Author

Topic: Real-time 51% Attack Vulnerability & Ranking Against Military Spending (Read 3884 times)

legendary
Activity: 1148
Merit: 1014
In Satoshi I Trust
This metric is, in essence, equal to 51% of the present value ("PV") of all future revenues derived from bitcoin mining using current Mt. Gox prices. Revenues include both block rewards and transaction fees.

The purpose behind using PV as a measuring tool is to approximate the incentives to miners to build upon the Bitcoin network. The measure can be viewed as an aggregate of all the cost-benefit analyses done by individual miners.

We believe this is superior to other methods of calculating the attack cost, including variables such as current hash rates and current capital costs, because the model is independent of technology advancements. Under the equilibrium model, miners will continue to invest in equipment until they reach the point where marginal cost equals marginal revenue (the point of profit maximization).
some days ago it was 300 mio, now it is 770 mio. is this just because the difficulty rises?

NO, it is because they are using an economic model and the out-of-whack MT.Gox price.

Difficulty does not even factor into it.

They are assuming that miners can instantly respond to the price of Bitcoin. It may be true in 6 months if the glut of ASICs are not profitable; but not now.

ok thx. now agian its 480 mio  Huh Huh Huh
legendary
Activity: 1008
Merit: 1001
Let the chips fall where they may.
This metric is, in essence, equal to 51% of the present value ("PV") of all future revenues derived from bitcoin mining using current Mt. Gox prices. Revenues include both block rewards and transaction fees.

The purpose behind using PV as a measuring tool is to approximate the incentives to miners to build upon the Bitcoin network. The measure can be viewed as an aggregate of all the cost-benefit analyses done by individual miners.

We believe this is superior to other methods of calculating the attack cost, including variables such as current hash rates and current capital costs, because the model is independent of technology advancements. Under the equilibrium model, miners will continue to invest in equipment until they reach the point where marginal cost equals marginal revenue (the point of profit maximization).
some days ago it was 300 mio, now it is 770 mio. is this just because the difficulty rises?

NO, it is because they are using an economic model and the out-of-whack MT.Gox price.

Difficulty does not even factor into it.

They are assuming that miners can instantly respond to the price of Bitcoin. It may be true in 6 months if the glut of ASICs are not profitable; but not now.
legendary
Activity: 1148
Merit: 1014
In Satoshi I Trust
How do you get $300 million?  Even at $100 per GH/s, you could buy the whole network for $50 Million.  This is a drop in the bucket for any government.  If they pull it off, no more transactions are processed, everyone stops mining and the incentive to mine drops to zero.  

The only meaningful value is how much the government needs to spend to destroy the network.  Right now, that's no more than $50 million and that's being very generous.

What am I missing?

some days ago it was 300 mio, now it is 770 mio. is this just because the difficulty rises?
sr. member
Activity: 278
Merit: 251
The chip manu's should just start only accepting Bitcoin. That will then blow up the price of Bitcoins the more miners there are. 300 million would pop it up by 30% alone. That's a great way to obviously tip off people in the network. They'd have to ramp up gradually, which could fuel a runaway upswing, strengthening the system. It'd be a fine tightwire walk.
staff
Activity: 4284
Merit: 8808
Interesting approach. Though I note that if you replace Bitcoin with a counterfactual alternative with an exchange rate of just slightly greater than zero whos subsidy grows exponentially (at a rate faster than 8% per year) that the attack cost under this model would be infinite...
hero member
Activity: 824
Merit: 712
How do you get $300 million?  Even at $100 per GH/s, you could buy the whole network for $50 Million.  This is a drop in the bucket for any government.  If they pull it off, no more transactions are processed, everyone stops mining and the incentive to mine drops to zero.  

The only meaningful value is how much the government needs to spend to destroy the network.  Right now, that's no more than $50 million and that's being very generous.

What am I missing?
member
Activity: 119
Merit: 10
Should we beware the time when the block reward drops so much only transaction fees would form most of the reward?

If there is going to be an abundance of redundant ASICs no longer making up for their electricity consumption, why wouldn't someone obtain these machines for a relatively low from desperate miners to impose a malicious attack against the network. A motivation behind such attack could even be something more rational than purely "for teh lulz"; for example if someone took a loan in BTC in eventually found out it would be cheaper to destroy the coin rather then having to return the sum.

Am I missing some protective mechanism for BTC here?
sr. member
Activity: 295
Merit: 250
"to survive, we must live and fly"
also guys, I am seeing bugs here. the BRIX score drops drops from 93 to 2 suddenly. I am assuming this is a fluctuation in hash rate or an issue with your own RT technology. I do not know if you are pinging or have a socket. the BRIX score needs to be an average over a time period. the BRIX score fluctuates so much while the attack cost fluctuates so little. I would expect more out of Cornell.
sr. member
Activity: 295
Merit: 250
"to survive, we must live and fly"
word of advice: you guys should put that defense spending in full comma nomenclature so we can see that 390 mil relative to numbers formatted in the same way. although they may expand the page a bit in mobile, the full weight of those numbers drives the semantic meaning home further.
sr. member
Activity: 295
Merit: 250
"to survive, we must live and fly"
nice model. i have been doing this in my head for quite some time. good to see this out there so people can wake up to the weaknesses of the bitcoin protocol. 300 mil is a drop in the bucket. 
full member
Activity: 174
Merit: 101
Very interesting what you've put together.

When these sorts of posts pop up I like to point people to a blog post by Gavin, the lead developer of the core bitcoin software:

http://gavintech.blogspot.com/2012/05/neutralizing-51-attack.html

Quote
One of the things a 51% attacker can do is prevent any transactions or new blocks from anybody besides themselves from being accepted, effectively stopping all payments and shutting down the network.

That would be bad.

But it would also be obvious it was happening, and pretty easy to defend against. As I said on the Bitcoin Forums:

Something like "ignore a longer chain orphaning the current best chain if the sum(priorities of transactions included in new chain) is much less than sum(priorities of transactions in the part of the current best chain that would be orphaned)" would mean a 51% attacker would have to have both lots of hashing power AND lots of old, high-priority bitcoins to keep up a transaction-denial-of-service attack. And they'd pretty quickly run out of old, high-priority bitcoins and would be forced to either include other people's transactions or have their chain rejected.

So not only is the price tag to attack the network ever increasing, there is also the fact that if 'X' organization spends the millions of dollars to attack bitcoin, they risk it merely being circumvented. Thats a lot of wasted money, a lot to answer for if you fail.  




 

You are 100% correct, there are other problems needed to successfully pull off a 51% attack. We hope our model offers insight, however. Especially over time.
vip
Activity: 571
Merit: 504
I still <3 u Satoshi
Very interesting what you've put together.

When these sorts of posts pop up I like to point people to a blog post by Gavin, the lead developer of the core bitcoin software:

http://gavintech.blogspot.com/2012/05/neutralizing-51-attack.html

Quote
One of the things a 51% attacker can do is prevent any transactions or new blocks from anybody besides themselves from being accepted, effectively stopping all payments and shutting down the network.

That would be bad.

But it would also be obvious it was happening, and pretty easy to defend against. As I said on the Bitcoin Forums:

Something like "ignore a longer chain orphaning the current best chain if the sum(priorities of transactions included in new chain) is much less than sum(priorities of transactions in the part of the current best chain that would be orphaned)" would mean a 51% attacker would have to have both lots of hashing power AND lots of old, high-priority bitcoins to keep up a transaction-denial-of-service attack. And they'd pretty quickly run out of old, high-priority bitcoins and would be forced to either include other people's transactions or have their chain rejected.

So not only is the price tag to attack the network ever increasing, there is also the fact that if 'X' organization spends the millions of dollars to attack bitcoin, they risk it merely being circumvented. Thats a lot of wasted money, a lot to answer for if you fail.  




 
donator
Activity: 452
Merit: 252
from my understanding of what you propose, this isn't a cost of such an attack today, because we're not in perfect equalibrium yet, it could take another 10 years before we plateau into the state of "perfect competition". Wouldn't that mean that the value you suggest is an estimate of what the true value would be at this future date?

I don't have any background in economic theory so I could be quite wrong, but that's what makes sense to me.
legendary
Activity: 896
Merit: 1001
Cool site. Thanks for compiling the info.
full member
Activity: 174
Merit: 101


We've spent some time developing a way to measure the cost to 51% attack the Bitcoin network under an equilibrium model in real time. It's a bit heavy on economic theory, but we believe it is the most accurate way to measure the costs involved (and the only way to do it in real time). Please let me know if you have any questions.

You can check it out at: https://www.resallex.com/bitcoin/brix


Introduction

Equilibrium 51% Attack Cost: This is a metric attempting to calculate the total present value cost required to attack the Bitcoin network through majority hashing power (51% attack). The metric is meant to be viewed as a snapshot in time as if an attacker decided to invest in attacking the network under the current conditions.
BRIX Score: "Bitcoin Robustness Index" - The relative rank of Bitcoin's 51% attack cost compared to annual military expenditures among all nations.

Method

This metric is, in essence, equal to 51% of the present value ("PV") of all future revenues derived from bitcoin mining using current Mt. Gox prices. Revenues include both block rewards and transaction fees. The purpose behind using PV as a measuring tool is to approximate the incentives to miners to build upon the Bitcoin network. The measure can be viewed as an aggregate of all the cost-benefit analyses done by individual miners. We believe this is superior to other methods of calculating the attack cost, including variables such as current hash rates and current capital costs, because the model is independent of technology advancements. Under the equilibrium model, miners will continue to invest in equipment until they reach the point where marginal cost equals marginal revenue (the point of profit maximization). Under perfect competition (of which bitcoin mining is effectively), this point will also be where aggregate cost equals aggregate revenue. If we assume the variables that can affect mining revenue are held constant ($/btc & transaction fees), then it is easy to calculate aggregate revenue and therefore also aggregate cost. Since we know aggregate revenue equals aggregate cost, by calculating 51% of aggregate revenue we effectively calculate 51% of the aggregate cost to miners.
 
We calculated this metric by discounting each block reward (210,000 blocks) as if it were an annuity and then discounting it further to its present value. Then, we added estimated transaction fees based off historical records.


Assumptions

This metric is meant to represent a model at equilibrium. Therefore it represents a snapshot of 51% of the incentive to miners at the current price and current transaction fee levels. The idea is that miners are willing to invest in the network as long as it is profitable to continue doing so. We assume the following:

Rational Actors: We assume all mining participants are rational actors and strictly pursue profit maximization. We ignore all other motivations, including political, emotional, and reputational. All other heuristics and biases are ignored.
Static Variables: We assume that the variables in the model are static, and therefore represent a 'snapshot in time'. There are no growth forecasts for either price or transaction fees.
Perfect Competition: We assume that all miners and potential attackers have access to the same technology, resources and information. There is no technological advantage for any party that would exclusively decrease mining costs or otherwise acquire mining equipment faster.
Discount Rate: 8% Our model discounts future cash flows by 8%.
Jump to: