Pages:
Author

Topic: Bitcoin's kryptonite: The 51% attack. (Read 27720 times)

full member
Activity: 196
Merit: 100
July 11, 2011, 07:16:09 PM
#88
Nobody is saying attack like this is not possible. However, that would not mean destruction of Bitcoin per se. Trust would be diminished, sure, but we would still have Bitcoin. Attack only prevents/modifies transactions or in worst case, rewrites some history. Pre-attack blockchain would still exist, software could be modified to bootstrap from it. I think something like that happened in august 2010, when somebody generated billions of bitcoins due to a software bug. In case attack would be long running, we could establish reputation based supernode network or something like that. It would be pain-in-the-ass, but as long as idea of Bitcoin is alive, anything is possible.

Another remark: let's not forget an attack like this is illegal. If entity like government or a bank would openly attack, it could mean the end of government (bank) and stronger Bitcoin. In case attack would be secret operation, they still gamble... Bitcoin hacker (the good kind  Wink) could connect the dots and expose them, or somebody could leak their plan. WikiLeaks is still very much alive and kicking.
jr. member
Activity: 42
Merit: 2
July 11, 2011, 05:11:37 PM
#87
Andes, to have control of 50% of the network you need to deploy 101% processing power (you´ll end up having 50,5%)

But, why thinking there will only be 1 dishonest entity?  If there is one, there could be more, each one of them would have their own self-interest on controlling the network.   If a lot of "dishonest" entities with great processing power try to control the network, they would make the 51% attack less probable themselves.

Manuel, lets address the scenario where several powerful groups want to destroy bitcoin (not simply manipulate it one way or another).

Under this scenario, the goal of all groups is the same, so the "the enemy of my enemy is my friend" principle would apply. Why compete if we can cooperate? It does not matter if there is one or many powerful groups that want to destroy bitcoin, the result would be the same, as long as they have enough combined power.

...Which takes us to the obvious conclusion: bitcoin cannot survive in its current configuration without the support (implicit or explicit) from a decent percentage of the worlds economic powers (establishment).

Why? Because a successful attack on bitcoin cannot be prevented if the attacker (or attackers) have enough economic resources.

Why? Because the whole paradigm of the integrity of the system is based on brute force hashing. I.e. mine is bigger than yours paradigm. As long as successful attacks can be carried out simply by the means of brute force, Bitcoins will never deliver the promise to subvert the current economic powers.

So for one; to all anarcho capitalists out there, bitcoin is not the answer to your prayers. Bitcoin is not a resilient decentralized system per-se, and probably never will in its current incarnation, until the brute force paradigm is replaced for something else, that is really resilient to attacks by the means of force.

This is the greatest misconception in bitcoin right now, as I see it. It is sold as being the solution for the corruption of the banks and governments, which it is not. Banks and governments can render bitcoin unusable at their whim any time, if they ever perceive bitcoin as a real threat.

Better wake up.
newbie
Activity: 56
Merit: 0
July 08, 2011, 03:17:25 PM
#86
I think the only people we have to worry about are angry governments. They could set up an undercover pool and offer some incentive to miners who join it, whether it is lower fees or whatever. This would divert hashing power away from honest pools and create a starting point so it wouldn't be as costly. I'd imagine that with good marketing, one could get at least 25-30% hashing power like this. After that, they could buy the rest of the hardware for a few million and cause the market to crash. The Wall Street types would say "I told you so" and most people would lose interest in this type of currency. The reason I don't think greedy individuals would be interested in this is because Bitcoins would be worth next to nothing after the attack (assuming it would be detectable).

If it is ever revealed that militant groups are holding large amounts of Bitcoins, Mossad and the CIA would easily justify whatever costs are necessary to diminish it's value. Because it is inevitable that some powerful person's enemy will use Bitcoin, I think this is something to be concerned about.

My thoughts exactly, more likely it would be the NSA, which I don't think all of our CPU power combined right now could compete with.
member
Activity: 64
Merit: 10
July 08, 2011, 01:40:14 AM
#85
With all the DDoS's to the major pools, this got me thinking...

If a dishonest entity or pool owner wanted to attack Bitcoin and they had a pretty large amount of resources, could they just DDoS the top 5-10 pools to make it a lot easier? The Bitcoinwatch "other" category consists of about 15% of the network's hashing power, so it would probably take down quite a bit of . I ask this because I don't see the point to people DDoS'ing pools unless I'm missing something. Are they just bitter kids who are mad that they have an nVidia card?

Complicating this would be the mass migration of miners to this dishonest pool (if it were not known that they were actually dishonest) as it would still be up. How long would they need to be at >51% to cause major damage?
member
Activity: 70
Merit: 10
July 05, 2011, 03:08:21 AM
#84
So, you want them to assume that neither the transaction fees nor the exchange rates increase in the future?  Huge coincidence that both of those assumptions favor your side in the debate?

"To assume is to be deceived." (Yiddish proverb)

I wouldn't want anyone to assume anything. Just saying that 99.8% of current total hashing power is payed for by the temporal generation of 50 bitcoins per block. And that it would be reasonable not to take these into account if (normal) bitcoin operation is discussed.
kjj
legendary
Activity: 1302
Merit: 1026
July 05, 2011, 02:27:23 AM
#83
So, you want them to assume that neither the transaction fees nor the exchange rates increase in the future?  Huge coincidence that both of those assumptions favor your side in the debate?
member
Activity: 70
Merit: 10
July 05, 2011, 01:06:51 AM
#82
Tens of millions of dollars for hardware, and millions more for manpower is expensive for most groups in the world.

You couldn't even start on something like this with less than $2,000,000.

Several orders of magnitude more computing power than the rest of the world combined to manipulate the chain? Hmmm. One thing is clear, you only need 50% or less of the total mining capacity (supposedly currently worth 50 million dollar or less) [...]

You guys forget one thing: Currently bitcoin is rewarding 50 extra coins per block (worth roughly 650$), that's what pays for the quite large current total hashrate of about 11,000 Ghash per second.

These 50 blocks are rewarded only temporarily, bitcoin is designed to run on transaction fees only, currently roughly 0.13$ per block.

Please redo your calculations based upon a hashrate that is about 500 times lower.
legendary
Activity: 1596
Merit: 1012
Democracy is vulnerable to a 51% attack.
July 04, 2011, 06:56:31 PM
#81
If a lot of "dishonest" entities with great processing power try to control the network, they would make the 51% attack less probable themselves.
That assumes that the dishonest entities hash even when they're not up to something. It is also possible that they would let their processing power sit idle until they were ready to do something awful. Thus there could be a dozen such dishonest entities each capable of a 51% attack at the current hash level each waiting for the ideal instant to do something nefarious. (Though I think that's unlikely in the extreme.)
sr. member
Activity: 462
Merit: 250
July 04, 2011, 06:51:44 PM
#80
As a Newbie, I have also had the same thought like you had. And on june 24th, started this thread in the newbie section : Google $ CO. Mining ? http://forum.bitcoin.org/index.php?topic=21905.0

At the end of the story, no conclusions at all. Now the thread is buried....Have you managed to get to any conclusion in your thread ? This will save me a lot of reading...Thanks.

That's because putting "newbies" into a special, quarantine cage is a terrible idea for so many reasons, not least of which is that no one on the outside ever goes there and so any great ideas, which new people often bring to the party, are dropped on the floor forever!
full member
Activity: 336
Merit: 100
July 04, 2011, 04:22:04 PM
#79

As a Newbie, I have also had the same thought like you had. And on june 24th, started this thread in the newbie section : Google $ CO. Mining ? http://forum.bitcoin.org/index.php?topic=21905.0

At the end of the story, no conclusions at all. Now the thread is buried....Have you managed to get to any conclusion in your thread ? This will save me a lot of reading...Thanks.


Hi Michele,

I insist in my previous post. Why thinking there will only be 1 dishonest entity?  If there is one, there could be more, each one of them would have their own self-interest on controlling the network.   

If a lot of "dishonest" entities with great processing power try to control the network, they would make the 51% attack less probable themselves.
member
Activity: 64
Merit: 10
July 03, 2011, 11:47:44 PM
#78
I think the only people we have to worry about are angry governments. They could set up an undercover pool and offer some incentive to miners who join it, whether it is lower fees or whatever. This would divert hashing power away from honest pools and create a starting point so it wouldn't be as costly. I'd imagine that with good marketing, one could get at least 25-30% hashing power like this. After that, they could buy the rest of the hardware for a few million and cause the market to crash. The Wall Street types would say "I told you so" and most people would lose interest in this type of currency. The reason I don't think greedy individuals would be interested in this is because Bitcoins would be worth next to nothing after the attack (assuming it would be detectable).

If it is ever revealed that militant groups are holding large amounts of Bitcoins, Mossad and the CIA would easily justify whatever costs are necessary to diminish it's value. Because it is inevitable that some powerful person's enemy will use Bitcoin, I think this is something to be concerned about.
member
Activity: 70
Merit: 10
July 03, 2011, 11:23:09 PM
#77
Hi, as a newbie I want to move a question I put recently in the middle of another thread, because I think it deserves its own discussion. Sorry if this thing has been answered before, I have been reading the forum for several hours so far but did not find the answer yet. If it was answered elsewhere, please post the link.

Is decentralized mining power important for the security and long term independence of bitcoin?

I have read a lot about transactions being decentralized as a built-in feature of bitcoin, but what about decentralized block creation? The bitcoin architecture does not guarantee decentralized mining at all. In fact, the network could in theory work "as well" with nothing more than one powerful miner, or pool of miners. Am I right?

If concentration of mining-power increases (because of bitcoin difficulty increasing faster than moore's law, leading to bigger hardware investments needed to be in the game, profitability decreasing, and economies of scale kicking in) (Note1), can a few miners produce all the blocks in the network without compromising the security and independece of the project? Is it possible to avoid excesive concentration of mining power? I dont see how in the current configuration of the system.

I read somewhere that Bitcoin assumes never a 50%+ of the mining power will be concentrated in one hand or in one cartel. That's the principle behind the honesty validation of the longest chain by "proof of work". Correct me if my newbie understanding is wrong on this. To assume that this concentration of computing power will never happen is ludicrous to my current level of understanding of bitcoin and human behavior.

This raises some further questions. As difficulty changes every 2 weeks, what happens if a Google-like company with bad intentions gets into the game suddenlly with 10x the total combined power of current miners? Could this sudden change of rules endanger bitcoin? Destroy it? I mean lets consider this wild posibilities. For big corporations this move would be peanuts. Powerful states overthrow smaller goverments all the time, big corporations eat small corporations all the time.

Hope to hear some thoughts from the experts out there.


(Note1): Thinking about the issue of increasing bitcoin difficulty, let's remember that  by design difficuly increases when mining power increases, in order to keep the creation rate at 10 minutes per block. So, any powerful organization that wanted to gain control of Bitcoin, could do it easily by injecting enormous amounts of mining power to the network, and by doing so, effectively reducing the rest of the miners relative power, and at the same time putting them out of business, because the difficulty would be so high, that mining would be generated below cost (subsidy). Knowing the enormous level of concentration of economic resources in the current world, this hypothesis seems in fact the most likely outcome. Predatory competition is a reality in todays market. I predict honest miners will be subjected to predatory competition if powerful economic powers decide to take control of Bitcoin.

Following this line of thought, I see Bitcoin could never become what it promises: a descentralized and free currency, if it is left alone in the wild "free market". I hope someone can find flaws in my arguments, or present ideas to correct this flaw. By the way, I have a decent amount of money put in this project, so I feel sad to become aware of this potential vulnerability. If people agree this is a serious vulnerability, lets get into "troubleshooting mode".

As a Newbie, I have also had the same thought like you had. And on june 24th, started this thread in the newbie section : Google $ CO. Mining ? http://forum.bitcoin.org/index.php?topic=21905.0

At the end of the story, no conclusions at all. Now the thread is buried....Have you managed to get to any conclusion in your thread ? This will save me a lot of reading...Thanks.

legendary
Activity: 1596
Merit: 1012
Democracy is vulnerable to a 51% attack.
July 03, 2011, 06:19:59 PM
#76
The last time I did the "back of the envelope" calculations (about two weeks ago), it would cost about $12,000,000 to reach 50%. That's the cost to design, contract, receive, and hookup fully-custom ASICs to build a hashmonster.  I believe it was 200 blades, each with 24 ASICs. Each ASIC would have 32 2xSHA256 cores running at 350Mhz, each with the hashes fully-implemented as custom gates, pipelined. (So while we're doing round 3 of the 3rd nonce, we're doing round 2 of the 2nd, and so on.) Each core, once its pipeline was full, could churn out one doublehash every 8 clock cycles. The total hashing power: 6.7THash/s. (That's from memory.)

However, this would only give you half if it was already half. Which it might be, for all we know. Wink

But for the situation to be realistic we have to assume that the honest miners would already be using the same technology. Otherwise your scenario is only valid in the concrete moment when the technology is evolving.
Honest miners are not using this technology today because they can't afford to develop and build it. The return on investment would come from the attacks, not from mining revenue. You can't afford tech like this for honest mining. This plan only works on an economy of scale. You can't do it with FPGAs.

And, by the way, we have no way to know whether or not dishonest miners already have this technology and are using it. They could be feeding into any number of pools and running as independents as we speak -- making us think the network is much more secure than it really is. (I don't think this is actually happening, but it can't be ruled out.)

You couldn't even start on something like this with less than $2,000,000.
legendary
Activity: 1148
Merit: 1001
Radix-The Decentralized Finance Protocol
July 03, 2011, 12:52:31 PM
#75
The last time I did the "back of the envelope" calculations (about two weeks ago), it would cost about $12,000,000 to reach 50%. That's the cost to design, contract, receive, and hookup fully-custom ASICs to build a hashmonster.  I believe it was 200 blades, each with 24 ASICs. Each ASIC would have 32 2xSHA256 cores running at 350Mhz, each with the hashes fully-implemented as custom gates, pipelined. (So while we're doing round 3 of the 3rd nonce, we're doing round 2 of the 2nd, and so on.) Each core, once its pipeline was full, could churn out one doublehash every 8 clock cycles. The total hashing power: 6.7THash/s. (That's from memory.)

However, this would only give you half if it was already half. Which it might be, for all we know. Wink

But for the situation to be realistic we have to assume that the honest miners would already be using the same technology. Otherwise your scenario is only valid in the concrete moment when the technology is evolving.
full member
Activity: 336
Merit: 100
July 03, 2011, 12:49:17 PM
#74
Andes, to have control of 50% of the network you need to deploy 101% processing power (you´ll end up having 50,5%)

But, why thinking there will only be 1 dishonest entity?  If there is one, there could be more, each one of them would have their own self-interest on controlling the network.   If a lot of "dishonest" entities with great processing power try to control the network, they would make the 51% attack less probable themselves.
legendary
Activity: 1596
Merit: 1012
Democracy is vulnerable to a 51% attack.
July 03, 2011, 11:11:45 AM
#73
The last time I did the "back of the envelope" calculations (about two weeks ago), it would cost about $12,000,000 to reach 50%. That's the cost to design, contract, receive, and hookup fully-custom ASICs to build a hashmonster.  I believe it was 200 blades, each with 24 ASICs. Each ASIC would have 32 2xSHA256 cores running at 350Mhz, each with the hashes fully-implemented as custom gates, pipelined. (So while we're doing round 3 of the 3rd nonce, we're doing round 2 of the 2nd, and so on.) Each core, once its pipeline was full, could churn out one doublehash every 8 clock cycles. The total hashing power: 6.7THash/s. (That's from memory.)

However, this would only give you half if it was already half. Which it might be, for all we know. Wink
hero member
Activity: 518
Merit: 500
July 03, 2011, 02:47:15 AM
#72
so, when this thread was arguing the possible flaws of one person generating all the blocks, did anyone bother to notice that 1/3 of the coins are already in existence?
legendary
Activity: 2940
Merit: 1090
July 02, 2011, 05:03:58 AM
#71
My noob self has to agree...the central "what happens if a pool/operator gets 51% and double spends" hasn't been touched in many of these replies.

Seems like a good test to see if you actually understand btc.

What happens if someone commits fraud / computer fraud / theft / computer theft / wire fraud / wire theft, in other words?

I think there might be some legal rulings or precedents already on the books in various jurisdictions about such activities.

Without getting into specifics, I can say that in general they do seem to me to tend to frown upon such activities.

Possibly the main problem would be ensuring that by the time you are able to convert whatever recompense you might be awarded by the courts back into bitcoin it does actually come out as about the amount it was intended by the court to amount to.

How anonymous, in reality, are people who control >50% of the hashing power, typically?

-MarkM-
jr. member
Activity: 42
Merit: 2
June 13, 2011, 10:21:50 PM
#70
Couldn't the 51% be raised, to say 95% instead?

There is no way that any single entity/organization could ever have 95% of the computing power of the network...

By design, Bitcoin's "true" block chain is not determined by voting (say 95%) but by "proof of work", the chain with more "proof of work" wins. This is a probabilistic issue. Another way to see it, is as a competition issue. The team that dominates 50%+ of the power can outperform the rest.

If you own more than 50% of the hashing power, you will probably be able to produce the longest chain measured in CPU power (you will beat the rest more times in the mining lottery). If you are not honest, you will mess the whole network, until the honest guys regain control. That does not mean you will own the chain, or that you can do a long term damage to the chain, but you can cause a lot of trouble in the meantime, especially if you can sustain the attack for a long time. Think about if you could not trust the confirmations you get after doing a transaction. This would damage the confidence in the network.

That is an unresolved weakness in the Bitcoin paradigm, in my opinion.



EDIT: More related links:

If an attacker gets more than 50 % of mining power
http://forum.bitcoin.org/index.php?topic=24996.0;all

POLL: What are the most likely things that may cause bitcoin to fail ? (merged thread)
http://forum.bitcoin.org/index.php?topic=25026.0

My Response to Ben Laurie’s ‘Last Word’ on Bitcoin
http://forum.bitcoin.org/index.php?topic=25760.0
member
Activity: 112
Merit: 10
June 13, 2011, 09:23:47 PM
#69
Couldn't the 51% be raised, to say 95% instead?

There is no way that any single entity/organization could ever have 95% of the computing power of the network...
Pages:
Jump to: