Anatomy of a 51% Attack

[zachamo]

I see a LOT of talk about the horrors of a 51% attack and very little understanding of what that entails..

This is my understanding of a 51% attack based largely on Satoshi's original white paper. PLEASE do not hesitate to correct me on any of these points.

The Anatomy of a 51% Attack

Prerequisites:

1. A 'Bad Actor' gathers enough hash rate to outpace the rest of the network's block creation for at LEAST 6 blocks (Approx 60 or 120 minutes based on 2 scenarios below)
 Scenario a) Bad Actor participates in the network prior to their attack and gradually builds hash rate until it accounts for ~51% of the network's hash rate (luck plays a role beyond sheer % hash)
 Scenario b) Bad Actor wishes to go completely undetected and does not participate in the network prior to the attack, in which case he needs %101 of the network's hash (enough hash power to outpace the entire network)

2. Bad Actor has Bitcoin. Probably a lot of it.

Motive

The most likely reason for a 51% attack is to renege your Bitcoin transactions; you can't really steal bitcoin from other people's wallets, but you can send someone Bitcoin in exchange for something else of value then make that transaction disappear.

Another reason for a 51% could be to block transactions -- you could effectively control who is able to send bitcoin by only encoding your desired transactions in the blocks that you solve during your attack, though odds are that the transactions will make it into the blockchain later.

The Attack

If the bad actor is participating in the network prior to the attack (Scenario A above), they would have to pull all of their resources 'offline', effectively disconnecting from the public Bitcoin network and continuing to mine bitcoin in a closed network, creating an intentional 'fork' in the blockchain that would have to outpace the public blockchain. It's notable that this would result in a ~50% reduction in the public network's hash rate, which would be quite notifiable and would double the time to solve blocks (up to about 20 minutes).. 6 Confirmations would now take 2 hours.

The Bad Actor then submits transactions through the public Blockchain, for which they receive compensation; likely something non-physical and of immense value so as to make this a worthwhile endeavor AND to remain anonymous once the attack has been discovered (it may be possible for them to actually get bitcoin in return and retain it; I'm unclear on this) - this would notably require a significant amount of Bitcoin to begin with. On their private version of the blockchain, they move the SAME Bitcoin that was used to purchase their bounty on the public network into another wallet, likely one they own.

Once they have received their compensation / purchases (likely after a number of confirmations on the public network) they open their private version of the blockchain up to the public network and the two different accounts of the Blockchain merge. Assuming they've managed to keep ahead of the public network in block generation, the Public network's Blochchain is nullified and the Bad Actor's version of the Blockchain overwrites it on the public network.. We now have a conflict: the bad actor's Bitcoin was spent differently on the two Blockchains, and as the bad actor's version now overwrites the public network's version of things, he not only keeps whatever he purchased, but he also keeps his Bitcoin (which will likely devalue now that a 51% attack has occurred) safely tucked away in another of his wallets.

Conclusion

At the end of the day, it's simply very challenging to imagine just how anyone could make this a profitable endeavor. Even if you don't have to purchase and operate millions of dollars worth of mining equipment (i.e. you manage a pool and create your alternate blockchain using other miners' hash power), you'd still be hard pressed to assure your safety and anonymity and turn much of a profit.. The presumption is that you begin the attack with significant Bitcoin holdings (which you would retain) and your own actions would serve to devalue this investment. In terms of rewards, there are only so many things of great value that one can purchase anonymously, and a cryptocurrency would probably be one of the most likely candidates, though you would still devalue the markets such that getting a return on this kind of scheme probably wouldn't pan out.

At the end of the day, the people most likely to perform such an attack would effectively be people with a vested interest in severely damaging or destroying the cryptocurrency landscape; people who were not looking to turn a profit and likely are willing to take a substantial loss in order to cause such damage.

Anyhow, I need to go to sleep, but this has been irking me and I wanted to hammer it out.. Would love to see some thought provoking discussion on this!

Cheers
Zachamo

[haploid23]

Who says it has to be about profit? If someone or some organization is to perform a 51% attack, it's very unlikely they're doing it for profit. Once this occurs, all their btc will also be useless too, so they really only have 1 shot at racking in the profit. If they own 51% of the network, it's much more profitable to mine long term. Rather, a 51% attack will be to maliciously kill off bitcoin.

[reg]

Who says it has to be about profit? If someone or some organization is to perform a 51% attack, it's very unlikely they're doing it for profit. Once this occurs, all their btc will also be useless too, so they really only have 1 shot at racking in the profit. If they own 51% of the network, it's much more profitable to mine long term. Rather, a 51% attack will be to maliciously kill off bitcoin.

yes! the only entities with the resources to kill btc are the government and banks . However even if they already have determined their time is up they cannot muster the necessary expertise to counter this in time. They have their hands full, consider the bond market is about to implode,  nation states are unable to service interest on loans and technically are already in default, the euro has negative interest rates and the dollar will soon follow. There are no resources to attempt any repayment of current debt so hyperinflation and social collapse worldwide is (in my opinion ) inevitable quite soon. From the perspective of btc being able to monopolise the block rewards for the rest of the duration of mining is the best long term option.   The only solution I see is being carried out currently by sufficient altruistic miners switching to named pools such that the ratio of the the largest pool plus unknown is less than 51% Thus at least half the blocks go to the dispersed community instead of one entity. Over time the btc will disperse more equally because  even large holders will need to convert valuable numbers into real assets at least to maintain their own lifestyles.

[zachamo]

Who says it has to be about profit? If someone or some organization is to perform a 51% attack, it's very unlikely they're doing it for profit. Once this occurs, all their btc will also be useless too, so they really only have 1 shot at racking in the profit. If they own 51% of the network, it's much more profitable to mine long term. Rather, a 51% attack will be to maliciously kill off bitcoin.

as per my conclusion:

At the end of the day, the people most likely to perform such an attack would effectively be people with a vested interest in severely damaging or destroying the cryptocurrency landscape; people who were not looking to turn a profit and likely are willing to take a substantial loss in order to cause such damage.

[InwardContour]

Who says it has to be about profit? If someone or some organization is to perform a 51% attack, it's very unlikely they're doing it for profit. Once this occurs, all their btc will also be useless too, so they really only have 1 shot at racking in the profit. If they own 51% of the network, it's much more profitable to mine long term. Rather, a 51% attack will be to maliciously kill off bitcoin.

the world revolves around money, it would have to be done for profit.

[zachamo]

Who says it has to be about profit? If someone or some organization is to perform a 51% attack, it's very unlikely they're doing it for profit. Once this occurs, all their btc will also be useless too, so they really only have 1 shot at racking in the profit. If they own 51% of the network, it's much more profitable to mine long term. Rather, a 51% attack will be to maliciously kill off bitcoin.

the world revolves around money, it would have to be done for profit.

But bearing in mind that Bitcoin threatens the profitability of several other businesses, someone could be motivated by preserving their current profits.. Imagine something like Western Union -- even if it cost them millions, crushing the crypto movement could still net them a profit in the long run.. That said, I can only imagine the backlash were such a business to ever sponsor such an attack and get caught.

[InwardContour]

Who says it has to be about profit? If someone or some organization is to perform a 51% attack, it's very unlikely they're doing it for profit. Once this occurs, all their btc will also be useless too, so they really only have 1 shot at racking in the profit. If they own 51% of the network, it's much more profitable to mine long term. Rather, a 51% attack will be to maliciously kill off bitcoin.

the world revolves around money, it would have to be done for profit.

But bearing in mind that Bitcoin threatens the profitability of several other businesses, someone could be motivated by preserving their current profits.. Imagine something like Western Union -- even if it cost them millions, crushing the crypto movement could still net them a profit in the long run.. That said, I can only imagine the backlash were such a business to ever sponsor such an attack and get caught.

It would cost Western Union a lot more then "millions" (or any other attacker) to launch a 51% attack on the network.

Assuming that it costs $1,850 per TH/s and a network hashrate of 110 PH/s an attacker would need to spend ~$101 million in order to launch a 51% attack. This would account for less then one years worth of Western Union's revenue, however bitcoin does provide for some of this revenue from trades. Western Union does currently have advantages of being on the correct side of the law as they are a registered money transmitter. With difficulty rapidly increasing it will become rapidly difficult to implement such an attack. Additionally an attacker would need to purchase this capacity in the open market and it should be obvious that someone is going to launch such an attack when the price of miners increases with the additional purchases, this would provide opportunity to somehow defend against a 51% attack.

[zachamo]

Assuming that it costs $1,850 per TH/s and a network hashrate of 110 PH/s an attacker would need to spend ~$101 million in order to launch a 51% attack. This would account for less then one years worth of Western Union's revenue, however bitcoin does provide for some of this revenue from trades. Western Union does currently have advantages of being on the correct side of the law as they are a registered money transmitter. With difficulty rapidly increasing it will become rapidly difficult to implement such an attack. Additionally an attacker would need to purchase this capacity in the open market and it should be obvious that someone is going to launch such an attack when the price of miners increases with the additional purchases, this would provide opportunity to somehow defend against a 51% attack.

yes, it would cost a small fortune to buy that kind of mining power, but if they started a pool with some amazing value proposition, they could find themselves in a ghash.io scenario, with the majority of the network under their control...

"but then everyone would switch pools"

probably true, but what if they were operating 2-3 pools? they could still outpace the network and people wouldn't really see it coming.. this is part of the problem with pools -  I don't believe satoshi really accounted for pools..

where I'm left curious is around p2pool.. Could a mass migration to p2pool help mitigate the riak of such an attack? would love to hear from someone who is well versed in how p2pool works.