Topic: If an attacker gets more than 50 % of mining power (Read 7029 times)

The Bitcoin protocol specifies that the longest branch is the valid one. Thus an attacker having the longer chain can decide which transactions are to be included in it.

And I thought we already said that this allows disrupting Bitcoin commerce, for:
1. Damaging Bitcoin for political reasons.
2. Profiting from shorting.
3. Other stuff.

What does an attacker get from having the longer blockchain? Waste of energy?

My numbers are not wrong, they just relate to a different attack from what you have in mind. I was talking about building up an alternative branch starting from the current block, without releasing blocks during construction. After about a week, the honest network will have on average 1000 blocks while the attacker will have on average 1083 blocks, and with high probability he will have more blocks.

Well there wouldn't be a centralized authority using violence to enforce the blacklisting.  I'm guessing it would be something like bitcoin.org putting up an alert to block a certain range of questionable ip addresses or if there was a way to identify the questionable blocks then send out a quick patch for miners to voluntarilly install.  Note that you wouldn't need everyone to comply, but instead just enough miners to shift the advantage from the forces of evil to the forces of good.

Billions of Yen.

Isn't blacklisting blocks that have been mined per the bitcoin protocol (albeit being fraudulent) kind of like... central banks who don't like people that make counterfeit money? Bitcoin is peer-to-peer, so which central authority in bitcoin would decide what blockchain to blacklist? I really hope there isn't one, because if there is, that central authority could use their power to "blacklist" any blockchain they want, in principle...

Only until difficulty is recalculated.

15 millions of $ aren't "billions" 

You can't do it faster, because the difficulty will increase. If you generate a lot more than 6 blocks an hour nobody would accept that chain because the difficulty does not match.

Forget that, of course you can generate as fast as you like blocks with timestamps from the past.

If you want to do that in secret, you will have your own difficulty, which means that the others are twice as fast.

If you don't do that in secret, and you reject blocks of others, they will discover you very early.

WOW! Thank you!!


 Reading the wiki page about scalability (https://en.bitcoin.it/wiki/Scalability), they are talking about a "supernode client", this supernode can assure the safety of the network for themselves without mining? If the miners go away abruptly...

 Or the purpose of the supernode is just to save disk space for regular clients?


 AWESOME! THANKS!!!  

Yes, but only for as long as the attack is sustained. It would be a DoS attack, not the End Of Bitcoin.

So you are essencially admitting that such an attack would render the system useless, as long as the attack is sustained.

.

To create 1000 old blocks, you need to do an average of 5923676160960014000 hashes at the current difficulty. Plus, to actually replace them you need to constantly fight against the existing network. To negate all legitimate blocks takes a hash speed equal to the current network hash speed (~12 Thash/s at the moment).

So you need 12 Thash/s plus about 6 billion billion hashes to rewrite 1000 blocks. If you want to replace the blocks within a week, you need a total of ~22 Thash/s.

Let's say a 6870 does 300 Mhash/s (I don't how true this is). You need ~41285 6870s to get 50% of the network plus ~32646 more to create 1000 blocks at current difficulty within a week. That's at the very least $10 million.

And once the attacker gets sick of wasting so much money, everything can be fixed without much loss by blacklisting their chain.

Yes indeed, especially considering that most of the scientific research labs are optimized for floating point computation, not integer code which is what SHA basing uses.


We will have to do the math.  I don't know.

This is certainly wrong, and your other numbers are probably wrong, too. If you control 52% of the network, you must use one of your blocks to negate a legitimate block 48% of the time. So 48% of the network is producing legitimate blocks, 48% of the network is negating those blocks, and only 4% is left producing new blocks. The network would only produce 5.76 blocks per day.

This is a common misconception. A supercomputer is not efficient for hashing. Its too expensive. Hashing is a very simple computing process that does not requiere a supercomputer.

Any government or organization can pwn bitcoin by building a specialized hashing hardware factory, for a couple of millions of dollars. No actual supercomputer required.

Thiago, I had similar concerns when I was a noobie as well.  Most of the answers to your questions are well documented in the bitcoin wiki and faq, or have been answersed extensivly in this forum, which you can easily search the achives for answers.  I will give quick incomplete answers below:


The process of mining is essentially verifying the legitimacy of transactions.  The more GPUs mining for bitcoins, then the stronger the legitimate network is, thus making it very difficult for adversaries to overcome the strength of the network by passing off bogus transactions as legitmate.


But when a lot of miners "cashes-out", then the bitcoin client will automatically lower the mining difficultly level based on a hard-coded protocol.  Since it will now be easier to mine, then that means that other people, including noobs like yourself, would be incentivized to mine at the easier difficultly level, since the bitcoin payment for solving a block would remain the same (50 BTC/block solved currently).


As has been discussed many time, it would be REALLY REALLY difficult and expensive.  At this point, only a huge collusion of powerful governments and corporations would be able to do it.  Keep in mind, there are tons of teenagers out there with free GPU & electricity from their parents who can hash for basically zero cost (to them, not to the parent ).  Plus all the thousands of businesses out there who deal with bitcoin and thus are incentivized to mine and maintain network security.


Yeah, but again...very hard.  And you couldn't reverse all payments, just a few recent ones if you are sucessful.


pretty much.  And network bandwidth.


Possibly.  They would have to retool all the US government supercomputing research centres in order to mine for bitcoin.  But I almost feel at this point, there is are more legitimate ordinary people mining GPUs that the US government would be incentivized to instead join us legitimate miners!


No problem.  Again, I had similar concerns when I was a noob as well.  Anyway you get a gold star in my book for using Ubuntu Linux and for asking simple & clear, but non-trolling questions/concerns.

actually it looks to me like the gold/silver bull market is over.

i envision a time when the gov't may use bitcoin as the basis for a digital "gold standard" upon which they could make USD loans which just happens to be an important part of economic growth whether we like it or not.  fractional reserve lending just has to be reasonable.

the problem for precious metals has always been rebalancing the physical stores seamlessly over great distances to reflect countries overleveraging.  with bitcoin, this rebalancing would be instantaneous.  it would be a win/win situation:  keep the USD intact, allow modest leveraging via debt formation, yet have a digital bitcoin backing to keep the system in check.