How exactly would a 51% attack work?

[skinturtle]

Subsidy or not the cost is real.  At this point there is no economic demand for an 8TH network.  Maybe not even enough for a 1 TH network.  The current network (at a guesstimate of 2MH/W, $0.10 per kWh and $1 per MH capital cost) consumes nearly $10,000 daily in electrical power and burns through another $1000 in depreciating hardware).  That simply isn't sustainable given the tiny amount of economic activity actually occurring. 

Since we're bringing things back from the dead:

Assuming 200,000 btc trade hands at lets say an average of $10, (just at mtgox) thats 2 million per day, with mining costs of 11,000 per day. Is this not a favourable ratio?

Probably not.  Just because 200K BTC trades ON the MtGox exchange (which has nothing to do with the blockchain) doesn't mean an attacker could profit from all that.

So an attacker has a large number of BTC.  He deposits it on MtGox and then starts building an "attack chain" in secret.  Even if he converted the 200K into $2M he can't withdraw that in a day.  Tier 3 verification (requires requires an apostle seal from your state govt for US residents) is still limited to $100K per day ($500K per month).  So an attacker "could" in theory profit $500K in 5 days.  Of course that ignores the effect of an additional 50K BTC in selling pressure driving down the price.

However in 5 days an honest miner could generate $225,000.  So the ratio between good and bad is much smaller.  Also the only way you are moving $500K in 5 days is by bank wire which is going to leave a trail.  So $225K honestly or $500K + $225K = $725K and risk of going to prison?  Factor in some delays by MtGox on wires and it may require more like 10 days to ensure you have sufficient funds which makes the attack more like $450K honestly or $950K + prison.  Worse say there is a mixup or an AML/KYC hold by one of the banks for 15 days.  Ouch more and more hashing power just to get this "easy" $500K.

Of course even if successful you are now a wanted man and likely wouldn't get more than one attack.  Next month if you tried again (even with a new account) MtGox likely would have lower limits or more stiff validation so it is a low return of then $20M or so you spent on hardware.  Plus nobody is going to run a 10TH/s farm by themselves you are talking an entire crew (admin, technical, electricians, security - you weren't going to leave $20M unguarded in some warehouse were you).  Seems a pittifully small "score" divided 5? 10? ways to risk prison. 

Much easier to just offer 7% returns and have people hand you 10x as much with no strings attached.

Satoshi designed it well.  The economic disincentive for doing the wrong thing makes it very unlikely there will ever be an economically viable 51% attack.  The only real threat is a non-economic 51% attack (where the attacker sees the attack as simply an unrecoverable cost to destroy Bitcoin).

Thank you for explaining this so well, I'm new to Bitcoin so I'm looking into all the flaws before I dive in.. So thank you.

[Elwar]

I did this once. Went to that bar in Orlando that accepts Bitcoin. Bought a beer and some nachos and paid in Bitcoin. What they did not know is that I overclocked my CPU at home to 66MHz and executed the 51% attack perfectly.

By the time I walked out, the Bitcoin I had used to buy the beer was back in my wallet and nobody was the wiser.

Though when I got home, my overclocked computer was fried. Lost all of my favorite gifs and clean Win3.1 install.

[DeathAndTaxes]

An attacker would only need 51% of the total network hash rate if all miners were working cooperatively to solve the next block. Not just working in pools but collectively focused on executing the exact same process. But because miners are competing with each other, running independent and probably redundant processes, an attacker only needs to be faster than the fastest mining node on the network, either using a single fast node or a pool of cooperating nodes with a combined speed that is faster than the fastest miner on the network.

That is 100% incorrect.  In the future how about phrasing things you don't know as a question.  There are no redundant attempts on each block (baring the implementation issue at a specific pool where the pool incorrectly issues the same work to more than one worker).

[Redtea]

The blockchain should have checkpoints every X blocks to limit the time the attacker has to act.  Then if you wait 2x blocks you should be pretty safe.  Blocks 1 to x are checkpointed by block x+1, which itself will be checkpointed by block 2x+1.

I think the bitcoin client already does this.

There are manual checkpoints hardcoded with each release.  I'm proposing a much higher frequency of checkpoints.

You really think so? -_-

[bl0ckchain]

There's some great information here explaining the 51% attack.

One thing I didn't see mentioned was how Satoshi was planning on building a 51% attack defense into the code. But he got spooked and vanished after Gavin informed him that he was going to talk to the CIA/feds about Bitcoin. A few years after Satoshi's disappearance, a young Canadian programming student studied the existing code and engineered the missing 51% defense system that Satoshi was unable to complete.

This is the system currently integrated in Goldcoin (GLD).

[DeathAndTaxes]

I may not know much about Bitcoin but I know a lot about computers. There is no way multiple instances of the same hash algorithm running on independent computers can avoid executing the same code on the same values. It's extremely redundant.

Once again making false statements as fact.  Why not say "I believe it is redundant" or "I can't see a scenario where miners unknown to each other don't duplicate work accidentally?".  You state you don't know much about Bitcoin but you feel confident about making absolute statements of fact about something you don't know much about?

The different computers (1, 2, a trillion it doesn't matter) use different inputs and thus (barring some isolated implementation errors) never attempt work which has already been attempted.  Miners aren't hashing some random value, they are hashing the blockheader and Satoshi designed it so there would be no duplication of work.

https://en.bitcoin.it/wiki/Block_hashing_algorithm

Even if everything else is the same in a block, the coinbase tx for each miner will be unique and thus the hash for that tx will be unique and thus the merkle tree will be unique and thus the merkle root hash will be unique and thus the blockheader will be unique.

[ning]

...

So IMHO the only reason to 51% the network is to kill it.  A currency has value only if its value can be trusted.  Bitcoins which can disappear at the will of an attacker have no value.  The collapsing price, falling hashrate, and reluctance of merchants to accept them after a 51% attack will kill Bitcoin.