Almost no one understands the 51% Attack

[legiteum]

https://www.reddit.com/r/Bitcoin/comments/197m0yc/almost_no_one_understands_the_51_attack/

I came across this thread on Reddit, and thought that community members here would be interested in it since we've discussed this same topic here before. I personally find the subject of the 51% on Bitcoin to be both fascinating and extremely relevant. If there is a systemic risk to the entirety of Bitcoin--even if is a relatively remote one--then this ought to be discussed thoroughly.

Here's the first part of it of the post:

TLDR: A 51% attack encompasses more than just double spending. Double-spending would be the most overt and irrational move an attacker could take. There are ways to profit that don't reveal their control.

A 51% attack simply means that a coalition can censor miners (or block producers under other consensus) who are outside the coalition. Whether that be a long chain of old blocks or all future blocks starting now - it is still a 51% attack.

Most people severely downplay the damage a 51% will cause due to this misunderstanding. A rational 51% attacker does not care about historical blocks - they simply use their majority control to mine 100% of future blocks and, with half the hashpower, earn 100% of the rewards.

[Ambatman]

The thread title is a biasly wrong induction.
Yes controlling 51% and making an attack on the Blockchain is more than double spending and could have way for an attacker to censor other miners by either including or excluding certain transactions in the Block
This gaining more benefit while other miners suffer the losses
But stating it would be 100% subtle is only theoretical
Bitcoin is quite transparent and as time goes someone would be on the abnormalities and a proper response would be taken by the community.
Same applies with miner centralization, though it poses it's risk and the way it's going we getting there since the top 2 mining pool already have a combined hash power of more than 51%.
But if the response of the community is swift the damage could also be mitigated.


Yes most of what the author stated was correct but I feel it overrated the ease in making a 51% attack undetected and Underrated The capabilities of the community.

[vjudeu]

There are ways to profit that don't reveal their control.

It will be clearly visible for anyone, who will type "getchaintips" in their node.

to mine 100% of future blocks

Then why it is called "51% attack", and not "100% attack"? Note that if the group of honest miners still have remaining 49%, then they can still mine, on average, every second block. If it will be reorged, then people will notice that. First, because of chaintips. Second, because all miners in a given pool will suddenly see, that a pool is getting all of their blocks reorged.

So, doing a chain reorganization is not a silent thing. It is visible in logs. It is measured. It will be noticed. And people will take action (for example by leaving the 51% pool, because their reputation will be destroyed).

Even less serious reorganizations were noted, for example: https://bitcointalk.org/index.php?topic=5447129

So, why do you think, that 51% attack will remain unnoticed, if even sigops limit violations were caught? And they are much more silent, because a block, which violates sigops limit, is simply invalid, so you have to receive it directly from a failing node.

and, with half the hashpower, earn 100% of the rewards

This is not the case. If you have 51% mining power, then you can earn 51% rewards on average. Earning 100% rewards require 100% hashpower (or reorging all blocks, mined by everyone else, but then, it is very far from being "silent").

Also, there is one important thing: jumping from 51% to 60%, 70%, 80%, and so on, doesn't make much sense. Because then, you are basically raising your own difficulty, for no reason. And then, you can paradoxically get more coins, by going from 90% to 60%, because then, the difficulty can drop, so you will pay less for electricity.

[legiteum]

But if the response of the community is swift the damage could also be mitigated.

How would the "community" respond? And what exactly do you mean by the "community".

And how would this "community" come to know that an entity has taken over 51% of the hashrate? How would the "community" know who the "attacker" is, and who the "defender" is? Is there some central entity that is going to dub certain nodes "bad" and certain nodes "good"? If so, how do they determine this? By what authority?

For me, one of the most common misconceptions about Bitcoin is that there are human beings involved in running it, and those humans can take action when they "see stuff" they don't like. But this isn't so. Bitcoin is just an algorithm. There are no human beings involved. A node as a vote with it's hashrate, and that's it. You can have whatever personal opinion about a node you want, the only recourse you have is to outvote that node with your own hashrate. Complaining here on Bitcointalk wouldn't do anything. Calling the police won't do anything (they would have no idea who to arrest).

I share the frustration that this author seems to have: lots of people--even a lot of people who seem to think they know a lot about blockchain and Bitcoin--don't seem to fully understand the implications of decentralized system. There is no central authority. There is no "community". There is no nothing except nodes running hashrate. Why is that so hard for people to understand? That's actually the central innovation of Satoshi's Bitcoin whitepaper, and to this day many people simply don't understand it.

[odolvlobo]

There are ways to profit that don't reveal their control.

It will be clearly visible for anyone, who will type "getchaintips" in their node.

It doesn't matter if the attacker is known or not unless you know a way of censoring a miner.

to mine 100% of future blocks

Then why it is called "51% attack", and not "100% attack"? Note that if the group of honest miners still have remaining 49%, then they can still mine, on average, every second block. If it will be reorged, then people will notice that. First, because of chaintips. Second, because all miners in a given pool will suddenly see, that a pool is getting all of their blocks reorged.

It is called a 51% attack because that is the threshold. With 51%, the attacker's chain will always be longer than any other over time. Even when the other 49% find a block, the attacker will eventually catch up and pass any competing branch with its own.

The reason that a pool is unlikely to take over with 51% is that the members of the pool will abandon it before that happens (we hope). No members, no hash power.

BTW, if an attacker successfully attains 51% and rejects all other blocks, then the other 49% might as well stop mining because they will never get another block reward.

[Ambatman]

BTW, if an attacker successfully attains 51% and rejects all other blocks, then the other 49% might as well stop mining because they will never get another block reward.

If other miners starts leaving the cost in mining and the control of the attacker because higher
And the higher or gets the higher the cost
How long would they be able to maintain such.
They would have no choice but to reduce hash rate to a bearable minimum.
Because with no users what would be the value of coins they holding
Except the aim is to attack the system and not benefit.
Which is highly unlikely.

But if the response of the community is swift the damage could also be mitigated.

How would the "community" respond? And what exactly do you mean by the "community".

though community might not be the right word
But when I said community I meant the collective honest miners, full nodes operators, exchanges, developers and users.

Is there some central entity that is going to dub certain nodes "bad" and certain nodes "good"? If so, how do they determine this? By what authority?

well as a decentralized system that operates on consensus there are no bad or good nodes.
It's based on consensus the biggest hash in this case 51% becomes the valid chain.

As a decentralized system with no central Authority, it is run by certain protocols and there are no human hands that can fix it
But we can mitigate the human problem
Once detected, miners who cares about network security in the supposed malicious pool would pull out which would reduce the hash power and full node operators may be able to fork it.


While Bitcoin might be decentralized and have no central Authority, it's continuous resilience relies on these stakeholders acting on its best interest.

[slaman29]

I don't understand the technical details, 'almost no one' fully does, but you can argue 'almost no one' understands how Bitcoin works in the back, this is literally how it is supposed to happen for a user technology. Does 'almost no one' understand how internet works? Does it stop 'the community' from preventing and fighting against attacks?

I propose anyone who thinks a 51% attack is easy to go ahead and try it. Make the hypothesis into theory. Then prove the theory, again and again. Then it becomes a fact.

[MeGold666]

It's not that people don't know about other types of attacks that can be done with having 51% (and some of this attacks can be done with less than that), it's that double spending would make the most damage to the trust in Bitcoin.

Other types of attacks like reorgs, censorship, stiffing mining competition have less impact on the trust.

[Accardo]

With 51%, the attacker's chain will always be longer than any other over time. Even when the other 49% find a block, the attacker will eventually catch up and pass any competing branch with its own.

So, literally the attacker has to start building a new chain from the genesis block? or would they be a way to maneuver the honest chain and advance from there? Nevertheless, it's quite unrealistic to possess a hash rate that supersedes that of all other miners combined.

[Ambatman]

I don't understand the technical details, 'almost no one' fully does, but you can argue 'almost no one' understands how Bitcoin works in the back, this is literally how it is supposed to happen for a user technology. Does 'almost no one' understand how internet works? Does it stop 'the community' from preventing and fighting against attacks?

I propose anyone who thinks a 51% attack is easy to go ahead and try it. Make the hypothesis into theory. Then prove the theory, again and again. Then it becomes a fact.

fortunately engaging in such is quite expensive
Except the individual goal is nothing but destroying the trust of individuals in the Blockchain no matter the cost.

With 51%, the attacker's chain will always be longer than any other over time. Even when the other 49% find a block, the attacker will eventually catch up and pass any competing branch with its own.

So, literally the attacker has to start building a new chain from the genesis block? or would they be a way to maneuver the honest chain and advance from there? Nevertheless, it's quite unrealistic to possess a hash rate that supersedes that of all other miners combined.

No they don't have to build a new chain from the Genesis block
They can start from the latest block or go further back if they plan on reversing a specific transaction
But the goal is that their private chain have to grow to the extent it becomes longer than the honest chain by continuously mining Blocks faster than other miners.
With 51% hash power  
Once their chain gets longer than the honest they can then broadcast it and the nodes would take the longest chain as the Valid
There by making double spending possible

But The cost in starting and maintaining it is astronomical, not to mention difficulty adjustment that's makes sure mining becomes more competitive.
It's theoretically possible but implementing it is hard and should be considered irrational.

[Catenaccio]

51% attack or 80% attack, miners will separate to longest and smaller chains. If assume the attacked longest chain is refused by Bitcoin community as an original chain, they will use the smaller chain as Bitcoin. The longest chain will become a chain of shit coin like many Bitcoin forks created, and died with time.

The good one will stay with us, and a bad one will rot and die with time. A longest chain done by attacks will not be able to last for so long.

How many Bitcoin forks are there?

[DaveF]

We have been hearing about a 51% attack for years now, it's never happened.

There are 2 possibilities of it happening.
1) By a private entity
2) By a government.

If it's #1, it would have to be the size of Apple or Amazon or similar with a ton of data centers and and insane amount of electricity and staff to run it. It would cost a fortune and there would be a shareholder revolt.

If it's #2 then it does not matter, it would have to be a larger country, with once again enough money to buy the miners and available electricity to run them. At which point it's just easier to ban all businesses that deal with BTC and start putting in very harsh penalties if caught dealing with it.

There are also much easier and cheaper ways of doing a 51% attack that don't involve buying miners just you have to run a pool:

There was a discussion a few years about how the government / bank / whoever would not even have to buy all the miners.
All they would have to do is setup a phony PPS pool that paid some stupid amount of PPS say 120%.
All the miners would flock to that pool, and all they would have to do then is slowly wait till a few of the larger pools went bankrupt since everyone else is mining there.

You would have the pools like foundry that are using their own miners, but how long till the investors start to bail since they are not showing the numbers that other places are.

Yes, there are several flaws with this. But you bet it would cause enough disruption of mining to allow them to do other things.

All it all, a 51% attack from the government / big business is not a big worry for most people.

-Dave

-Dave

[vjudeu]

It doesn't matter if the attacker is known or not unless you know a way of censoring a miner.

It does matter, because if users will stop using a given coin, then it will lose its value. Guess what: some people tried to fork Bitcoin, and they reached 51% for a short period of time. What happened next? Well, people simply sold their ALTs for BTCs, and moved on. And the same thing can happen again: you get 51%, you reorg some valid blocks, mined by other miners, and then everyone will abandon your chain, so you will be left with a lot of worthless coins.

then the other 49% might as well stop mining because they will never get another block reward

It is never the case. Miners are long-term investors. They will rather mine an altcoin, than stop mining. Which means, that if some transactions will be censored, then miners will form just another altcoin, and users will join them, because then, they will have at least some confirmations, instead of constantly seeing zero confirmations in the attacker's chain.

Currently, there are some altcoins, which have something around 1% of double SHA-256 hashrate. And guess what: they are still maintained, there are still some users, and even though the value of their coins decreased, their altcoin is still actively used. And when they were attacked more heavily, they introduced more rules, like "max 10 blocks chain reorganization", and other consensus changes, which allowed them to keep running their chain, no matter how hard they are attacked.

So, to sum up: a silent attack has much more chances to succeed. For example: the latest testnet4 soft-fork was silent, and many blocks were produced, before people noticed, what happened, and triggered a huge chain reorg, to fix it. But eventually, everything went back to normal, and timewarp rules were enforced properly. Because Bitcoin is not ruled by miners. And I know, that it is true, because it is not the first time, when I can see, that users can enforce their rules, and force miners to mine the blocks they want. Because miners are like entrepreneurs, making blocks, and selling them to users. And if you have 51%, and you use it for attacking, then nobody will buy your blocks, and they will lose their value immediately.

[Segmadis]

As already explained, but 51% is two things, not easy, and not cheap. By not cheap, currently I doubt there is a single entity on this planet that will gladly spend Billions (with B) for this kind of attack which is not even sure to succeed.

[stompix]

There are ways to profit that don't reveal their control.

It will be clearly visible for anyone, who will type "getchaintips" in their node.

to mine 100% of future blocks

Then why it is called "51% attack", and not "100% attack"? Note that if the group of honest miners still have remaining 49%, then they can still mine, on average, every second block. If it will be reorged, then people will notice that. First, because of chaintips. Second, because all miners in a given pool will suddenly see, that a pool is getting all of their blocks reorged.

Because you need only 51% to attack it that way and 50.1% probably wasn't catchy!
But yes he is right about it, a guy with 51% of the hashrate will be able to mine all the blocks and people noticing that won't matter, it would be like realizing a guy is beating you and you lie down on the floor with no power, what is realization going to do?
Also, miners won't all suddenly see that large operations maybe, smaller ones, no way, it would take even days in some cases before some realize they are getting trashed.

If other miners starts leaving the cost in mining and the control of the attacker because higher
And the higher or gets the higher the cost
How long would they be able to maintain such.

It's the opposite, legit miners will see their blocks getting reorg with nothing to do so they will quit, the hashrate will go lower and the attacker will never fewer and fewer resources.

But when I said community I meant the collective honest miners, full nodes operators, exchanges, developers and users.
Once detected, miners who cares about network security in the supposed malicious pool would pull out which would reduce the hash power and full node operators may be able to fork it.

And? What are they really going to do? Fork the chain? What good will that do, the attacker will attack the new chain!

The good one will stay with us, and a bad one will rot and die with time. A longest chain done by attacks will not be able to last for so long.

And then they will move to your new chain and attack this one, and then again, and again...imagine the price after two such events.

The thing about such an attack is simple:
- yes, it's possible
- it's all about $
- is it worth it? not really!

[legiteum]

Perhaps another related discussion here is: what if all three of the mining companies who currently comprise >51% of the Bitcoin hashrate were taken over by clandestine means, and the hackers subtlety changed the data store to (say) edit the chain and add their own blocks?

In terms of cost, this would be perhaps 3x more expensive than the average hack of a single company, which for a sophisticated player e.g. Russia or Iran or PRK, this would not really cost anything per se since they do this all of the time.

Any attacker here wouldn't be stupid and simply do something that would be immediately detected--they would quietly insert their own blocks (etc.), trade with them, and essentially infect the whole network. After a few hours/days/weeks of this happening, it wouldn't matter if the hacks were discovered since the integrity of the entire chain would be utterly incinerated since nobody could know which transactions were made by the attackers and which were made by normal users.

Understand that there is, for instance, no way to simply "turn off" Bitcoin while some central authority figures out what went wrong. The network would keep going and going in realtime (and in a situation where the network integrity was in question there would be a massive "run on the bank" situation with basically every single holder trying to trade their Bitcoin for USD).

And while I will be the first to say that such an attack is "unlikely", that is not the same as saying it is "impossible". My savings account is probably stored in a not-internet-connected mainframe at a Big Bank, and it's backed up to WORM storage in (probably) multiple geographical locations. It is "unlikely" that may savings account at Big Bank will be lost, and this is definitely not something that is very common (in fact I've never heard of this happening to a prominent bank ever). I don't lose sleep worrying that my savings account will be hacked just as I don't worry about every airplane I board crashing--because it's very unlikely.

The question is, in terms of systemic risk, which is safer: your Big Bank savings account, or Bitcoin? I would argue the former, based on everything we know right now. This is based on a security assessment that takes into account track record, system complexity (banks use braindead non-internet-connected mainframes that have stood the test of decades of time), and system governance (same deal: banking regulations and industry-standard practices around access, personnel, etc. that have been hardened over the decades for banks, whereas all of this is brand new for Bitcoin).

The point is, anybody who tells you it is "impossible" that Bitcoin is hacked and the value of your holdings could never go to zero are... wrong. Unlikely maybe, but not impossible.

[franky1]

Perhaps another related discussion here is: what if all three of the mining companies who currently comprise >51% of the Bitcoin hashrate were taken over by clandestine means, and the hackers subtlety changed the data store to (say) edit the chain and add their own blocks?

a pool is not a single miner

pools are a collective of hundreds of thousands of miners, a 51% attack would require atleast one million asics working collectively
and if a pool was to be doing any shenanigans that cause financial risk to all those asic owners, they would jump away to another pool

for instance if a pool manager had a community of 1million asic owners and their pool started winning every block but the pool manager was not paying out rewards to those asic owners. the asic owners would jump to another pool.
if the pool manager was to start doing empty blocks of zero transactions so that those with coin cant move their coin, again asic owners would jump pools because they too cant spend coins they have or will get if they stay

by a pool manager denying transactions, even services will start to want to reject blocks with zero tx. (and yes they can because behind every algo filled node is a human at the computer that has a keyboard, commanding the node(bitcoin is not AI))

what you find is that the bitcoin economics work great because those that try to cheat it lose out in the end and those that operate honestly end up winning.
there are many mitigating factors that are in place and also extra scripts that services have and people operating nodes as extra precautions

even the most simple thing of block rewards cannot be spent for 100 blocks means that a malicious pool has to win constantly for 16 hours before it can even spend its first malicious block reward. thus even at the 15th hour of being malicious the honest part of the network and services that want an honest network can decide to re-org a crap tonne of empty blocks and accept honestly filled blocks or other factors of preference

thus even a malicious actor ends up gong straight to remain relevant.. and thats even when asics can jump to any other pool in under 20 seconds but have hours of time to see the malicious actors failures before the malicious actor can even profit from its maliciousness, so again a malicious actor wont want to be malicious if they are not making profit. and if they cant make profit per block for 16 hours delay per block, then the likely hood of them being malicious at all is negligible due to the risk of losing all of their efforts before the 16th hour delay between creation and spendability

[legiteum]

pools are a collective of hundreds of thousands of miners, a 51% attack would require atleast one million asics working collectively
and if a pool was to be doing any shinanigans that cause financial risk to all those asic owners, they would jump away to another pool

Hundreds of thousands of nodes running... one copy of the software. Hackers would presumably hack the software, not the individual ASICs.

[franky1]

pools are a collective of hundreds of thousands of miners, a 51% attack would require atleast one million asics working collectively
and if a pool was to be doing any shinanigans that cause financial risk to all those asic owners, they would jump away to another pool

Hundreds of thousands of nodes running... one copy of the software. Hackers would presumably hack the software, not the individual ASICs.

1. asics do not have a full node software in them.. in simple terms an asic receives a basic hash and some blockheader data via a different communication method(its called stratum) than the normal node relay network, and re-hash it trillions of times until it makes a difficult hash and send the difficult hash back (hash in -hash out) via the stratum connection..  asics are not full nodes and have a separate communication path to the pools compared to the bitcoin peer network of nodes

2. asic owners have a asic that (simple terms hash in-hash out) and separately have a computer that has a full node to watch the blockchain for other purposes including risks and if they get paid

3. asic owners can jump their asics activity over to other pools if the owners notice a pool is doing some funky stuff
so if a pools node is infected.. asic owners (remotely) can just change pools. via each asic owner looking at their own separate node for instances of malicious/funky stuff


im starting to think that you make posts with some silly assumptions to poke and trigger people to correct you so that you learn by being spoonfed info rather than actually spending the time to learn things properly by actually researching aspects of bitcoin(its starting to become a common occurrence with certain people.. play dump to prompt people to correct you on purpose as a lazy way to learn)

its like those preppy kids that hire a tutor to just give them the answers by acting ignorant to the subject rather than actually reading about things and learning via looking for information
try to learn about all the mitigating factors that actually make a potentially malicious pool not profit and instead want to operate honourably to profit. (hint there are many factors at play)

[odolvlobo]

So, literally the attacker has to start building a new chain from the genesis block? or would they be a way to maneuver the honest chain and advance from there?

In theory, the attacker can start at any block because they will eventually surpass the other miners as long as they maintain a majority. They would not necessarily have to start with the genesis block. It depends on their goal.

Nevertheless, it's quite unrealistic to possess a hash rate that supersedes that of all other miners combined.

It is naive to believe that a miner (or pool) cannot reach 51% as it has already happened once.