The invulnerabe Bitcoin myth. (Basic math risk analysis)

[Transisto]

To all people minimizing the threat from the establishments,  / topic "Guy admits it is his job to destroy Bitcoin."

What is required to keep BTC working and safe from a 51% attack  ?
1, Transistors  2, Electricity 3, Balance of power

1. Chips cost money
2. Electricity cost money
3. Money is very unevenly distributed.

Have you ever heard of the CIA cracking password, ?
Have you ever heard of banks using GPU/FPGA to predict markets ?

a: The gov/banks already have/use more computing power than the whole Bitcoin network.
b: They can, in a matter of months, purchase the additional equipment required for a 51% attack (5 Thash/s) for 2 500 000 $ or less, (333mhs@165$), (with consumer GPU, not even ASICS)

Dumping their earned coins on the markets cause the price to fall and make mining unprofitable.
... Feedback loop...
The hash-rate is rising while the price is tanking.

It may not be happening now but the risk is really there.

I think very few people truly realize how small the Bitcoin market is in comparison to the pocket of those who want to keep full control.
A handful of people would spend Billions on that.

Taking a 1 billion $ figure, a 51% attack could happen even if hashing power was 1000x what it is now (yes, 8 Peta hash/s).
(300$ per ghs, with 2011 ASIC technologies)

Ps: Please do not respond only to correct my maths, these are very rough estimate.

[1713276254]

1713276254

[1713276254]

1713276254

[DeathAndTaxes]

Your numbers are wrong.  Not going to waste any more time on them but "the banks" (there is no such single entity) don't have more computing power than Bitcoin.  Bitcoin is larger than 500 largest super computers combined.  

As for a billion dollars.  LOLZ.  Nobody said Bitcoin is invulnerable.  Today it couldn't survive a $1B attack, it also couldn't survive a nuclear holocaust either.  Not many things (hell even countries) can survive a determined enemy w/ $1B budget.

If Bitcoin is large enough to warrant a $1B attack then it is large enough to have the hashing power to survive one.

b: They can, in a matter of months, purchase the additional equipment required for a 51% attack (5 Thash/s) for 2 500 000 $ or less, (333mhs@165$), (with consumer GPU, not even ASICS)

At least take a slightly less nonsensical stab then $0.5 per MH.  Show me the rig you can build (everything including warehouse space, cooling, power distribution, networking, racks, MB, CPU, RAM, GPU, labor, maintenance, administration, security (you going to leave $20M+ worth of gear unguarded) for $0.50 per MH.  I would like to see that rig.

[ALPHA.]

a: The gov/banks already have/use more computing power than the whole Bitcoin network.

Nope.

b: They can, in a matter of months, purchase the additional equipment required for a 51% attack (5 Thash/s) for 2 500 000 $ or less, (333mhs@165$), (with consumer GPU, not even ASICS)

Hah. No, here's what will happen. A contractor will come along and say he can do it for 50 mil, alright, with 20 for him and 20 for the other guy and maybe -- just maybe -- 10 mil for the inefficient bureaucrats to do the actual job. People will sit on their asses and twiddle their thumbs while pretending to do the project, then they'll have something horribly obsolete in 2 years or so.

Maybe the banks will do a better job discreetly but I doubt it. They would probably rather destroy bitcoin through FUD. Anyways, don't overestimate a farce of bureaucrats and corporate puppets we call the government. They can hardly do anything right without destroying more wealth along the way.

[evoorhees]

Dumping their earned coins on the markets cause the price to fall and make mining unprofitable.

Man... almost every day has far more than 7,200 coins sold on the market. Many of these coins are from the mining already. Even if a nefarious entity mined every single coin and sold it, that wouldn't have a lasting or seriously detrimental effect on the market price.

And come on... if a news story like that broke?!  You instantly have a million people around the world suddenly interested in this stuff. Price would not collapse I assure you.

More dangerous than dumping the mined coins is simply manipulating the network with the majority hashing power issue. That's still a legitimate, if unlikely, concern.

[Clark]

I don't see the 51% attack as the weak point of Bitcoin. Establishing an alternate block chain requires more skill than just acquiring the majority of computing power.

The biggest threat to the establishment lies in doing business exclusively in Bitcoin and taking away the banks' precious fees and interest payments on the debt. When small / large business sees that they can save $X M per year in fees, and when consumes are actually able to buy something (in a store) with coins, that's when the real attack begins.

I don't think that the Congress and equivalent ruling bodies of nations have enough foresight to stop this sort of legitimate threat to the coins of the realm.

[evoorhees]

They would probably rather destroy bitcoin through FUD.

Bingo.

[ALPHA.]

Look, it makes things easier if we believe that with a large amount of money comes potential evil. To portray coin dumping as a nuclear bomb keeps the world-view in tact. It would be much easier for people's psyche if we keep things that way.  If you're wealthy, you're evil unless you endorse eugenics or are Micheal Moore.

[freequant]

The establishment knows not to piss off hackers by challenging them on technical grounds: that tends to yield the exact opposite of the desired outcome.
It is much easier to attack the weak points: communication and public relations.

[Phinnaeus Gage]

They would probably rather destroy bitcoin through FUD.

Bingo.

I see it somewhat different. Why would the banks destroy it, when there's an opportunity to profit from it? The biggest game in town--housing--bubbled and burst. They (the bank(er)s) are always looking for ways to manipulate their un-fellow man. If China can do it with mining WOW by their prisoners, surely embracing Bitcoin in a creative fashion could reap tremendous rewards.

[casascius]

I am not too worried about a 51% attack.

A 51% attack endeavors to create blocks without including valid transactions, right?  Either that, or to give us blocks full of spam.

I believe the client should have a means to resubmit an unconfirmed transaction to the network with a transaction fee, or a higher transaction fee, with the network accepting the new transaction as replacing the old one.  This would allow anyone whose transaction doesn't stand out from the spam - or which miners don't seem to want to touch - to get their transaction reprioritized.

With that, any logic added to the client code that ignored blocks that clearly appear to avoid containing valid highest-priority transactions more than a minute or two old would ignore the very blocks an attacker would create.  That could very simply make a 51% attack far less disruptive.  A 51% attack might do little more than exert upward pressure on transaction fees for those who want their transactions confirmed, rather than cripple the network.

Anyone care to refute this crazy thought?

[DeathAndTaxes]

I am not too worried about a 51% attack.

A 51% attack endeavors to create blocks without including valid transactions, right?  Either that, or to give us blocks full of spam.

I believe the client should have a means to resubmit an unconfirmed transaction to the network with a transaction fee, or a higher transaction fee, with the network accepting the new transaction as replacing the old one.  This would allow anyone whose transaction doesn't stand out from the spam - or which miners don't seem to want to touch - to get their transaction reprioritized.

With that, any logic added to the client code that ignored blocks that clearly appear to avoid containing valid highest-priority transactions more than a minute or two old would ignore the very blocks an attacker would create.  That could very simply make a 51% attack far less disruptive.  A 51% attack might do little more than exert upward pressure on transaction fees for those who want their transactions confirmed, rather than cripple the network.

Anyone care to refute this crazy thought?

51% attack is 100% control of network.  You can do a lot more than just delay transactions.

For example I buy 100,000 BTC coins from you.  51% and replace that transaction with one where I sent those coins to another address I control.  You see 100,000 coins disappear from your wallet.

[tvbcof]

I am not too worried about a 51% attack.

A 51% attack endeavors to create blocks without including valid transactions, right?  Either that, or to give us blocks full of spam.

I believe the client should have a means to resubmit an unconfirmed transaction to the network with a transaction fee, or a higher transaction fee, with the network accepting the new transaction as replacing the old one.  This would allow anyone whose transaction doesn't stand out from the spam - or which miners don't seem to want to touch - to get their transaction reprioritized.

With that, any logic added to the client code that ignored blocks that clearly appear to avoid containing valid highest-priority transactions more than a minute or two old would ignore the very blocks an attacker would create.  That could very simply make a 51% attack far less disruptive.  A 51% attack might do little more than exert upward pressure on transaction fees for those who want their transactions confirmed, rather than cripple the network.

Anyone care to refute this crazy thought?

It seems to me that the most damaging thing about a 51% attack would be psychological.  And that if it happened once, it might be able to happen again and again.

I personally am not to worried about a loss of hashing power due to a BTC value collapse and loss of interest, and a subsequent 51% attack.  It seems to me that a viable Bitcoin system could run fine in a fraction of today's hashing power.  There would have to be a compelling reason to mount a 51% attack and some significant coordination.  Promising some mining pool a bunch of  scamcoins in trade for their cooperation a) probably would not be sufficient motivation, and b) word would get out and a lot of miners would likely not cooperate or switch sides to actively support Bitcoin.  Probably a fair number of them would fire up their idle rigs to protect their BTC hoard.

In a truely crazy world where TPTB somehow gathered enough hashing power to attack Bitcoin successfully on an ongoing basis, there would always exist a 'nuclear option' of changing the code and getting users to upgrade (which seems to be what you are alluding to to some extent.)

[Gabi]

Your numbers are wrong.  Not going to waste any more time on them but "the banks" (there is no such single entity) don't have more computing power than Bitcoin.  Bitcoin is larger than 500 largest super computers combined.  

You forget saying that the 500 computers are made out of CPU, that have big memory and caches too, not of GPU  

Comparing cpu with gpu is fail, they are 2 very different thing.

[Transisto]

Your numbers are wrong.  Not going to waste any more time on them but "the banks" (there is no such single entity) don't have more computing power than Bitcoin.  Bitcoin is larger than 500 largest super computers combined.

Bitcoin can be defined as larger than the top 500 only if you decided to measure power by the amount of one of the most basic form of calculation almost nobody has use for.

What do banks and military agencies use their processing power for ? Competitive advantage.
So you think they'd show they card to everyone ?

... Man... almost every day has far more than 7,200 coins sold on the market. Many of these coins are from the mining already. Even if a nefarious entity mined every single coin and sold it, that wouldn't have a lasting or seriously detrimental effect on the market price.

And come on... if a news story like that broke?!  You instantly have a million people around the world suddenly interested in this stuff. Price would not collapse I assure you.

I won't bother calculating this but take the profit of one week at 2 Ths and dump it every sunday to see where price would be.

What news ? There would be no obvious way to know.

It seems to me that the most damaging thing about a 51% attack would be psychological.  And that if it happened once, it might be able to happen again and again.

...   There would have to be a compelling reason to mount a 51% attack and some significant coordination. Word would get out and a lot of miners would likely not cooperate or switch sides to actively support Bitcoin.  Probably a fair number of them would fire up their idle rigs to protect their BTC hoard.

In a truely crazy world where TPTB somehow gathered enough hashing power to attack Bitcoin successfully on an ongoing basis, there would always exist a 'nuclear option' of changing the code and getting users to upgrade (which seems to be what you are alluding to to some extent.)

I agree with everything you said aside from your uber optimism.
I still don't like the idea of having the future of Bitcoin at the mercy of an old fart billionaire or bureaucrat needing "a compelling reason" to spend 2M$ "to mount a 51% attack"

[cbeast]

I am not too worried about a 51% attack.

A 51% attack endeavors to create blocks without including valid transactions, right?  Either that, or to give us blocks full of spam.

I believe the client should have a means to resubmit an unconfirmed transaction to the network with a transaction fee, or a higher transaction fee, with the network accepting the new transaction as replacing the old one.  This would allow anyone whose transaction doesn't stand out from the spam - or which miners don't seem to want to touch - to get their transaction reprioritized.

With that, any logic added to the client code that ignored blocks that clearly appear to avoid containing valid highest-priority transactions more than a minute or two old would ignore the very blocks an attacker would create.  That could very simply make a 51% attack far less disruptive.  A 51% attack might do little more than exert upward pressure on transaction fees for those who want their transactions confirmed, rather than cripple the network.

Anyone care to refute this crazy thought?

51% attack is 100% control of network.  You can do a lot more than just delay transactions.

For example I buy 100,000 BTC coins from you.  51% and replace that transaction with one where I sent those coins to another address I control.  You see 100,000 coins disappear from your wallet.

Your new transaction would be unconfirmed. The transaction can be resent and your attack would be rejected. You can make another 51% attack, but the odds of being successful depend on variance.

[Littleshop]

Your numbers are wrong.  Not going to waste any more time on them but "the banks" (there is no such single entity) don't have more computing power than Bitcoin.  Bitcoin is larger than 500 largest super computers combined.

Bitcoin can be defined as larger than the top 500 only if you decided to measure power by the amount of one of the most basic form of calculation almost nobody has use for.

For the purposes of attacking bitcoin that is exactly how we can and will define it.  Because if you were to attack bitcoin with standard
super computers you would need more then the entire top 500.  You basically proved deathandtaxes point. 

[deepceleron]

The myth is that there is a "51% attack". You would need to sustain 120 continuous blocks of block solving, outpacing the rest of the Bitcoin network, for us not to just take your alternate blocks and orphan them. Even after that, the longest most difficult blockchain would still come out the winner.

[DeathAndTaxes]

Your numbers are wrong.  Not going to waste any more time on them but "the banks" (there is no such single entity) don't have more computing power than Bitcoin.  Bitcoin is larger than 500 largest super computers combined.

Bitcoin can be defined as larger than the top 500 only if you decided to measure power by the amount of one of the most basic form of calculation almost nobody has use for.

For the purposes of attacking bitcoin that is exactly how we can and will define it.  Because if you were to attack bitcoin with standard super computers you would need more then the entire top 500.

Exactly.  Looking at pure computational power isn't a measure of utility.  Sure the largest supercomputers have more utility.  They have large amounts of RAM, low latency interconnects, and access to tremendous storage arrays.  Those may make super computers more useful (in terms of the type and scope of problems they can solve) but are utterly useless when it comes to improving hashing performance.

[DeathAndTaxes]

The myth is that there is a "51% attack". You would need to sustain 120 continuous blocks of block solving, outpacing the rest of the Bitcoin network, for us not to just take your alternate blocks and orphan them. Even after that, the longest most difficult blockchain would still come out the winner.

Well that isn't exactly accurate. It isn't like the bad chain has a "WARNING: THIS IS AN ATTACK CHAIN PLEASE USE THE GOOD CHAIN INSTEAD" sign.  Once it is the longest chain client will orphan the good chain and miners will build off the attack chain.

Also one can pull off a 51% attack in a much shorter time frame.
Deposit 100,000 BTC into Mt. Gox, sell, get Mt. Gox code withdraw.

In "attack chain" (which you keep private until it is 2+ blocks longer than the "good chain") create a transaction which has the same 100,000 BTC but transfer them not to Mt. Gox but instead to an address you control.

Once attack chain is longer, publish it.  Client will orphan the good chain and build off the attack chain as it is longest.  You just minted 100,000 BTC out of thin air and Mt. Gox accounts are now short 100,000 BTC.

Now imagine instead of doing that just once you did it 500 times across 30 different merchants & exchanges.  Also keep the attack chain private longer so that it cause a ripple effect.  i.e. Mt. Gox paid you from the 100,000 BTC account but in the new chain that transaction shows up as "invalid" in your wallet and your coins disapear because history has been rewritten and Mt. Gox never had the coins to pay you to begin with.  Now imagine all the tens of thousands of secondary and tertiary effects.

[casascius]

I was thinking more like a scenario where someone attempts to attack the whole network... as opposed to double spends. If someone scams me, I am just one guy, not quite the whole network, and I would have some idea of who did it (if they had me mail them coins).

If anyone pulled off a double spend on MtGox that would be devastating but there may also be a countermeasure. If MtGox sent you back at least 1 satoshi of your own coins, your double spend would kill your own withdrawal with it. If MtGox merely combined incoming transactions into a single large transactions at a single address and used it for paying large withdrawals, the double spend would be foiled as well, as it would undo all the outgoing payments made since they received your double spent funds.  They wrote their own bitcoind and could do this if they felt threatened. The only way to scam them would be to withdraw USD in that case, which would offer a trail to follow.