51% attack on Bitcoin

[ehamzic]

Dear all, I have a technical question about Bitcoin which is kind of like a homework assignment that I do not completely understand. I apologize if this is the wrong place for such a discussion, but I hope there is going to be some enthusiast willing to look into this. So here it goes (the question):
Let us assume that the Bitcoin network’s mining power is 100 hash/s. For this task let us assume the difficulty does not change. Find the confirmation and payout time of
a chosen Cryptocurrency exchange for BTC. Calculate how much hashing power does an attacker need to control in order to create a valid sidechain that would overtake the
main chain from 1 block before the height of the transaction sent to the exchange in:
1 hour / 1 day / 1 week
We always count with a block generation rate that averages 10 minutes from what I understand? What does the attacker need to achieve in order for his sidechain to overtake the main chain, all I understand is that he would need to have at least the hash power of the network, which is 100 hash/s here, but that seems too simple. Also i do not really understand the following part of the sentence from 1 block before the height of the transaction sent to the exchange.
Thank you for any kind of suggestion.

[1714153089]

1714153089

[1714153089]

1714153089

[1714153089]

1714153089

[1714153089]

1714153089

[o_e_l_e_o]

This scenario is discussed in detail in Section 11 "Calculations" of the Bitcoin Whitepaper: https://bitcoin.org/bitcoin.pdf

Also i do not really understand the following part of the sentence from 1 block before the height of the transaction sent to the exchange.

The "block height" is simply a number used to order all the blocks in the blockchain. The genesis block has a height of 0. At time of me writing this, the most recent block has a height of 579,092. The next block mined will have a height of 579,093. As so on. "1 block before the height of the transaction sent to the exchange" essentially means starting at a 1 block deficit. So if I sent a transaction to the exchange, waited for it to have 1 confirmation, and then tried to launch an attack to reverse that transaction, I would be starting from 1 block before, or a 1 block deficit.

In terms of having enough hashing power to overtake a 1 block deficit, the equations for calculating are given in the whitepaper I linked to above. You can also play around with the numbers on this site to see for yourself: https://people.xiph.org/~greg/attack_success.html. Set the "Number of confirms" to 1, which is the same as starting from 1 block before. With 51% of the hashrate, you would always be successful, but with 24% of the hashrate, you would still have a 50% chance of overcoming a 1 block deficit.

[odolvlobo]

The rate of block production proportional to the hash rate (assuming the difficulty is the same).

The reason for "1 block before the height of the transaction sent to the exchange" is that the attacker must branch the chain before the block containing the transaction that is to be double-spent.

I assume you are able to figure out the rest.

[ranochigo]

Calculate how much hashing power does an attacker need to control in order to create a valid sidechain that would overtake the main chain from 1 block before the height of the transaction sent to the exchange in: 1 hour / 1 day / 1 week[/i]
We always count with a block generation rate that averages 10 minutes from what I understand?

That is given in a perfect scenario whereby the probability of getting a block remains equal with everything constant; in reality, the varience results in a lot more fluctuation. Your answer from this part is roughly answered with the link above. The reason why double spending becomes harder after 6 confirmations is because the probability of you generating blocks faster than the network gets fairly negligible after that if you do not have more hashing power than the honest network.

What does the attacker need to achieve in order for his sidechain to overtake the main chain, all I understand is that he would need to have at least the hash power of the network, which is 100 hash/s here, but that seems too simple.

For a 100% success rate, it would be >100hash/s.

Also i do not really understand the following part of the sentence from 1 block before the height of the transaction sent to the exchange.

The way the Bitcoin blockchain works is that the transactions are included in each of the blocks that the network generates. For each of the nodes on the network, they accept the blockchain that has the highest number of blocks, difficulty-wise. If you somehow create a longer chain, starting right before the block for which your transaction is included, you will have effectively "unspent" your coins.

Code:

Block A -> Block B (with your transaction) -> Block C -> Block D  (Orphaned)
         |
         ->Block B1 (Without your transaction) -> Block C1 -> Block D1 -> Block E (Longest valid chain)

The nodes on the network will now consider the other chain as orphan and they will only consider the transactions that are on your chain. Since you excluded your own transaction, your inputs would appear as if it has never been spent before.

[ehamzic]

Thank you guys for your help, I have a much more clear understanding of the problem. However, one more thing, with the calculations from the paper, it is possible to find the probability the attacker would catch up ever, at any point in time later. But what if we limit the time the attacker has to catch up? Let's say the block generation time is 10 min per block as already mentioned and we give it 1h of time, so 6 blocks to overtake the honest chain while starting 1 block behind. The probability of overtaking under this condition is what I'm trying to figure out how to calculate. Really thank you for the help.

[bob123]

But what if we limit the time the attacker has to catch up? Let's say the block generation time is 10 min per block as already mentioned and we give it 1h of time, so 6 blocks to overtake the honest chain while starting 1 block behind. The probability of overtaking under this condition is what I'm trying to figure out how to calculate. Really thank you for the help.

Then the probability obviously never is (and never can be) 100%.

Since you didn't specify a hashrate the attacker has, i am keeping this relatively generic:

If the attacker is 1 block behind, and has 6 blocks time, he needs to generate 7 blocks in the timeframe where the honest network creates 6 to have an equally long chain.
Since the attack has to be succeeded within 1 hour (~6 blocks), he needs to generate one additional block (to have the longest chain). So 8 blocks from the attacker vs. 6 blocks from the honest network.

That's 25% more than the honest network has to mine, resulting in 25% more hashrate the attacker needs in comparison to the honest network to have a 50% chance of succeeding with the attack.


In your example, with the honest network having 100 H/s, the attacker would need 125 H/s to have a 50% probability to succeed the attack within 1 hour (average time, since block time can vary).
With 250 H/s (2.5 times more than the honest network), the attacker would have a 67% chance to succeed.

[bob123]

However, it still has a vulnerability that can be exploited.

It is not a vulnerability. This is the protocol design.
It aims to make it extremely hard to achieve and being extremely unprofitable.

Financial Incentives excluded.

When I make a transaction that transfers 100 Bitcoin to a Lamborghini company wallet, the transaction is encrypted and put into a place called "unconfirmed transactions".

It is not encrypted, it is signed.
And it is not put into a place called "unconfirmed transactions", it is an unconfirmed transaction in the mempool of the nodes until it is being included into a block.

Not yet, the transaction in this block will be publicized and should be verified by other miners. If there is more than 50% validation, this block will be shown on the blockchain and the transaction will be recorded in the ledger. I officially completed a 100 Bitcoin transfer to buy a Lamborghini.

If the transaction is valid, it is being included. Otherwise not.
There is no 50% mark or anything similar.

Every node which thinks this transaction is valid, will add the block including it to the chain.
The other ones don't.

If - for whatever reason - 50% of the network thinks a block is invalid, while the other half thinks its valid, a fork happens.
But since there is a consensus on which transactions are valid / invalid, this shouldn't happen.

Especially with Bitcoin, the world's largest cryptocurrency. Experts believe that Bitcoin can never be affected by a 51% attack.
[...]
In addition, experts also speculate that a small blockchain of an altcoin (not Bitcoin) can be attacked 51% entirely. Because attacking small blockchain requires less computing power than attacking Bitcoin. That's why we often see other crypto coins being attacked 51%, but Bitcoin has never been so.

Bitcoin already had a 51% attack.
It was in the very beginning when nearly no one was mining.

Nowadays, i agree. It is effectively not possible anymore.

[Tytanowy Janusz]

Nowadays, i agree. It is effectively not possible anymore.

https://www.buybitcoinworldwide.com/mining/pools/


You only need to hack BTC.com, ANTPool and ViaBTC and attack bitcoin network with their hardware. Will it be sucessfull 51% attack or I miss something?

Also if ANTPool, slushpool and ViaBTC will switch to mine Bitcoin cash (what is possible with the same hardware) than BTC.com will have close to 50%

[squatter]

You only need to hack BTC.com, ANTPool and ViaBTC and attack bitcoin network with their hardware. Will it be sucessfull 51% attack or I miss something?

Miners would withdraw their hashpower from the attacking pools fairly quickly. Is such an attack theoretically possible? Yes, but it would be short-lived and wouldn't have lasting effects.

[Wind_FURY]

You only need to hack BTC.com, ANTPool and ViaBTC and attack bitcoin network with their hardware. Will it be sucessfull 51% attack or I miss something?

Miners would withdraw their hashpower from the attacking pools fairly quickly. Is such an attack theoretically possible? Yes, but it would be short-lived and wouldn't have lasting effects.

To add, because it would be more profitable for the miners to be rational than to be dishonest in the system. We cannot ignore the social, and game theory parts. It's largely what's keeping everything together in my opinion.

[bob123]

You only need to hack BTC.com, ANTPool and ViaBTC and attack bitcoin network with their hardware. Will it be sucessfull 51% attack or I miss something?

Theoretically, yes.

You could theoretically hack 3 mining pools. Then you have 2 options:
1) Start a 51% attack, which will effectively only work for a maximum of a few blocks because, as squatter mentioned, the hashrate of these pools would drop pretty fast and the resulting dump of price would reduce your gain by a lot, or
2) You do NOT start a 51% attack and silently earn 37.5 BTC per hour, which currently is ~350k USD.

[Farul]

Theoretically, yes.

You could theoretically hack 3 mining pools. Then you have 2 options:
1) Start a 51% attack, which will effectively only work for a maximum of a few blocks because, as squatter mentioned, the hashrate of these pools would drop pretty fast and the resulting dump of price would reduce your gain by a lot, or
2) You do NOT start a 51% attack and silently earn 37.5 BTC per hour, which currently is ~350k USD.

Don't Forget The Fact That You Need A Lot Of BTC First To profit From A 51% Attack (Being An "Honest" Miner Would Be More Profitable)

And A 51% Attack Like That Would Quickly Noticed Since The Blockrate Will Decrease To ~20 Minutes (Since 51% Of The Network hashrate Is "Gone")

51% Attack Is Not Profitable (Unless You're Rich/Just Want To Destroy The Coin)

[Neovitadi]

Nowadays, i agree. It is effectively not possible anymore.

https://www.buybitcoinworldwide.com/mining/pools/


You only need to hack BTC.com, ANTPool and ViaBTC and attack bitcoin network with their hardware. Will it be sucessfull 51% attack or I miss something?

Also if ANTPool, slushpool and ViaBTC will switch to mine Bitcoin cash (what is possible with the same hardware) than BTC.com will have close to 50%

A "Hack" would not be needed for a 51% attack.

One example is that since Bitcoin and all the hardware associated with BC is intertwined with Electricity -a 51% is possible to this day. If ViaBTC's (or any major BC mining company/companies) mining equipment went down due to a power out-age for 2+ hours then it is likely that BTC.com or other power-hashers will have a higher percentage of successful calculated sums during that time frame. No coding needed.

[bob123]

A "Hack" would not be needed for a 51% attack.

One example is that since Bitcoin and all the hardware associated with BC is intertwined with Electricity -a 51% is possible to this day. If ViaBTC's (or any major BC mining company/companies) mining equipment went down due to a power out-age for 2+ hours then it is likely that BTC.com or other power-hashers will have a higher percentage of successful calculated sums during that time frame. No coding needed.

Well, first.. If ViaBTC's mining pool went down, BTC.com still wouldn't have more hashrate than the remaining (honest) network.

Second, those are mining pools. Not single companies with all their mining equipment being in one place.
The majority of hashrate comes from individuals (private and business) which mine together in a pool.
So there is no power outage which could hit all miners inside of a pool.

[Farul]

A "Hack" would not be needed for a 51% attack.

One example is that since Bitcoin and all the hardware associated with BC is intertwined with Electricity -a 51% is possible to this day. If ViaBTC's (or any major BC mining company/companies) mining equipment went down due to a power out-age for 2+ hours then it is likely that BTC.com or other power-hashers will have a higher percentage of successful calculated sums during that time frame. No coding needed.

It's A Pool, Not A Single Miner/Company.
If The Pool Went down, Miner Who Mine At That pool Will Change Their Pool. Since They Don't Want Their Profit Go Down(Less Mining Time = Less Profit)

So there is no power outage which could hit all miners inside of a pool.

A Powerful Enough Solar Flare Probably Could Do That(That Would Also Affect The Whole Blockchain Hashrate Too tho).
Or Maybe A Huge EMP Bomb That Huge Enough To Affect The Whole Earth.

[Neovitadi]

A "Hack" would not be needed for a 51% attack.

One example is that since Bitcoin and all the hardware associated with BC is intertwined with Electricity -a 51% is possible to this day. If ViaBTC's (or any major BC mining company/companies) mining equipment went down due to a power out-age for 2+ hours then it is likely that BTC.com or other power-hashers will have a higher percentage of successful calculated sums during that time frame. No coding needed.

It's A Pool, Not A Single Miner/Company.
If The Pool Went down, Miner Who Mine At That pool Will Change Their Pool. Since They Don't Want Their Profit Go Down(Less Mining Time = Less Profit)

So there is no power outage which could hit all miners inside of a pool.

A Powerful Enough Solar Flare Probably Could Do That(That Would Also Affect The Whole Blockchain Hashrate Too tho).
Or Maybe A Huge EMP Bomb That Huge Enough To Affect The Whole Earth.

Underlined.

Also, yes that is correct. There's many factors that could counter Bitcoin especially with the death tolls within China and other places due to earthquakes and other natural disasters.

[o_e_l_e_o]

A Powerful Enough Solar Flare Probably Could Do That(That Would Also Affect The Whole Blockchain Hashrate Too tho).
Or Maybe A Huge EMP Bomb That Huge Enough To Affect The Whole Earth.

A global electricity outage would also affect the malicious party attempting to 51% attack the blockchain, and so the attack would fail.

Furthermore, all a 51% attack does is allow a user to double spend their own coins - it doesn't allow them to steal other people's coins or create new coins out of thin air. They are going to struggle to double spend their coins when there are no exchanges, services, traders, etc., online to accept deposits, since there is no electricity and no internet.