If an attacker gets more than 50 % of mining power

[kerogre256]

Personally I mostly fear the following scenario, which anyone can do at home (if he has a billion dollars lying around):
1. Short lots of bitcoins.
2. Build a huge mining cluster and completely mess up the block chain.
3. Watch prices drop as panic ensues.
4. Profit.
5. Lather, rinse, repeat.

If it happends once there will be no secont time bitcoin will be dead.

[1714154287]

1714154287

[1714154287]

1714154287

[1714154287]

1714154287

[1714154287]

1714154287

[1714154287]

1714154287

[Meni Rosenfeld]

Personally I mostly fear the following scenario, which anyone can do at home (if he has a billion dollars lying around):
1. Short lots of bitcoins.
2. Build a huge mining cluster and completely mess up the block chain.
3. Watch prices drop as panic ensues.
4. Profit.
5. Lather, rinse, repeat.

If it happends once there will be no secont time bitcoin will be dead.

I think Bitcoin can survive this happening once. The problem is if there is a reasonable expectation of it happening again. That's why the possibility of repeating it scares me.

[bcearl]

When if an attacker has more than 50 % of ressources

And what if the Earth explodes ?
And what if the aliens invade ?
And what if I am my own grandfather ?
And what if we're all living in a computer-generated virtual reality while being used as thermal-electrical generators (which would be extremely stupid because humans are extremely unefficient as powerplants but what if) ?
...
(continue as you wish into infinity, with absolutely no purpose)

• you don't understand, what the word "if" is for

[bcearl]

Personally I mostly fear the following scenario, which anyone can do at home (if he has a billion dollars lying around):
1. Short lots of bitcoins.
2. Build a huge mining cluster and completely mess up the block chain.
3. Watch prices drop as panic ensues.
4. Profit.
5. Lather, rinse, repeat.

You have to explain what you mean by 2.

[theymos]

It can be done but it require 1)a backup of the old blockchain 2)enough miners that know what to do

Bitcoin never deletes blocks, so everyone will still have copies. The pools can be updated in no time, and they represent almost all of the network's hashing power.

[Meni Rosenfeld]

Personally I mostly fear the following scenario, which anyone can do at home (if he has a billion dollars lying around):
1. Short lots of bitcoins.
2. Build a huge mining cluster and completely mess up the block chain.
3. Watch prices drop as panic ensues.
4. Profit.
5. Lather, rinse, repeat.

You have to explain what you mean by 2.

For starters, he can create a new branch with none of the transactions from the last 1000 blocks. Or he can bypass X% of blocks as per your original post, which is not very dangerous for merchants but will piss off miners who wish to be rewarded for the blocks they find. And so on, he can get creative.

It can be done but it require 1)a backup of the old blockchain 2)enough miners that know what to do

Bitcoin never deletes blocks, so everyone will still have copies. The pools can be updated in no time, and they represent almost all of the network's hashing power.

Assuming a consensus can be reached not only about which chain is the real one, but also that discarding the computationally longest chain in some circumstances is desirable.

[bcearl]

Personally I mostly fear the following scenario, which anyone can do at home (if he has a billion dollars lying around):
1. Short lots of bitcoins.
2. Build a huge mining cluster and completely mess up the block chain.
3. Watch prices drop as panic ensues.
4. Profit.
5. Lather, rinse, repeat.

You have to explain what you mean by 2.

For starters, he can create a new branch with none of the transactions from the last 1000 blocks. Or he can bypass X% of blocks as per your original post, which is not very dangerous for merchants but will piss off miners who wish to be rewarded for the blocks they find. And so on, he can get creative.

It can be done but it require 1)a backup of the old blockchain 2)enough miners that know what to do

Bitcoin never deletes blocks, so everyone will still have copies. The pools can be updated in no time, and they represent almost all of the network's hashing power.

Assuming a consensus can be reached not only about which chain is the real one, but also that discarding the computationally longest chain in some circumstances is desirable.

To reverse a 1000 blocks and to catch up then to make the longest block chain takes way more than 50 %, if you want to get it done in a decade.

[Meni Rosenfeld]

To reverse a 1000 blocks and to catch up then to make the longest block chain takes way more than 50 %, if you want to get it done in a decade.

Not really. With 67%, you can reverse 1000 past blocks in a week. Reversing 1000 future blocks takes a week with 52%.

[Raulo]

To reverse a 1000 blocks and to catch up then to make the longest block chain takes way more than 50 %, if you want to get it done in a decade.

If you have more than the rest of the network combined (so more than 50% of total power including you), you can grow the alternative chain indefinitely as long as you are ahead. If you have 1% more than the network, you will be 1.44 block ahead per day. If you have 10% more, you will have 14.4 blocks per day. If you have twice the current Bitcoin network, you will reverse 1000 blocks in less than a week.

If you want to do as much of a mess, grow your chain, and wait until the rest of the network caches up with the speed. And then release the alternative chain.

[em3rgentOrdr]

How realistic(practical) this attack is ?  

Very doable if you can afford to spend 10/15 millions of $

Any rich guy could happily do it without problems...

But due to Sathoshi's genius clever design, would-be-attackers are instead incentivised to use their resources as legit miners instead, thus increasing the strength of the main block chain.

Yes, private attackers could be persuaded by the reward for honest mining. But banks and governments who are willing to invest to just shut down bitcoin are still a danger we should be aware of. I don't see any chance for them to get sabotage done, and it will get harder as bitcoin gets more users and miners. But we should always have the possibility of attackers in mind, who don't care about money but about hurting bitcoin.

I don't know.  I tend to be a firm believer in Emergent Order.  I usually assume that everyone is a self-interested bastard by default.  But Cooperation is more preferable to Sabotage in most cases, especially with bitcoin.  If the governments and banks cooperate with us, then they can profit from mining legitimately.  That's a positive sum game.  But spending billions of dollars on a ton of AMD GPUs simply so that you can destroy the bitcoin network is a negative sum game. 

There is a reason why successful governments like US & China don't tax %100 percent of your income, but rather realize that after about %50 then your people aren't incentivized.  And there are reasons why most Nations and Businesses are not engaging in constant battle sabotage against their competing Nations and Businesses (sure, there is some of this going on, but it is not the major component of expenditure).

I suspect that eventually the US government, PayPal, and banks will reluctantly embrace bitcoin.

Governments will still be able to tax, even if they can't arbitrarily inflate.  Sure they will have to tighten their fiscal responsibility belt, but they will be benefited by a robust bitcoin economy, and will simply tax visible transactions.  And I suspect they will be using the resources from government supercomputing labs to mine bitcoins by default when they aren't running more valuable experiments.

PayPal will start accepting payments with bitcoin as just one of many accepted international currencies the moment they realize that they can make more profit by embracing bitcoin instead of attacking it.  PayPal would rather offer secure online storage of your wallet and insurance against loss from scammer transactions as eBay currently does.  I can image some clever paypal employee submitting a bitcoin proposal which eventually reaches the CEO, who then sells it to the rest of the board and shareholders, and then someone might get a raise.

Banks wouldn't completely disappear, but would rather have to refocus on being investment vehicles which facilitate people with long term monetary preferences to loan out their bitcoins to borrowers with short term monetary preferences.  Sure they won't be able to artificially create bitcoins at whim out of thin air, but they would instead form clearing houses with competing banks and try to keep their liabilities as closely matched to their available assets as possible.  The banking sector will be stabilized and return to sanity, not destroyed.

You forget the "do it for the lulz" factor

Hmm... Yes I forgot about the lulz factor.  The lulz factor totally throws off anyone's refined security analysis model.  Serious, it's true.  Just look at everyone they hacked.  Totally not expecting it.  Totally were prepared for anything but a lulz attack.  (I'm only being 25% sarcastic those last 3 sentences, since it is true that the lulz factor will definitely screw up anyone who's not prepared for a lulz response.  Maybe it will become standard operating procedure for major internet companies to develop a "lulz response protocol" soon .)  But I do suspect that deep down, lulz security was motivated by something more than just the lulz...

[ThiagoCMC]

How realistic(practical) this attack is ?  

Very doable if you can afford to spend 10/15 millions of $

Any rich guy could happily do it without problems...

But due to Sathoshi's genius clever design, would-be-attackers are instead incentivised to use their resources as legit miners instead, thus increasing the strength of the main block chain.

Sorry, I'm confusing, because I'm a newbie in Bitcoins world, just two weeks of knowledge about it...

Until today, I believed that miners only do mining... What they do more? Why miners are so important to keep the safety of the Bitcoins network?

If miners cash-out someday, this will leave the network unprotected.. But why?!?

By the way, then it is possible spend the same Bitcoin twice?! Since I have enough computing power for this?

And then it is also possible reverse the payment?!

All depends on the computational power?!

If the U.S. government and Fed tries to do these things today?! We are fucked?!

I'm very curious and concerned!

Thanks!
Thiago

[andes]

Thiago, a related answer is here

Couldn't the 51% be raised, to say 95% instead?

There is no way that any single entity/organization could ever have 95% of the computing power of the network...

By design, Bitcoin's "true" block chain is not determined by voting (say 95%) but by "proof of work", the chain with more "proof of work" wins. This is a probabilistic issue. Another way to see it, is as a competition issue. The team that dominates 50%+ of the power can outperform the rest.

If you own more than 50% of the hashing power, you will probably be able to produce the longest chain measured in CPU power (you will beat the rest more times in the mining lottery). If you are not honest, you will mess the whole network, until the honest guys regain control. That does not mean you will own the chain, or that you can do a long term damage to the chain, but you can cause a lot of trouble in the meantime, especially if you can sustain the attack for a long time. Think about if you could not trust the confirmations you get after doing a transaction. This would damage the confidence in the network.

That is an unresolved weakness in the Bitcoin paradigm, in my opinion.

Related thread:

Bitcoin's kryptonite: The 51% attack
http://forum.bitcoin.org/index.php?topic=12435.0

[cypherdoc]

actually it looks to me like the gold/silver bull market is over.

i envision a time when the gov't may use bitcoin as the basis for a digital "gold standard" upon which they could make USD loans which just happens to be an important part of economic growth whether we like it or not.  fractional reserve lending just has to be reasonable.

the problem for precious metals has always been rebalancing the physical stores seamlessly over great distances to reflect countries overleveraging.  with bitcoin, this rebalancing would be instantaneous.  it would be a win/win situation:  keep the USD intact, allow modest leveraging via debt formation, yet have a digital bitcoin backing to keep the system in check.

[em3rgentOrdr]

Sorry, I'm confusing, because I'm a newbie in Bitcoins world, just two weeks of knowledge about it...

Thiago, I had similar concerns when I was a noobie as well.  Most of the answers to your questions are well documented in the bitcoin wiki and faq, or have been answersed extensivly in this forum, which you can easily search the achives for answers.  I will give quick incomplete answers below:

Until today, I believed that miners only do mining... What they do more? Why miners are so important to keep the safety of the Bitcoins network?

The process of mining is essentially verifying the legitimacy of transactions.  The more GPUs mining for bitcoins, then the stronger the legitimate network is, thus making it very difficult for adversaries to overcome the strength of the network by passing off bogus transactions as legitmate.

If miners cash-out someday, this will leave the network unprotected.. But why?!?

But when a lot of miners "cashes-out", then the bitcoin client will automatically lower the mining difficultly level based on a hard-coded protocol.  Since it will now be easier to mine, then that means that other people, including noobs like yourself, would be incentivized to mine at the easier difficultly level, since the bitcoin payment for solving a block would remain the same (50 BTC/block solved currently).

By the way, then it is possible spend the same Bitcoin twice?! Since I have enough computing power for this?

As has been discussed many time, it would be REALLY REALLY difficult and expensive.  At this point, only a huge collusion of powerful governments and corporations would be able to do it.  Keep in mind, there are tons of teenagers out there with free GPU & electricity from their parents who can hash for basically zero cost (to them, not to the parent ).  Plus all the thousands of businesses out there who deal with bitcoin and thus are incentivized to mine and maintain network security.

And then it is also possible reverse the payment?!

Yeah, but again...very hard.  And you couldn't reverse all payments, just a few recent ones if you are sucessful.

All depends on the computational power?!

pretty much.  And network bandwidth.

If the U.S. government and Fed tries to do these things today?! We are fucked?!

Possibly.  They would have to retool all the US government supercomputing research centres in order to mine for bitcoin.  But I almost feel at this point, there is are more legitimate ordinary people mining GPUs that the US government would be incentivized to instead join us legitimate miners!

I'm very curious and concerned!

Thanks!
Thiago

No problem.  Again, I had similar concerns when I was a noob as well.  Anyway you get a gold star in my book for using Ubuntu Linux and for asking simple & clear, but non-trolling questions/concerns.

[andes]

If the U.S. government and Fed tries to do these things today?! We are fucked?!

Possibly.  They would have to retool all the US government supercomputing research centres in order to mine for bitcoin.  But I almost feel at this point, there is are more legitimate ordinary people mining GPUs that the US government would be incentivized to instead join us legitimate miners!

This is a common misconception. A supercomputer is not efficient for hashing. Its too expensive. Hashing is a very simple computing process that does not requiere a supercomputer.

Any government or organization can pwn bitcoin by building a specialized hashing hardware factory, for a couple of millions of dollars. No actual supercomputer required.

[theymos]

Reversing 1000 future blocks takes a week with 52%.

This is certainly wrong, and your other numbers are probably wrong, too. If you control 52% of the network, you must use one of your blocks to negate a legitimate block 48% of the time. So 48% of the network is producing legitimate blocks, 48% of the network is negating those blocks, and only 4% is left producing new blocks. The network would only produce 5.76 blocks per day.

[em3rgentOrdr]

If the U.S. government and Fed tries to do these things today?! We are fucked?!

Possibly.  They would have to retool all the US government supercomputing research centres in order to mine for bitcoin.  But I almost feel at this point, there is are more legitimate ordinary people mining GPUs that the US government would be incentivized to instead join us legitimate miners!

This is a common misconception. A supercomputer is not efficient for hashing. Its too expensive. Hashing is a very simple computing process that does not requiere a supercomputer.

Yes indeed, especially considering that most of the scientific research labs are optimized for floating point computation, not integer code which is what SHA basing uses.

Any government or organization can pwn bitcoin by building a specialized hashing hardware factory, for a couple of millions of dollars. No actual supercomputer required.

We will have to do the math.  I don't know.

[theymos]

To create 1000 old blocks, you need to do an average of 5923676160960014000 hashes at the current difficulty. Plus, to actually replace them you need to constantly fight against the existing network. To negate all legitimate blocks takes a hash speed equal to the current network hash speed (~12 Thash/s at the moment).

So you need 12 Thash/s plus about 6 billion billion hashes to rewrite 1000 blocks. If you want to replace the blocks within a week, you need a total of ~22 Thash/s.

Let's say a 6870 does 300 Mhash/s (I don't how true this is). You need ~41285 6870s to get 50% of the network plus ~32646 more to create 1000 blocks at current difficulty within a week. That's at the very least $10 million.

And once the attacker gets sick of wasting so much money, everything can be fixed without much loss by blacklisting their chain.

[andes]

.

[andes]

If you control 52% of the network, you must use one of your blocks to negate a legitimate block 48% of the time. So 48% of the network is producing legitimate blocks, 48% of the network is negating those blocks, and only 4% is left producing new blocks. The network would only produce 5.76 blocks per day.

So you are essencially admitting that such an attack would render the system useless, as long as the attack is sustained.