Topic: Anyone else concerned about global hashrate? (Read 3781 times)

There are two problems with that. First, although each individual might be able to build a large mining rig, no individual would be the only one doing it. You may accumulate more nodes, but other people will also accumulate more nodes and you won't reach 50%.
Second, as everyone adds more nodes that pay for themselves, the difficulty compensates and the nodes can no longer pay for themselves. At that point, it will be profitable to keep the nodes you have on, but not to buy and add more nodes. That would happen long before anyone has the chance to even come close to equaling the global hashrate.
That doesn't mean that it would be impossible to equal the global hashrate, just that it would not be possible to profit from mining by equaling the global hashrate.

I'm curious as to the long-term economics of mining.  I'm interested at what happens when bitcoin gains price stability, the majority of bitcoins have already been mined and (presumably) miners mine to win transaction fees rather than new bitcoins.

Suppose all miners are rational economic players, in that they mine if and only if the rewards outweigh the costs.  This means that it is in effect free to buy hardware and electricity to mine with - every GPU and kWh funds itself by winning transaction fees.  This in turn means that (with access to large amounts of initial capital) you can actually build an arbitrarily large self-funding mining rig.  You just keep adding extra nodes/GPUs because each node is self-funding.  Eventually, by accumulating more nodes you end up owning half the network at which point you can (it seems) do many devastating attacks on the network.  Given the time you've invested you may not want to destroy it completely, but you may wish to make some huge double spends that live for long enough for you to cash out into USD.

It seems to me that the only way of stopping people taking control of the network for free, is by making mining being a loss-making activity...but then why would people want to mine for free?  But even then, you would still have to make it significantly loss-making to stop black-hats from 'investing' some short term capital with the reward that they can do some monster double spends.  So you can see the general argument here - it costs the same amount for a good-guy to mine as it does a bad-guy, except that the bad-guy has the added incentive of double-spend upon seizure of the network.  Economically speaking, this means that in the steady-state era it is rational to mine only if you're a bad-guy looking to seize control of the network.

Hopefully I'm wrong about all this and I've missed some key argument...but what is it?

Valid transactions on the bad chain would move to the new chain so long as no-one made a deliberate, malicious attempt to replace them. If they did all bets are off as far as I can tell. Newer transactions wouldn't be on both sides of the block split because all the miners would transition to mining the attackers' blockchain once they heard about it.

Rationally speaking, they can only reasonably go along with what the majority of big players choose. In particular if the exchanges or the pools choose one side, any Bitcoins on the other side are illiquid and essentially worthless. Worse still, any uncertainty as to which side will win is likely to cause a drop-off in mining power that would make additional double spends a lot easier.

The hardcoded changes would return coins to one side of the double-spend by taking them away from the other side. There's no guarantee that either set of coins would be in the hands of the attacker. (Technically the developers could confiscate arbitrary coins and hand them to whoever they want, but that opens up a whole bunch of cans of worms...) Automatically disabling transactions when a node detects a big rearrange would help reduce this risk though.

(Nearly) all or nothing imo. My bets are down.

Profit!

Honestly I think this is the more realistic scenario.  Bitcoin will never challenge a fiat currency for dominance, at least not anytime soon.  When and if it does, the global hashrate would, by definition, be high enough to *almost* preclude this scenario.

The only solution - honestly - is to get as many people as possible onto the network (the valid network )

That's one of the things my partners and I are trying to do.  Bitcoin CANNOT just be for tech geeks if it is going to survive without being compromised as described in this thread; and it will only succeed economically if it begins to gain mass acceptance.

Buffet begins buying GPUs
Network doubles
Buffet can't double spend
Buffet mines legitimately to cut losses?
Profit?

Raize,

I completely agree with everything you just said.  I recognize that there's more to the calculation than the order-of-magnitude estimate I provided in my first post.  But it doesn't change the fact that:

• (1) For the same reason someone with more than 50% can get unlucky and fail to execute a large double-spend, someone with less than 50% can get lucky and pull it off. 
• (2) There is potentially irreparable harm done to the network by anyone executing this kind of attack for any reason.  We can argue about the unlikelihood of it happening all we want, but the folks designing the Japanese nuclear plants probably would've said the same thing about the liklihood of a 9.0 earthquake+tsunami hitting them (I believe that plant was designed to withstnad 7.0)
• (3) Some might argue that the value of Bitcoin as it stands is completely irrational.  It's based entirely on speculation and imagination.  It doesn't take a rational reason for people to start jumping ship and for the program to come crashing down, even from just one legit attack.  Everyone could see the huge blockchain re-organization, and it would make news headlines.
  
• (4) I don't want to focus on the degree of feasibility so much as the fact that it is possible for someone, whether botnet or government or Warren Buffet, to collect the resources to execute the attack.  It wouldn't be easy, but Bitcoin is a high-profile network with almost $100 million of value, so the possibility that someone would want to do it can't be ruled out.

If it's feasible now, it's only going to become more feasible in the future if nothing changes.  At current rates, the best we can hope for is that BTC will more than 100% ROI when the reward gets halved, and the current mining community sticks around then.  I just don't want to get lost arguing about whether any botnet has precise enough computers to execute the attack, I'm just operating on the assumption that there are people/organizations out there with the same order-of-magnitude of resources needed and that it can't be ruled out. 

There's a number of huge problems with this.

First, the estimates of millions of PC infected by botnets have always perplexed me. They are estimates, but by who and on what basis? I don't doubt there may have been a few botnets that have come pretty close to or surpassed a million computers, but I think it is far more likely that these kind of botnets would have to be operating in a very loosely-connected fashion, and probably get cleaned on average at a rate of 1% or more per week, meaning the owners have to continually infect new PCs to maintain their numbers. Worse still for the bot herder, I would imagine ISPs block communications from bot to C&C servers at a rate of 10% per week, meaning that they really have to stay on top of things in order to maintain control. I don't get the impression that one single executable with the same instructions and controls runs on 1 million PCs at exactly the same time.

Second, the cleanup rate of these PCs is going to significantly increase once they are being used to mine Bitcoin. Users tend to turn off or disconnect their computers when they run slowly, and then have someone take a look at them. Even in the case of computers with a decent video card that could pump out 25 megahash or more, if the user has issues, they are going to get it checked out.

I really feel there is no feasible way a botnet network would be able to maintain double-spends for any reasonable period of time, especially considering variance means that you need more than just 51% of the network, you aren't going to be able to keep your double-spend forever with only 51%. This is kind of like the zero-variance knowledge proof, every subsequent "right" answer is just more and more confirmation that your transaction went through.

People vastly misunderstand what a double spend means and how the attacker has to keep the double-spend going into perpetuity in order to pull off any sort of legitimate attack.

I don't want to get too sidetracked debating the "average" MHash/s estimate, but I was conflicted about how to come up with a ballpark estimate.  I based it on the fact that present-day Intel chips get 2-8 MHash/s, and the AMDs get like 4-16 MHash/s.  However, most computers are Intel, so I sided with the average value there.  I considered that there would be a significant number of older computers, but also that there were going to be a significant number of AMDs offsetting them.  And even one computer with any decent graphics can add the value of 10 - 30 CPUs.

I think the 5 Mhash/s figure assumed by the OP is highly optimistic when estimating the power of botnets.  The kinds of computers that become part of a botnet are generally older/unpatched systems.  These computers are likely to have Pentium 3's or 4's and integrated graphics, which would yield only hundreds of khash/s. 

I agree, the fix/workaround for dealing with a Malicious Power would just get worse and worse if they kept the power. And if they ever got it I do think legit mining power would drop as you say.


Obviously a price increase adds strength, but it isn't the only way. Profit motivated individuals will innovate and find more and more efficient ways to get the reward getting us more bang for the buck. Some innovations will be copy-able by Malicious Powers, but some will not, like masses of people in cold climates getting nearly free mining electricity because they would pay for the heat anyway and people putting "owned for other reasons" hardware to work mining when idle. That just means there is some extra (probably growing) multiple of cost for the attacker compared to the costs of honest miners.

I would think the "longest block chain is the valid one" be rethought.  Obviously people think that a human can detect an invalid chain.    There must be some programmatic method to recognize such an attack. 

One easy way, would be that if I saw a new block chain with >4 blocks that overwrite the old ones and that chain includes a transaction that is older than one that is in the old chain, then it is likely a double spend attack.  Couldn't my client simply require that the new chain have several more blocks than the old chain before it is considered valid. For example, for every block the old chain got, the new chain would be required to have 4 more blocks.  Hence, the new chain would only be accepted int the large majority decided it was valid.

I say we try some of these attacks on the new bitcoin clones.

here are the bitcoin weaknesses.. a bit of misinformation on the 51% fear

Guys, if someone has 55%+ of the network on their own and they have malicious intent, we're screwed.  Once a week they could do a huge double-spend or just start rewriting the blockchain for fun.   The value of BTC, and thus quantities of miners, would probably dissipate after the first or second week, making it even easier on subsequent weeks to throw in the KO punch.  The entire security of BTC is based on the assumption that no one has that much power.  I agree that there should be a plan in place for how to deal with such events, but I'm trying to focus on whether there's a way to avoid it to start. 

Right now, there's only a few entities in the world who can match the global hashrate, but I don't see how this is going to get any better.  I am looking for optimism about the future of BTC in this light.  There is not enough financial incentive for miners to invest in new hardware, and CPUs mine for net loss.  So, is the BTC network always going to be vulnerable to a botnet/gov't attack?  Or is there a reason to believe that things will pick up?  I know we'd like to believe value will jump up above $100/BTC which would certainly provide incentive, but if it doesn't happen before the generation rewards are cut in half, that could be the start of a downward spiral.

It's not fiat because, as you mentioned, people can choose to accept or reject the changes.

It will be easy to see which transactions came first, since the blocks containing those transactions were broadcast and then later "replaced". There may be problems with innocent people losing confirmed transactions that were based on double-spent coins, but hopefully the problem can be dealt with before this happens much.

The client should probably require 120+ confirmations for transactions that seem to be double-spends, since these transactions could be reversed later on. Maybe if this kind of attack becomes an issue, a peer warning system for double-spent transactions could be developed to trigger this protection.

Bitcoin could also enter safe mode automatically whenever a reorg longer than 6 blocks is observed, or when smaller reorgs happen too many times within some time period.


Their wallets will be drained in any case. The hardcoded changes might return some of the coins.

Why couldn't the-collective-we only revoke the double-spends (and subsequent txns that depended on them) ?

A hard-coded list of invalid txids wouldn't be hard to insert into the is-valid-transaction checks, and that along with a blockchain checkpoint would work just fine.  Valid transactions on the bad chain would move to the new chain (actually, they'd already be on the non-attacker chain, since the miners on both sides of the block split would have included them).

Theymos, I think you are being way too optimistic about the consequences of such an attack.  Sure, the network may survive, but the value will drop dramatically, and a significant proportion of participants will flee.  You may not need high value for Bitcoin to work, but you do need users...

But I don't want to debate what the fallout would be of such an attack, I want to figure out if my calculations and concerns are justified, and brainstorm how this might be mitigated.  We can debate all day about why no one would/should want to attack the network like this, but people don't always have good reasons to do what they do, and we'd all be better off if it just weren't possible for anyone to do it.  How can we possibly incentivise people to contribute more compute power?  And do we need to? 

P.S. -- One very good reason for the attack could be that someone gets the opportunity to short-sell a couple million dollars worth of BTC.  By killing the network, he gets to keep the money.

You're talking about the developers intentionally revoking previously-valid transactions by central fiat - and they can't just revoke the ones involved in the double-spend, they have to revoke all of them. If any exchange or e-wallet site remains running after the double-spend attack - and not all of them can afford to watch the news 24/7 - they risk having their wallets drained by double-spends assisted by the Bitcoin developers themselves! This could well end up doing more damage than the original attack. From the point of view of those affected byt this second attack the developers' version of the chain is in fact the malicious one and they'd be entirely justified in hard-coding their clients to reject it instead; imagine if Mt Gox did this.

Edit: Oh, and it's kind of hard to tell for sure when the botnet has "given up", because they don't have to tell the rest of the Bitcoin network about their malicious chain until it's time to replace the existing one with it.

It won't be difficult when an alert is issued and everyone's clients are saying "EMERGENCY: DO NOT ACCEPT TRANSACTIONS UNTIL YOU HAVE UPGRADED".


There are various techniques that can force the attacker to get larger percentages of computational power before getting control. These would be developed if necessary. We'd also get better at handling alerts (probably alert-enabled safe mode would be re-introduced) and detecting attacks automatically.

Legitimate miners would have an excuse to charge higher fees, which would allow them to get more hardware.

The attacker will run out of money eventually. It'll never be profitable.


I don't really care about the price. The network will survive, which is what counts.

Maybe someone should start up a release mailing list?