Bitcoin Forum
May 24, 2022, 06:38:41 AM
 Welcome, Guest. Please login or register.
 News: Latest Bitcoin Core release: 23.0 [Torrent]
 Home Help Search Login Register More
 Pages: [1] 2 3  All
 Author Topic: If an attacker gets more than 50 % of mining power  (Read 6908 times)
bcearl
Full Member

Offline

Activity: 168
Merit: 101

 July 01, 2011, 07:56:29 AM

What does that actually mean? Here have been a lot myths around, so I made some calculations.

What are possible attacks? When an attacker has more than 50 % of ressources, he may generate the longest block chain ignoring the other miners.

What does that mean?

If a miner has 50 % of computing power, he could reject transactions in half of the blocks generated. That means that for every good block there is an evil block. Which means that you have to wait for one block that does not include the transaction before your transaction gets included (all numbers mean the average!).

50 percent: transaction wait time doubled

You can calculate the numbers with the following formula for x %: c(x) = log_x (0.5)

Results:
50 % attacker power: wait 1 extra block before you get your transaction included
60 % attacker power: wait 1.36 extra blocks before transaction included
70 %: wait 1.94 extra blocks
80 %: wait 3.11 extra blocks
90 %: wait 6.58 extra blocks

Now we see, that even if you invest tremendous costs in getting a huge majority of computing power, you can't do a lot of harm.

Misspelling protects against dictionary attacks NOT
1653374321
Hero Member

Offline

Posts: 1653374321

Ignore
 1653374321

1653374321
 Report to moderator
1653374321
Hero Member

Offline

Posts: 1653374321

Ignore
 1653374321

1653374321
 Report to moderator
1653374321
Hero Member

Offline

Posts: 1653374321

Ignore
 1653374321

1653374321
 Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1653374321
Hero Member

Offline

Posts: 1653374321

Ignore
 1653374321

1653374321
 Report to moderator
1653374321
Hero Member

Offline

Posts: 1653374321

Ignore
 1653374321

1653374321
 Report to moderator
Maged
Legendary

Offline

Activity: 1204
Merit: 1010

 July 01, 2011, 08:14:01 AM

Now we see, that even if you invest tremendous costs in getting a huge majority of computing power, you can't do a lot of harm.
You are thinking so small...

An attacker with over 50% of the hashing power doesn't need to broadcast their blocks. They could very successfully eat a month's worth of transactions if they wanted to. Oh, and if any of those transactions used newly minted coins, they are now permanently reversed.

bcearl
Full Member

Offline

Activity: 168
Merit: 101

 July 01, 2011, 08:35:08 AM

Now we see, that even if you invest tremendous costs in getting a huge majority of computing power, you can't do a lot of harm.
You are thinking so small...

An attacker with over 50% of the hashing power doesn't need to broadcast their blocks. They could very successfully eat a month's worth of transactions if they wanted to. Oh, and if any of those transactions used newly minted coins, they are now permanently reversed.

Yes, reversing is a possibility that I left out here. But you are right, I didn't think about that. If somebody would want to attack the network with a majority of computing power, he will just stay out of the net and generate blocks for a while, and could be showing up weeks later with a way longer block chain.

Misspelling protects against dictionary attacks NOT
Gabi
Legendary

Offline

Activity: 1148
Merit: 1008

If you want to walk on water, get out of the boat

 July 01, 2011, 08:38:58 AM

What if the attacker stay disconnected from the network, generate a longer blockchain (with higher difficulty and what else) and THEN join the network?

His blockchain would be the longer and would instantly replace our, right?

 ░░░░░░░░▄█▀░░░░░▀█▄░░░░░░░░░░░░░▄██▀░░░░░░░▀██▄░░░░░░░░░░▄███░░░░░░░░▄███▄░░░░░░░░░▄████▄█████▄█████░░░░░░▄████████▀▀░▀▀████████░░░▄███▀██████▄░▄██████▀███▄▄██▀░▄██▀▀███▀███▀▀██▄░▀██▀█░░░▀██░░░▀█▄█▀░░▄██▀░░░█░░░░░░▀██▄░▄███▄░▄██▀░░░░░░░░░░░░▀███████████▀░░░░░░░░▄░░░░░▄█████████▄░░░░░▄░░░░▀█▄████▀▀░░░▀▀████▄█▀░░ ▐. ..BitFence.. ▐.
em3rgentOrdr
Sr. Member

Offline

Activity: 434
Merit: 251

youtube.com/ericfontainejazz now accepts bitcoin

 July 01, 2011, 08:53:18 AM

One thing that hasn't been mentioned regarding "If an attacker gets more than 50 % of mining power", is that the attacker could double spend coins.

What if the attacker stay disconnected from the network, generate a longer blockchain (with higher difficulty and what else) and THEN join the network?

His blockchain would be the longer and would instantly replace our, right?

umm...Fact: blocks are generated at the same average rate of 1 block every 10 minutes regardless of difficulty.  So it wouldn't be possible for a disconnected attacker network to generate a significantly longer blockchain.

"We will not find a solution to political problems in cryptography, but we can win a major battle in the arms race and gain a new territory of freedom for several years.

Governments are good at cutting off the heads of a centrally controlled networks, but pure P2P networks are holding their own."
Gabi
Legendary

Offline

Activity: 1148
Merit: 1008

If you want to walk on water, get out of the boat

 July 01, 2011, 08:56:21 AM

But the blockchain "lenght" is based both on number of blocks and difficulty

So if his chain is shorter but has a much higher difficulty?

 ░░░░░░░░▄█▀░░░░░▀█▄░░░░░░░░░░░░░▄██▀░░░░░░░▀██▄░░░░░░░░░░▄███░░░░░░░░▄███▄░░░░░░░░░▄████▄█████▄█████░░░░░░▄████████▀▀░▀▀████████░░░▄███▀██████▄░▄██████▀███▄▄██▀░▄██▀▀███▀███▀▀██▄░▀██▀█░░░▀██░░░▀█▄█▀░░▄██▀░░░█░░░░░░▀██▄░▄███▄░▄██▀░░░░░░░░░░░░▀███████████▀░░░░░░░░▄░░░░░▄█████████▄░░░░░▄░░░░▀█▄████▀▀░░░▀▀████▄█▀░░ ▐. ..BitFence.. ▐.
theymos
Administrator
Legendary

Offline

Activity: 4494
Merit: 9634

 July 01, 2011, 09:04:34 AM

It's possible. ArtForz once wiped out all of testnet by mining some high-difficulty blocks.

1NXYoJ5xU91Jp83XfVMHwwTUyZFK64BoAD
em3rgentOrdr
Sr. Member

Offline

Activity: 434
Merit: 251

youtube.com/ericfontainejazz now accepts bitcoin

 July 01, 2011, 09:11:48 AMLast edit: July 01, 2011, 09:24:38 AM by em3rgentOrdr

But the blockchain "lenght" is based both on number of blocks and difficulty

So if his chain is shorter but has a much higher difficulty?

It's possible. ArtForz once wiped out all of testnet by mining some high-difficulty blocks.

Ahh, yes, I see what you are saying.  But I guess if the attacker is using a higher difficulty, then he would need much much more than %50 of computing power since higher difficulties require significantly more hashing resources.

"We will not find a solution to political problems in cryptography, but we can win a major battle in the arms race and gain a new territory of freedom for several years.

Governments are good at cutting off the heads of a centrally controlled networks, but pure P2P networks are holding their own."
kerogre256
Full Member

Offline

Activity: 161
Merit: 100

 July 01, 2011, 09:11:53 AM

How realistic(practical) this attack is ?
d.james
Sr. Member

Offline

Activity: 280
Merit: 250

Firstbits: 12pqwk

 July 01, 2011, 09:14:43 AM

How realistic(practical) this attack is ?

Can be easily pulled off if AMD is in on the attack... for now.

You can not roll a BitCoin, but you can rollback some.
Roll me back: 1NxMkvbYn8o7kKCWPsnWR4FDvH7L9TJqGG
Gabi
Legendary

Offline

Activity: 1148
Merit: 1008

If you want to walk on water, get out of the boat

 July 01, 2011, 09:30:13 AM

How realistic(practical) this attack is ?
Very doable if you can afford to spend 10/15 millions of \$

Any rich guy could happily do it without problems...

 ░░░░░░░░▄█▀░░░░░▀█▄░░░░░░░░░░░░░▄██▀░░░░░░░▀██▄░░░░░░░░░░▄███░░░░░░░░▄███▄░░░░░░░░░▄████▄█████▄█████░░░░░░▄████████▀▀░▀▀████████░░░▄███▀██████▄░▄██████▀███▄▄██▀░▄██▀▀███▀███▀▀██▄░▀██▀█░░░▀██░░░▀█▄█▀░░▄██▀░░░█░░░░░░▀██▄░▄███▄░▄██▀░░░░░░░░░░░░▀███████████▀░░░░░░░░▄░░░░░▄█████████▄░░░░░▄░░░░▀█▄████▀▀░░░▀▀████▄█▀░░ ▐. ..BitFence.. ▐.
bcearl
Full Member

Offline

Activity: 168
Merit: 101

 July 01, 2011, 09:37:19 AM

One thing that hasn't been mentioned regarding "If an attacker gets more than 50 % of mining power", is that the attacker could double spend coins.

What if the attacker stay disconnected from the network, generate a longer blockchain (with higher difficulty and what else) and THEN join the network?

His blockchain would be the longer and would instantly replace our, right?

umm...Fact: blocks are generated at the same average rate of 1 block every 10 minutes regardless of difficulty.  So it wouldn't be possible for a disconnected attacker network to generate a significantly longer blockchain.

Yeah, but you can't double spend easily with close to 50 %.

Misspelling protects against dictionary attacks NOT
em3rgentOrdr
Sr. Member

Offline

Activity: 434
Merit: 251

youtube.com/ericfontainejazz now accepts bitcoin

 July 01, 2011, 09:38:07 AM

How realistic(practical) this attack is ?
Very doable if you can afford to spend 10/15 millions of \$

Any rich guy could happily do it without problems...

But due to Sathoshi's genius clever design, would-be-attackers are instead incentivised to use their resources as legit miners instead, thus increasing the strength of the main block chain.

"We will not find a solution to political problems in cryptography, but we can win a major battle in the arms race and gain a new territory of freedom for several years.

Governments are good at cutting off the heads of a centrally controlled networks, but pure P2P networks are holding their own."
Gabi
Legendary

Offline

Activity: 1148
Merit: 1008

If you want to walk on water, get out of the boat

 July 01, 2011, 09:40:27 AM

You forget the "do it for the lulz" factor

 ░░░░░░░░▄█▀░░░░░▀█▄░░░░░░░░░░░░░▄██▀░░░░░░░▀██▄░░░░░░░░░░▄███░░░░░░░░▄███▄░░░░░░░░░▄████▄█████▄█████░░░░░░▄████████▀▀░▀▀████████░░░▄███▀██████▄░▄██████▀███▄▄██▀░▄██▀▀███▀███▀▀██▄░▀██▀█░░░▀██░░░▀█▄█▀░░▄██▀░░░█░░░░░░▀██▄░▄███▄░▄██▀░░░░░░░░░░░░▀███████████▀░░░░░░░░▄░░░░░▄█████████▄░░░░░▄░░░░▀█▄████▀▀░░░▀▀████▄█▀░░ ▐. ..BitFence.. ▐.
theymos
Administrator
Legendary

Offline

Activity: 4494
Merit: 9634

 July 01, 2011, 09:48:08 AM

Very doable if you can afford to spend 10/15 millions of \$

Any rich guy could happily do it without problems...

Getting 50% would take a few million dollars, but rewriting many past blocks is much more expensive.

Even if any of this does happen, it can all be manually straightened out after control is regained.

1NXYoJ5xU91Jp83XfVMHwwTUyZFK64BoAD
bcearl
Full Member

Offline

Activity: 168
Merit: 101

 July 01, 2011, 09:52:16 AM

How realistic(practical) this attack is ?
Very doable if you can afford to spend 10/15 millions of \$

Any rich guy could happily do it without problems...

But due to Sathoshi's genius clever design, would-be-attackers are instead incentivised to use their resources as legit miners instead, thus increasing the strength of the main block chain.

Yes, private attackers could be persuaded by the reward for honest mining. But banks and governments who are willing to invest to just shut down bitcoin are still a danger we should be aware of. I don't see any chance for them to get sabotage done, and it will get harder as bitcoin gets more users and miners. But we should always have the possibility of attackers in mind, who don't care about money but about hurting bitcoin.

Misspelling protects against dictionary attacks NOT
Gabi
Legendary

Offline

Activity: 1148
Merit: 1008

If you want to walk on water, get out of the boat

 July 01, 2011, 09:57:07 AM

Very doable if you can afford to spend 10/15 millions of \$

Any rich guy could happily do it without problems...

Getting 50% would take a few million dollars, but rewriting many past blocks is much more expensive.

Even if any of this does happen, it can all be manually straightened out after control is regained.
Well he should buy the hardware and then run it long enough to have a longer blockchain

Once this happens how can you fix this? The only way would be to organzie a separate network with the old blockchain and telling miners to mine on it until it finally become once more longer than the "bad one"

It can be done but it require 1)a backup of the old blockchain 2)enough miners that know what to do

 ░░░░░░░░▄█▀░░░░░▀█▄░░░░░░░░░░░░░▄██▀░░░░░░░▀██▄░░░░░░░░░░▄███░░░░░░░░▄███▄░░░░░░░░░▄████▄█████▄█████░░░░░░▄████████▀▀░▀▀████████░░░▄███▀██████▄░▄██████▀███▄▄██▀░▄██▀▀███▀███▀▀██▄░▀██▀█░░░▀██░░░▀█▄█▀░░▄██▀░░░█░░░░░░▀██▄░▄███▄░▄██▀░░░░░░░░░░░░▀███████████▀░░░░░░░░▄░░░░░▄█████████▄░░░░░▄░░░░▀█▄████▀▀░░░▀▀████▄█▀░░ ▐. ..BitFence.. ▐.
Houdini
Member

Offline

Activity: 84
Merit: 10

 July 01, 2011, 10:02:35 AM

When if an attacker has more than 50 % of ressources
And what if the Earth explodes ?
And what if the aliens invade ?
And what if I am my own grandfather ?
And what if we're all living in a computer-generated virtual reality while being used as thermal-electrical generators (which would be extremely stupid because humans are extremely unefficient as powerplants but what if) ?
...
(continue as you wish into infinity, with absolutely no purpose)
Gabi
Legendary

Offline

Activity: 1148
Merit: 1008

If you want to walk on water, get out of the boat

 July 01, 2011, 10:07:39 AM

It is not so hard for a rich guy or organization to spend 15millions to fuck bitcoin...

 ░░░░░░░░▄█▀░░░░░▀█▄░░░░░░░░░░░░░▄██▀░░░░░░░▀██▄░░░░░░░░░░▄███░░░░░░░░▄███▄░░░░░░░░░▄████▄█████▄█████░░░░░░▄████████▀▀░▀▀████████░░░▄███▀██████▄░▄██████▀███▄▄██▀░▄██▀▀███▀███▀▀██▄░▀██▀█░░░▀██░░░▀█▄█▀░░▄██▀░░░█░░░░░░▀██▄░▄███▄░▄██▀░░░░░░░░░░░░▀███████████▀░░░░░░░░▄░░░░░▄█████████▄░░░░░▄░░░░▀█▄████▀▀░░░▀▀████▄█▀░░ ▐. ..BitFence.. ▐.
Meni Rosenfeld
Donator
Legendary

Offline

Activity: 2058
Merit: 1027

 July 01, 2011, 10:18:01 AM

Personally I mostly fear the following scenario, which anyone can do at home (if he has a billion dollars lying around):
1. Short lots of bitcoins.
2. Build a huge mining cluster and completely mess up the block chain.
3. Watch prices drop as panic ensues.
4. Profit.
5. Lather, rinse, repeat.

1EofoZNBhWQ3kxfKnvWkhtMns4AivZArhr   |   Who am I?   |   bitcoin-otc WoT
Bitcoil - Exchange bitcoins for ILS (thread)   |   Israel Bitcoin community homepage (thread)
Analysis of Bitcoin Pooled Mining Reward Systems (thread, summary)  |   PureMining - Infinite-term, deterministic mining bond
 Pages: [1] 2 3  All
Jump to: