Bitcoin Forum
December 05, 2016, 12:58:56 PM *
News: Latest stable version of Bitcoin Core: 0.13.1  [Torrent].
 
   Home   Help Search Donate Login Register  
Pages: [1] 2 3 »  All
  Print  
Author Topic: What it costs to kill Bitcoin: $20 million  (Read 5590 times)
Gibybo
Newbie
*
Offline Offline

Activity: 6


View Profile
May 13, 2011, 07:08:53 AM
 #1

The amount of money miners make from mining per year: avg transaction fee * transactions per block * blocks per year + bounties in BTC generation. Bounties will eventually go away, and the value of the currency depends on its ability to be secure even when there are no bounties, so I'm going to remove them from future calculations.

Two of those numbers are fixed, so we get a maximum of: avg transaction fee * 4000 * 50,000, or avg transaction fee * 200 million.

Assuming the amount of money miners spend on hardware is <= the amount they get paid, it follows that any individual or cooperative entity can own 50% of the network's computational power for a cost <= the amount the miners get paid.

So, the cost for any individual or cooperative entity to destroy the Bitcoin network is 200 million * the average transaction fee.

If transaction fees are the equivalent of 10 cents per transaction, PayPal can spend $20 million to destroy Bitcoin. If they are $1 per transaction, PayPal can spend $200 million to destroy Bitcoin.

Even if transactions were the equivalent of $100 per transaction, it would only cost a sufficiently motivated government $20 billion to destroy the network.

Please tell me I'm wrong, because that looks pretty weak.
1480942736
Hero Member
*
Offline Offline

Posts: 1480942736

View Profile Personal Message (Offline)

Ignore
1480942736
Reply with quote  #2

1480942736
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
FreeMoney
Legendary
*
Offline Offline

Activity: 1246


Strength in numbers


View Profile WWW
May 13, 2011, 07:35:21 AM
 #2

Why do you think the network is dead if someone has half of the network power? Have you researched this at all?

Play Bitcoin Poker at sealswithclubs.eu. We're active and open to everyone.
Gibybo
Newbie
*
Offline Offline

Activity: 6


View Profile
May 13, 2011, 07:37:41 AM
 #3

From https://en.bitcoin.it/wiki/Weaknesses

Quote
An attacker that controls more than 50% of the network's computing power can, for the time that he is in control, exclude and modify the ordering of transactions. This allows him to:
Reverse transactions that he sends while he's in control
Prevent some or all transactions from gaining any confirmations
Prevent some or all other generators from getting any generations
Bit_Happy
Legendary
*
Offline Offline

Activity: 1442


A Great Time to Start Something!


View Profile
May 13, 2011, 08:08:02 AM
 #4

Part 1: Don't worry, Be Happy:
Markets are really smart* when so much info is public. These are known weaknesses, yet Bitcoin keeps setting record highs.
This means "the market" strongly believes solutions will be found whenever the need is urgent enough.

Part 2:
The need is urgent enough, what's the real answer?


*Edit: Of course really smart markets sometimes have excess speculation, but that is another subject.

15DYJpWJe9H1YofsNQbP9JEWWNn7XPZgbS
crema
Jr. Member
*
Offline Offline

Activity: 46


View Profile
May 13, 2011, 08:11:03 AM
 #5

I don't understand that:
transactions per block = 4000
I can't find this information
caveden
Legendary
*
Offline Offline

Activity: 1106



View Profile
May 13, 2011, 08:15:31 AM
 #6

This should be a FAQ question. It's not the first time I answer this.

A >50% overtake is bad, but not that bad.

It only allows the attacker to erase/rewrite recent transactions, from the point he started mining in secret on. Keep in mind that he cannot create invalid transactions, like, create more money than there could possibly be at a particular address. Nor he can spend money that he never owned. So, basically, he can erase valid transactions, that's all.

This attack can have two purposes:
  • Double-spend, or "profit motivated attack". The attacker could erase transactions of his own, for which he already received the good/service he bought. That would be stealing from the vendor. Bad, yes, but how far can the attacker go with this? I hardly think he could steal more than 20 million dollars to make it worth the investment, without being caught.
  • Just mess around, or "politically motivated attack". This could annoy bitcoin users, but valid honest transactions will be resent anyway, so this won't do much more than annoyance. Honestly, it's a silly kind of attack for a government to take, as it may end up getting some quite bad press for this.

An easy way to mitigate the risk: reject any "too long" block reorganization. The "too long" constant should be determined mathematically, in order to be sure that there is no reasonable chance that such block reorganization is an honest chain split.
I can't do the math on my own, but I really doubt that an honest split could last as long as a week for example.


18rZYyWcafwD86xvLrfuxWG5xEMMWUtVkL
Gibybo
Newbie
*
Offline Offline

Activity: 6


View Profile
May 13, 2011, 08:18:34 AM
 #7

If the attacker is PayPal or a government looking to shut down Bitcoin, isn't blocking transactions sufficient?

I don't understand how clients could detect the 'block reorganization'. Won't they always move to the longest block chain? If not, can't I create an attack without even needing 50%?
ploum
Sr. Member
****
Offline Offline

Activity: 378



View Profile WWW
May 13, 2011, 08:19:13 AM
 #8

I don't want to discuss if this is right or not, I don't feel qualified, but I only want to point out that there's an obvious mix between bitcoins and dollars in the reasoning.

You don't have any unit in you text but, when you start, we can assume you speak in BTC (transaction fees are in BTC) then, at the end, you talk about dollars (a government spending 2 billions is in dollars, as there will never be 2 billions BTC).

Where happens the switch between btc and $? I don't know and, obviously, you don't too.

That's why, independently of its truth value, this first post is completely illogical. (and thus, we cannot make any conclusion from it).

(no, a simple translation from btc to dollars cannot be done as, if a government want to do that, they will start buying all bitcoins, raising the value of bitcoins in the process.)

Blog posts about Bitcoin - 1KdRBbhjo72CqKTrFsQed6s9NMrvwvrUkq
Gibybo
Newbie
*
Offline Offline

Activity: 6


View Profile
May 13, 2011, 08:22:33 AM
 #9

I don't want to discuss if this is right or not, I don't feel qualified, but I only want to point out that there's an obvious mix between bitcoins and dollars in the reasoning.

You don't have any unit in you text but, when you start, we can assume you speak in BTC (transaction fees are in BTC) then, at the end, you talk about dollars (a government spending 2 billions is in dollars, as there will never be 2 billions BTC).

Where happens the switch between btc and $? I don't know and, obviously, you don't too.

That's why, independently of its truth value, this first post is completely illogical. (and thus, we cannot make any conclusion from it).

(no, a simple translation from btc to dollars cannot be done as, if a government want to do that, they will start buying all bitcoins, raising the value of bitcoins in the process.)

You are jumping to conclusions, I was very careful with my units. The transaction fees are in dollars because USD is more stable and it is fair to call them equivalent in low amounts. The large amounts ($2 billion, for example) refer to the cost of buying the hardware, which can easily be done in USD.
FreeMoney
Legendary
*
Offline Offline

Activity: 1246


Strength in numbers


View Profile WWW
May 13, 2011, 08:26:06 AM
 #10

From https://en.bitcoin.it/wiki/Weaknesses

Quote
An attacker that controls more than 50% of the network's computing power can, for the time that he is in control, exclude and modify the ordering of transactions. This allows him to:
Reverse transactions that he sends while he's in control
Prevent some or all transactions from gaining any confirmations
Prevent some or all other generators from getting any generations

Okay, so someone can spend $20M to pause the network. It isn't dead and can be awoken for $1.

Play Bitcoin Poker at sealswithclubs.eu. We're active and open to everyone.
sherbetlemon
Newbie
*
Offline Offline

Activity: 6


View Profile WWW
May 13, 2011, 08:27:41 AM
 #11

I don't want to discuss if this is right or not, I don't feel qualified, but I only want to point out that there's an obvious mix between bitcoins and dollars in the reasoning.

You don't have any unit in you text but, when you start, we can assume you speak in BTC (transaction fees are in BTC) then, at the end, you talk about dollars (a government spending 2 billions is in dollars, as there will never be 2 billions BTC).

Where happens the switch between btc and $? I don't know and, obviously, you don't too.

That's why, independently of its truth value, this first post is completely illogical. (and thus, we cannot make any conclusion from it).

(no, a simple translation from btc to dollars cannot be done as, if a government want to do that, they will start buying all bitcoins, raising the value of bitcoins in the process.)

but could they get to a point where they control the market, if they bought up enough coins? sorry newbie trying to understand.


Custom logo design for the equivalent of $60.00

www.sherbetlemon.co.uk
Gibybo
Newbie
*
Offline Offline

Activity: 6


View Profile
May 13, 2011, 08:28:19 AM
 #12

Okay, so someone can spend $20M to pause the network. It isn't dead and can be awoken for $1.

For $20M they can 'pause' it for a year. For $40 M they can pause it for two. How long will a currency last when it cannot be traded? How long will it last with even a vague threat that it can be paused?
Raulo
Full Member
***
Offline Offline

Activity: 238


View Profile
May 13, 2011, 08:38:36 AM
 #13

An easy way to mitigate the risk: reject any "too long" block reorganization. The "too long" constant should be determined mathematically, in order to be sure that there is no reasonable chance that such block reorganization is an honest chain split.
I can't do the math on my own, but I really doubt that an honest split could last as long as a week for example.

A how do you know which one is honest and which one is "evil"? An evil bit set?

There is no way to differentiate an honest and a bad one.

1HAoJag4C3XtAmQJAhE9FTAAJWFcrvpdLM
caveden
Legendary
*
Offline Offline

Activity: 1106



View Profile
May 13, 2011, 08:51:32 AM
 #14

Okay, so someone can spend $20M to pause the network. It isn't dead and can be awoken for $1.

For $20M they can 'pause' it for a year. For $40 M they can pause it for two. How long will a currency last when it cannot be traded? How long will it last with even a vague threat that it can be paused?

They can pause it for as long as honest people figure out a way of identifying the attacker blocks. In the case of someone really trying to pause the network completely, it is easy. A block reorganization which sets a lot of empty blocks is clearly not honest, particularly if there are transactions with fees that were discarded.
If such attack really takes place one day, full clients could set a rule saying that, if there's available block space, transactions paying more than a certain threshold in fees cannot be excluded from a block, for example.

18rZYyWcafwD86xvLrfuxWG5xEMMWUtVkL
caveden
Legendary
*
Offline Offline

Activity: 1106



View Profile
May 13, 2011, 08:52:23 AM
 #15

A how do you know which one is honest and which one is "evil"? An evil bit set?

There is no way to differentiate an honest and a bad one.

By the length. Honest block splits cannot, probabilistic speaking, last too long.

18rZYyWcafwD86xvLrfuxWG5xEMMWUtVkL
Zibbo
Jr. Member
*
Offline Offline

Activity: 58


View Profile
May 13, 2011, 08:57:02 AM
 #16

This should be a FAQ question. It's not the first time I answer this.

A >50% overtake is bad, but not that bad.

It only allows the attacker to erase/rewrite recent transactions, from the point he started mining in secret on. Keep in mind that he cannot create invalid transactions, like, create more money than there could possibly be at a particular address. Nor he can spend money that he never owned. So, basically, he can erase valid transactions, that's all.

This attack can have two purposes:
  • Double-spend, or "profit motivated attack". The attacker could erase transactions of his own, for which he already received the good/service he bought. That would be stealing from the vendor. Bad, yes, but how far can the attacker go with this? I hardly think he could steal more than 20 million dollars to make it worth the investment, without being caught.
  • Just mess around, or "politically motivated attack". This could annoy bitcoin users, but valid honest transactions will be resent anyway, so this won't do much more than annoyance. Honestly, it's a silly kind of attack for a government to take, as it may end up getting some quite bad press for this.

An easy way to mitigate the risk: reject any "too long" block reorganization. The "too long" constant should be determined mathematically, in order to be sure that there is no reasonable chance that such block reorganization is an honest chain split.
I can't do the math on my own, but I really doubt that an honest split could last as long as a week for example.


Trying to game the bitcoin network with >50% of hashing power is not that easy, but if your goal is shutting down the bitcoin, it's trivial. You can effectively deny any transactions taking place, or invalidate past transactions by hashing your own longer chain in the dark, and dumping it to the rest of the network whenever you feel like it would do the most damage, or any number of more or less detectable and destructive attacks. With that kind of activity, people would lose faith in bitcoin really fast, making it worthless.

The longest blockchain is THE central authority of bitcoin, and if you don't want to trust that authority 100%, you have to give some of that power (choosing the valid chain) to individuals, and we know how that works out. Take your pick.
Zibbo
Jr. Member
*
Offline Offline

Activity: 58


View Profile
May 13, 2011, 09:01:23 AM
 #17

Okay, so someone can spend $20M to pause the network. It isn't dead and can be awoken for $1.

For $20M they can 'pause' it for a year. For $40 M they can pause it for two. How long will a currency last when it cannot be traded? How long will it last with even a vague threat that it can be paused?

They can pause it for as long as honest people figure out a way of identifying the attacker blocks. In the case of someone really trying to pause the network completely, it is easy. A block reorganization which sets a lot of empty blocks is clearly not honest, particularly if there are transactions with fees that were discarded.

Attacker can fill the blocks with believable looking transaction by recycling their own wallets.
Bit_Happy
Legendary
*
Offline Offline

Activity: 1442


A Great Time to Start Something!


View Profile
May 13, 2011, 09:06:31 AM
 #18

Take your pick:
Are you confident you know what you are talking about re: "hashing your own longer chain in the dark, and dumping it to the rest of the network?"
I'm pretty sure you will be proven wrong.   

15DYJpWJe9H1YofsNQbP9JEWWNn7XPZgbS
caveden
Legendary
*
Offline Offline

Activity: 1106



View Profile
May 13, 2011, 09:12:12 AM
 #19

Attacker can fill the blocks with believable looking transaction by recycling their own wallets.

True, but still that could be suspicious. Suddenly, the block chain changes to another one with lots of transactions which have never been seen by anyone? And then that happens again, and again, and again? People will quickly figure out somebody's messing around, particularly if the network is already rejecting "too long" block reorganizations. And once honest miners see the network is under this kind or political attack, they might figure out ways of blocking it.

18rZYyWcafwD86xvLrfuxWG5xEMMWUtVkL
Raulo
Full Member
***
Offline Offline

Activity: 238


View Profile
May 13, 2011, 09:31:52 AM
 #20

A how do you know which one is honest and which one is "evil"? An evil bit set?

There is no way to differentiate an honest and a bad one.

By the length. Honest block splits cannot, probabilistic speaking, last too long.

And how do you know which one is honest? Maybe the attacker "invited" you to his chain and you were being fed the evil one. And now you see another chain? How do you know which one is honest? Ask bitcoin developers? Look at blockexplorer?

As Zibbo wrote above, the longest chain is the authority. If you start to decide which chain is right based on some other criteria, you need to accept some external authority. And this is the end of Bitcoin as a decentralized system.

1HAoJag4C3XtAmQJAhE9FTAAJWFcrvpdLM
Pages: [1] 2 3 »  All
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!