Hi Bitcoiners,
We took the initiative to write an article about the 51percent attack in the Bitcoin network. The aim is to explain in a clear and understanding way the 51percent attack and its practical risks so that people who are new to Bitcoin could understand it.
The article is not published on our blog yet, it's only released for bitcointalk users for the moment:
www.gatecoin.com/blogEnjoy the read, don't hesitate to leave feedbacks, and if you want, check our blog!
=======================================================
The 51percent attack issue was brought-up recently in the Bitcoin Media. Certain media even affirm that this is one of the major challenges facing the Bitcoin Network. The Gatecoin Team gives its understanding of the problem, and how it could impact on the Bitcoin Network.
A basic principle of the Bitcoin NetworkIn a decentralized digital currency model such as Bitcoin, with proof of work transactions validation, the miners are the network’s accountants.
The 51percent attack: Where it comes fromThe origins of the 51 percent attack: the math-based model to avoid the double-spending issue, which leads to practical economic challenges
The double spending is the result of successfully spending some money more than once. Bitcoin protects against double spending by verifying each transaction added to the blockchain to ensure that the inputs for the transaction had not previously already been spent.
Indeed, when you send a transaction to the network, it is relayed to all the miners for inclusion in the blockchain. Each miner is trying to include a block of transactions to the blockchain to get your transaction fees and some newly minted currency units. To avoid having two miners submitting at the same time two different blocks (which would then cause a fork) they are required to do some complicated computations. These computations are calibrated by the network to take on average ten minutes for the miners as a whole, with a fairly large variance (ten minutes as well). As our mining readers will know, for a single miner the average time to find a solution (and the variance) are of course much higher.
The miners have to compute the solution of Hash(x)=y, which is done via brute force. With a constant hashrate, the probability of finding the solution in time t has the same distribution as the Poisson process. It can take up to an infinite time (long tail), but on average it will take ten minutes. It has no memory, even after mining for hours, you still have the same probability of mining a block.
Poisson distribution for different mean values. The average time for the first miner to find a block in the bitcoin protocol is x=10 min.
The large variance is essential to minimize the probability of having two miners finding the solution the solution at the same time. As two miners will take very different times to solve the problem, one will very probably find the solution and have the time to broadcast it to the network before the other does. The solution found is minted with the miner’s address, so no one else can take the prize for itself.
Then the other miners can approve that miner’s solution and include the block. Once the solution is found, it is easy to verify that it is valid.
Why are miners pooling? The big issue is that miners pay for expensive hardware and get very uncertain rewards (by design as we have seen). Economically it then makes sense for them to pool their efforts and lower the volatility of their rewards. This is very similar to stock markets investors buying a basket of stocks to lower the volatility of their overall portfolio.
Why is an overperforming mining pool a threat to the Bitcoin network?These pools of miners can reach very high computational power on the network. The issue is when there is a mining pool which is overperforming compared to others, such as GHash.io recently. Indeed miners have been more attracted to GHash.io, consequently the overall computational power of the mining pool increased much more than others. This led up to reach the critical 51percent limit (or more precisely up to anything above 50percent) of the total computational power of the Bitcoin network.
What could happen then?The “Finney” Attack, or the (in)famous 51percent attack.
The 51percent attack: a disaster for Bitcoin in case of overperforming malicious mining entity The "Finney attack"
In theory, it is possible that a malicious pool could for example retain a valid block it solved, where it spends coins, and spend the same coins with a merchant accepting zero confirmation transactions. Once the goods are received, it releases the block, invalidating the payment. The miner does not even need 50percent for this attack, but as few merchant will accept zero confirmation transaction for significant amounts, this renders this attack irrelevant in practice.
The possibility of preventing transactions
The mining pool could prevent transaction from entering it’s blocks but that would only affect the blocks it validates
The possibility of reversing transactions
For that to happen, the mining pool would have to start from a block before the transaction and mine from there a bigger number of blocks than there is currently in the blockchain. In effect the attacker would recreate a new blockchain on his own. That is extremely unlikely but if the attacker has consistently more than 50percent of hashing power he would succeed over time with probability one.
The 51percent attack: how important the risk is and how to mitigate it The issue can be alleviated in other digital currencies when replacing the proof of work by a proof of stake. Proof of stake replaces computational power with currency holding for giving the right to validate transactions.
In the current Bitcoin proof of work system, an attacker needs to obtain over half the current network hashing capacity for a significant amount of time to perform a so-called "51percent attack".
If Bitcoin was proof of stake, an attacker would need to obtain over half of the bitcoins in existence, a probably even more expensive and difficult feat. Moreover, performing a 51percent attack and likely devaluing Bitcoin significantly wouldn't be all that appealing if you are so heavily vested into it.
Some digital currencies (NXT, PPC) do use the proof of stake system. Yet, it leads to other issues related to the transactions validation, replacing the risk of 51percent attack. As Gavin Andersen, Bitcoin lead developer and member of the Bitcoin Foundation, declared it on Reddit, there is no natural incentive stopping a miner from assigning their stake to multiple, competing chains. Consequently, by using the proof of stake, you have a lower risk of 51percent attack but a more significant risk of... double-spending, which is exactly the original problem the proof of work aims at solving.
Anyway, to us it feels the 51percent attacks are probably not the most important hurdle facing Bitcoin.
For an attacker with infinite hashing power, creating a parallel blockchain would essentially destroy the Bitcoin and render all his (very expensive!) efforts worthless. The Bitcoin network has never experienced a 51percent attack but frequently faced technically cheaper attacks such as denial of service.
However, it is clear that a 51percent attack could have terrible consequences on the Bitcoin network. Some would say a way to solve the issue is to regulate the % of computing power of these mining pools in order to maintain a "healthy" competition in this sector, but we should aim for a built in incentive.
Some cryptographic solutions are worth researching, like Lamport signatures, which appear to be promising, although they would weigh down the blockchain...
The 51percent attack is an inherent threat of a proof of work system, time will tell if this theoretical issue would affect the effective Bitcoin network in practice. So far, so good.
The Gatecoin Team.
Sources:
Bitcoin Wiki. Weaknesses.
Satoshi Nakamoto. Bitcoin: A Peer-to-Peer Electronic Cash System.
Meni Rosenfeld. Analysis of Bitcoin Pooled Mining Reward Systems.
Criticisms of proof of stake. Reddit
Preventing Mining Pool Concentration with Lamport Signatures. Medium.com
