extra blocks
80 %: wait 3.11 extra blocks
90 %: wait 6.58 extra blocks


Now we see, that even if you invest tremendous costs in getting a huge majority of computing power, you can't do a lot of harm.

Misspelling protects against dictionary attacks NOT
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1480942512
Hero Member
*
Offline Offline

Posts: 1480942512

View Profile Personal Message (Offline)

Ignore
1480942512
Reply with quote  #2

1480942512
Report to moderator
1480942512
Hero Member
*
Offline Offline

Posts: 1480942512

View Profile Personal Message (Offline)

Ignore
1480942512
Reply with quote  #2

1480942512
Report to moderator
Maged
Legendary
*
Offline Offline

Activity: 1260


View Profile
July 01, 2011, 08:14:01 AM
 #2

Now we see, that even if you invest tremendous costs in getting a huge majority of computing power, you can't do a lot of harm.
You are thinking so small...

An attacker with over 50% of the hashing power doesn't need to broadcast their blocks. They could very successfully eat a month's worth of transactions if they wanted to. Oh, and if any of those transactions used newly minted coins, they are now permanently reversed.

bcearl
Full Member
***
Offline Offline

Activity: 168



View Profile
July 01, 2011, 08:35:08 AM
 #3

Now we see, that even if you invest tremendous costs in getting a huge majority of computing power, you can't do a lot of harm.
You are thinking so small...

An attacker with over 50% of the hashing power doesn't need to broadcast their blocks. They could very successfully eat a month's worth of transactions if they wanted to. Oh, and if any of those transactions used newly minted coins, they are now permanently reversed.

Yes, reversing is a possibility that I left out here. But you are right, I didn't think about that. If somebody would want to attack the network with a majority of computing power, he will just stay out of the net and generate blocks for a while, and could be showing up weeks later with a way longer block chain.

Misspelling protects against dictionary attacks NOT
Gabi
Legendary
*
Offline Offline

Activity: 1050


View Profile
July 01, 2011, 08:38:58 AM
 #4

What if the attacker stay disconnected from the network, generate a longer blockchain (with higher difficulty and what else) and THEN join the network?

His blockchain would be the longer and would instantly replace our, right?
em3rgentOrdr
Sr. Member
****
Offline Offline

Activity: 434


youtube.com/ericfontainejazz now accepts bitcoin


View Profile WWW
July 01, 2011, 08:53:18 AM
 #5

One thing that hasn't been mentioned regarding "If an attacker gets more than 50 % of mining power", is that the attacker could double spend coins.

What if the attacker stay disconnected from the network, generate a longer blockchain (with higher difficulty and what else) and THEN join the network?

His blockchain would be the longer and would instantly replace our, right?

umm...Fact: blocks are generated at the same average rate of 1 block every 10 minutes regardless of difficulty.  So it wouldn't be possible for a disconnected attacker network to generate a significantly longer blockchain.

"We will not find a solution to political problems in cryptography, but we can win a major battle in the arms race and gain a new territory of freedom for several years.

Governments are good at cutting off the heads of a centrally controlled networks, but pure P2P networks are holding their own."
Gabi
Legendary
*
Offline Offline

Activity: 1050


View Profile
July 01, 2011, 08:56:21 AM
 #6

But the blockchain "lenght" is based both on number of blocks and difficulty

So if his chain is shorter but has a much higher difficulty?
theymos
Administrator
Legendary
*
Offline Offline

Activity: 2492


View Profile
July 01, 2011, 09:04:34 AM
 #7

It's possible. ArtForz once wiped out all of testnet by mining some high-difficulty blocks.

1NXYoJ5xU91Jp83XfVMHwwTUyZFK64BoAD
em3rgentOrdr
Sr. Member
****
Offline Offline

Activity: 434


youtube.com/ericfontainejazz now accepts bitcoin


View Profile WWW
July 01, 2011, 09:11:48 AM
 #8

But the blockchain "lenght" is based both on number of blocks and difficulty

So if his chain is shorter but has a much higher difficulty?

It's possible. ArtForz once wiped out all of testnet by mining some high-difficulty blocks.

Ahh, yes, I see what you are saying.  But I guess if the attacker is using a higher difficulty, then he would need much much more than %50 of computing power since higher difficulties require significantly more hashing resources.

"We will not find a solution to political problems in cryptography, but we can win a major battle in the arms race and gain a new territory of freedom for several years.

Governments are good at cutting off the heads of a centrally controlled networks, but pure P2P networks are holding their own."
kerogre256
Full Member
***
Offline Offline

Activity: 161


View Profile
July 01, 2011, 09:11:53 AM
 #9

How realistic(practical) this attack is ?  
d.james
Sr. Member
****
Offline Offline

Activity: 280

Firstbits: 12pqwk


View Profile
July 01, 2011, 09:14:43 AM
 #10

How realistic(practical) this attack is ?  

Can be easily pulled off if AMD is in on the attack... for now.

You can not roll a BitCoin, but you can rollback some. Cheesy
Roll me back: 1NxMkvbYn8o7kKCWPsnWR4FDvH7L9TJqGG
Gabi
Legendary
*
Offline Offline

Activity: 1050


View Profile
July 01, 2011, 09:30:13 AM
 #11

How realistic(practical) this attack is ?  
Very doable if you can afford to spend 10/15 millions of $

Any rich guy could happily do it without problems...
bcearl
Full Member
***
Offline Offline

Activity: 168



View Profile
July 01, 2011, 09:37:19 AM
 #12

One thing that hasn't been mentioned regarding "If an attacker gets more than 50 % of mining power", is that the attacker could double spend coins.

What if the attacker stay disconnected from the network, generate a longer blockchain (with higher difficulty and what else) and THEN join the network?

His blockchain would be the longer and would instantly replace our, right?

umm...Fact: blocks are generated at the same average rate of 1 block every 10 minutes regardless of difficulty.  So it wouldn't be possible for a disconnected attacker network to generate a significantly longer blockchain.

Yeah, but you can't double spend easily with close to 50 %.

Misspelling protects against dictionary attacks NOT
em3rgentOrdr
Sr. Member
****
Offline Offline

Activity: 434


youtube.com/ericfontainejazz now accepts bitcoin


View Profile WWW
July 01, 2011, 09:38:07 AM
 #13

How realistic(practical) this attack is ?  
Very doable if you can afford to spend 10/15 millions of $

Any rich guy could happily do it without problems...

But due to Sathoshi's genius clever design, would-be-attackers are instead incentivised to use their resources as legit miners instead, thus increasing the strength of the main block chain.

"We will not find a solution to political problems in cryptography, but we can win a major battle in the arms race and gain a new territory of freedom for several years.

Governments are good at cutting off the heads of a centrally controlled networks, but pure P2P networks are holding their own."
Gabi
Legendary
*
Offline Offline

Activity: 1050


View Profile
July 01, 2011, 09:40:27 AM
 #14

You forget the "do it for the lulz" factor
theymos
Administrator
Legendary
*
Offline Offline

Activity: 2492


View Profile
July 01, 2011, 09:48:08 AM
 #15

Very doable if you can afford to spend 10/15 millions of $

Any rich guy could happily do it without problems...

Getting 50% would take a few million dollars, but rewriting many past blocks is much more expensive.

Even if any of this does happen, it can all be manually straightened out after control is regained.

1NXYoJ5xU91Jp83XfVMHwwTUyZFK64BoAD
bcearl
Full Member
***
Offline Offline

Activity: 168



View Profile
July 01, 2011, 09:52:16 AM
 #16

How realistic(practical) this attack is ?  
Very doable if you can afford to spend 10/15 millions of $

Any rich guy could happily do it without problems...

But due to Sathoshi's genius clever design, would-be-attackers are instead incentivised to use their resources as legit miners instead, thus increasing the strength of the main block chain.

Yes, private attackers could be persuaded by the reward for honest mining. But banks and governments who are willing to invest to just shut down bitcoin are still a danger we should be aware of. I don't see any chance for them to get sabotage done, and it will get harder as bitcoin gets more users and miners. But we should always have the possibility of attackers in mind, who don't care about money but about hurting bitcoin.

Misspelling protects against dictionary attacks NOT
Gabi
Legendary
*
Offline Offline

Activity: 1050


View Profile
July 01, 2011, 09:57:07 AM
 #17

Very doable if you can afford to spend 10/15 millions of $

Any rich guy could happily do it without problems...

Getting 50% would take a few million dollars, but rewriting many past blocks is much more expensive.

Even if any of this does happen, it can all be manually straightened out after control is regained.
Well he should buy the hardware and then run it long enough to have a longer blockchain

Once this happens how can you fix this? The only way would be to organzie a separate network with the old blockchain and telling miners to mine on it until it finally become once more longer than the "bad one"

It can be done but it require 1)a backup of the old blockchain 2)enough miners that know what to do
Houdini
Member
**
Offline Offline

Activity: 84



View Profile
July 01, 2011, 10:02:35 AM
 #18

When if an attacker has more than 50 % of ressources
And what if the Earth explodes ?
And what if the aliens invade ?
And what if I am my own grandfather ?
And what if we're all living in a computer-generated virtual reality while being used as thermal-electrical generators (which would be extremely stupid because humans are extremely unefficient as powerplants but what if) ?
...
(continue as you wish into infinity, with absolutely no purpose)
Gabi
Legendary
*
Offline Offline

Activity: 1050


View Profile
July 01, 2011, 10:07:39 AM
 #19

It is not so hard for a rich guy or organization to spend 15millions to fuck bitcoin...
Meni Rosenfeld
Donator
Legendary
*
Offline Offline

Activity: 1890



View Profile WWW
July 01, 2011, 10:18:01 AM
 #20

Personally I mostly fear the following scenario, which anyone can do at home (if he has a billion dollars lying around):
1. Short lots of bitcoins.
2. Build a huge mining cluster and completely mess up the block chain.
3. Watch prices drop as panic ensues.
4. Profit.
5. Lather, rinse, repeat.

1EofoZNBhWQ3kxfKnvWkhtMns4AivZArhr   |   Who am I?   |   bitcoin-otc WoT
Bitcoil - Exchange bitcoins for ILS (thread)   |   Israel Bitcoin community homepage (thread)
Analysis of Bitcoin Pooled Mining Reward Systems (thread, summary)  |   PureMining - Infinite-term, deterministic mining bond
Pages: [1] 2 3 »  All
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!