Pages:
Author

Topic: Cost to perform a 51% attack on the BTC blockchain? (Read 619 times)

member
Activity: 200
Merit: 73
Flag Day ☺
This is the only point I'm making, although full nodes CANNOT prevent a 51% attack, they CAN prevent other attacks, which make them very essential to the network.

They validate transactions, and blocks, relay the valid ones, and ignore the invalid ones.

It's also the full nodes that demand for the kinds of blocks the miners should produce. If miners produce blocks that full nodes don't want, they won't be relayed, and miners would have wasted resources on mining that invalid block.

Full nodes are responsible for making sure that everyone is following the rules. Full nodes keep the miners honest. It's also important that there's a sufficient number of independent parties that run full nodes.


Full nodes do not make sure everyone is following the rules.

All a Full Nodes does is allow that single moron to have a copy of the transactions.

It does not validate a damn thing for anyone else.
Validation only occurs when an increase in confirmations, since only mining nodes can add a block and increase confirmations only mining nodes validate, your non-mining node is just a personal copy , nothing more and useless to everyone else.

It is not like someone can't monitor a block explorer to verify miners are not breaking the rewards rules.
Your node , does nothing more than gives you a false sense of purpose.
But hey , you're stupid so whatever makes you feel special.  Wink

FYI:
What keeps miners honest are other miners, and exchanges such as coinbase that have enough economic clout to hurt the miners.
Individuals running non-mining nodes with no economic clout are just wasting their time and resources for a feel good belief,
kind of sad that is all you have to feel good about.  Tongue

Maybe you should look into planting trees for your feel good about yourself nonsense.  Smiley
staff
Activity: 4326
Merit: 8951
This thread keeps getting derailed by offtopic trolling. Locked.
legendary
Activity: 2898
Merit: 1823
This is the only point I'm making, although full nodes CANNOT prevent a 51% attack, they CAN prevent other attacks, which make them very essential to the network.

They validate transactions, and blocks, relay the valid ones, and ignore the invalid ones.

It's also the full nodes that demand for the kinds of blocks the miners should produce. If miners produce blocks that full nodes don't want, they won't be relayed, and miners would have wasted resources on mining that invalid block.

Full nodes are responsible for making sure that everyone is following the rules. Full nodes keep the miners honest. It's also important that there's a sufficient number of independent parties that run full nodes.
legendary
Activity: 4382
Merit: 9330
'The right to privacy matters'
First off China can simply go to bitmain and tell them to expand manufacturing s19pros.

next China can tell bitmain to build many many many containers. ten fold what is normal.


then commandeer two or three dams.  set up a 65% of the network attack and its done.


it would take six months and be unstoppable by private industry.

only a rich country could counter it.

doubt this is going to happen.
 
formula to calculate are nice but kind of worthless in the case of btc.

they would be better in smaller networks as you can get in and get out in a small network.

legendary
Activity: 1456
Merit: 1177
Always remember the cause!

First: "Bad-actors" are not "irrational actors". A greedy selfish person, who is by no means an altruist and is ready to steal people's funds or defraud them, finds himself ways more comfortable to follow rules instead of trying to defraud people (who are careful enough to wait for enough confirmations) by running a costly 51% attack.

It is how bitcoin is designed and what bitcoin is designed for.

But once an irrational person with unlimited resources shows up, decided to ruin a PoW coin by running a 51% attack for long periods of time, he or she will succeed to ruin the coin and his interests simultaneously and there is absolutely nothing bitcoin can do to avoid it. It is not designed for "the crazy man" game.


Then, he would be kicked out of the network, and have wasted the resources he had for a attempted double-spend.

Game Theory, would he waste his resources, or cooperate with the herd? Cool
Nope, no kick-off, just ruining the coin and his/fed resources at the same time. It may be politically justifiable for the adversary but it is not economically. Bitcoin is not designed to mitigate All types of adversary behaviors,  there is no such coin and won't be feasible to have such a coin ever.
Bitcoin uses a very important and basic assumption for taking advantage of Game Theory: All players are supposed to be aware of their interests and act rationally according to this awareness.


Second: Full nodes have nothing to do with 51% attack. A full node would never become aware of such an attack, let alone resisting it.
But if they do it, full nodes will always verify that the blocks produced are always valid, or else, they will be rejected, resources and time wasted. Full nodes keep miners honest.
A 51% attack is not about breaching the bitcoin protocol by producing invalid blocks, it is about two very important threats: 1) defrauding users/exchanges and 2) Censorship. Full nodes are not able to do anything about none of the two.

P.S. it is getting derailed, pretty much.
legendary
Activity: 2898
Merit: 1823
Antonoupoulos explains it best as usual: https://www.youtube.com/watch?v=ncPyMUfNyVM
I don't think it is a thorough analysis, it is not supposed to be anyway. Actually, there is a hole in his argument: The audience is questioning the feasibility of a hypothetical government attack against bitcoin seemingly with a political incentive yet Antonopoulos mistakenly is using the rational behavior assumption which is not adequate. To be clear: Bitcoin is not safe and secure against multibillion-dollar, (in its economic sense) irrational aggression of governments, it is not designed to be.


Bitcoin was designed not to trust each other, plus under the assumption that THERE ARE bad-actors, and that's why, don't trust, and verify everything yourself by running a full node.


And you are wrong! As usual  Tongue


Yet, you haven't showed that you understood how the network actually works.

Quote

First: "Bad-actors" are not "irrational actors". A greedy selfish person, who is by no means an altruist and is ready to steal people's funds or defraud them, finds himself ways more comfortable to follow rules instead of trying to defraud people (who are careful enough to wait for enough confirmations) by running a costly 51% attack.

It is how bitcoin is designed and what bitcoin is designed for.

But once an irrational person with unlimited resources shows up, decided to ruin a PoW coin by running a 51% attack for long periods of time, he or she will succeed to ruin the coin and his interests simultaneously and there is absolutely nothing bitcoin can do to avoid it. It is not designed for "the crazy man" game.


Then, he would be kicked out of the network, and have wasted the resources he had for a attempted double-spend.

Game Theory, would he waste his resources, or cooperate with the herd? Cool

Quote

Second: Full nodes have nothing to do with 51% attack. A full node would never become aware of such an attack, let alone resisting it.


But if they do it, full nodes will always verify that the blocks produced are always valid, or else, they will be rejected, resources and time wasted. Full nodes keep miners honest.
legendary
Activity: 3906
Merit: 6249
Decentralization Maximalist
Nevermind "fooling". You won't lose anything from behaving dishonestly in POS. You can sign each, and every fork. It's actually better for you, because it won't cost you anything.
You're referring to multi-fork staking. However, this is only a problem in cryptocurrencies which have a fixed staking block reward and/or high transaction fees. The problem has been recognized as early as the creation of Peercoin by not allowing that and to set a block reward proportional to coin-age, and to burn transaction fees. In these setups, you win nothing if you stake on multiple forks - and even if there was a minimal profit, e.g. from extra transaction fees, what Vitalik Buterin describes as "altruism-prime" (you play by the rules because it lowers the risk of an attack which would affect you too) would be probably much stronger.

It's a much bigger problem that you can easily fool nodes which are re-connecting to the network after an absence, which is why I consider PoS-only coins risky. However, in a setup like the one I described, with 1 PoS block each 6 PoW blocks, this would only be exploitable if people accepted 1-confirmation transactions for amounts big enough to justify the hassle of an attack. Thus, in this case, I would consider that a low amount of PoS blocks can add security to a PoW-only chain.
legendary
Activity: 1456
Merit: 1177
Always remember the cause!
Antonoupoulos explains it best as usual: https://www.youtube.com/watch?v=ncPyMUfNyVM
I don't think it is a thorough analysis, it is not supposed to be anyway. Actually, there is a hole in his argument: The audience is questioning the feasibility of a hypothetical government attack against bitcoin seemingly with a political incentive yet Antonopoulos mistakenly is using the rational behavior assumption which is not adequate. To be clear: Bitcoin is not safe and secure against multibillion-dollar, (in its economic sense) irrational aggression of governments, it is not designed to be.


Bitcoin was designed not to trust each other, plus under the assumption that THERE ARE bad-actors, and that's why, don't trust, and verify everything yourself by running a full node.

And you are wrong! As usual  Tongue

First: "Bad-actors" are not "irrational actors". A greedy selfish person, who is by no means an altruist and is ready to steal people's funds or defraud them, finds himself ways more comfortable to follow rules instead of trying to defraud people (who are careful enough to wait for enough confirmations) by running a costly 51% attack.
It is how bitcoin is designed and what bitcoin is designed for.
But once an irrational person with unlimited resources shows up, decided to ruin a PoW coin by running a 51% attack for long periods of time, he or she will succeed to ruin the coin and his interests simultaneously and there is absolutely nothing bitcoin can do to avoid it. It is not designed for "the crazy man" game.


Second: Full nodes have nothing to do with 51% attack. A full node would never become aware of such an attack, let alone resisting it.
legendary
Activity: 1456
Merit: 1177
Always remember the cause!
After going through everything I've some open questions in my mind:

Quote
Lease Cost,                        LC = P0 * IR *WT* 1.17
Partial Compensation,           PC = 0.2*P0 *IR *WT

Net Attack Cost, NAC= LC-PC    =  P0 * IR *WT * 0.93

Where are these numbers 1.17, 0.2 and 0.93 coming from?
In the same post I've described it:
Quote
Now we need to make some assumptions about D, TF, Pa:
Let's suppose XCoin drops 80% after the exploit and the attacker chooses to set D at 10% of the network hash power and TF, normally adds another 5% to miners' income. While miners' profit expectation could be reasonably estimated at 10%,  i.e. a customer with legitimate incentives expects 10% profit when he or she leases a specific amount of hash power.
Try replacing the assumed parameters.
We need such assumptions to do something meaningful about the problem.
legendary
Activity: 2898
Merit: 1823
I wonder if hybrid PoW + PoS blockchain networks are much more expensive to perform a 51% attack? After all, the attacker would need to control 51% of mining hashrate and 51% of the coin's supply (if I'm not mistaken).

The problem is that due to the Nothing-at-stake problem an attacker could fool nodes into a fake chain. It is a difficult and impractical attack (it has been carried out afaik only once in a very weak coin) but it could lower the amount of the supply he needs to attack the PoS "part" of the algorithm. The problem, however, is that it's currently not known how much he could lower the attack cost with a sophisticated attack. (This is also, basically, why many people consider PoS insecure).


Nevermind "fooling". You won't lose anything from behaving dishonestly in POS. You can sign each, and every fork. It's actually better for you, because it won't cost you anything.
full member
Activity: 305
Merit: 106
I remember reading a while back about fake-stake attacks.
This applied to a few POS coins, not a general rule.
https://medium.com/@dsl_uiuc/fake-stake-attacks-on-chain-based-proof-of-stake-cryptocurrencies-b8b05723f806
Some guys managed to stake a very small amount or nothing at all and feed nodes a big amount of bogus data and filled up the hdd/ram and made them crash. Less nodes... more stake power for them.
It was responsably disclosed in 2018 but still a weird ass attack vector imo.
legendary
Activity: 3906
Merit: 6249
Decentralization Maximalist
I wonder if hybrid PoW + PoS blockchain networks are much more expensive to perform a 51% attack? After all, the attacker would need to control 51% of mining hashrate and 51% of the coin's supply (if I'm not mistaken).
In PoW + PoS coins, he doesn't need 51% of the supply. It depends on the exact algorithm, but he has to control 50% of the coins that are actively staking. This is almost never 100% of the supply and can be a different value each block, or also each "epoch" like in some newer algorithms.

The problem is that due to the Nothing-at-stake problem an attacker could fool nodes into a fake chain. It is a difficult and impractical attack (it has been carried out afaik only once in a very weak coin) but it could lower the amount of the supply he needs to attack the PoS "part" of the algorithm. The problem, however, is that it's currently not known how much he could lower the attack cost with a sophisticated attack. (This is also, basically, why many people consider PoS insecure).

Nevertheless the PoS part of the security is "free". So even if the attack cost is increased by PoS (in a PoW/PoS algorithm) only by 10%, it is still an additional cost. So PoS could add security without needing extra hashrate. For example, one could imagine a hybrid coin where only one out of 6 blocks is a PoS block. Those not having confidence in PoS can then simply wait for one more confirmation when they receive a payment and the first confirmation is a PoS block. But a miner carrying out a 51% attack has to ensure that he gets the PoS majority in at least one block if all users wait for 6 confirmations (this is of course simplified, but I think it's understandable).

PS: You may get very different answers here (that PoS does "not work at all" or even is "dangerous") but what I wrote is the conclusion I got after having followed several PoS currencies and reading a lot about the Nothing at stake problem (from PoS supporters and PoS detractors) since 2013. I consider the Nothing at stake problem severe, and I think a PoS-only currency is risky, but a combination with PoW may work.
legendary
Activity: 3220
Merit: 1363
www.Crypto.Games: Multiple coins, multiple games
https://www.crypto51.app/

If any of you are too lazy to click :  $468.961 / h (would have assumed a higher number tbh)

The price can be calculated in many ways. The way they do it is

Quote
Using the prices NiceHash lists for different algorithms we are able to calculate how much it would cost to rent enough hashing power to match the current network hashing power for an hour

But also mention that it's purely theoretical at least un BTC case. BCH is another discussion Smiley)

A very useful site. Thanks, mate. At least, we have an estimation of how much money it would take the attacker to perform a 51% attack. The results are not accurate, so they may vary according to the network's hashrate over time. One thing for sure is that some BCH miners have migrated to the BTC blockchain. This should make Bitcoin Cash weaker against a 51% attack, while strengthening the original Bitcoin (BTC). I believe this is temporary as a result of BCH's halving event. Once Bitcoin (BTC) halves on May, those same BCH miners that migrated to BTC could go back to supporting their chain. If that doesn't happen, then Bitcoin Cash would be at risk. As a last resort, developers could make use of merged mining or fork to a new PoW algorithm to strengthen the underlying blockchain network.

At least, it's nearly impossible to attack the BTC blockchain because of how expensive it is to do so. Not even governments will be able to afford such costs. I hope that the BTC blockchain continues to grow in hashrate so that it would become a truly unstoppable form of money for the whole world to enjoy. Smiley


Hmmm. I think you can look at it a number of ways.. If you actually plan on buying all your machines, a simplified version would be something like

 number of miners = ( total network hashpower ) / hash power per miner
 number of miners * price per miner = $$$$$$


If you rent them, i guess it could be significantly cheaper.

Nicehash offers 1PH/s on the bitcoin chain for ~ 0.0168BTC

Bitcoin sees ~ 120 exahash. https://www.blockchain.com/charts/hash-rate
 = 120000 pentahash (?)

120000*0.168 = ~141.120.000 $ (For, lets say - a month?) to get 51% hashing power Huh (this doesn't seem that expensive.)

Although they obviously don't have that much mining power for rent (I see nicehash only has ~ 180 PH).

Purely theorethically speaking (if we forget about the practicalities of renting 120 ph worth of hashing equipment/however many hashes/s a chain has, (let alone buying it, in which case i highly doubt it would be profitable.)) i could see a number of scenario's where it could definitely be profitable to do a 51% attack.


Interesting. Calculating the cost of a 51% attack looks somewhat complicated, but at least there are sites and apps available which makes your life easier. Considering current estimates, it would take the attacker a hefty sum of money to attack the BTC blockchain. No one could afford doing a 51% attack on Bitcoin, unless it's a company that produces mining hardware. In this case, Bitmain has a greater chance of attacking the BTC blockchain than anyone else as it dominates a large portion of Bitcoin's hashrate. Up to this date, Bitmain hasn't become a threat to Bitcoin's PoW consensus, but it could sometime in the future.

Anyone can easily rent miners on Nicehash to perform a 51% attack on smaller blockchain networks. You don't need to setup mining equipment or incur in energy costs. Just paying the rent for "x" amount of hashrate, could allow anyone to attack a PoW blockchain if he/she has the capital to do so. But I believe that the attacker's efforts will be in vain, as more money will be lost than what it is gained.

I wonder if hybrid PoW + PoS blockchain networks are much more expensive to perform a 51% attack? After all, the attacker would need to control 51% of mining hashrate and 51% of the coin's supply (if I'm not mistaken). Bitcoin devs could decide to implement this in the future if the community allows it. As long as Bitcoin has an immense hashrate backing it, nothing should go wrong. The one's that need to be concerned are Bitcoin Cash and Bitcoin SV supporters + developers. Miners from those chains could migrate to Bitcoin itself, making them completely vulnerable against a 51% attack. But I believe that the damage done will be minimal since "nobody" uses those chains nowadays. Wink


OP,
Firstly you should understand that a 51% attack has two different class of costs:
1) Fixed cost: It includes infrastructure and the machines. Essentially, it doesn't matter whether the attacker could be able lease such facilities the fixed cost would be reasonably the same.

2) Variable cost: It is mainly the electricity cost.

Nicehash sells both sha256 and Ethash power online but both for Ethereum and bitcoin, the available volume is far less than anything potentially helping a 51% attacker.

...


A well thought-out and detailed explanation. This basically summarizes how to calculate the costs to perform a 51% attack on any PoW blockchain. Considering that hashrate volume is low on Nicehash, the attacker would simply need to own mining hardware to attack a PoW blockchain of his desire. The energy consumption and hardware costs, would make it unfeasible to disrupt a large blockchain network like Bitcoin or Ethereum. That's the beauty of decentralization/censorship-resistance. As long as Bitcoin maintains astronomical levels of hashrate, not even governments will be able to stop it. Of course, Bitmain already controls more than 51% of the BTC hashrate, but the fact that it's more profitable to support the BTC blockchain greatly defeats the purpose of an attack of such degree. The real deal will be with smaller blockchain networks that are relatively inexpensive to attack. But developers could easily rely on other solutions to mitigate security risks.

As long as Bitcoin is alive and running, nothing else matters Cheesy
Tym
newbie
Activity: 15
Merit: 14
After going through everything I've some open questions in my mind:

Quote
Lease Cost,                        LC = P0 * IR *WT* 1.17
Partial Compensation,           PC = 0.2*P0 *IR *WT

Net Attack Cost, NAC= LC-PC    =  P0 * IR *WT * 0.93

Where are these numbers 1.17, 0.2 and 0.93 coming from?


And I'm curious how to insert the formula mentioned by @d5000 into the formula of NAC (net attack cost).

Quote
PC = Pa * WT * IR + SP
SP = q * (P0 - Pa) - q * OP0

PC = Pa * WT * IR + q * (P0 - Pa) - q * OP0

Thanks  Smiley



legendary
Activity: 2898
Merit: 1823
Antonoupoulos explains it best as usual: https://www.youtube.com/watch?v=ncPyMUfNyVM
I don't think it is a thorough analysis, it is not supposed to be anyway. Actually, there is a hole in his argument: The audience is questioning the feasibility of a hypothetical government attack against bitcoin seemingly with a political incentive yet Antonopoulos mistakenly is using the rational behavior assumption which is not adequate. To be clear: Bitcoin is not safe and secure against multibillion-dollar, (in its economic sense) irrational aggression of governments, it is not designed to be.


Bitcoin was designed not to trust each other, plus under the assumption that THERE ARE bad-actors, and that's why, don't trust, and verify everything yourself by running a full node.
Tym
newbie
Activity: 15
Merit: 14
Thank you very much for your responses! Especially @aliashraf and @d5000. You're helping me a lot with these formulas!
legendary
Activity: 1456
Merit: 1177
Always remember the cause!
Antonoupoulos explains it best as usual: https://www.youtube.com/watch?v=ncPyMUfNyVM
I don't think it is a thorough analysis, it is not supposed to be anyway. Actually, there is a hole in his argument: The audience is questioning the feasibility of a hypothetical government attack against bitcoin seemingly with a political incentive yet Antonopoulos mistakenly is using the rational behavior assumption which is not adequate. To be clear: Bitcoin is not safe and secure against multibillion-dollar, (in its economic sense) irrational aggression of governments, it is not designed to be.

On the other hand, OP's main concern is not exactly bitcoin, it is more about a general case with new projects, though the analysis could be made general enough to cover the case with bitcoin as well. It is what I've done and @d5000 has made an excellent contribution to, up-thread. You are welcome to check both.
legendary
Activity: 3010
Merit: 3724
Join the world-leading crypto sportsbook NOW!
So we're all talking about the cost to perform the attack, and some speculate it might even be worth it. But the real cost isn't in the financial resources you've got to put together to pull off such a thing, but what happens AFTER that when the attack is discovered and all the other actors reorganise.

Antonoupoulos explains it best as usual: https://www.youtube.com/watch?v=ncPyMUfNyVM
legendary
Activity: 2898
Merit: 1823
FYI:
This would also imply a massive danger to bitcoin if Bitmain ever decided to make another ASIC mined coin their #1Wink
But hey , this is just all speculation, right.    Cool

Do you believe the community, and the economic majority would follow Jihan Wu to Rogercoin? Bitmain would be a more profitable ASIC company if they did their business with actual honestly.


there is no honesty in a business, there is only money (profit) making. both ASIC producers and miners are basically businesses that are looking to make the most amount of profit. that is why they will always stick to what gives them profit.
you want example? look at 2017 when bcash was created and was manipulating the difficulty so much so that they were finding near one thousand blocks per day (instead of normal ~144) and the profit was high because of that and the pumps. many miners switched and Bitmain make a shit ton of money selling ASICs.
it should also be mentioned that bitcoin didn't care about any of that!


I was talking about Bitcoin's incentive-structure, and the game theory, which is what actually holds everything together, and why Bitmain is still in business. Considering that, the troll is just trolling.
legendary
Activity: 3906
Merit: 6249
Decentralization Maximalist
I afraid the derivative market for such assets may not be mature enough to help, tho. Hedging against price fluctuations is a good idea for the attacker but it works for coins like Bitcoin and Ethereum and attacking such coins is a bit more sophisticated I suppose:
I agree that at the moment the scenario may not be practical, or at least, the attacker would probably not be able to compensate for a big portion of his costs with the options/hedging strategy. However, with the rise of DeFi tools, options and other short sale opportunities are continuously getting more popular. So I think all serious altcoin communities should take into account that strategy (it is also possible when attacking PoS coins, obviously). Bitcoin and ETH, should also not totally ignore it; there may be situations (e.g. after an extreme downwards price move with plenty of miners quitting) where such an attack could eventually become profitable, although it will continue to be very difficult to carry out, also taking into account what you say about the whole move probably being a crime.

One of the consequences may be that when an 51% attack is under way it may be helpful for a coin if many people bought it just then, so the price rises and the attacker loses with any hedging strategy and closes his short, maybe losing interest in his attack as well (if he can still cancel the hashrate leasing contract). However, he then also could cash out his mining rewards for a higher price.
Pages:
Jump to: