Topic: In case of a 51% attack, can the damage be reverted? - page 2. (Read 844 times)

Let me clarify:

I don't think a 51% attack on Bitcoin is even remotely viable for a variety of reason that I probably don't need to enumerate -- you summed it up pretty well in your post above.

I do think it's important to point out that a 51% attack (however unlikely) is not a mere double-spend attack which can be averted by awaiting an appropiate confirmation count. Any adversary holding 51% of the hashrate will always outmine their competitors, for as long as they are able to uphold the majority hashrate. (again, completely ignoring the economics of such an attack)



Here I (partially) disagree with you.

I fully agree with your assessment that users can always calculate the stakes involved and adjust their expected confirmation count accordingly. That's pretty much what happened with Bitcoin Cash, for example, when exchanges upped the required confirmation count to 10-20 confirmations IIRC.

I disagree that alts with low hashrates are just as safe from 51% attacks as the larger coins in which shadow they stand (assuming that's what you're saying).

Problem being: If you attack the largest coin within your mining space (be it Sha256 or Scrypt ASIC, be it GPU) you kill your cashcow and are highly disincentivized to do so. If you attack one of the smaller coins, the stakes are not quite as high, since you can always point your miners back to the larger coin (ie. you don't turn your miner into an expensive paperweight by such an attack). Obviously the benefit of such an attack would still be questionable -- as you rightfully pointed out above the more worthy of an attack a coin is, the better it is secured and vice versa -- but the incentive is not quite as beneficial.

As much as I appreciate your good knowledge in the field, I strongly denounce above argument. It contradicts with the most fundamental idea behind security of bitcoin and other PoW cryptocurrencies. I think you are underestimating the importance of such a claim.

Of course there is no absolute safety for any form of valuable assets in the world. When I put my 20K$ car in a garage locked and secured by surveillance camera and a sophisticated anti-theft system under the watch of a 24*7 security service provider  nobody accuses me of being reckless about its security, yet anybody could spend like 200K$ to steal it and prove himself totally stupid.

The basic security assumption for bitcoin is that it is absolutely irrational for an adversary to commit a 50%+1 attack against the network because one could always find a sufficient number of confirmations to be sure about irreversibility of a transaction, relative to the incentives involved: the most high stake scam that is ever possible for the adversary to run against the hypothetical targeted receivers of specific transactions and the total block rewards involved.

With btc at like 5K$ nowadays and a hashrate of 45 exahashes, there exists a really high security wall in front of any delusional attacker with any agenda to be dreaming of a profitable 100 chain reorg attack to bitcoin, but I think it has been always the same for bitcoin.

Price and stakes in bitcoin are essentially based on the costs miners pay to keep it secure, it is more than fundamental, it is just the whole story of PoW and Satoshi's invention. Lower mining costs --> lower value --> lower prices --> lower stakes involved --> less need to be worried about attacks. The same 100-200 range attack barrier for any possible scenario. That's it! It is what bitcoin and PoW is.

People with little knowledge and journalists talk too much about coins with low hashrate and their vulnerability to 50%+1 attacks. it is not true. There exists and will exist no PoW coin vulnerable to this attack, users could always calculate the stakes involved and the costs of running an attack and spot the right length for their security.

And how much does it cost? To be more specific. And how much is ever possible for him to earn? To be conclusive.

That's the thing about 51% attacks though, there is no safe confirmation count for as long as a 51% attack is going on.

To illustrate:


The question is then not how many confirmations suffice, but how long an adversary can hold 51% of the network's hashrate.

I think this piece of code in JavaScript could help merchants to understand how much confirmations would be enough for their trades - so mitigate the vulnerability. Wallets could generate such information for end users:

https://people.xiph.org/~greg/attack_success.html

I see a lot of confusion about 51% attack in this thread, seemingly it is used as a metaphor for any disaster in bitcoin which is not true.

Following points might be found helpful:

1- Being short-range: A 50%+1 attack typically is about an adversary who somehow puts hands on a majority of hashpower for a short period of time. If this majority is persistent for a long period of time, it is no longer considered an attack, it would turn the network to a simple centralized service which is at least subject to censorship, just like conventional banking system.

2- Limited  user vulnerability: The main targets of 50%+1 attack with its short-range chain rewrite consequences are merchants and exchanges that do not take proper security measures by waiting for enough confirmations (blockchain growth) for high stake transactions. This vulnerability could be mitigated if users closely observe the network overall 50%+1 attack cost and wait for more confirmations up to safe thresholds.

3- Serious miner vulnerability: When the chain gets reorged a few blocks become orphaned and their miners lose their rewards and as long as this attack is active they are unlikely to mine any blocks even though they are consuming time and resources. Also, there are more consequences for miners because of hashrate fluctuations and difficulty jump.

4- Legitimacy crisis: For an adversary, taking control of a majority hashpower is a matter of investment but convincing user base about his legitimacy is almost unachievable.

 

What miners do is direct their hashing power to a new pool. Simple as that because the miners would earn more if they are honest. But if the mining cartel assumes control of the network, then they can and will censor transactions, effectively making Bitcoin become Fed 2.0.

The answer is yes, it will ruin the coin completely, unless UAHF.

I will make another question, as the one that starts the topic was already answered. In case of a 51% attack, the damage should be reverted?

Should it not be an even bigger problem to be able to roll back an action already done on the blockchain?

Bitcoin's political consensus is quite subjective. I mean, the voice of the community is something that depends on time. We do not have a voting system in Bitcoin where a result is clear. BTC is Bitcoin for being clear the choice of the majority. But in an event like such an attack, if it was of great proportions. One group could choose to revert and another group could choose not to. In the same way as with ETH and ETC.

So the question is not whether this is possible. But if this will be the majority choice in the long run.

Firstly, the 51% attack can be prevent using the system used by the monero and I also believed prevention of the 51% attack was the reason behind Satoshi not expanding the blocksize so that the community will be able to notice foul play. However, the 51% does not profit any profit to the group of company that owns the 51% mining power and with my research 51% was using carried out by coin competitor in other to eliminate coins which they see as challenger for their project.

and this is my two cents, community might agree on a double-check data flow before block creation. not exactly double-check but I mean a concrete solution should involve before block creation - and I'm working hard on it. rollback is always costly and harmful to the trust.

Checkpoints are hardcoded in client software to help with a safer bootstrap for nodes not to get sybil-attacked (being completely surrounded by malicious peers). It is also useful to resist very-long-range attacks (reorg of entire history or multiple thousands long chain re-writes) and has nothing to do with 51% attacks under discussion which belong to short up to medium chain reorg attempts.

Alright, got it now, thank you for the detailed explanation. Have a great day!

Sorry if this is off-topic but I really curious about the "checkpoint" issue that often mentioned recently. Is this a legit way to prevent reorg of the bad block? What's the pros and cons? Thanks!

Awesome, thank you for the explanation!



I think a government would have enough motivation to ruin a cryptocurrency if the regulations and whatever else they have in plan will fail. It might sound like conspiracy, but I believe this is not very unlikely if we look at the EtherDelta SEC registration case (https://www.sidley.com/en/insights/newsupdates/2018/11/first-sec-enforcement-action-against-decentralized-digital-asset) and the recent news about regulations and governments' point of view. If coins go out of control through decentralization and privacy, I see a 51% attack driven through a government's plan possible. I'm sorry if this classifies as a non-topic reply!



I see. I was wondering how an attack would look like and whether there is the possibility of doing something about it or it would ruin the coin completely. Thanks!

Nop. It is not how it works in the real world. No hacker is able to take control of a mining farm at least for a considerable amount of time. The owner will shut the farm down and make it secure in less than an hour if it is large enough and within few hours if it is not.

Generally speaking I think there is a LOT of exaggerations about 51% attack in the literature.

It's possible. The firmwares that the ASICs are on is definitely exploitable. The main reason is the motivation. I doubt anyone would just ruin the coin just like that. Most ASIC farms are actually fairly small and it isn't that big to be able to ruin a mid-sized coin.

It has. Bugs in the client could cause the client to accept and relay transactions that are otherwise invalid. If not, 51% attack can't do that much.

Its not. The 1st was due to the bug in the client. The second was due to the miners mining incompatible block (no 51% attacks whatsoever) that resulted in the splitting of the chain. The older clients were following one and the newer clients were following the other. While 51% can result in forks, the new fork must still follow the consensus rules, no matter how much hashrate they own. A block can only have that many Bitcoins and block rewards and signatures must be valid, etc. If not, the blocks wouldn't even be accepted and the 51% attack would be as if it has never happened.

I understand. It might be too expensive to be worth it, but you never know who would have 'the guts' to do it and try to attack the network. Enough events happened in the crypto world and in the economic world in general to make it almost impossible to happen.



When I mentioned "hackers" I meant hackers that would be able to get in control of the largest mining farms in the world without having to rent rigs or pay for electricity etc in order to attack the network. Wouldn't it be possible? I'm kinda newbie to the mining part so I might be talking nonsense.



I might have talked about a story that never happened. ranochigo gave the right link to the case I was talking about. Here's one to the wikipedia, it's about the same incident: https://en.bitcoin.it/wiki/Value_overflow_incident


So the two cases you mentioned are 51% attacks too, right?

That's the upside of ASICs vs GPUs. As an ASIC-mined coins you have fewer coins to compete with than being one that is GPU-mined.

If you're the largest coin that can be profitably mined via GPU you're golden. But as soon as you're one of the smaller ones you're a potential target. Since the infrastructure already exists, the hashing power merely needs to be pointed in your direction at the flip of a switch.

True also for ASIC-mined coins, of course, but less pronounced than with GPU mining. Obviously it also helps that Bitcoin has by far the largest Sha256 hashrate, so there's little hashrate that can come "out of nowhere" as was the case with Bitcoin Gold.

Actually, AFAIK it happened twice :
1. Value overflow in 2010 where attacker generate 184,467,440,737.09551616 Bitcoin
2. Accidental hard-fork after QT 0.8 release where it has different DB version and not compatible with older version

So, if something major like that happen again, rollback might be supported by parts of the community


I agree as it's not impractical, expect it happened once with Bitcoin Gold (a fork of BTC). AFAIK attacker borrow hashrate from various mining rental services such as NiceHash to reverse 22 blocks, which is far higher than average confirmation needed by most merchants/exchange (1-6 confirmation).
While it can't happen to Bitcoin as there's no services which could provide hashrate enough to perform 51% attack. All cryptocurrency which it's hashrate is lower than hashrate of mining rental service combined should be very careful.

It has never happened. The only time anything like this happened was with the bug[1] that resulted in block rewards that was over the limit. It was forked off and everyone switched. And you're right, you can't make transactions that are invalid into a valid one.
[1] https://nvd.nist.gov/vuln/detail/CVE-2010-5139

Can you give us the whole story of that "something similar"? It would be incorrect to assume that a successful 51% attack would give someone the power to steal. Because, anyone correct me if this is a mistake, if an attacker can control 100% of the hashing power, it still cannot turn invalid transactions into valid transactions. The nodes will not relay them. It can only censor transactions.