Author

Topic: Cost to perform a 51% attack on the BTC blockchain? (Read 619 times)

member
Activity: 200
Merit: 73
Flag Day ☺
This is the only point I'm making, although full nodes CANNOT prevent a 51% attack, they CAN prevent other attacks, which make them very essential to the network.

They validate transactions, and blocks, relay the valid ones, and ignore the invalid ones.

It's also the full nodes that demand for the kinds of blocks the miners should produce. If miners produce blocks that full nodes don't want, they won't be relayed, and miners would have wasted resources on mining that invalid block.

Full nodes are responsible for making sure that everyone is following the rules. Full nodes keep the miners honest. It's also important that there's a sufficient number of independent parties that run full nodes.


Full nodes do not make sure everyone is following the rules.

All a Full Nodes does is allow that single moron to have a copy of the transactions.

It does not validate a damn thing for anyone else.
Validation only occurs when an increase in confirmations, since only mining nodes can add a block and increase confirmations only mining nodes validate, your non-mining node is just a personal copy , nothing more and useless to everyone else.

It is not like someone can't monitor a block explorer to verify miners are not breaking the rewards rules.
Your node , does nothing more than gives you a false sense of purpose.
But hey , you're stupid so whatever makes you feel special.  Wink

FYI:
What keeps miners honest are other miners, and exchanges such as coinbase that have enough economic clout to hurt the miners.
Individuals running non-mining nodes with no economic clout are just wasting their time and resources for a feel good belief,
kind of sad that is all you have to feel good about.  Tongue

Maybe you should look into planting trees for your feel good about yourself nonsense.  Smiley
staff
Activity: 4326
Merit: 8951
This thread keeps getting derailed by offtopic trolling. Locked.
legendary
Activity: 2898
Merit: 1823
This is the only point I'm making, although full nodes CANNOT prevent a 51% attack, they CAN prevent other attacks, which make them very essential to the network.

They validate transactions, and blocks, relay the valid ones, and ignore the invalid ones.

It's also the full nodes that demand for the kinds of blocks the miners should produce. If miners produce blocks that full nodes don't want, they won't be relayed, and miners would have wasted resources on mining that invalid block.

Full nodes are responsible for making sure that everyone is following the rules. Full nodes keep the miners honest. It's also important that there's a sufficient number of independent parties that run full nodes.
legendary
Activity: 4382
Merit: 9330
'The right to privacy matters'
First off China can simply go to bitmain and tell them to expand manufacturing s19pros.

next China can tell bitmain to build many many many containers. ten fold what is normal.


then commandeer two or three dams.  set up a 65% of the network attack and its done.


it would take six months and be unstoppable by private industry.

only a rich country could counter it.

doubt this is going to happen.
 
formula to calculate are nice but kind of worthless in the case of btc.

they would be better in smaller networks as you can get in and get out in a small network.

legendary
Activity: 1456
Merit: 1177
Always remember the cause!

First: "Bad-actors" are not "irrational actors". A greedy selfish person, who is by no means an altruist and is ready to steal people's funds or defraud them, finds himself ways more comfortable to follow rules instead of trying to defraud people (who are careful enough to wait for enough confirmations) by running a costly 51% attack.

It is how bitcoin is designed and what bitcoin is designed for.

But once an irrational person with unlimited resources shows up, decided to ruin a PoW coin by running a 51% attack for long periods of time, he or she will succeed to ruin the coin and his interests simultaneously and there is absolutely nothing bitcoin can do to avoid it. It is not designed for "the crazy man" game.


Then, he would be kicked out of the network, and have wasted the resources he had for a attempted double-spend.

Game Theory, would he waste his resources, or cooperate with the herd? Cool
Nope, no kick-off, just ruining the coin and his/fed resources at the same time. It may be politically justifiable for the adversary but it is not economically. Bitcoin is not designed to mitigate All types of adversary behaviors,  there is no such coin and won't be feasible to have such a coin ever.
Bitcoin uses a very important and basic assumption for taking advantage of Game Theory: All players are supposed to be aware of their interests and act rationally according to this awareness.


Second: Full nodes have nothing to do with 51% attack. A full node would never become aware of such an attack, let alone resisting it.
But if they do it, full nodes will always verify that the blocks produced are always valid, or else, they will be rejected, resources and time wasted. Full nodes keep miners honest.
A 51% attack is not about breaching the bitcoin protocol by producing invalid blocks, it is about two very important threats: 1) defrauding users/exchanges and 2) Censorship. Full nodes are not able to do anything about none of the two.

P.S. it is getting derailed, pretty much.
legendary
Activity: 2898
Merit: 1823
Antonoupoulos explains it best as usual: https://www.youtube.com/watch?v=ncPyMUfNyVM
I don't think it is a thorough analysis, it is not supposed to be anyway. Actually, there is a hole in his argument: The audience is questioning the feasibility of a hypothetical government attack against bitcoin seemingly with a political incentive yet Antonopoulos mistakenly is using the rational behavior assumption which is not adequate. To be clear: Bitcoin is not safe and secure against multibillion-dollar, (in its economic sense) irrational aggression of governments, it is not designed to be.


Bitcoin was designed not to trust each other, plus under the assumption that THERE ARE bad-actors, and that's why, don't trust, and verify everything yourself by running a full node.


And you are wrong! As usual  Tongue


Yet, you haven't showed that you understood how the network actually works.

Quote

First: "Bad-actors" are not "irrational actors". A greedy selfish person, who is by no means an altruist and is ready to steal people's funds or defraud them, finds himself ways more comfortable to follow rules instead of trying to defraud people (who are careful enough to wait for enough confirmations) by running a costly 51% attack.

It is how bitcoin is designed and what bitcoin is designed for.

But once an irrational person with unlimited resources shows up, decided to ruin a PoW coin by running a 51% attack for long periods of time, he or she will succeed to ruin the coin and his interests simultaneously and there is absolutely nothing bitcoin can do to avoid it. It is not designed for "the crazy man" game.


Then, he would be kicked out of the network, and have wasted the resources he had for a attempted double-spend.

Game Theory, would he waste his resources, or cooperate with the herd? Cool

Quote

Second: Full nodes have nothing to do with 51% attack. A full node would never become aware of such an attack, let alone resisting it.


But if they do it, full nodes will always verify that the blocks produced are always valid, or else, they will be rejected, resources and time wasted. Full nodes keep miners honest.
legendary
Activity: 3906
Merit: 6249
Decentralization Maximalist
Nevermind "fooling". You won't lose anything from behaving dishonestly in POS. You can sign each, and every fork. It's actually better for you, because it won't cost you anything.
You're referring to multi-fork staking. However, this is only a problem in cryptocurrencies which have a fixed staking block reward and/or high transaction fees. The problem has been recognized as early as the creation of Peercoin by not allowing that and to set a block reward proportional to coin-age, and to burn transaction fees. In these setups, you win nothing if you stake on multiple forks - and even if there was a minimal profit, e.g. from extra transaction fees, what Vitalik Buterin describes as "altruism-prime" (you play by the rules because it lowers the risk of an attack which would affect you too) would be probably much stronger.

It's a much bigger problem that you can easily fool nodes which are re-connecting to the network after an absence, which is why I consider PoS-only coins risky. However, in a setup like the one I described, with 1 PoS block each 6 PoW blocks, this would only be exploitable if people accepted 1-confirmation transactions for amounts big enough to justify the hassle of an attack. Thus, in this case, I would consider that a low amount of PoS blocks can add security to a PoW-only chain.
legendary
Activity: 1456
Merit: 1177
Always remember the cause!
Antonoupoulos explains it best as usual: https://www.youtube.com/watch?v=ncPyMUfNyVM
I don't think it is a thorough analysis, it is not supposed to be anyway. Actually, there is a hole in his argument: The audience is questioning the feasibility of a hypothetical government attack against bitcoin seemingly with a political incentive yet Antonopoulos mistakenly is using the rational behavior assumption which is not adequate. To be clear: Bitcoin is not safe and secure against multibillion-dollar, (in its economic sense) irrational aggression of governments, it is not designed to be.


Bitcoin was designed not to trust each other, plus under the assumption that THERE ARE bad-actors, and that's why, don't trust, and verify everything yourself by running a full node.

And you are wrong! As usual  Tongue

First: "Bad-actors" are not "irrational actors". A greedy selfish person, who is by no means an altruist and is ready to steal people's funds or defraud them, finds himself ways more comfortable to follow rules instead of trying to defraud people (who are careful enough to wait for enough confirmations) by running a costly 51% attack.
It is how bitcoin is designed and what bitcoin is designed for.
But once an irrational person with unlimited resources shows up, decided to ruin a PoW coin by running a 51% attack for long periods of time, he or she will succeed to ruin the coin and his interests simultaneously and there is absolutely nothing bitcoin can do to avoid it. It is not designed for "the crazy man" game.


Second: Full nodes have nothing to do with 51% attack. A full node would never become aware of such an attack, let alone resisting it.
legendary
Activity: 1456
Merit: 1177
Always remember the cause!
After going through everything I've some open questions in my mind:

Quote
Lease Cost,                        LC = P0 * IR *WT* 1.17
Partial Compensation,           PC = 0.2*P0 *IR *WT

Net Attack Cost, NAC= LC-PC    =  P0 * IR *WT * 0.93

Where are these numbers 1.17, 0.2 and 0.93 coming from?
In the same post I've described it:
Quote
Now we need to make some assumptions about D, TF, Pa:
Let's suppose XCoin drops 80% after the exploit and the attacker chooses to set D at 10% of the network hash power and TF, normally adds another 5% to miners' income. While miners' profit expectation could be reasonably estimated at 10%,  i.e. a customer with legitimate incentives expects 10% profit when he or she leases a specific amount of hash power.
Try replacing the assumed parameters.
We need such assumptions to do something meaningful about the problem.
legendary
Activity: 2898
Merit: 1823
I wonder if hybrid PoW + PoS blockchain networks are much more expensive to perform a 51% attack? After all, the attacker would need to control 51% of mining hashrate and 51% of the coin's supply (if I'm not mistaken).

The problem is that due to the Nothing-at-stake problem an attacker could fool nodes into a fake chain. It is a difficult and impractical attack (it has been carried out afaik only once in a very weak coin) but it could lower the amount of the supply he needs to attack the PoS "part" of the algorithm. The problem, however, is that it's currently not known how much he could lower the attack cost with a sophisticated attack. (This is also, basically, why many people consider PoS insecure).


Nevermind "fooling". You won't lose anything from behaving dishonestly in POS. You can sign each, and every fork. It's actually better for you, because it won't cost you anything.
full member
Activity: 305
Merit: 106
I remember reading a while back about fake-stake attacks.
This applied to a few POS coins, not a general rule.
https://medium.com/@dsl_uiuc/fake-stake-attacks-on-chain-based-proof-of-stake-cryptocurrencies-b8b05723f806
Some guys managed to stake a very small amount or nothing at all and feed nodes a big amount of bogus data and filled up the hdd/ram and made them crash. Less nodes... more stake power for them.
It was responsably disclosed in 2018 but still a weird ass attack vector imo.
legendary
Activity: 3906
Merit: 6249
Decentralization Maximalist
I wonder if hybrid PoW + PoS blockchain networks are much more expensive to perform a 51% attack? After all, the attacker would need to control 51% of mining hashrate and 51% of the coin's supply (if I'm not mistaken).
In PoW + PoS coins, he doesn't need 51% of the supply. It depends on the exact algorithm, but he has to control 50% of the coins that are actively staking. This is almost never 100% of the supply and can be a different value each block, or also each "epoch" like in some newer algorithms.

The problem is that due to the Nothing-at-stake problem an attacker could fool nodes into a fake chain. It is a difficult and impractical attack (it has been carried out afaik only once in a very weak coin) but it could lower the amount of the supply he needs to attack the PoS "part" of the algorithm. The problem, however, is that it's currently not known how much he could lower the attack cost with a sophisticated attack. (This is also, basically, why many people consider PoS insecure).

Nevertheless the PoS part of the security is "free". So even if the attack cost is increased by PoS (in a PoW/PoS algorithm) only by 10%, it is still an additional cost. So PoS could add security without needing extra hashrate. For example, one could imagine a hybrid coin where only one out of 6 blocks is a PoS block. Those not having confidence in PoS can then simply wait for one more confirmation when they receive a payment and the first confirmation is a PoS block. But a miner carrying out a 51% attack has to ensure that he gets the PoS majority in at least one block if all users wait for 6 confirmations (this is of course simplified, but I think it's understandable).

PS: You may get very different answers here (that PoS does "not work at all" or even is "dangerous") but what I wrote is the conclusion I got after having followed several PoS currencies and reading a lot about the Nothing at stake problem (from PoS supporters and PoS detractors) since 2013. I consider the Nothing at stake problem severe, and I think a PoS-only currency is risky, but a combination with PoW may work.
legendary
Activity: 3220
Merit: 1363
www.Crypto.Games: Multiple coins, multiple games
https://www.crypto51.app/

If any of you are too lazy to click :  $468.961 / h (would have assumed a higher number tbh)

The price can be calculated in many ways. The way they do it is

Quote
Using the prices NiceHash lists for different algorithms we are able to calculate how much it would cost to rent enough hashing power to match the current network hashing power for an hour

But also mention that it's purely theoretical at least un BTC case. BCH is another discussion Smiley)

A very useful site. Thanks, mate. At least, we have an estimation of how much money it would take the attacker to perform a 51% attack. The results are not accurate, so they may vary according to the network's hashrate over time. One thing for sure is that some BCH miners have migrated to the BTC blockchain. This should make Bitcoin Cash weaker against a 51% attack, while strengthening the original Bitcoin (BTC). I believe this is temporary as a result of BCH's halving event. Once Bitcoin (BTC) halves on May, those same BCH miners that migrated to BTC could go back to supporting their chain. If that doesn't happen, then Bitcoin Cash would be at risk. As a last resort, developers could make use of merged mining or fork to a new PoW algorithm to strengthen the underlying blockchain network.

At least, it's nearly impossible to attack the BTC blockchain because of how expensive it is to do so. Not even governments will be able to afford such costs. I hope that the BTC blockchain continues to grow in hashrate so that it would become a truly unstoppable form of money for the whole world to enjoy. Smiley


Hmmm. I think you can look at it a number of ways.. If you actually plan on buying all your machines, a simplified version would be something like

 number of miners = ( total network hashpower ) / hash power per miner
 number of miners * price per miner = $$$$$$


If you rent them, i guess it could be significantly cheaper.

Nicehash offers 1PH/s on the bitcoin chain for ~ 0.0168BTC

Bitcoin sees ~ 120 exahash. https://www.blockchain.com/charts/hash-rate
 = 120000 pentahash (?)

120000*0.168 = ~141.120.000 $ (For, lets say - a month?) to get 51% hashing power Huh (this doesn't seem that expensive.)

Although they obviously don't have that much mining power for rent (I see nicehash only has ~ 180 PH).

Purely theorethically speaking (if we forget about the practicalities of renting 120 ph worth of hashing equipment/however many hashes/s a chain has, (let alone buying it, in which case i highly doubt it would be profitable.)) i could see a number of scenario's where it could definitely be profitable to do a 51% attack.


Interesting. Calculating the cost of a 51% attack looks somewhat complicated, but at least there are sites and apps available which makes your life easier. Considering current estimates, it would take the attacker a hefty sum of money to attack the BTC blockchain. No one could afford doing a 51% attack on Bitcoin, unless it's a company that produces mining hardware. In this case, Bitmain has a greater chance of attacking the BTC blockchain than anyone else as it dominates a large portion of Bitcoin's hashrate. Up to this date, Bitmain hasn't become a threat to Bitcoin's PoW consensus, but it could sometime in the future.

Anyone can easily rent miners on Nicehash to perform a 51% attack on smaller blockchain networks. You don't need to setup mining equipment or incur in energy costs. Just paying the rent for "x" amount of hashrate, could allow anyone to attack a PoW blockchain if he/she has the capital to do so. But I believe that the attacker's efforts will be in vain, as more money will be lost than what it is gained.

I wonder if hybrid PoW + PoS blockchain networks are much more expensive to perform a 51% attack? After all, the attacker would need to control 51% of mining hashrate and 51% of the coin's supply (if I'm not mistaken). Bitcoin devs could decide to implement this in the future if the community allows it. As long as Bitcoin has an immense hashrate backing it, nothing should go wrong. The one's that need to be concerned are Bitcoin Cash and Bitcoin SV supporters + developers. Miners from those chains could migrate to Bitcoin itself, making them completely vulnerable against a 51% attack. But I believe that the damage done will be minimal since "nobody" uses those chains nowadays. Wink


OP,
Firstly you should understand that a 51% attack has two different class of costs:
1) Fixed cost: It includes infrastructure and the machines. Essentially, it doesn't matter whether the attacker could be able lease such facilities the fixed cost would be reasonably the same.

2) Variable cost: It is mainly the electricity cost.

Nicehash sells both sha256 and Ethash power online but both for Ethereum and bitcoin, the available volume is far less than anything potentially helping a 51% attacker.

...


A well thought-out and detailed explanation. This basically summarizes how to calculate the costs to perform a 51% attack on any PoW blockchain. Considering that hashrate volume is low on Nicehash, the attacker would simply need to own mining hardware to attack a PoW blockchain of his desire. The energy consumption and hardware costs, would make it unfeasible to disrupt a large blockchain network like Bitcoin or Ethereum. That's the beauty of decentralization/censorship-resistance. As long as Bitcoin maintains astronomical levels of hashrate, not even governments will be able to stop it. Of course, Bitmain already controls more than 51% of the BTC hashrate, but the fact that it's more profitable to support the BTC blockchain greatly defeats the purpose of an attack of such degree. The real deal will be with smaller blockchain networks that are relatively inexpensive to attack. But developers could easily rely on other solutions to mitigate security risks.

As long as Bitcoin is alive and running, nothing else matters Cheesy
Tym
newbie
Activity: 15
Merit: 14
After going through everything I've some open questions in my mind:

Quote
Lease Cost,                        LC = P0 * IR *WT* 1.17
Partial Compensation,           PC = 0.2*P0 *IR *WT

Net Attack Cost, NAC= LC-PC    =  P0 * IR *WT * 0.93

Where are these numbers 1.17, 0.2 and 0.93 coming from?


And I'm curious how to insert the formula mentioned by @d5000 into the formula of NAC (net attack cost).

Quote
PC = Pa * WT * IR + SP
SP = q * (P0 - Pa) - q * OP0

PC = Pa * WT * IR + q * (P0 - Pa) - q * OP0

Thanks  Smiley



legendary
Activity: 2898
Merit: 1823
Antonoupoulos explains it best as usual: https://www.youtube.com/watch?v=ncPyMUfNyVM
I don't think it is a thorough analysis, it is not supposed to be anyway. Actually, there is a hole in his argument: The audience is questioning the feasibility of a hypothetical government attack against bitcoin seemingly with a political incentive yet Antonopoulos mistakenly is using the rational behavior assumption which is not adequate. To be clear: Bitcoin is not safe and secure against multibillion-dollar, (in its economic sense) irrational aggression of governments, it is not designed to be.


Bitcoin was designed not to trust each other, plus under the assumption that THERE ARE bad-actors, and that's why, don't trust, and verify everything yourself by running a full node.
Tym
newbie
Activity: 15
Merit: 14
Thank you very much for your responses! Especially @aliashraf and @d5000. You're helping me a lot with these formulas!
legendary
Activity: 1456
Merit: 1177
Always remember the cause!
Antonoupoulos explains it best as usual: https://www.youtube.com/watch?v=ncPyMUfNyVM
I don't think it is a thorough analysis, it is not supposed to be anyway. Actually, there is a hole in his argument: The audience is questioning the feasibility of a hypothetical government attack against bitcoin seemingly with a political incentive yet Antonopoulos mistakenly is using the rational behavior assumption which is not adequate. To be clear: Bitcoin is not safe and secure against multibillion-dollar, (in its economic sense) irrational aggression of governments, it is not designed to be.

On the other hand, OP's main concern is not exactly bitcoin, it is more about a general case with new projects, though the analysis could be made general enough to cover the case with bitcoin as well. It is what I've done and @d5000 has made an excellent contribution to, up-thread. You are welcome to check both.
legendary
Activity: 3010
Merit: 3724
Join the world-leading crypto sportsbook NOW!
So we're all talking about the cost to perform the attack, and some speculate it might even be worth it. But the real cost isn't in the financial resources you've got to put together to pull off such a thing, but what happens AFTER that when the attack is discovered and all the other actors reorganise.

Antonoupoulos explains it best as usual: https://www.youtube.com/watch?v=ncPyMUfNyVM
legendary
Activity: 2898
Merit: 1823
FYI:
This would also imply a massive danger to bitcoin if Bitmain ever decided to make another ASIC mined coin their #1Wink
But hey , this is just all speculation, right.    Cool

Do you believe the community, and the economic majority would follow Jihan Wu to Rogercoin? Bitmain would be a more profitable ASIC company if they did their business with actual honestly.


there is no honesty in a business, there is only money (profit) making. both ASIC producers and miners are basically businesses that are looking to make the most amount of profit. that is why they will always stick to what gives them profit.
you want example? look at 2017 when bcash was created and was manipulating the difficulty so much so that they were finding near one thousand blocks per day (instead of normal ~144) and the profit was high because of that and the pumps. many miners switched and Bitmain make a shit ton of money selling ASICs.
it should also be mentioned that bitcoin didn't care about any of that!


I was talking about Bitcoin's incentive-structure, and the game theory, which is what actually holds everything together, and why Bitmain is still in business. Considering that, the troll is just trolling.
legendary
Activity: 3906
Merit: 6249
Decentralization Maximalist
I afraid the derivative market for such assets may not be mature enough to help, tho. Hedging against price fluctuations is a good idea for the attacker but it works for coins like Bitcoin and Ethereum and attacking such coins is a bit more sophisticated I suppose:
I agree that at the moment the scenario may not be practical, or at least, the attacker would probably not be able to compensate for a big portion of his costs with the options/hedging strategy. However, with the rise of DeFi tools, options and other short sale opportunities are continuously getting more popular. So I think all serious altcoin communities should take into account that strategy (it is also possible when attacking PoS coins, obviously). Bitcoin and ETH, should also not totally ignore it; there may be situations (e.g. after an extreme downwards price move with plenty of miners quitting) where such an attack could eventually become profitable, although it will continue to be very difficult to carry out, also taking into account what you say about the whole move probably being a crime.

One of the consequences may be that when an 51% attack is under way it may be helpful for a coin if many people bought it just then, so the price rises and the attacker loses with any hedging strategy and closes his short, maybe losing interest in his attack as well (if he can still cancel the hashrate leasing contract). However, he then also could cash out his mining rewards for a higher price.
jr. member
Activity: 42
Merit: 3
Hmmm. I think you can look at it a number of ways.. If you actually plan on buying all your machines, a simplified version would be something like

 number of miners = ( total network hashpower ) / hash power per miner
 number of miners * price per miner = $$$$$$


If you rent them, i guess it could be significantly cheaper.

Nicehash offers 1PH/s on the bitcoin chain for ~ 0.0168BTC

Bitcoin sees ~ 120 exahash. https://www.blockchain.com/charts/hash-rate
 = 120000 pentahash (?)

120000*0.168 = ~141.120.000 $ (For, lets say - a month?) to get 51% hashing power Huh (this doesn't seem that expensive.)

Although they obviously don't have that much mining power for rent (I see nicehash only has ~ 180 PH).

Purely theorethically speaking (if we forget about the practicalities of renting 120 ph worth of hashing equipment/however many hashes/s a chain has, (let alone buying it, in which case i highly doubt it would be profitable.)) i could see a number of scenario's where it could definitely be profitable to do a 51% attack.


Well if you buy the miners you have many other costs too like, space where u put them, cooling, electricy wires check that all are running...
legendary
Activity: 3472
Merit: 10611
FYI:
This would also imply a massive danger to bitcoin if Bitmain ever decided to make another ASIC mined coin their #1Wink
But hey , this is just all speculation, right.    Cool

Do you believe the community, and the economic majority would follow Jihan Wu to Rogercoin? Bitmain would be a more profitable ASIC company if they did their business with actual honestly.

there is no honesty in a business, there is only money (profit) making. both ASIC producers and miners are basically businesses that are looking to make the most amount of profit. that is why they will always stick to what gives them profit.
you want example? look at 2017 when bcash was created and was manipulating the difficulty so much so that they were finding near one thousand blocks per day (instead of normal ~144) and the profit was high because of that and the pumps. many miners switched and Bitmain make a shit ton of money selling ASICs.
it should also be mentioned that bitcoin didn't care about any of that!
legendary
Activity: 2898
Merit: 1823

FYI:
This would also imply a massive danger to bitcoin if Bitmain ever decided to make another ASIC mined coin their #1.  Wink

But hey , this is just all speculation, right.    Cool


Do you believe the community, and the economic majority would follow Jihan Wu to Rogercoin? Bitmain would be a more profitable ASIC company if they did their business with actual honestly.

legendary
Activity: 3038
Merit: 4418
Crypto Swap Exchange
What would be the cost analysis for the following,

Let's say Bitmain's next state of the art Antminer is not listed for public sale.
But instead quietly deliver to their cheapest energy sources, and activated to give them 51%.

They only have their own manufacturing & energy costs, which they could subsidize by selling bitcoins and earlier model asics.

So just to play devil's advocate, the real reason their won't be a 51% attack is that Bitcoin has already achieved greater than 51% and this blocks anyone else's attempts.
But Bitmain is mainly an ASIC manufacturing company. It would be way more worthwhile for them to continue to improve on their ASICs and continue selling them. If they were to attack Bitcoin, it would just be like shooting themselves in the foot; investors won't be happy and the whole ASIC business would probably go down the drain as any new cryptos would then make their coins ASIC resistant their priority.

They would probably face some lawsuit from the people that they stole the Bitcoins from.
legendary
Activity: 1456
Merit: 1177
Always remember the cause!
@d5000,
Thank you for the contribution, it was impressive.
I afraid the derivative market for such assets may not be mature enough to help, tho. Hedging against price fluctuations is a good idea for the attacker but it works for coins like Bitcoin and Ethereum and attacking such coins is a bit more sophisticated I suppose:

Firstly it is impractical to lease/install enough power covertly and once it is exposed both the primary and the secondary market respond properly. It also extends the window of the attack which causes put options for short selling coins to become more expensive.

Also, the time window should be extended even more because putting hundreds of thousands of dollars at risk is irrational with high variance. For instance, even with 60% of power there is a very good chance for the honest network to produce a longer chain in a 10-20 blocks window. When the stakes are high, attackers need to be thoroughly convinced about what they've put in options.

Additionally, 51% attacking a network for defrauding the users is a crime. Derivative markets are not run anonymously, so the attacker should be concerned for the legal consequences and market manipulation charges besides double-spending and fraud.
legendary
Activity: 3906
Merit: 6249
Decentralization Maximalist
Interesting calculation, @aliashraf - but I would like to make a small addition.

An 51% attacker can increase PC (the partial compensation) by a pretty significant amount if he is able to carry out a short sale of the currency while he 51%s the network. He can do this even in an almost risk-less way if he buys a short-term put option on it.

So PC should be calculated in the following form, with SP = Short sale profit:

PC = Pa * WT * IR + SP

It would be interesting how high is the typical profit of this maneuvre. Obviously this is influenced by several factors. For example, if Xcoin is already in a bear market, the profit could be lower as put options will be more expensive (and also regular shorts are more expensive to be carried out due to higher interest rates). Additionally, you have to consider the difference between P0 and Pa - the higher it is, the higher PC will be.

We can add the following to the formula if we consider (for simplicity) that the attacker buys a put option with a short expiration with a strike price of P0: (OP0 = put option price, q = quantity of options with the value of 1 Xcoin bought):

SP = q * (P0 - Pa) - q * OP0

So our formula becomes:

PC = Pa * WT * IR + q * (P0 - Pa) - q * OP0

I'm not an expert on option price theory so it's possible the attacker can increase his profit if he buys options with a strike price which is lower than P0. For example, if he expects the devaluation to be 80%, then he can buy a put option with a strike price 20% under the current Xcoin price for a very cheap price, but his risk is also higher.

PS: Corrections are welcome!
legendary
Activity: 1456
Merit: 1177
Always remember the cause!
OP,
Firstly you should understand that a 51% attack has two different class of costs:
1) Fixed cost: It includes infrastructure and the machines. Essentially, it doesn't matter whether the attacker could be able lease such facilities the fixed cost would be reasonably the same.

2) Variable cost: It is mainly the electricity cost.

Nicehash sells both sha256 and Ethash power online but both for Ethereum and bitcoin, the available volume is far less than anything potentially helping a 51% attacker.

From your post, I understand you are more curious about new cryptocurrency projects when the total network hash rate is very low and one can lease enough hash power to carry out such an attack. For this scenario, I've something to present:

Suppose we have Xcoin with a market price of P0 at a given period of time. Let Xcoin inflation rate in an hour to be IR (Inflation Rate). Now suppose Xcoin is in a somewhat stable state (neglectable price and network hash rate volatility) and we have TNH as the total network hash rate in the same period we have P0 as the price.

Before proceeding anymore we have to make it crystal clear about some points:
1- A 51% attack is always about defrauding a single user/group of users specifically a limited number of exchanges.

2- Users have always a chance to mitigate such attacks by waiting for more confirmation before accepting the payments and releasing their assets.

3- Established pools/mining farms have strong incentives not to collude and engage in such attacks because they have strategic interests at stake.

So, the attacker has to lease TNH+D hash power from the market (where D stands for a minimum threshold that I'll discuss later) and keep it up and running privately for a period of time long enough while she is waiting for the victim(s) to accept the fraudulent transaction which is going to be removed from the blockchain after the attack is exploited as a short-range chain rewrite, let's put it at WT for 'waiting time'.

Translating absolute time variables to blockchain terminology is trivial so let's suppose we have already used the Xcoin's block time as the unit of time and both IR and WT are expressed using this unit of time.

First observation: The cost of leasing TNH+D hash power, Lease Cost or LC, in a stable market could be estimated as being slightly more than the total price of the coins generated because a normal miner has some expectations for profits, PE, and there is also another income, transaction fees, TF. Hence: LC = P0 * (IR + TF)* WT + PE

Second Observation: Although after exploiting the attack, one could expect a significant drop in XCoin price, P0, and it'd be very hard to liquidate block rewards and fees (if any) collected in WT but it won't fall to zero, so we will have the price falling very sharp to something like Pa for the aftermath price. Hence other than the main fraud plan the attacker also collects:
Partial Compensation, PC = Pa * WT * IR

Third observation: Although a hypothetical 50%+1 attack on a blockchain will succeed eventually in making a longer/more difficult chain in a very long period of time with a probability of 100% it is not rational for an attacker to carry on such an attack in very large windows of time, much larger than what is needed for convincing the victim(s), hence there is always a trade-off involved and a D threshold should be considered safe for the attacker to minimize the attack cost and remain confident about its success.

Now we need to make some assumptions about D, TF, Pa:
Let's suppose XCoin drops 80% after the exploit and the attacker chooses to set D at 10% of the network hash power and TF, normally adds another 5% to miners' income. While miners' profit expectation could be reasonably estimated at 10%,  i.e. a customer with legitimate incentives expects 10% profit when he or she leases a specific amount of hash power.
With such parameters set, we can easily calculate the net 51% attack cost as being:


Lease Cost,                        LC = P0 * IR *WT* 1.17
Partial Compensation,           PC = 0.2*P0 *IR *WT

Net Attack Cost, NAC= LC-PC    =  P0 * IR *WT * 0.93


Conclusion: The net cost of a typical 51% attack on an altcoin with small network hash power is expected to be the same as the total inflation of the coin in the window of time that the attack is carried on.

From this, I suggest a simple mitigation strategy for vulnerable users/exchanges:
Always wait for a very good factor (at least 2-3 times) the transaction value for the network to produce enough block rewards (neglecting the fees) before accepting the large payments.

Yet another good recommendation:
Don't waste your customers' time too much if it is about just a few pennies at stake, accept micropayments and generally, any payment less than 10% of the block reward with just one confirmation.
Tym
newbie
Activity: 15
Merit: 14
Actually I wanted to ask a similar question but suddenly I saw this post so I wanted to add my question here.

I read an article from Vitalik Buterin where I found this:

Quote
If a light client was offline for some period of time, and then comes back online, then it will look for the longest chain of valid block headers, and assume that that chain is the legitimate blockchain. The cost of spoofing this mechanism, providing a chain of block headers that is probably-valid-but-not-actually-valid, is very high; in fact, it is almost exactly the same as the cost of launching a 51% attack on the network.
Source: https://blog.ethereum.org/2015/01/10/light-clients-proof-stake/

In fact, I belive what Buterin is saying/writing but I'm looking for a mathematical proof to add it to my thesis.

Maybe someone knows a good link or is able to explain (in a mathematical way) why creating such a chain is as expensive as a 51% attack.

I'd love to read your answers! Thank you! Smiley
legendary
Activity: 1946
Merit: 1427
Nicehash offers 1PH/s on the bitcoin chain for ~ 0.0168[btc]

Bitcoin sees ~ 120 exahash. https://www.blockchain.com/charts/hash-rate
 = 120000 pentahash (?)

120000*0.168 = ~141.120.000 $ to get 51% hashing power Huh (this doesn't seem that expensive.)

Although they obviously don't have that much mining power for rent (I see nicehash only has ~ 10 TH), but theorethically speaking, i think such an attack could perhaps be profitable, that is if my calculations are correct..
 

Seems you need to remove a 0 and you get $14M /day.

Not that cheap if you think about it. You either do a double spent or fork and hope othera will believe you are a billionaire Smiley)
I was more thinking about other scenario's, such as leveraged shorting using a platform such as Bitmex, as in the event of a 51% attack, you'd expect the price to go down.
I'm not sure if there's a possibility to short smaller coins such as ETC suffficiently enough though. (Although, looks like they have quite some liquidity on Bitforex etc.. -- 81 million in the last 24h? lol...)
full member
Activity: 305
Merit: 106
Nicehash offers 1PH/s on the bitcoin chain for ~ 0.0168BTC

Bitcoin sees ~ 120 exahash. https://www.blockchain.com/charts/hash-rate
 = 120000 pentahash (?)

120000*0.168 = ~141.120.000 $ to get 51% hashing power Huh (this doesn't seem that expensive.)

Although they obviously don't have that much mining power for rent (I see nicehash only has ~ 10 TH), but theorethically speaking, i think such an attack could perhaps be profitable, that is if my calculations are correct..
 

Seems you need to remove a 0 and you get $14M /day.

Not that cheap if you think about it. You either do a double spent or fork and hope othera will believe you are a billionaire Smiley)
legendary
Activity: 1946
Merit: 1427
Hmmm. I think you can look at it a number of ways.. If you actually plan on buying all your machines, a simplified version would be something like

 number of miners = ( total network hashpower ) / hash power per miner
 number of miners * price per miner = $$$$$$


If you rent them, i guess it could be significantly cheaper.

Nicehash offers 1PH/s on the bitcoin chain for ~ 0.0168BTC

Bitcoin sees ~ 120 exahash. https://www.blockchain.com/charts/hash-rate
 = 120000 pentahash (?)

120000*0.168 = ~141.120.000 $ (For, lets say - a month?) to get 51% hashing power Huh (this doesn't seem that expensive.)

Although they obviously don't have that much mining power for rent (I see nicehash only has ~ 180 PH).

Purely theorethically speaking (if we forget about the practicalities of renting 120 ph worth of hashing equipment/however many hashes/s a chain has, (let alone buying it, in which case i highly doubt it would be profitable.)) i could see a number of scenario's where it could definitely be profitable to do a 51% attack.
full member
Activity: 305
Merit: 106
https://www.crypto51.app/

If any of you are too lazy to click :  $468.961 / h (would have assumed a higher number tbh)

The price can be calculated in many ways. The way they do it is

Quote
Using the prices NiceHash lists for different algorithms we are able to calculate how much it would cost to rent enough hashing power to match the current network hashing power for an hour

But also mention that it's purely theoretical at least un BTC case. BCH is another discussion Smiley)
legendary
Activity: 3220
Merit: 1363
www.Crypto.Games: Multiple coins, multiple games
I'm curious to know what will be the cost in terms of USD for performing a 51% attack on the Bitcoin blockchain? I'm guessing that it might take a lot of money to do so, considering how many miners are backing the entire chain. A formula on how to calculate such cost would be great to know, in order to make things easier when working on a cryptocurrency project of my own. Knowing beforehand the costs involved for attacking a PoW blockchain, could encourage developers to reinforce security on the same.

Of course, a 51% attack on Bitcoin is not feasible right now. But it might be on smaller chains like Bitcoin Cash, and Bitcoin SV. Any helpful advice on how to calculate 51% attack costs on the Blockchain will be greatly appreciated. This of course, will be for learning/educational purposes than anything else. Thanks in advance. Smiley
Jump to: