bcearl (OP)
|
|
July 01, 2011, 07:56:29 AM |
|
What does that actually mean? Here have been a lot myths around, so I made some calculations.
What are possible attacks? When an attacker has more than 50 % of ressources, he may generate the longest block chain ignoring the other miners.
What does that mean?
If a miner has 50 % of computing power, he could reject transactions in half of the blocks generated. That means that for every good block there is an evil block. Which means that you have to wait for one block that does not include the transaction before your transaction gets included (all numbers mean the average!).
50 percent: transaction wait time doubled
You can calculate the numbers with the following formula for x %: c(x) = log_x (0.5)
Results: 50 % attacker power: wait 1 extra block before you get your transaction included 60 % attacker power: wait 1.36 extra blocks before transaction included 70 %: wait 1.94 extra blocks 80 %: wait 3.11 extra blocks 90 %: wait 6.58 extra blocks
Now we see, that even if you invest tremendous costs in getting a huge majority of computing power, you can't do a lot of harm.
|
Misspelling protects against dictionary attacks NOT
|
|
|
Maged
Legendary
Offline
Activity: 1204
Merit: 1015
|
|
July 01, 2011, 08:14:01 AM |
|
Now we see, that even if you invest tremendous costs in getting a huge majority of computing power, you can't do a lot of harm.
You are thinking so small... An attacker with over 50% of the hashing power doesn't need to broadcast their blocks. They could very successfully eat a month's worth of transactions if they wanted to. Oh, and if any of those transactions used newly minted coins, they are now permanently reversed.
|
|
|
|
bcearl (OP)
|
|
July 01, 2011, 08:35:08 AM |
|
Now we see, that even if you invest tremendous costs in getting a huge majority of computing power, you can't do a lot of harm.
You are thinking so small... An attacker with over 50% of the hashing power doesn't need to broadcast their blocks. They could very successfully eat a month's worth of transactions if they wanted to. Oh, and if any of those transactions used newly minted coins, they are now permanently reversed. Yes, reversing is a possibility that I left out here. But you are right, I didn't think about that. If somebody would want to attack the network with a majority of computing power, he will just stay out of the net and generate blocks for a while, and could be showing up weeks later with a way longer block chain.
|
Misspelling protects against dictionary attacks NOT
|
|
|
Gabi
Legendary
Offline
Activity: 1148
Merit: 1008
If you want to walk on water, get out of the boat
|
|
July 01, 2011, 08:38:58 AM |
|
What if the attacker stay disconnected from the network, generate a longer blockchain (with higher difficulty and what else) and THEN join the network?
His blockchain would be the longer and would instantly replace our, right?
|
|
|
|
em3rgentOrdr
|
|
July 01, 2011, 08:53:18 AM |
|
One thing that hasn't been mentioned regarding "If an attacker gets more than 50 % of mining power", is that the attacker could double spend coins. What if the attacker stay disconnected from the network, generate a longer blockchain (with higher difficulty and what else) and THEN join the network?
His blockchain would be the longer and would instantly replace our, right?
umm...Fact: blocks are generated at the same average rate of 1 block every 10 minutes regardless of difficulty. So it wouldn't be possible for a disconnected attacker network to generate a significantly longer blockchain.
|
"We will not find a solution to political problems in cryptography, but we can win a major battle in the arms race and gain a new territory of freedom for several years.
Governments are good at cutting off the heads of a centrally controlled networks, but pure P2P networks are holding their own."
|
|
|
Gabi
Legendary
Offline
Activity: 1148
Merit: 1008
If you want to walk on water, get out of the boat
|
|
July 01, 2011, 08:56:21 AM |
|
But the blockchain "lenght" is based both on number of blocks and difficulty
So if his chain is shorter but has a much higher difficulty?
|
|
|
|
theymos
Administrator
Legendary
Offline
Activity: 5334
Merit: 13299
|
|
July 01, 2011, 09:04:34 AM |
|
It's possible. ArtForz once wiped out all of testnet by mining some high-difficulty blocks.
|
1NXYoJ5xU91Jp83XfVMHwwTUyZFK64BoAD
|
|
|
em3rgentOrdr
|
|
July 01, 2011, 09:11:48 AM Last edit: July 01, 2011, 09:24:38 AM by em3rgentOrdr |
|
But the blockchain "lenght" is based both on number of blocks and difficulty
So if his chain is shorter but has a much higher difficulty?
It's possible. ArtForz once wiped out all of testnet by mining some high-difficulty blocks.
Ahh, yes, I see what you are saying. But I guess if the attacker is using a higher difficulty, then he would need much much more than %50 of computing power since higher difficulties require significantly more hashing resources.
|
"We will not find a solution to political problems in cryptography, but we can win a major battle in the arms race and gain a new territory of freedom for several years.
Governments are good at cutting off the heads of a centrally controlled networks, but pure P2P networks are holding their own."
|
|
|
kerogre256
|
|
July 01, 2011, 09:11:53 AM |
|
How realistic(practical) this attack is ?
|
|
|
|
d.james
Sr. Member
Offline
Activity: 280
Merit: 250
Firstbits: 12pqwk
|
|
July 01, 2011, 09:14:43 AM |
|
How realistic(practical) this attack is ?
Can be easily pulled off if AMD is in on the attack... for now.
|
You can not roll a BitCoin, but you can rollback some. Roll me back: 1NxMkvbYn8o7kKCWPsnWR4FDvH7L9TJqGG
|
|
|
Gabi
Legendary
Offline
Activity: 1148
Merit: 1008
If you want to walk on water, get out of the boat
|
|
July 01, 2011, 09:30:13 AM |
|
How realistic(practical) this attack is ?
Very doable if you can afford to spend 10/15 millions of $ Any rich guy could happily do it without problems...
|
|
|
|
bcearl (OP)
|
|
July 01, 2011, 09:37:19 AM |
|
One thing that hasn't been mentioned regarding "If an attacker gets more than 50 % of mining power", is that the attacker could double spend coins. What if the attacker stay disconnected from the network, generate a longer blockchain (with higher difficulty and what else) and THEN join the network?
His blockchain would be the longer and would instantly replace our, right?
umm...Fact: blocks are generated at the same average rate of 1 block every 10 minutes regardless of difficulty. So it wouldn't be possible for a disconnected attacker network to generate a significantly longer blockchain. Yeah, but you can't double spend easily with close to 50 %.
|
Misspelling protects against dictionary attacks NOT
|
|
|
em3rgentOrdr
|
|
July 01, 2011, 09:38:07 AM |
|
How realistic(practical) this attack is ?
Very doable if you can afford to spend 10/15 millions of $ Any rich guy could happily do it without problems... But due to Sathoshi's genius clever design, would-be-attackers are instead incentivised to use their resources as legit miners instead, thus increasing the strength of the main block chain.
|
"We will not find a solution to political problems in cryptography, but we can win a major battle in the arms race and gain a new territory of freedom for several years.
Governments are good at cutting off the heads of a centrally controlled networks, but pure P2P networks are holding their own."
|
|
|
Gabi
Legendary
Offline
Activity: 1148
Merit: 1008
If you want to walk on water, get out of the boat
|
|
July 01, 2011, 09:40:27 AM |
|
You forget the "do it for the lulz" factor
|
|
|
|
theymos
Administrator
Legendary
Offline
Activity: 5334
Merit: 13299
|
|
July 01, 2011, 09:48:08 AM |
|
Very doable if you can afford to spend 10/15 millions of $
Any rich guy could happily do it without problems...
Getting 50% would take a few million dollars, but rewriting many past blocks is much more expensive. Even if any of this does happen, it can all be manually straightened out after control is regained.
|
1NXYoJ5xU91Jp83XfVMHwwTUyZFK64BoAD
|
|
|
bcearl (OP)
|
|
July 01, 2011, 09:52:16 AM |
|
How realistic(practical) this attack is ?
Very doable if you can afford to spend 10/15 millions of $ Any rich guy could happily do it without problems... But due to Sathoshi's genius clever design, would-be-attackers are instead incentivised to use their resources as legit miners instead, thus increasing the strength of the main block chain. Yes, private attackers could be persuaded by the reward for honest mining. But banks and governments who are willing to invest to just shut down bitcoin are still a danger we should be aware of. I don't see any chance for them to get sabotage done, and it will get harder as bitcoin gets more users and miners. But we should always have the possibility of attackers in mind, who don't care about money but about hurting bitcoin.
|
Misspelling protects against dictionary attacks NOT
|
|
|
Gabi
Legendary
Offline
Activity: 1148
Merit: 1008
If you want to walk on water, get out of the boat
|
|
July 01, 2011, 09:57:07 AM |
|
Very doable if you can afford to spend 10/15 millions of $
Any rich guy could happily do it without problems...
Getting 50% would take a few million dollars, but rewriting many past blocks is much more expensive. Even if any of this does happen, it can all be manually straightened out after control is regained. Well he should buy the hardware and then run it long enough to have a longer blockchain Once this happens how can you fix this? The only way would be to organzie a separate network with the old blockchain and telling miners to mine on it until it finally become once more longer than the "bad one" It can be done but it require 1)a backup of the old blockchain 2)enough miners that know what to do
|
|
|
|
Houdini
Member
Offline
Activity: 84
Merit: 10
|
|
July 01, 2011, 10:02:35 AM |
|
When if an attacker has more than 50 % of ressources And what if the Earth explodes ? And what if the aliens invade ? And what if I am my own grandfather ? And what if we're all living in a computer-generated virtual reality while being used as thermal-electrical generators (which would be extremely stupid because humans are extremely unefficient as powerplants but what if) ? ... (continue as you wish into infinity, with absolutely no purpose)
|
|
|
|
Gabi
Legendary
Offline
Activity: 1148
Merit: 1008
If you want to walk on water, get out of the boat
|
|
July 01, 2011, 10:07:39 AM |
|
It is not so hard for a rich guy or organization to spend 15millions to fuck bitcoin...
|
|
|
|
Meni Rosenfeld
Donator
Legendary
Offline
Activity: 2058
Merit: 1054
|
|
July 01, 2011, 10:18:01 AM |
|
Personally I mostly fear the following scenario, which anyone can do at home (if he has a billion dollars lying around): 1. Short lots of bitcoins. 2. Build a huge mining cluster and completely mess up the block chain. 3. Watch prices drop as panic ensues. 4. Profit. 5. Lather, rinse, repeat.
|
|
|
|
|