Need an explanation over 51% attack.

[Stedsm]

As we've been discussing things about Bitcoins, I'd like to know more (or I'd say an in-depth as well as detailed) analysis about the 51% attack. Can anyone here explain me that how it could actually affect the whole network and how it makes the whole thing centralized? The times when we witnessed even $100 as transaction fees should be considered as such attacks only that might have taken place to rise the value of fees to such incredible levels? Is there anything to prevent such attacks when quantum computing takes place? I know that quantum computing will just give the power to the institution to grab the privkeys directly, still if they want to go the ^legal^ way, can they ruin it for everyone?

[1715005564]

1715005564

[1715005564]

1715005564

[1715005564]

1715005564

[1715005564]

1715005564

[1715005564]

1715005564

[1715005564]

1715005564

[ranochigo]

Can anyone here explain me that how it could actually affect the whole network and how it makes the whole thing centralized?

It's centralised as any entity controlling over 50% of the network's hashing power will be able to generate blocks faster than anyone else and hence no one would have a chance to get any blocks against them. This doesn't allow them to violate any protocol rules. Bitcoin functions on trusting the longest valid chain as the main chain and disregarding any other. As a result, they can potentially spend a coin twice by making nodes discarding the chain with the original transaction in and including the chain with their own transaction that spends the same inputs.

The times when we witnessed even $100 as transaction fees should be considered as such attacks only that might have taken place to rise the value of fees to such incredible levels?

No 51% attacks has happened on Bitcoin.

Is there anything to prevent such attacks when quantum computing takes place?

No.

I know that quantum computing will just give the power to the institution to grab the privkeys directly, still if they want to go the ^legal^ way, can they ruin it for everyone?

Not exactly. Anyone with a quantum computers can crack public keys within a reasonable timeframe but they are only exposed when UTXOs are being spent. If you just send Bitcoins to an address that has never been used, it is not possible for anyone to steal your coins with a quantum computer.

[mindphuq]

As we've been discussing things about Bitcoins, I'd like to know more (or I'd say an in-depth as well as detailed) analysis about the 51% attack. Can anyone here explain me that how it could actually affect the whole network and how it makes the whole thing centralized? The times when we witnessed even $100 as transaction fees should be considered as such attacks only that might have taken place to rise the value of fees to such incredible levels? Is there anything to prevent such attacks when quantum computing takes place? I know that quantum computing will just give the power to the institution to grab the privkeys directly, still if they want to go the ^legal^ way, can they ruin it for everyone?

When you have more than 50% of the hashrate, you make more than 50% of the blocks. That means, your chain of blocks will always been the longest. Since the network generally trusts the longest chain, the blocks of all other miners can't compete against you. Therefore you can manipulate the chain long enough to fabricate your own transaction history and trick nodes into thinking that an amount you already spend is still unspend and thus you can run a double-spend attack (the very thing the blockchain is supposed to prevent).

The network is still decentralized but in a dysfunctional way, means your miner will control the whole blockchain no matter what everyone else on the network claims.

Quantum computers can run multiple guesses parallel and that enables them to guess a private key to an address with no effort at all. If quantum computers exist, all hashing and encryption methods that are industry standard today become useless. However when that happens, we need quantum resistant algorithms anyhow everywhere on the internet and Bitcoin can implement one of these algorithms too. Quantum computers can steal your coins by just guessing your private key if they know your public address, since every public address is generated from a private key. It's an one-way function that means, calculating a public key from a private is simple but the other way around is extremely difficult, however quantum computers can do it by just trying in literally no-time.

[vit05]

I think it's important to point out that the big problem with 51% attacks is when they can effectively use this premise in the generation of new blocks to deceive exchanges with Double-spending. Increasing the number of confirmations can make such an attack difficult, even so, if someone controls> 50% it could still succeed regardless of the number of confirmations required.

In the beginning, there was a kind of signal that was sent to the devs when a problem occurred. Nowadays I do not know how the exchanges would be alerted. I think Bitcoin is the only project where the devs have no direct contact with the exchanges. And that's good. It proves that decentralization is sufficient thus far to ensure network security.

[goddog]

51% can be used to rewrite history, but this kind of attack become more and more expensive depending on how many blocks you have to rewrite.
if you want to doublespend a transaction with 3 confirmations you have to find 4 blocks if you want to doublespend a transaction with 6 confirmations you have to find 7 consecutive blocks. If you only have 51% you will find a block approx each 19 minutes. this make doublespending very expensive, and likely non profitable.

from what I know pow will survive to quantum computers, difficulty will adjust to have a block each 10 minutes.

Quantum computers can steal your coins by just guessing your private key if they know your public address

this is false. ripmed offer e very strong protection for your coins. to be safe simply do not reuse addresses.

[Don Pedro Dinero]

51% can be used to rewrite history, but this kind of attack become more and more expensive depending on how many blocks you have to rewrite.

So, this means that as more bitcoins are mined, and if bitcoin price keeps growing, a 51% attack is more unlikely because it becomes more expensive right?

[ranochigo]

So, this means that as more bitcoins are mined, and if bitcoin price keeps growing, a 51% attack is more unlikely because it becomes more expensive right?

More Bitcoins being mined doesn't mean that it would be more susceptible to a 51% attack.

If Bitcoin becomes more expensive, it would be a possibility. They would be able to get a larger profit of fiat if they execute a 51% attack for the same amount of Bitcoins. The main factor affecting the cost of Bitcoin is the network's hashrate. If more people are mining, it is harder for anyone to be able to control 51% of the network as it would require more hashrate and money.

[btj]

So, this means that as more bitcoins are mined, and if bitcoin price keeps growing, a 51% attack is more unlikely because it becomes more expensive right?

More Bitcoins being mined doesn't mean that it would be more susceptible to a 51% attack.

If Bitcoin becomes more expensive, it would be a possibility. They would be able to get a larger profit of fiat if they execute a 51% attack for the same amount of Bitcoins. The main factor affecting the cost of Bitcoin is the network's hashrate. If more people are mining, it is harder for anyone to be able to control 51% of the network as it would require more hashrate and money.

Only if you acquired a majority of the network’s hashing power could you reliably execute such a 51 percent attack against transaction history (although, it should be noted, that even less than 50% of the hashing power still has a good chance of performing such attacks).

https://bitcoin.org/en/developer-guide#term-51-attack

It called too a Majority Attack.

    An attacker that controls more than 50% of the network's computing power can, for the time that he is in control, exclude and modify the ordering of transactions. This allows him to:

        Reverse transactions that he sends while he's in control
        Prevent some or all transactions from gaining any confirmations
        Prevent some or all other generators from getting any generations

    The attacker can't:

        Reverse other people's transactions
        Prevent transactions from being sent at all (they'll show as 0/unconfirmed)
        Change the number of coins generated per block
        Create coins out of thin air
        Send coins that never belonged to him

    It's much more difficult to change historical blocks, and it becomes exponentially more difficult the further back you go. As above, changing historical blocks only allows you to exclude and change the ordering of transactions. It's impossible to change blocks created before the last checkpoint.

    Since this attack doesn't permit all that much power over the network, it is expected that no one will attempt it. A profit-seeking person will always gain more by just following the rules, and even someone trying to destroy the system will probably find other attacks more attractive. However, if this attack is successfully executed, it will be difficult or impossible to "untangle" the mess created — any changes the attacker makes might become permanent.

https://bitcoin.stackexchange.com/questions/658/what-can-an-attacker-with-51-of-hash-power-do

Good to know:
The mining pool ghash.io briefly exceeding 50% of the bitcoin network's computing power in July 2014, leading the pool to voluntarily commit to reducing its share of the network. It said in a statement that it would not reach 40% of the total mining power in the future.

This image describe well what is 51% attack:

Source: https://decenter.org/mining/451-51-percent-attack-en

[mindphuq]

51% can be used to rewrite history, but this kind of attack become more and more expensive depending on how many blocks you have to rewrite.
if you want to doublespend a transaction with 3 confirmations you have to find 4 blocks if you want to doublespend a transaction with 6 confirmations you have to find 7 consecutive blocks. If you only have 51% you will find a block approx each 19 minutes. this make doublespending very expensive, and likely non profitable.

51% always works, no matter how many confirmations you wait, as long as you manage to provide 51% over that time. With 51% of the hashrate you always write the longest chain that, in a dispute, other nodes will always trust. That's why 51% has a 100% success rate.

In the current Bitcoin network it's nearly impossible for a single miner to get 51% since the global hashrate is at 34 Eh/s, that is ~3,000,000 of the best current antminers. However for a pool it's possible to reach that, the biggest 3 pools already have more than 51% of the hashrate and pools getting to 51% have happened in the past.

With the old mining-protocol getwork, pools could just use their workers to manipulate the chain for them at literally zero cost since getwork only gives to the miners the blockheader to work on and hides the content of the transactions from the worker. A malicious pool would be able to manipulate the transactions and let their miners provide the proof. That's why getblocktemplate was invented where miners get the whole block and thus a pool could not manipulate them. However getblocktemplate is not enforced by the network as the network only sees the pool issuing new blocks and checks the blockheader for correctness, it has no information about the miners behind that pool. So it's up to the miner's firmware to only accept getblocktemplate protocol.

Another story however is the power of miner manufactors like Bitmain who are estimated to provide 70% of the global hashrate. A backdoor/vulnerability in the miner's code could enable the manufactor or an attacker to manipulate blocks for them - again at basically zero costs. Bitmain had an open backdoor in their firmware that allowed Bitmain or an attacker to shut down miners from remote (http://www.antbleed.com/). This didn't enable a 51% attack directly but could have harmed the network like a massive dDoS on the hashrate. The backdoor is supposed to be closed but the general problem of a proprietary firmware providing the majority of the hashrate remains.

[goddog]

51% always works, no matter how many confirmations you wait, as long as you manage to provide 51% over that time. With 51% of the hashrate you always write the longest chain that, in a dispute, other nodes will always trust. That's why 51% has a 100% success rate.

Sure, pow need time to be solved, so more confirmations means more time need to be spent mining a secret chain, more time means more resources. With pow you can not mine parallels chains for free, so you have to waste times and energy(resources).
This mean you can calculate the cost to rewrite a transaction confirmed some blocks ago, by doing a simple math:

n=numbers of confirmation
e=cost of mining a block
v=value of transactions to be doublespent

so you can calculate the cost to doublespend a transaction using the forumula: v-(n*e)>0

a quantum computer will reduce e alot, but e will never be zero, because time is money and difficulty can grow  a lot and keep doing his work.
If e is >0, waiting confirmations is the only way to prevent doublespend.
if e is =0, bitcoin comunity have to agree to a new algorithm to have e>0 and hardcode a checkpoint to be sure no one will rewrite old history.

I can remember at least 2 pool already owning directly more than 51%.
both are dead now.
deepbit was abbandoned asap.
cex was bouncing up and down 51% some time, until it was abbandoned too.

None of them tried to rewrite history, it is simply not profitable. Because e is > 0

[btj]

In order to calculate how much money do you need to perform a 51 attack on bitcoin:

Current hashrate (Total network hashrate): 34630131,855 TH/S (From https://blockchain.info/stats)

We choose our miners from here:
https://en.bitcoin.it/wiki/Mining_hardware_comparison

Let's take for example: Antminer S9
Hashrate = 14 TH/S
Consumption = 1.375 kW

Cost of harwares:
Hardware = Current hashrate * Price of Antminer S9 / Hash produced by Antminer (per seconds)
Hardware = 34630131,855 * 2400$ / 14
Hardware ~=  5,936,594,032 $

Number of antminers = Hardware / 2400 ~= 2,473,580

Cost of electricity:
Electricity consumption per day = Number of antminers * consumption * 24
Electricity consumption per day = 2,473,580 * 1.375 * 24
Electricity consumption per day ~= 81,628,140 kWh

Electricity cost per day = Electricity consumption per day * Cost per 1kWh
Electricity cost per day = 81,628,140 * 0.045$ (Electricity pricing - Depend on countries)

So attacker have to pay 3,673,266 $ of electricity per day !

This without make calculation of transport, renting or buying local where to install all this stuff, without counting the difficulty to get this number of miners and electricity power required to get them working all.

And countring the risk that the attack will not be a success and many other factors ...

[mu_enrico]

Guys, why is this 51% (or the majority) attack so popular?
It only allows double spend once, and some "censorship" while 51% hash-rate sustained, right?
Even they have 51% hash-rate, miners cannot violate protocol rules, right?

Thanks

[ranochigo]

Guys, why is this 51% (or the majority) attack so popular?
It only allows double spend once, and some "censorship" while 51% hash-rate sustained, right?
Even they have 51% hash-rate, miners cannot violate protocol rules, right?

As long as they have 51% of the hashrate, they can spend every single transaction again after its spent, no matter how many confirmations they have. They can double spend as many transactions, for as long as they want as long as they can sustain it.

They can't violate protocol rules but double spending is very damaging.

[r1s2g3]

I will just like to add that 51% of total Network Hash Rate just make your probability =1 (sure shot success).

Bitcoin whitepaper never ruled out that somebody cannot attack the Network if it has less than 51 % of hash power.

I will like to quote the Bitcoin white paper here.

p = probability an honest node finds the next block
q = probability the attacker finds the next block
qz = probability the attacker will ever catch up from z blocks behind
qz={
1 if p≤q
(q/ p)^z

if p>q}


Given our assumption that p > q, the probability drops exponentially as the number of blocks the
attacker has to catch up with increases. With the odds against him, if he doesn't make a lucky
lunge forward early on, his chances become vanishingly small as he falls further behind

Bitcoin Whitepaper explains very nicely under the heading "Calculations" . It is clearly defining what is your probability to change the chain , if you want to change 2 block or 6 block.

Formula shows that 51% is sure shot  attack but it does not mean somebody having 49% will have no chance in attacking the chain.

[Stedsm]

Formula shows that 51% is sure shot  attack but it does not mean somebody having 49% will have no chance in attacking the chain.

But I guess the probability of attacking the chain with 49% is least compared to 51% as it crosses more than half of the stakes for the upcoming blocks, right?

One more thing, why is only 51% a number that is considered so attackable? Is it like anyone can even go for a 95% or even a 100% attack (by trying to collect the biggest number of miners) and doing a hash of more than 100 times the current hashrate? Wouldn't that just end up getting all the remaining amount of Bitcoins mined in least time?

[ranochigo]

But I guess the probability of attacking the chain with 49% is least compared to 51% as it crosses more than half of the stakes for the upcoming blocks, right?

Depends on how many consecutive blocks you want to mine. You have a good chance to mine 2 consecutive block with say 30% of the hashrate but mining 3 consecutive blocks would be significantly harder, hence the formula.

One more thing, why is only 51% a number that is considered so attackable? Is it like anyone can even go for a 95% or even a 100% attack (by trying to collect the biggest number of miners) and doing a hash of more than 100 times the current hashrate? Wouldn't that just end up getting all the remaining amount of Bitcoins mined in least time?

Possible. Is it worth the effort though? As long as they have 51% of the network, they can outpace the entire network by themselves. The attack is somewhat covert since the attack is not known until it actually happens. Their main goal isn't to get the most amount of Bitcoin but it is to attack Bitcoin. Bitcoin wouldn't have much value after the attack anyways.

Difficulty changes every 2016 blocks and the time to mine the remaining of the total coins would still take about the same amount of time.

[mobydick]

If you are a miner, and you know a block of size X can be processed by 85% of the network, but not 100%, do you mine it? If by 'network', we mean hashrate, then definitely! 85% is high enough that you'll be able to build the longest chain. The miners that can't keep up will be pruned, and then the target for '85% fastest' moves - now a smaller set of miners represents 85% and you can move the block size up, pruning another set of miners.

If by 'network', you mean all nodes... today we already have nodes that can't keep up. So by necessity you are picking a subset of nodes that can keep up, and a subset that cannot. So, now you are deciding who is safe to prune. Raspi's? Probably safe. Single merchants that run their own nodes on desktop hardware? Probably safe. All desktop hardware, but none of the exchanges? Maybe not safe today. But if you've been near desktop levels for a while, and slowly driving off the slower desktops, at some point you might only be driving away 10 nodes to jump up to 'small datacenter' levels.

[asdlolciterquit]

As we've been discussing things about Bitcoins, I'd like to know more (or I'd say an in-depth as well as detailed) analysis about the 51% attack. Can anyone here explain me that how it could actually affect the whole network and how it makes the whole thing centralized? The times when we witnessed even $100 as transaction fees should be considered as such attacks only that might have taken place to rise the value of fees to such incredible levels? Is there anything to prevent such attacks when quantum computing takes place? I know that quantum computing will just give the power to the institution to grab the privkeys directly, still if they want to go the ^legal^ way, can they ruin it for everyone?

When you have more than 50% of the hashrate, you make more than 50% of the blocks. That means, your chain of blocks will always been the longest. Since the network generally trusts the longest chain, the blocks of all other miners can't compete against you. Therefore you can manipulate the chain long enough to fabricate your own transaction history and trick nodes into thinking that an amount you already spend is still unspend and thus you can run a double-spend attack (the very thing the blockchain is supposed to prevent).

The network is still decentralized but in a dysfunctional way, means your miner will control the whole blockchain no matter what everyone else on the network claims.

Quantum computers can run multiple guesses parallel and that enables them to guess a private key to an address with no effort at all. If quantum computers exist, all hashing and encryption methods that are industry standard today become useless. However when that happens, we need quantum resistant algorithms anyhow everywhere on the internet and Bitcoin can implement one of these algorithms too. Quantum computers can steal your coins by just guessing your private key if they know your public address, since every public address is generated from a private key. It's an one-way function that means, calculating a public key from a private is simple but the other way around is extremely difficult, however quantum computers can do it by just trying in literally no-time.

i don't know if this is the correct thread to ask...but i'm wondering: who have the major hashrate and how much is this hashrate? I don't know...is it possible that right now someone owns more than 10% ot total hashrate?

[bob123]

who have the major hashrate and how much is this hashrate? I don't know...is it possible that right now someone owns more than 10% ot total hashrate?

This is definitely possible. Especially since there are pools with more than 10% hashrate each.
The majority of hashrate is being provided by Bitmain/BTC.com. You can find a graph containing pools with their hashrate here.

[asdlolciterquit]

who have the major hashrate and how much is this hashrate? I don't know...is it possible that right now someone owns more than 10% ot total hashrate?

This is definitely possible. Especially since there are pools with more than 10% hashrate each.
The majority of hashrate is being provided by Bitmain/BTC.com. You can find a graph containing pools with their hashrate here.

thank you for your help!

BTC.com have more than 27% of the hashrate!
We are still far away from 51%, but what happened if one day two or three big pool decide to join? Or maybe they know that something like that can bring the death of btc?