Pages:
Author

Topic: In case of a 51% attack, can the damage be reverted? - page 2. (Read 911 times)

legendary
Activity: 3122
Merit: 2178
Playgram - The Telegram Casino
2- Limited  user vulnerability: The main targets of 50%+1 attack with its short-range chain rewrite consequences are merchants and exchanges that do not take proper security measures by waiting for enough confirmations (blockchain growth) for high stake transactions. This vulnerability could be mitigated if users closely observe the network overall 50%+1 attack cost and wait for more confirmations up to safe thresholds.

I think this piece of code in JavaScript could help merchants to understand how much confirmations would be enough for their trades - so mitigate the vulnerability. Wallets could generate such information for end users:

https://people.xiph.org/~greg/attack_success.html

That's the thing about 51% attacks though, there is no safe confirmation count for as long as a 51% attack is going on.
As much as I appreciate your good knowledge in the field, I strongly denounce above argument. It contradicts with the most fundamental idea behind security of bitcoin and other PoW cryptocurrencies. I think you are underestimating the importance of such a claim.

[...]

Let me clarify:

I don't think a 51% attack on Bitcoin is even remotely viable for a variety of reason that I probably don't need to enumerate -- you summed it up pretty well in your post above.

I do think it's important to point out that a 51% attack (however unlikely) is not a mere double-spend attack which can be averted by awaiting an appropiate confirmation count. Any adversary holding 51% of the hashrate will always outmine their competitors, for as long as they are able to uphold the majority hashrate. (again, completely ignoring the economics of such an attack)


People with little knowledge and journalists talk too much about coins with low hashrate and their vulnerability to 50%+1 attacks. it is not true. There exists and will exist no PoW coin vulnerable to this attack, users could always calculate the stakes involved and the costs of running an attack and spot the right length for their security.

Here I (partially) disagree with you.

I fully agree with your assessment that users can always calculate the stakes involved and adjust their expected confirmation count accordingly. That's pretty much what happened with Bitcoin Cash, for example, when exchanges upped the required confirmation count to 10-20 confirmations IIRC.

I disagree that alts with low hashrates are just as safe from 51% attacks as the larger coins in which shadow they stand (assuming that's what you're saying).

Problem being: If you attack the largest coin within your mining space (be it Sha256 or Scrypt ASIC, be it GPU) you kill your cashcow and are highly disincentivized to do so. If you attack one of the smaller coins, the stakes are not quite as high, since you can always point your miners back to the larger coin (ie. you don't turn your miner into an expensive paperweight by such an attack). Obviously the benefit of such an attack would still be questionable -- as you rightfully pointed out above the more worthy of an attack a coin is, the better it is secured and vice versa -- but the incentive is not quite as beneficial.
legendary
Activity: 1456
Merit: 1176
Always remember the cause!
2- Limited  user vulnerability: The main targets of 50%+1 attack with its short-range chain rewrite consequences are merchants and exchanges that do not take proper security measures by waiting for enough confirmations (blockchain growth) for high stake transactions. This vulnerability could be mitigated if users closely observe the network overall 50%+1 attack cost and wait for more confirmations up to safe thresholds.

I think this piece of code in JavaScript could help merchants to understand how much confirmations would be enough for their trades - so mitigate the vulnerability. Wallets could generate such information for end users:

https://people.xiph.org/~greg/attack_success.html

That's the thing about 51% attacks though, there is no safe confirmation count for as long as a 51% attack is going on.
As much as I appreciate your good knowledge in the field, I strongly denounce above argument. It contradicts with the most fundamental idea behind security of bitcoin and other PoW cryptocurrencies. I think you are underestimating the importance of such a claim.

Of course there is no absolute safety for any form of valuable assets in the world. When I put my 20K$ car in a garage locked and secured by surveillance camera and a sophisticated anti-theft system under the watch of a 24*7 security service provider  nobody accuses me of being reckless about its security, yet anybody could spend like 200K$ to steal it and prove himself totally stupid.

The basic security assumption for bitcoin is that it is absolutely irrational for an adversary to commit a 50%+1 attack against the network because one could always find a sufficient number of confirmations to be sure about irreversibility of a transaction, relative to the incentives involved: the most high stake scam that is ever possible for the adversary to run against the hypothetical targeted receivers of specific transactions and the total block rewards involved.

With btc at like 5K$ nowadays and a hashrate of 45 exahashes, there exists a really high security wall in front of any delusional attacker with any agenda to be dreaming of a profitable 100 chain reorg attack to bitcoin, but I think it has been always the same for bitcoin.

Price and stakes in bitcoin are essentially based on the costs miners pay to keep it secure, it is more than fundamental, it is just the whole story of PoW and Satoshi's invention. Lower mining costs --> lower value --> lower prices --> lower stakes involved --> less need to be worried about attacks. The same 100-200 range attack barrier for any possible scenario. That's it! It is what bitcoin and PoW is.

People with little knowledge and journalists talk too much about coins with low hashrate and their vulnerability to 50%+1 attacks. it is not true. There exists and will exist no PoW coin vulnerable to this attack, users could always calculate the stakes involved and the costs of running an attack and spot the right length for their security.

Quote
The question is then not how many confirmations suffice, but how long an adversary can hold 51% of the network's hashrate.
And how much does it cost? To be more specific. And how much is ever possible for him to earn? To be conclusive.
legendary
Activity: 3122
Merit: 2178
Playgram - The Telegram Casino
2- Limited  user vulnerability: The main targets of 50%+1 attack with its short-range chain rewrite consequences are merchants and exchanges that do not take proper security measures by waiting for enough confirmations (blockchain growth) for high stake transactions. This vulnerability could be mitigated if users closely observe the network overall 50%+1 attack cost and wait for more confirmations up to safe thresholds.

I think this piece of code in JavaScript could help merchants to understand how much confirmations would be enough for their trades - so mitigate the vulnerability. Wallets could generate such information for end users:

https://people.xiph.org/~greg/attack_success.html

That's the thing about 51% attacks though, there is no safe confirmation count for as long as a 51% attack is going on.

To illustrate:

Code:
AttackerSuccessProbability(0.51,1)=1
AttackerSuccessProbability(0.51,6)=1
AttackerSuccessProbability(0.51,100)=1

The question is then not how many confirmations suffice, but how long an adversary can hold 51% of the network's hashrate.
full member
Activity: 135
Merit: 178
..
2- Limited  user vulnerability: The main targets of 50%+1 attack with its short-range chain rewrite consequences are merchants and exchanges that do not take proper security measures by waiting for enough confirmations (blockchain growth) for high stake transactions. This vulnerability could be mitigated if users closely observe the network overall 50%+1 attack cost and wait for more confirmations up to safe thresholds.

I think this piece of code in JavaScript could help merchants to understand how much confirmations would be enough for their trades - so mitigate the vulnerability. Wallets could generate such information for end users:

https://people.xiph.org/~greg/attack_success.html
legendary
Activity: 1456
Merit: 1176
Always remember the cause!
I see a lot of confusion about 51% attack in this thread, seemingly it is used as a metaphor for any disaster in bitcoin which is not true.

Following points might be found helpful:

1- Being short-range: A 50%+1 attack typically is about an adversary who somehow puts hands on a majority of hashpower for a short period of time. If this majority is persistent for a long period of time, it is no longer considered an attack, it would turn the network to a simple centralized service which is at least subject to censorship, just like conventional banking system.

2- Limited  user vulnerability: The main targets of 50%+1 attack with its short-range chain rewrite consequences are merchants and exchanges that do not take proper security measures by waiting for enough confirmations (blockchain growth) for high stake transactions. This vulnerability could be mitigated if users closely observe the network overall 50%+1 attack cost and wait for more confirmations up to safe thresholds.

3- Serious miner vulnerability: When the chain gets reorged a few blocks become orphaned and their miners lose their rewards and as long as this attack is active they are unlikely to mine any blocks even though they are consuming time and resources. Also, there are more consequences for miners because of hashrate fluctuations and difficulty jump.

4- Legitimacy crisis: For an adversary, taking control of a majority hashpower is a matter of investment but convincing user base about his legitimacy is almost unachievable.

 
legendary
Activity: 2898
Merit: 1823

I see. I was wondering how an attack would look like and whether there is the possibility of doing something about it or it would ruin the coin completely. Thanks!


What miners do is direct their hashing power to a new pool. Simple as that because the miners would earn more if they are honest. But if the mining cartel assumes control of the network, then they can and will censor transactions, effectively making Bitcoin become Fed 2.0.

The answer is yes, it will ruin the coin completely, unless UAHF. Cool
hero member
Activity: 672
Merit: 526
I will make another question, as the one that starts the topic was already answered. In case of a 51% attack, the damage should be reverted?

Should it not be an even bigger problem to be able to roll back an action already done on the blockchain?

Bitcoin's political consensus is quite subjective. I mean, the voice of the community is something that depends on time. We do not have a voting system in Bitcoin where a result is clear. BTC is Bitcoin for being clear the choice of the majority. But in an event like such an attack, if it was of great proportions. One group could choose to revert and another group could choose not to. In the same way as with ETH and ETC.

So the question is not whether this is possible. But if this will be the majority choice in the long run.
hero member
Activity: 2786
Merit: 657
Want top-notch marketing for your project, Hire me
Hi! I'm not a new guy around here - been in this space for half a decade now. However, I do still have some questions and one of them is about the case of a 51% attack on the Bitcoin network.

Say some hackers somehow get the control of more than 51% of the BTC network. I guess this isn't impossible as there have already been a few tries and if we consider the fact that a few miners own +51% of the mining power, a hacker has only a few targets to hit in order to control the mining power.

Now this is the way I see it. I might be wrong about anything I wrote above and if I am, please someone point me toward the right direction.

If what I said is possible someone gets to control the mining power and does damage to the network.. can this be reversed when the big miners get back in control? IIRC, something similar happened way back when Bitcoin was in its first years and someone got in control of some Bitcoins they shouldn't have been in control of, and this was reversed through a Bitcoin Client update or something like that.

So, in case of a 51% attack... is it possible to reverse the damage?
Firstly, the 51% attack can be prevent using the system used by the monero and I also believed prevention of the 51% attack was the reason behind Satoshi not expanding the blocksize so that the community will be able to notice foul play. However, the 51% does not profit any profit to the group of company that owns the 51% mining power and with my research 51% was using carried out by coin competitor in other to eliminate coins which they see as challenger for their project.
full member
Activity: 135
Merit: 178
..
But my point is, community might agree to rollback blocks, even if it's not because 51% attack.

and this is my two cents, community might agree on a double-check data flow before block creation. not exactly double-check but I mean a concrete solution should involve before block creation - and I'm working hard on it. rollback is always costly and harmful to the trust.

legendary
Activity: 1456
Merit: 1176
Always remember the cause!
Sorry if this is off-topic but I really curious about the "checkpoint" issue that often mentioned recently. Is this a legit way to prevent reorg of the bad block? What's the pros and cons? Thanks!
Checkpoints are hardcoded in client software to help with a safer bootstrap for nodes not to get sybil-attacked (being completely surrounded by malicious peers). It is also useful to resist very-long-range attacks (reorg of entire history or multiple thousands long chain re-writes) and has nothing to do with 51% attacks under discussion which belong to short up to medium chain reorg attempts.
legendary
Activity: 1134
Merit: 1599
Note that a long range 50%+1 attack is impractical and won't e carried out in real world because the attacker will ruin the coin under consideration by such an attack while spending too much resources (electricity, rents, ...) it turns the whole purpose of the attack to be void.

When I mentioned "hackers" I meant hackers that would be able to get in control of the largest mining farms in the world without having to rent rigs or pay for electricity etc in order to attack the network. Wouldn't it be possible? I'm kinda newbie to the mining part so I might be talking nonsense.

While it's possible, it won't be easy task as major mining pools must have good security knowing they have lots of coins and their hashrate can be used maliciously.
Even if that happens and the hacker decide to use 51% attack, bitcoin community will realize it quickly, then miners will switch to another pool while pool owner will shutdown their pool.

Actually, AFAIK it happened twice :
1. Value overflow in 2010 where attacker generate 184,467,440,737.09551616 Bitcoin
2. Accidental hard-fork after QT 0.8 release where it has different DB version and not compatible with older version

So, if something major like that happen again, rollback might be supported by parts of the community
--snip--

So the two cases you mentioned are 51% attacks too, right?

1st - no, as mining isn't involved
2nd - yes, even though it's not attack, but accidental. Even so, there's a successful double-spend attempt. More info : https://bitcointalksearch.org/topic/a-successful-double-spend-us10000-against-okpay-this-morning-152348

But my point is, community might agree to rollback blocks, even if it's not because 51% attack.

Alright, got it now, thank you for the detailed explanation. Have a great day! Smiley
copper member
Activity: 2324
Merit: 2142
Slots Enthusiast & Expert
Sorry if this is off-topic but I really curious about the "checkpoint" issue that often mentioned recently. Is this a legit way to prevent reorg of the bad block? What's the pros and cons? Thanks!
legendary
Activity: 1134
Merit: 1599
When I mentioned "hackers" I meant hackers that would be able to get in control of the largest mining farms in the world without having to rent rigs or pay for electricity etc in order to attack the network. Wouldn't it be possible? I'm kinda newbie to the mining part so I might be talking nonsense.
It's possible. The firmwares that the ASICs are on is definitely exploitable. The main reason is the motivation. I doubt anyone would just ruin the coin just like that. Most ASIC farms are actually fairly small and it isn't that big to be able to ruin a mid-sized coin.

I might have talked about a story that never happened. ranochigo gave the right link to the case I was talking about. Here's one to the wikipedia, it's about the same incident: https://en.bitcoin.it/wiki/Value_overflow_incident
It has. Bugs in the client could cause the client to accept and relay transactions that are otherwise invalid. If not, 51% attack can't do that much.

So the two cases you mentioned are 51% attacks too, right?
Its not. The 1st was due to the bug in the client. The second was due to the miners mining incompatible block (no 51% attacks whatsoever) that resulted in the splitting of the chain. The older clients were following one and the newer clients were following the other. While 51% can result in forks, the new fork must still follow the consensus rules, no matter how much hashrate they own. A block can only have that many Bitcoins and block rewards and signatures must be valid, etc. If not, the blocks wouldn't even be accepted and the 51% attack would be as if it has never happened.

Awesome, thank you for the explanation!


The main reason is the motivation. I doubt anyone would just ruin the coin just like that.

I think a government would have enough motivation to ruin a cryptocurrency if the regulations and whatever else they have in plan will fail. It might sound like conspiracy, but I believe this is not very unlikely if we look at the EtherDelta SEC registration case (https://www.sidley.com/en/insights/newsupdates/2018/11/first-sec-enforcement-action-against-decentralized-digital-asset) and the recent news about regulations and governments' point of view. If coins go out of control through decentralization and privacy, I see a 51% attack driven through a government's plan possible. I'm sorry if this classifies as a non-topic reply!


Nop. It is not how it works in the real world. No hacker is able to take control of a mining farm at least for a considerable amount of time. The owner will shut the farm down and make it secure in less than an hour if it is large enough and within few hours if it is not.

Generally speaking I think there is a LOT of exaggerations about 51% attack in the literature.

I see. I was wondering how an attack would look like and whether there is the possibility of doing something about it or it would ruin the coin completely. Thanks!
legendary
Activity: 1456
Merit: 1176
Always remember the cause!
Note that a long range 50%+1 attack is impractical and won't e carried out in real world because the attacker will ruin the coin under consideration by such an attack while spending too much resources (electricity, rents, ...) it turns the whole purpose of the attack to be void.
When I mentioned "hackers" I meant hackers that would be able to get in control of the largest mining farms in the world without having to rent rigs or pay for electricity etc in order to attack the network. Wouldn't it be possible? I'm kinda newbie to the mining part so I might be talking nonsense.
Nop. It is not how it works in the real world. No hacker is able to take control of a mining farm at least for a considerable amount of time. The owner will shut the farm down and make it secure in less than an hour if it is large enough and within few hours if it is not.

Generally speaking I think there is a LOT of exaggerations about 51% attack in the literature.
legendary
Activity: 3038
Merit: 4418
Crypto Swap Exchange
When I mentioned "hackers" I meant hackers that would be able to get in control of the largest mining farms in the world without having to rent rigs or pay for electricity etc in order to attack the network. Wouldn't it be possible? I'm kinda newbie to the mining part so I might be talking nonsense.
It's possible. The firmwares that the ASICs are on is definitely exploitable. The main reason is the motivation. I doubt anyone would just ruin the coin just like that. Most ASIC farms are actually fairly small and it isn't that big to be able to ruin a mid-sized coin.

I might have talked about a story that never happened. ranochigo gave the right link to the case I was talking about. Here's one to the wikipedia, it's about the same incident: https://en.bitcoin.it/wiki/Value_overflow_incident
It has. Bugs in the client could cause the client to accept and relay transactions that are otherwise invalid. If not, 51% attack can't do that much.

So the two cases you mentioned are 51% attacks too, right?
Its not. The 1st was due to the bug in the client. The second was due to the miners mining incompatible block (no 51% attacks whatsoever) that resulted in the splitting of the chain. The older clients were following one and the newer clients were following the other. While 51% can result in forks, the new fork must still follow the consensus rules, no matter how much hashrate they own. A block can only have that many Bitcoins and block rewards and signatures must be valid, etc. If not, the blocks wouldn't even be accepted and the 51% attack would be as if it has never happened.
legendary
Activity: 1134
Merit: 1599
With rollback you erase a chunk of the history. And yes, that means all the transactions included in that block / those blocks.
Luckily Bitcoin network is strong enough to make 51% attack too expensive to worth it, because the rollback is a nightmare and really nobody would consent to support it.

I understand. It might be too expensive to be worth it, but you never know who would have 'the guts' to do it and try to attack the network. Enough events happened in the crypto world and in the economic world in general to make it almost impossible to happen.


Note that a long range 50%+1 attack is impractical and won't e carried out in real world because the attacker will ruin the coin under consideration by such an attack while spending too much resources (electricity, rents, ...) it turns the whole purpose of the attack to be void.

When I mentioned "hackers" I meant hackers that would be able to get in control of the largest mining farms in the world without having to rent rigs or pay for electricity etc in order to attack the network. Wouldn't it be possible? I'm kinda newbie to the mining part so I might be talking nonsense.


Can you give us the whole story of that "something similar"? It would be incorrect to assume that a successful 51% attack would give someone the power to steal. Because, anyone correct me if this is a mistake, if an attacker can control 100% of the hashing power, it still cannot turn invalid transactions into valid transactions. The nodes will not relay them. It can only censor transactions.

I might have talked about a story that never happened. ranochigo gave the right link to the case I was talking about. Here's one to the wikipedia, it's about the same incident: https://en.bitcoin.it/wiki/Value_overflow_incident

Actually, AFAIK it happened twice :
1. Value overflow in 2010 where attacker generate 184,467,440,737.09551616 Bitcoin
2. Accidental hard-fork after QT 0.8 release where it has different DB version and not compatible with older version

So, if something major like that happen again, rollback might be supported by parts of the community

I agree as it's not impractical, expect it happened once with Bitcoin Gold (a fork of BTC). AFAIK attacker borrow hashrate from various mining rental services such as NiceHash to reverse 22 blocks, which is far higher than average confirmation needed by most merchants/exchange (1-6 confirmation).
While it can't happen to Bitcoin as there's no services which could provide hashrate enough to perform 51% attack. All cryptocurrency which it's hashrate is lower than hashrate of mining rental service combined should be very careful.

So the two cases you mentioned are 51% attacks too, right?
legendary
Activity: 3122
Merit: 2178
Playgram - The Telegram Casino
Note that a long range 50%+1 attack is impractical and won't e carried out in real world because the attacker will ruin the coin under consideration by such an attack while spending too much resources (electricity, rents, ...) it turns the whole purpose of the attack to be void.

I agree as it's not impractical, expect it happened once with Bitcoin Gold (a fork of BTC). AFAIK attacker borrow hashrate from various mining rental services such as NiceHash to reverse 22 blocks, which is far higher than average confirmation needed by most merchants/exchange (1-6 confirmation).
While it can't happen to Bitcoin as there's no services which could provide hashrate enough to perform 51% attack. All cryptocurrency which it's hashrate is lower than hashrate of mining rental service combined should be very careful.

That's the upside of ASICs vs GPUs. As an ASIC-mined coins you have fewer coins to compete with than being one that is GPU-mined.

If you're the largest coin that can be profitably mined via GPU you're golden. But as soon as you're one of the smaller ones you're a potential target. Since the infrastructure already exists, the hashing power merely needs to be pointed in your direction at the flip of a switch.

True also for ASIC-mined coins, of course, but less pronounced than with GPU mining. Obviously it also helps that Bitcoin has by far the largest Sha256 hashrate, so there's little hashrate that can come "out of nowhere" as was the case with Bitcoin Gold.
legendary
Activity: 2870
Merit: 7490
Crypto Swap Exchange
With rollback you erase a chunk of the history. And yes, that means all the transactions included in that block / those blocks.
Luckily Bitcoin network is strong enough to make 51% attack too expensive to worth it, because the rollback is a nightmare and really nobody would consent to support it.

Actually, AFAIK it happened twice :
1. Value overflow in 2010 where attacker generate 184,467,440,737.09551616 Bitcoin
2. Accidental hard-fork after QT 0.8 release where it has different DB version and not compatible with older version

So, if something major like that happen again, rollback might be supported by parts of the community

Note that a long range 50%+1 attack is impractical and won't e carried out in real world because the attacker will ruin the coin under consideration by such an attack while spending too much resources (electricity, rents, ...) it turns the whole purpose of the attack to be void.

I agree as it's not impractical, expect it happened once with Bitcoin Gold (a fork of BTC). AFAIK attacker borrow hashrate from various mining rental services such as NiceHash to reverse 22 blocks, which is far higher than average confirmation needed by most merchants/exchange (1-6 confirmation).
While it can't happen to Bitcoin as there's no services which could provide hashrate enough to perform 51% attack. All cryptocurrency which it's hashrate is lower than hashrate of mining rental service combined should be very careful.
legendary
Activity: 3038
Merit: 4418
Crypto Swap Exchange

IIRC, something similar happened way back when Bitcoin was in its first years and someone got in control of some Bitcoins they shouldn't have been in control of, and this was reversed through a Bitcoin Client update or something like that.


Can you give us the whole story of that "something similar"? It would be incorrect to assume that a successful 51% attack would give someone the power to steal. Because, anyone correct me if this is a mistake, if an attacker can control 100% of the hashing power, it still cannot turn invalid transactions into valid transactions. The nodes will not relay them. It can only censor transactions.


It has never happened. The only time anything like this happened was with the bug[1] that resulted in block rewards that was over the limit. It was forked off and everyone switched. And you're right, you can't make transactions that are invalid into a valid one.
[1] https://nvd.nist.gov/vuln/detail/CVE-2010-5139
legendary
Activity: 2898
Merit: 1823

IIRC, something similar happened way back when Bitcoin was in its first years and someone got in control of some Bitcoins they shouldn't have been in control of, and this was reversed through a Bitcoin Client update or something like that.


Can you give us the whole story of that "something similar"? It would be incorrect to assume that a successful 51% attack would give someone the power to steal. Because, anyone correct me if this is a mistake, if an attacker can control 100% of the hashing power, it still cannot turn invalid transactions into valid transactions. The nodes will not relay them. It can only censor transactions.

Pages:
Jump to: