If an attacker gets more than 50 % of mining power

[bcearl]

What does that actually mean? Here have been a lot myths around, so I made some calculations.

What are possible attacks? When an attacker has more than 50 % of ressources, he may generate the longest block chain ignoring the other miners.

What does that mean?

If a miner has 50 % of computing power, he could reject transactions in half of the blocks generated. That means that for every good block there is an evil block. Which means that you have to wait for one block that does not include the transaction before your transaction gets included (all numbers mean the average!).

50 percent: transaction wait time doubled

You can calculate the numbers with the following formula for x %: c(x) = log_x (0.5)

Results:
50 % attacker power: wait 1 extra block before you get your transaction included
60 % attacker power: wait 1.36 extra blocks before transaction included
70 %: wait 1.94 extra blocks
80 %: wait 3.11 extra blocks
90 %: wait 6.58 extra blocks


Now we see, that even if you invest tremendous costs in getting a huge majority of computing power, you can't do a lot of harm.

[1714782256]

1714782256

[1714782256]

1714782256

[Maged]

Now we see, that even if you invest tremendous costs in getting a huge majority of computing power, you can't do a lot of harm.

You are thinking so small...

An attacker with over 50% of the hashing power doesn't need to broadcast their blocks. They could very successfully eat a month's worth of transactions if they wanted to. Oh, and if any of those transactions used newly minted coins, they are now permanently reversed.

[bcearl]

Now we see, that even if you invest tremendous costs in getting a huge majority of computing power, you can't do a lot of harm.

You are thinking so small...

An attacker with over 50% of the hashing power doesn't need to broadcast their blocks. They could very successfully eat a month's worth of transactions if they wanted to. Oh, and if any of those transactions used newly minted coins, they are now permanently reversed.

Yes, reversing is a possibility that I left out here. But you are right, I didn't think about that. If somebody would want to attack the network with a majority of computing power, he will just stay out of the net and generate blocks for a while, and could be showing up weeks later with a way longer block chain.

[Gabi]

What if the attacker stay disconnected from the network, generate a longer blockchain (with higher difficulty and what else) and THEN join the network?

His blockchain would be the longer and would instantly replace our, right?

[em3rgentOrdr]

One thing that hasn't been mentioned regarding "If an attacker gets more than 50 % of mining power", is that the attacker could double spend coins.

What if the attacker stay disconnected from the network, generate a longer blockchain (with higher difficulty and what else) and THEN join the network?

His blockchain would be the longer and would instantly replace our, right?

umm...Fact: blocks are generated at the same average rate of 1 block every 10 minutes regardless of difficulty.  So it wouldn't be possible for a disconnected attacker network to generate a significantly longer blockchain.

[Gabi]

But the blockchain "lenght" is based both on number of blocks and difficulty

So if his chain is shorter but has a much higher difficulty?

[theymos]

It's possible. ArtForz once wiped out all of testnet by mining some high-difficulty blocks.

[em3rgentOrdr]

But the blockchain "lenght" is based both on number of blocks and difficulty

So if his chain is shorter but has a much higher difficulty?

It's possible. ArtForz once wiped out all of testnet by mining some high-difficulty blocks.

Ahh, yes, I see what you are saying.  But I guess if the attacker is using a higher difficulty, then he would need much much more than %50 of computing power since higher difficulties require significantly more hashing resources.

[kerogre256]

How realistic(practical) this attack is ?  

[d.james]

How realistic(practical) this attack is ?  

Can be easily pulled off if AMD is in on the attack... for now.

[Gabi]

How realistic(practical) this attack is ?  

Very doable if you can afford to spend 10/15 millions of $

Any rich guy could happily do it without problems...

[bcearl]

One thing that hasn't been mentioned regarding "If an attacker gets more than 50 % of mining power", is that the attacker could double spend coins.

What if the attacker stay disconnected from the network, generate a longer blockchain (with higher difficulty and what else) and THEN join the network?

His blockchain would be the longer and would instantly replace our, right?

umm...Fact: blocks are generated at the same average rate of 1 block every 10 minutes regardless of difficulty.  So it wouldn't be possible for a disconnected attacker network to generate a significantly longer blockchain.

Yeah, but you can't double spend easily with close to 50 %.

[em3rgentOrdr]

How realistic(practical) this attack is ?  

Very doable if you can afford to spend 10/15 millions of $

Any rich guy could happily do it without problems...

But due to Sathoshi's genius clever design, would-be-attackers are instead incentivised to use their resources as legit miners instead, thus increasing the strength of the main block chain.

[Gabi]

You forget the "do it for the lulz" factor

[theymos]

Very doable if you can afford to spend 10/15 millions of $

Any rich guy could happily do it without problems...

Getting 50% would take a few million dollars, but rewriting many past blocks is much more expensive.

Even if any of this does happen, it can all be manually straightened out after control is regained.

[bcearl]

How realistic(practical) this attack is ?  

Very doable if you can afford to spend 10/15 millions of $

Any rich guy could happily do it without problems...

But due to Sathoshi's genius clever design, would-be-attackers are instead incentivised to use their resources as legit miners instead, thus increasing the strength of the main block chain.

Yes, private attackers could be persuaded by the reward for honest mining. But banks and governments who are willing to invest to just shut down bitcoin are still a danger we should be aware of. I don't see any chance for them to get sabotage done, and it will get harder as bitcoin gets more users and miners. But we should always have the possibility of attackers in mind, who don't care about money but about hurting bitcoin.

[Gabi]

Very doable if you can afford to spend 10/15 millions of $

Any rich guy could happily do it without problems...

Getting 50% would take a few million dollars, but rewriting many past blocks is much more expensive.

Even if any of this does happen, it can all be manually straightened out after control is regained.

Well he should buy the hardware and then run it long enough to have a longer blockchain

Once this happens how can you fix this? The only way would be to organzie a separate network with the old blockchain and telling miners to mine on it until it finally become once more longer than the "bad one"

It can be done but it require 1)a backup of the old blockchain 2)enough miners that know what to do

[Houdini]

When if an attacker has more than 50 % of ressources

And what if the Earth explodes ?
And what if the aliens invade ?
And what if I am my own grandfather ?
And what if we're all living in a computer-generated virtual reality while being used as thermal-electrical generators (which would be extremely stupid because humans are extremely unefficient as powerplants but what if) ?
...
(continue as you wish into infinity, with absolutely no purpose)

[Gabi]

It is not so hard for a rich guy or organization to spend 15millions to fuck bitcoin...

[Meni Rosenfeld]

Personally I mostly fear the following scenario, which anyone can do at home (if he has a billion dollars lying around):
1. Short lots of bitcoins.
2. Build a huge mining cluster and completely mess up the block chain.
3. Watch prices drop as panic ensues.
4. Profit.
5. Lather, rinse, repeat.