Pages:
Author

Topic: Bitcoin's kryptonite: The 51% attack. - page 4. (Read 27702 times)

unk
member
Activity: 84
Merit: 10
June 06, 2011, 10:56:13 PM
#28
this is still an unresolved concern, and the community does not take it seriously enough. in any other open-source cryptographic project, these sorts of concerns drive everyone's enthusiasm for solutions; here, they're met with obstinacy. my conjecture is that the same financial motivations that helped drive bitcoin's adoption tend to discourage critique and lead people to fear change, which is unfortunate and potentially devastating for the technology (and incidentally for the value in the currently prominent block chain). many good analysts have repeatedly issued this warning and given sophisticated critiques, but the response is almost a kind of cultural conservatism, which is odd in a community like this.

in any event:

1. as has been pointed out many times, the attack is not expensive, nor does the fact that mining is profitable mean that a strategic attack on a valuable block chain won't be far more profitable. this neglect of the strategic value of an attack is the only well-known significant mistake in satoshi's original paper, one that the analyst going by the name 'computerscientist' in various online forums has pointed out in detail.

2. the attack is not easy to detect. please outline a mechanism for detection in the general case if you think you have one. the general problem is that the only response to a proof-of-work attack is greater work; it's very difficult in practice to distinguish 'good' work from 'bad' work.

3. the probability of success does not 'implode with each confirmation'; you're misapplying satoshi's proof of the difficulty of rewriting the past block chain starting in the present. it does not apply to the probability of continuing to generate blocks in the present.

4. two or three types of attack in the same vein may be practical without even 51% of the hashing power, as bytecoin and "s" have pointed out.

5. andes is correct that cuddlefish's response to cartel power by pools is inapplicable to the general case of this attack.

6. the attack has implications broader than denial-of-service, both in terms of direct double-spending (defeating the only purpose of the block chain other than as a way of distributing initial allocation of coins) and in terms of second-order economic effects on the marketplace. the latter aren't a direct threat to the technology, but they are indeed a direct threat to the value in the currently prominent block chain.

what's unfortunate is that there are potential solutions to these problems, but there seems to be no will to explore them because they require minor changes to bitcoin. for example, one potentially robust solution to the double-spending problem is to develop redundant mechanisms for invalidating the ability of one private key to spend coins. the block chain is one, but any other mechanism that provides the equivalent of certificate revocations in a distributed pki could be another. alternatively, a protocol could prevent control of the network unless an attacker was able to demonstrate proof of work along multiple vectors at once (e.g., by multiplexing several styles of proof of work at once in the same block chain), which would likely make an attack significantly more expensive.
jr. member
Activity: 42
Merit: 2
June 06, 2011, 10:54:42 PM
#27
Quote
Any one or two decent supercomputers in the world could do that. And there are thousands.

Bitcoin miners already have more hashing power than all of the top 500 supercomputers combined.

Man thats an incredible statistic, it prooves my estimation wrong. Which sources are you using? Thanks.
jr. member
Activity: 42
Merit: 2
June 06, 2011, 10:52:17 PM
#26
I don't see it as a significant threat because:

There is a huge amount of global computing power that can be brought to bear to defend against such an attack if it happens.

This is an excelent point!
hero member
Activity: 772
Merit: 501
June 06, 2011, 10:51:26 PM
#25
Quote
Any one or two decent supercomputers in the world could do that. And there are thousands.

Bitcoin miners already have more hashing power than all of the top 500 supercomputers combined.
jr. member
Activity: 42
Merit: 2
June 06, 2011, 10:48:11 PM
#24
Moving on. Having isolated the problem and starting to explore lines of solution.
I'm gonna say it again. That attitude only labels you a cranky reckless authoritarian technocrat who would have precisely the moral malfunction to do the attack.

Sorry, but you just sound creepy, and I'd like to believe you're not. "Moving on." Who you?
No need for personal attacks dude. If you feel frustrated kick your computer instead.
jr. member
Activity: 42
Merit: 2
June 06, 2011, 10:45:33 PM
#23
AntiVigilante, again, your "10 minute breach" theory was proven wrong in this thread. There is no limit to how long an attacker could stop the network from working. It solely depends on the attacker wishes. If he wants to stop Bitcoin for 1 month, and he has the resources, he can.
Um no actually he can't. He has to keep up as the probability of success implodes with each confirmation.
Hmm.. I dont understand this, but if true, would be fantastic. Could you elaborate for a newbie to understand?  Smiley

No person in the world will ever have 51% of network power. Jesus. That's impossible. Only a rogue pool can do that. And that would require convincing half the GPU miners to raid the whole network. And then convince them to split up the winnings.
Here you clearly dont get it. The attacker organization dosent need to convince any miner. He only needs to beat a bunch of amateur people with 3D gaming cards. Any one or two decent supercomputers in the world could do that. And there are thousands.

In fact I would love to see a statistic on total computer power in the world vs Bitcoin mining total computing power. I would guess it is in the order of magnitude of 1:10000.
member
Activity: 98
Merit: 10
June 06, 2011, 10:45:02 PM
#22
Moving on. Having isolated the problem and starting to explore lines of solution.

I'm gonna say it again. That attitude only labels you a cranky reckless authoritarian technocrat who would have precisely the moral malfunction to do the attack.

Sorry, but you just sound creepy, and I'd like to believe you're not. "Moving on." Who you?

Quote
If we could come up with some new paradigm that is based exclusively in trust between parties, without having to rely on third parties. Of course if most users would become miners, and the total mining power would be greater than any external threat, this could be solved, but I see a much more difficult adoption curve in this case. The other option would be local mining trust comunities, but that would be also subjected to control sooner or later from larger entities. If thats not the case, we will allways end up with dangerous concentration of power in mining.

Lets keep thinking...

While you were working on that I've already proposed one that discourages the accumulation of power and prevents others from raping the smaller mining pools.
hero member
Activity: 772
Merit: 501
June 06, 2011, 10:32:27 PM
#21
I don't see it as a significant threat because:

The 51% attack is very costly to pull off.

It is easy to detect.

There is a huge amount of global computing power that can be brought to bear to defend against such an attack if it happens.

I also think economically, distributed control of network power is more efficient than concentrated control, for the reason already mentioned by dude655: regular people have existing hardware that can be used for mining at no extra cost. There are also many places in the world with surplus electricity being generated during certain times of the day where hashing could become very cheap or even free. This is especially the case with people who have access to electricity from renewable energy sources, as it is often very intermittent.
member
Activity: 98
Merit: 10
June 06, 2011, 10:30:20 PM
#20
AntiVigilante, again, your "10 minute breach" theory was proven wrong in this thread. There is no limit to how long an attacker could stop the network from working. It solely depends on the attacker wishes. If he wants to stop Bitcoin for 1 month, and he has the resources, he can.

Um no actually he can't. He has to keep up as the probability of success implodes with each confirmation.

Second, cuddlefish's modification destroys the 51% problem.
...
Truth is people know about the problem and when it gets there people quickly leave that pool.
I dont think so. What you write has to do with the inner workings of pools. An attacker does not need pools, only mining nodes. Readers, please correct me if I am wrong.
[/quote]

No person in the world will ever have 51% of network power. Jesus. That's impossible. Only a rogue pool can do that. And that would require convincing half the GPU miners to raid the whole network. And then convince them to split up the winnings.
jr. member
Activity: 42
Merit: 2
June 06, 2011, 10:05:16 PM
#19
Moving on. Having isolated the problem and starting to explore lines of solution.

Currently Bitcoin mining depends on the probability of a block being solved. This means the whole paradigm of Bitcoin security is subjected to who has more computing power to solve a certain problem. Statistically, as long as the honest users are in control of more than 50% of the network computing power, Bitcoins remains working as intended. The minute honest users loose the 50%+ advantage the system starts crumbling.

I see two forks of solutions here:

1. We keep using the Mayority-of-Computing-Power-Wins paradigm for security
2. We discard this paradigm and go for something more sophisticated that does not need the control of the mayority of computing power to be secure.

As long as Bitcoin security depends on honest miners owning the mayority of computing power, I see no power balance innovation here. This is history repeating itself for thousands of years. Those who control the mayority of economic resources control the whole system. There is no guarantee for true decentralization of power under the current Bitcoin implementation.

If we could come up with some new paradigm that is based exclusively in trust between parties, without having to rely on third parties. Of course if most users would become miners, and the total mining power would be greater than any external threat, this could be solved, but I see a much more difficult adoption curve in this case. The other option would be local mining trust comunities, but that would be also subjected to control sooner or later from larger entities. If thats not the case, we will allways end up with dangerous concentration of power in mining.

Lets keep thinking...
jr. member
Activity: 42
Merit: 2
June 06, 2011, 10:02:44 PM
#18
AntiVigilante, again, your "10 minute breach" theory was proven wrong in this thread. There is no limit to how long an attacker could stop the network from working. It solely depends on the attacker wishes. If he wants to stop Bitcoin for 1 month, and he has the resources, he can.

Second, cuddlefish's modification destroys the 51% problem.
...
Truth is people know about the problem and when it gets there people quickly leave that pool.
I dont think so. What you write has to do with the inner workings of pools. An attacker does not need to control pools of honest miners, only owning computing power in the form of mining nodes. Readers, please correct me if I am wrong.
member
Activity: 98
Merit: 10
June 06, 2011, 09:55:17 PM
#17
Regarding your last comment, could you point out the solutions you mention for what you say has been discused in 100 threads? You offered a solution scenario in this thread and it was proven wrong by other poster. I would be extremely interested in the solutions. I am invested in this too, as yourself. But I have found no solutions to this Bitcoin vulnerability. I now trust the establishment will allow bitcoin to operate, or even better, bitcoin will be upgraded to overcome this weakness.


My noob self has to agree...the central "what happens if a pool/operator gets 51% and double spends" hasn't been touched in many of these replies.

Seems like a good test to see if you actually understand btc.

Simple. Stop calling it fatal. The double spend window is 10 minutes. After which you wasted all that processing power to cheat when you would have made more by mining or trading.

Second, cuddlefish's modification destroys the 51% problem.

Third, my work is for something entirely different.

And lastly, prove, fatal, guaranteed, death by 1000 puns. You confuse a dispute with proving wrong and you use the word fatal for a 10 minute breach. Right. Sorry. And most people require several confirmations so that 10 minute window buys you nothing.

Truth is people know about the problem and when it gets there people quickly leave that pool. There's a community here not just a bunch fat bearded men.
newbie
Activity: 42
Merit: 0
June 06, 2011, 09:29:51 PM
#16
My noob self has to agree...the central "what happens if a pool/operator gets 51% and double spends" hasn't been touched in many of these replies.

Seems like a good test to see if you actually understand btc.
jr. member
Activity: 42
Merit: 2
June 06, 2011, 09:09:32 PM
#15
Found funny how so few people seem concerned about a fatal flaw of bitcoin. Am I wrong?

Making such statements turns people off. Ultimately in reacting this way you are saying someone is not taking into account a threat but the threat is projected from your analysis. People tend to see that as emotional parasitism.

Creating the 100th thread on the same subject that has been talked about, dealt with, and has some solutions, oh brother.

AntiVigilante, I dont see any problem by the posibility of some people being turned off. Truth is more important than ignoring facts to keep everybody happy, dont you think? And I dont see any excess of pessimism in the bitcoin comunity right now, considering the largest profits ever seen in the history of the universe! ...  Shocked  Grin

Regarding your last comment, could you point out the solutions you mention for what you say has been discused in 100 threads? You offered a solution scenario in this thread and it was proven wrong by other poster. I would be extremely interested in the solutions. I am invested in this too, as yourself. But I have found no solutions to this Bitcoin vulnerability. I now trust the establishment will allow bitcoin to operate, or even better, bitcoin will be upgraded to overcome this weakness.

member
Activity: 98
Merit: 10
June 06, 2011, 08:36:32 PM
#14
Found funny how so few people seem concerned about a fatal flaw of bitcoin. Am I wrong?

Making such statements turns people off. Ultimately in reacting this way you are saying someone is not taking into account a threat but the threat is projected from your analysis. People tend to see that as emotional parasitism.

Creating the 100th thread on the same subject that has been talked about, dealt with, and has some solutions, oh brother.
jr. member
Activity: 42
Merit: 2
June 06, 2011, 07:25:35 PM
#13
So, from the above comments, the conclusion is that any powerful company or government could shut down Bitcoin at will by committing enough computer resources to mining. If they have 51% of the mining power, and want to shut down Bitcoin, its game over for Bitcoin.

On the other hand, I think there is a good chance Bitcoin will succeed because many governments and companies will be more than happy have an anonymous currency. It gives anyone so much more flexibility. What will happen with the Fiat monopoly, it remains to be seen. Anyways, I think everybody wants to let this experiment unfold to see its ramifications. The head of Bitcoin development (Gavin) has a meeting with CIA this week I think. So everybody seems to be interested. http://forum.bitcoin.org/?topic=6652.0

So my current bet is that Bitcoin will succeed, but not for the reasons most people think. Bitcoin will never be really independent from the establishment, in fact it will exist under its approval, unless something changes in the way Bitcoin is designed. This does not change very much the reality for end users, only the moral and social implications at large.

Any thoughts?
member
Activity: 98
Merit: 10
June 06, 2011, 11:49:05 AM
#12
If some group controls mining, can this group change bitcoin rules, and by so doing, destroy its intrinsic virtues? I need expert opinion on this, as I am not a programmer, nor experienced bitcoin member.

Bitcoin reward decreases. Mining profits go poof. Mining stops. CPU miners wait a week and then dive in.
jr. member
Activity: 42
Merit: 2
June 06, 2011, 08:39:44 AM
#11
You should however consider the failure mode of the network: double spend is made possible at the discretion of the kingpin. It cannot print money, nor it can use other people's money. Moreover, the double spend would be self-evident and a clear proof the kingpin is corrupted (accepts double spend), leading people to flee from the currency. Why would the kingpin destroy his investment and revenue stream ?

BubbleBoy, thanks for your insights.

Answering your question, my thesis allows for a deliberate attack from current economic powers to debilitate the competing currency. Many people think that bitcoin weakens or threatens fiat currencies. The expenditure in destroying cryptocurrencies would be more than offset by the returns issuing and manipultaing fiat currencies without competition. In the end this is a game on controlling the allocation of the earth resources via control of money, a huge bussiness. If anti-banker advocates are right, now the bankers seem to be winning 1-0. Bitcoin could score a 1-1, which would not make bankers happy.

If some group controls mining, can this group change bitcoin rules, and by so doing, destroy its intrinsic virtues? I need expert opinion on this, as I am not a programmer, nor experienced bitcoin member.
sr. member
Activity: 504
Merit: 250
June 06, 2011, 08:30:22 AM
#10
andes, i think your points about economy of scale are correct. The total mining revenue at current valuations is in the millions of dollars per month. If sustainable, that budget is enough to motivate a player to invest in optimized ASICs, and once that happens it's game-over for the GPU crowd. The ASIC miner has a 10:1 better capital and energy efficiency and would quickly overpower and bankrupt the competition, gaining a constant revenue stream for himself while denying it for the competition. Without sizeable upfront investments it's almost impossible to catch-up.

You should however consider the failure mode of the network: double spend is made possible at the discretion of the kingpin. It cannot print money, nor it can use other people's money. Moreover, the double spend would be self-evident and a clear proof the kingpin is corrupted (accepts double spend), leading people to flee from the currency. Why would the kingpin destroy his investment and revenue stream ?
jr. member
Activity: 42
Merit: 2
June 06, 2011, 07:55:46 AM
#9
Found another thread discussing a similar attack against Bitcoin.

Here https://forum.bitcoin.org/index.php?topic=2436.100

Look for "Men-in-black attack" in page 5.

I am crosslinking the threads.

Found funny how so few people seem concerned about a fatal flaw of bitcoin. Am I wrong?
Pages:
Jump to: