Topic: Cost to perform a 51% attack on the BTC blockchain? - page 2. (Read 619 times)

Well if you buy the miners you have many other costs too like, space where u put them, cooling, electricy wires check that all are running...

there is no honesty in a business, there is only money (profit) making. both ASIC producers and miners are basically businesses that are looking to make the most amount of profit. that is why they will always stick to what gives them profit.
you want example? look at 2017 when bcash was created and was manipulating the difficulty so much so that they were finding near one thousand blocks per day (instead of normal ~144) and the profit was high because of that and the pumps. many miners switched and Bitmain make a shit ton of money selling ASICs.
it should also be mentioned that bitcoin didn't care about any of that!

Do you believe the community, and the economic majority would follow Jihan Wu to Rogercoin? Bitmain would be a more profitable ASIC company if they did their business with actual honestly.

But Bitmain is mainly an ASIC manufacturing company. It would be way more worthwhile for them to continue to improve on their ASICs and continue selling them. If they were to attack Bitcoin, it would just be like shooting themselves in the foot; investors won't be happy and the whole ASIC business would probably go down the drain as any new cryptos would then make their coins ASIC resistant their priority.

They would probably face some lawsuit from the people that they stole the Bitcoins from.

@d5000,
Thank you for the contribution, it was impressive.
I afraid the derivative market for such assets may not be mature enough to help, tho. Hedging against price fluctuations is a good idea for the attacker but it works for coins like Bitcoin and Ethereum and attacking such coins is a bit more sophisticated I suppose:

Firstly it is impractical to lease/install enough power covertly and once it is exposed both the primary and the secondary market respond properly. It also extends the window of the attack which causes put options for short selling coins to become more expensive.

Also, the time window should be extended even more because putting hundreds of thousands of dollars at risk is irrational with high variance. For instance, even with 60% of power there is a very good chance for the honest network to produce a longer chain in a 10-20 blocks window. When the stakes are high, attackers need to be thoroughly convinced about what they've put in options.

Additionally, 51% attacking a network for defrauding the users is a crime. Derivative markets are not run anonymously, so the attacker should be concerned for the legal consequences and market manipulation charges besides double-spending and fraud.

Interesting calculation, @aliashraf - but I would like to make a small addition.

An 51% attacker can increase PC (the partial compensation) by a pretty significant amount if he is able to carry out a short sale of the currency while he 51%s the network. He can do this even in an almost risk-less way if he buys a short-term put option on it.

So PC should be calculated in the following form, with SP = Short sale profit:

PC = P_a * WT * IR + SP

It would be interesting how high is the typical profit of this maneuvre. Obviously this is influenced by several factors. For example, if Xcoin is already in a bear market, the profit could be lower as put options will be more expensive (and also regular shorts are more expensive to be carried out due to higher interest rates). Additionally, you have to consider the difference between P₀ and P_a - the higher it is, the higher PC will be.

We can add the following to the formula if we consider (for simplicity) that the attacker buys a put option with a short expiration with a strike price of P₀: (O_P0 = put option price, q = quantity of options with the value of 1 Xcoin bought):

SP = q * (P₀ - P_a) - q * O_P0

So our formula becomes:

PC = P_a * WT * IR + q * (P₀ - P_a) - q * O_P0

I'm not an expert on option price theory so it's possible the attacker can increase his profit if he buys options with a strike price which is lower than P₀. For example, if he expects the devaluation to be 80%, then he can buy a put option with a strike price 20% under the current Xcoin price for a very cheap price, but his risk is also higher.

PS: Corrections are welcome!

OP,
Firstly you should understand that a 51% attack has two different class of costs:
1) Fixed cost: It includes infrastructure and the machines. Essentially, it doesn't matter whether the attacker could be able lease such facilities the fixed cost would be reasonably the same.

2) Variable cost: It is mainly the electricity cost.

Nicehash sells both sha256 and Ethash power online but both for Ethereum and bitcoin, the available volume is far less than anything potentially helping a 51% attacker.

From your post, I understand you are more curious about new cryptocurrency projects when the total network hash rate is very low and one can lease enough hash power to carry out such an attack. For this scenario, I've something to present:

Suppose we have Xcoin with a market price of P₀ at a given period of time. Let Xcoin inflation rate in an hour to be IR (Inflation Rate). Now suppose Xcoin is in a somewhat stable state (neglectable price and network hash rate volatility) and we have TNH as the total network hash rate in the same period we have P₀ as the price.

Before proceeding anymore we have to make it crystal clear about some points:
1- A 51% attack is always about defrauding a single user/group of users specifically a limited number of exchanges.

2- Users have always a chance to mitigate such attacks by waiting for more confirmation before accepting the payments and releasing their assets.

3- Established pools/mining farms have strong incentives not to collude and engage in such attacks because they have strategic interests at stake.

So, the attacker has to lease TNH+D hash power from the market (where D stands for a minimum threshold that I'll discuss later) and keep it up and running privately for a period of time long enough while she is waiting for the victim(s) to accept the fraudulent transaction which is going to be removed from the blockchain after the attack is exploited as a short-range chain rewrite, let's put it at WT for 'waiting time'.

Translating absolute time variables to blockchain terminology is trivial so let's suppose we have already used the Xcoin's block time as the unit of time and both IR and WT are expressed using this unit of time.

First observation: The cost of leasing TNH+D hash power, Lease Cost or LC, in a stable market could be estimated as being slightly more than the total price of the coins generated because a normal miner has some expectations for profits, PE, and there is also another income, transaction fees, TF. Hence: LC = P₀ * (IR + TF)* WT + PE

Second Observation: Although after exploiting the attack, one could expect a significant drop in XCoin price, P₀, and it'd be very hard to liquidate block rewards and fees (if any) collected in WT but it won't fall to zero, so we will have the price falling very sharp to something like P_a for the aftermath price. Hence other than the main fraud plan the attacker also collects:
Partial Compensation, PC = P_a * WT * IR

Third observation: Although a hypothetical 50%+1 attack on a blockchain will succeed eventually in making a longer/more difficult chain in a very long period of time with a probability of 100% it is not rational for an attacker to carry on such an attack in very large windows of time, much larger than what is needed for convincing the victim(s), hence there is always a trade-off involved and a D threshold should be considered safe for the attacker to minimize the attack cost and remain confident about its success.

Now we need to make some assumptions about D, TF, P_a:
Let's suppose XCoin drops 80% after the exploit and the attacker chooses to set D at 10% of the network hash power and TF, normally adds another 5% to miners' income. While miners' profit expectation could be reasonably estimated at 10%,  i.e. a customer with legitimate incentives expects 10% profit when he or she leases a specific amount of hash power.
With such parameters set, we can easily calculate the net 51% attack cost as being:


Lease Cost,                        LC = P₀ * IR *WT* 1.17
Partial Compensation,           PC = 0.2*P₀ *IR *WT

Net Attack Cost, NAC= LC-PC    =  P₀ * IR *WT * 0.93


Conclusion: The net cost of a typical 51% attack on an altcoin with small network hash power is expected to be the same as the total inflation of the coin in the window of time that the attack is carried on.

From this, I suggest a simple mitigation strategy for vulnerable users/exchanges:
Always wait for a very good factor (at least 2-3 times) the transaction value for the network to produce enough block rewards (neglecting the fees) before accepting the large payments.

Yet another good recommendation:
Don't waste your customers' time too much if it is about just a few pennies at stake, accept micropayments and generally, any payment less than 10% of the block reward with just one confirmation.

Actually I wanted to ask a similar question but suddenly I saw this post so I wanted to add my question here.

I read an article from Vitalik Buterin where I found this:

Source: https://blog.ethereum.org/2015/01/10/light-clients-proof-stake/

In fact, I belive what Buterin is saying/writing but I'm looking for a mathematical proof to add it to my thesis.

Maybe someone knows a good link or is able to explain (in a mathematical way) why creating such a chain is as expensive as a 51% attack.

I'd love to read your answers! Thank you!

I was more thinking about other scenario's, such as leveraged shorting using a platform such as Bitmex, as in the event of a 51% attack, you'd expect the price to go down.
I'm not sure if there's a possibility to short smaller coins such as ETC suffficiently enough though. (Although, looks like they have quite some liquidity on Bitforex etc.. -- 81 million in the last 24h? lol...)

Seems you need to remove a 0 and you get $14M /day.

Not that cheap if you think about it. You either do a double spent or fork and hope othera will believe you are a billionaire )

Hmmm. I think you can look at it a number of ways.. If you actually plan on buying all your machines, a simplified version would be something like

 number of miners = ( total network hashpower ) / hash power per miner
 number of miners * price per miner = $$$$$$


If you rent them, i guess it could be significantly cheaper.

Nicehash offers 1PH/s on the bitcoin chain for ~ 0.0168BTC

Bitcoin sees ~ 120 exahash. https://www.blockchain.com/charts/hash-rate
 = 120000 pentahash (?)

120000*0.168 = ~141.120.000 $ (For, lets say - a month?) to get 51% hashing power (this doesn't seem that expensive.)

Although they obviously don't have that much mining power for rent (I see nicehash only has ~ 180 PH).

Purely theorethically speaking (if we forget about the practicalities of renting 120 ph worth of hashing equipment/however many hashes/s a chain has, (let alone buying it, in which case i highly doubt it would be profitable.)) i could see a number of scenario's where it could definitely be profitable to do a 51% attack.

https://www.crypto51.app/

If any of you are too lazy to click :  $468.961 / h (would have assumed a higher number tbh)

The price can be calculated in many ways. The way they do it is


But also mention that it's purely theoretical at least un BTC case. BCH is another discussion )

I'm curious to know what will be the cost in terms of USD for performing a 51% attack on the Bitcoin blockchain? I'm guessing that it might take a lot of money to do so, considering how many miners are backing the entire chain. A formula on how to calculate such cost would be great to know, in order to make things easier when working on a cryptocurrency project of my own. Knowing beforehand the costs involved for attacking a PoW blockchain, could encourage developers to reinforce security on the same.

Of course, a 51% attack on Bitcoin is not feasible right now. But it might be on smaller chains like Bitcoin Cash, and Bitcoin SV. Any helpful advice on how to calculate 51% attack costs on the Blockchain will be greatly appreciated. This of course, will be for learning/educational purposes than anything else. Thanks in advance.