Pages:
Author

Topic: This 51% numbers kills everything! (Read 1387 times)

sr. member
Activity: 476
Merit: 250
Tangible Cryptography LLC
February 01, 2013, 12:32:47 PM
#27
Isn't the chance of some super group of ASIC's coming from behind and eating up the entire block chain non-existent because with each new release we lock in the block chain? They might be able to go back x number of blocks but not swallow the whole thing up.

Yes.  More complex methods of checkpointing could also be done if necessary.  If a 51% attack materializes and sufficiently disrupts the Bitcoin network I imagine lots of work being put into a cryptocurrency which combines POW & POS.  There is no requirement that a new coin start from scratch (although all to date have).  The Bitcoin blockchain up to a certain point could form the genesis block for a new more secure cryptocurrency.

Cryptocurrency is a concept.  It can't be killed.
hero member
Activity: 504
Merit: 500
WTF???
February 01, 2013, 12:27:35 PM
#26
Isn't the chance of some super group of ASIC's coming from behind and eating up the entire block chain non-existent because with each new release we lock in the block chain? They might be able to go back x number of blocks but not swallow the whole thing up.
legendary
Activity: 1148
Merit: 1008
If you want to walk on water, get out of the boat
February 01, 2013, 12:25:56 PM
#25
Why does people keep comparing mining with supercomputers? Supercomputers have petabytes of hard disks and terabytes of ram memory, totally useless for mining. Supercomputers are a network of thousands of cores, totally useless for mining. And so on.

Quote
The today fastest supercomputer (top500.org) has approximately 300 000 opteron cores and 19 000 tesla cards.
CPU and nvidia mining so. No wonder they would epic fail at such attack!

Quote
It becomes instantly useful again the moment the attack ceases.
If it ceases.

Quote
The attack will stop if legitimate miners can upgrade their equipment faster than the government does (which the government has to constantly pay for). Also, I didn't know the government got free electricity.
Government can print money at will, hundreds of billions of dollars printed at will. They "pay"? Electricity is not "free"? Lol. They spend so many billions every year for war and now they can't even spare 20-30 millions for a 51% attack?

Quote
Double spends can't be fixed by reverting to a back-up blockchain
Every block created during the 51% attack obviously can't be trusted. So you must revert to a backup blockchain. And yes, they can be reverted
legendary
Activity: 1148
Merit: 1008
If you want to walk on water, get out of the boat
February 01, 2013, 12:19:19 PM
#24
In practice it's impossible to rewrite 1 year of blockchain faster than the honest network in hope that will become the longest chain and replace the legit one. Even if you're hashing your blockchain offline you must obey the rules of the protocol which means that the difficulty will update each 2016 blocks (up to a maximum of 4 times the previous difficulty if i'm not mistaken). Even if you're using processing power orders of magnitude higher than the honest network the difficulty will catch up with your hashrate leaving you producing blocks at the same average (around 10 min each) and your blockchain will never ever catch up.
As other said, the "longest" blockchain is the one with the highest difficulty, not the one with more blocks. 1 difficulty 100 block is worth 5 difficulty 20 blocks
newbie
Activity: 33
Merit: 0
February 01, 2013, 12:18:52 PM
#23

In practice it's impossible to rewrite 1 year of blockchain faster than the honest network in hope that will become the longest chain and replace the legit one. Even if you're hashing your blockchain offline you must obey the rules of the protocol which means that the difficulty will update each 2016 blocks (up to a maximum of 4 times the previous difficulty if i'm not mistaken). Even if you're using processing power orders of magnitude higher than the honest network the difficulty will catch up with your hashrate leaving you producing blocks at the same average (around 10 min each) and your blockchain will never ever catch up.
Except that there is no need for your blockcahin to become "the longest chain".  It is only necessary to have the chain with the highest total difficulty.  If your blocks are created at 10 minutes per block, but the difficulty of your blocks are four times higher than the difficulty of the blocks in "honest network", then your blockchain can/will replace the network blocks when you've created one-fourth as many blocks as the "honest network"

Oh didn't know that. I thought that only the block height was relevant.
legendary
Activity: 3472
Merit: 4801
February 01, 2013, 12:15:34 PM
#22

In practice it's impossible to rewrite 1 year of blockchain faster than the honest network in hope that will become the longest chain and replace the legit one. Even if you're hashing your blockchain offline you must obey the rules of the protocol which means that the difficulty will update each 2016 blocks (up to a maximum of 4 times the previous difficulty if i'm not mistaken). Even if you're using processing power orders of magnitude higher than the honest network the difficulty will catch up with your hashrate leaving you producing blocks at the same average (around 10 min each) and your blockchain will never ever catch up.
Except that there is no need for your blockcahin to become "the longest chain".  It is only necessary to have the chain with the highest total difficulty.  If your blocks are created at 10 minutes per block, but the difficulty of your blocks are four times higher than the difficulty of the blocks in "honest network", then your blockchain can/will replace the network blocks when you've created one-fourth as many blocks as the "honest network"
donator
Activity: 1218
Merit: 1079
Gerald Davis
February 01, 2013, 12:11:04 PM
#21
The attacker can then "slow down" allow difficulty to fall and mine again but even that won't be necessary.  Remember what makes the chain the "longest" the total combined difficulty.  So a very far miner will build a longer chain eventually.  It might have a lower block height but it will be "longer".

I don't know if there is a stat for the total combined blockchain difficulty (sum of all difficulties of all blocks in the blockchain) but I would guestimate it at ~250 billion combined difficulty (roughly 100,000 blocks in last 2 years @ avg difficult of 2 million and a much smaller amount prior to that).

Still it will require a lot of hashpower, far more than 51%.  Also as time goes on the blockchain contains more and more "stored difficulty" especially years and years of high difficulty (ASIC generated) blocks the amount of hashpower required to rewrite a significant portion of the blockchain becomes prohibitive.

Also I would point out the reference client (and many others) use checkpointing which means that one can't rewrite the blockchain prior to the last checkpoint even with infinite amount of hashpower.

51% attack is a credible threat but much like the attack on napster spawned better protected p2p networks and eventually bittorrent a 51% attack would simply pawn new cryptocurrencies hardened against brute force attacks.  
hero member
Activity: 938
Merit: 1002
February 01, 2013, 12:03:19 PM
#20
Avalon already owns the few hundred thousand dollar price range

What's your point? They can already 51% the network, since the items they have produced can do more than the total network hashrate.
newbie
Activity: 33
Merit: 0
February 01, 2013, 11:58:19 AM
#19

Quote
They can only fraudulently reverse or modify their own transactions, not anyone else's. They can (temporarily) prevent other people's transactions from being confirmed, but not modify them in any way or reverse transactions which were already confirmed before the attack
What? With a 51% attack you can replace the current blockchain with your! And that blockchain can for example start being modified since a year ago. This means that since a year ago all the blocks were found by the attacker. This means that he own all these bitcoins and that no other transaction has been confirmed since then. You mined your coin 6 months ago and spent them? No more, he mined these coins! Not you! So your transaction disappear. It never existed.
That would require a lot more than 51% to do in any reasonable timeframe. For example, to rewrite 1 year of transaction history within 1 year would require 67% of the hashing power. That's a whole year of continuous mining with double the hashing power of the rest of the network before you can even begin your attack. And that's assuming no checkpoints. With checkpoints, such an attack is completely and utterly impossible.



In practice it's impossible to rewrite 1 year of blockchain faster than the honest network in hope that will become the longest chain and replace the legit one. Even if you're hashing your blockchain offline you must obey the rules of the protocol which means that the difficulty will update each 2016 blocks (up to a maximum of 4 times the previous difficulty if i'm not mistaken). Even if you're using processing power orders of magnitude higher than the honest network the difficulty will catch up with your hashrate leaving you producing blocks at the same average (around 10 min each) and your blockchain will never ever catch up.
full member
Activity: 164
Merit: 100
February 01, 2013, 11:49:35 AM
#18

What you need to understand is the size of the Bitcoin network versus how much or little the USG cares about online poker.

The amount of computing power it would take to get to ten percent is astronomical at the present. It is beyond any combination of the three (probably more) highest performing supercomputers in the world at the moment, and as the wiki article shows the dangerous attacks from superior computing power aren't fast. They require sustained focus on the bitcoin network, which gets very expensive when you start talking about not only the cost of the computers, but the electricity to run them.

The risk of a 51% attack happing is actually very, very trivial.

This is fun, working with high performance comuting i could not resist to throw around some fast numbers.



Here is a rough estimate of the hashing capacity of the fastest (publicly known) supercomputers today. This does not mean that they
are the best publicly known systems for Bitcoin mining... The exact specification of those cpus and cards are not on the Bitcoin hardware list but a rough estimate using slightly older(worse) equipment makes for a pessimistic estimate.

Remember today that the total network hashrate is: 22 776 GH or 22 TH
The today fastest supercomputer (top500.org) has approximately 300 000 opteron cores and 19 000 tesla cards.
rank

Top 500 rankNamecpugpuGH/s
1Titan system at Oak Ridge300000190003177GH/s
2Sequoia - BlueGene/Q157286405662GH/s
8Tianhe-1A 1863682656GH/s

So no 51% attack there, Notable is that only two of the top 500 machines are using amd cards (largest one has 4*56 7970)
legendary
Activity: 1722
Merit: 1217
February 01, 2013, 11:46:29 AM
#17
The thing i keep in mine is motive. Who would spend huge sums of money to destroy the value of the bitcoins they are forging? It is not rational as it would cost money and produce little/nothing for the attacker. 

perhaps the agent of an organization that sold a competing currency
legendary
Activity: 3066
Merit: 1147
The revolution will be monetized!
February 01, 2013, 11:39:32 AM
#16
The thing i keep in mine is motive. Who would spend huge sums of money to destroy the value of the bitcoins they are forging? It is not rational as it would cost money and produce little/nothing for the attacker. 
legendary
Activity: 4542
Merit: 3393
Vile Vixen and Miss Bitcointalk 2021-2023
February 01, 2013, 11:16:25 AM
#15
Quote
The 51% attack cannot "collapse the whole system"
Yes it can, with a 51% attack bitcoin becomes instantly useless.
It becomes instantly useful again the moment the attack ceases.

Quote
They can only fraudulently reverse or modify their own transactions, not anyone else's. They can (temporarily) prevent other people's transactions from being confirmed, but not modify them in any way or reverse transactions which were already confirmed before the attack
What? With a 51% attack you can replace the current blockchain with your! And that blockchain can for example start being modified since a year ago. This means that since a year ago all the blocks were found by the attacker. This means that he own all these bitcoins and that no other transaction has been confirmed since then. You mined your coin 6 months ago and spent them? No more, he mined these coins! Not you! So your transaction disappear. It never existed.
That would require a lot more than 51% to do in any reasonable timeframe. For example, to rewrite 1 year of transaction history within 1 year would require 67% of the hashing power. That's a whole year of continuous mining with double the hashing power of the rest of the network before you can even begin your attack. And that's assuming no checkpoints. With checkpoints, such an attack is completely and utterly impossible.

Quote
the attackers can only do anything during the time they are actively mining with 51% of the hashing power
This rely on your hope that the attack eventually would stop. Why it should? After a government start the computers, it can leave them attacking for whatever time it want!
The attack will stop if legitimate miners can upgrade their equipment faster than the government does (which the government has to constantly pay for). Also, I didn't know the government got free electricity.

Yes, if the attack stop then we can fix everything (lot of people keep a backup of the current blockchain). But that is a big if!
Double spends can't be fixed by reverting to a back-up blockchain, but apart from that (which is probably not a major problem anyway, since nobody will trust any transactions that occur during the attack), nothing will need fixing anyway. As disruptive as a 51% attack would be, the disruption is only temporary (though even a temporary disruption might still be economically disastrous).
hero member
Activity: 700
Merit: 500
February 01, 2013, 11:12:27 AM
#14
I've done very wong math on this forum tonight, but from what I understand it would be between 20,000,000 and 20,000,000,000 dollars to mount a 51% attack and as summaries mention that attack is actually rather limited in the damage it might inflict.

If we are talking about the current difficulty, a few hundred thousand dollars would do to develop a specific circuit for Bitcoin and print thousands of it. Even in the near future, a few million would still be enough. If there were enough incentive, they would be able to do it.

Avalon already owns the few hundred thousand dollar price range

The only truly destructive attacks though go back and start rewriting the blockchain. Anything less is merely inconvenient. On a long enough timeline it could be done with 50.0...1% of the hashing power, but more realistically any serious distance is going to take a long time at more than 90% of the network's hashing power.

They can easily prevent all transactions from happening with 51%.


Only so long as they continue running. It is like a very expensive pause button. A pause button that has to put up with the fact that luck can get the rest of the miners to pick up consecutive blocks. Thanks to Luke-jr we have seen 51% attacks on small altchains and the solution seems to be wait it out.
hero member
Activity: 938
Merit: 1002
February 01, 2013, 10:41:43 AM
#13
I've done very wong math on this forum tonight, but from what I understand it would be between 20,000,000 and 20,000,000,000 dollars to mount a 51% attack and as summaries mention that attack is actually rather limited in the damage it might inflict.

If we are talking about the current difficulty, a few hundred thousand dollars would do to develop a specific circuit for Bitcoin and print thousands of it. Even in the near future, a few million would still be enough. If there were enough incentive, they would be able to do it.

The only truly destructive attacks though go back and start rewriting the blockchain. Anything less is merely inconvenient. On a long enough timeline it could be done with 50.0...1% of the hashing power, but more realistically any serious distance is going to take a long time at more than 90% of the network's hashing power.

They can easily prevent all transactions from happening with 51%.
hero member
Activity: 700
Merit: 500
February 01, 2013, 10:31:12 AM
#12
Quote
It is beyond any combination of the three (probably more) highest performing supercomputers in the world at the moment
The fact that the supercomputers are build to do OTHER things is why they aren't good at mining. Some supercomputers are made of nvidia cards, everyone know that nvidia cards sucks at mining but probably they excel in what they have to do in supercomputers.

NVIDIA cards excel in many supercomputing tasks so long as they are trying to model the real world and not break cryptography. From what I understand though at least one of the top two supercomputers doesn't use GPU cores at all and does everything on AMD opteron cores so power efficiency....

I'm not even sure the top three are enough to do it themselves.

I've done very wong math on this forum tonight, but from what I understand it would be between 20,000,000 and 20,000,000,000 dollars to mount a 51% attack and as summaries mention that attack is actually rather limited in the damage it might inflict.

The only truly destructive attacks though go back and start rewriting the blockchain. Anything less is merely inconvenient. On a long enough timeline it could be done with 50.0...1% of the hashing power, but more realistically any serious distance is going to take a long time at more than 90% of the network's hashing power.
hero member
Activity: 938
Merit: 1002
February 01, 2013, 09:53:54 AM
#11
This is a very complicated subject. I think these are all true:

  • It would be costly to implement a 51% attack. Once ASIC devices are widespread (which is soon), there won't be any (known) easy tricks left for the wealthy attacker.
  • The State has lots and lots of money nonetheless.
  • The more disruptive Bitcoin becomes, the more costly and difficult it gets to implement an attack. Bitcoin is arguably still too small to care about and it's already more powerful than all supercomputers combined.
  • There are other measures than checkpoints when push comes to shove. It would be a messy war rather than a mere 51% challenge.
  • Bitcoin is not only a network but a technology. Even if you could destroy this one, hundreds more will crop up.
  • None of those hundred clones will be as useful as Bitcoin, so a successful attack would partially be effective.
  • At this point, they have to create a facility from scratch just for the purpose of attacking Bitcoin.
  • State doesn't openly attack people. It is politically very risky for it to do that, so the element with the idea would most likely go through all the bureaucratic process, which is a challenge by itself.
  • There is no apparent danger to the State. Bitcoin as a technology and network is not illegal, anywhere.
  • State would likely go after exchanges, gambling sites and the like first. The network itself would be the last resort.

All in all it's highly unlikely that any State, union of states or any power will set up a facility for the sole purpose of attacking Bitcoin (and possibly any type of cryptocurrency) any time soon. It might eventually happen, but gambling and drugs aren't enough reason by a long shot. I'm sure it will be a toy for politicians to play, and they might go as far as to try to outlaw the exchange of goods for Bitcoin.

We will all have to see whether Bitcoin will become a hindrance to sovereignty. If it proves to be so, then I can see them attacking the network itself.
legendary
Activity: 1148
Merit: 1008
If you want to walk on water, get out of the boat
February 01, 2013, 09:40:37 AM
#10
Quote
The amount of computing power it would take to get to ten percent is astronomical at the present
No, 20-30 millions $ and you can do such attack.
Quote
It is beyond any combination of the three (probably more) highest performing supercomputers in the world at the moment
The fact that the supercomputers are build to do OTHER things is why they aren't good at mining. Some supercomputers are made of nvidia cards, everyone know that nvidia cards sucks at mining but probably they excel in what they have to do in supercomputers.
Quote
which gets very expensive
For us normal people. Not for a government, corporation, bank, other powerful entity.

hero member
Activity: 700
Merit: 500
February 01, 2013, 08:42:05 AM
#9
I'm a professional online poker player. Life is tough for us as the US government keeps blocking online gaming transactions and bitcoins are popping up big on the poker forums as a way around this.
I wonder how much new users is commin from this direction. Since you are professional online poker player, can you provide some links and stats? Thanks.
Bitcoin is a regular discussion on 2+2 for two years.

This has actually been a trend. I welcome our new gambling overlords as the will be the lesser fool to me when it comes to sports betting.

I'm a professional online poker player. Life is tough for us as the US government keeps blocking online gaming transactions and bitcoins are popping up big on the poker forums as a way around this. I was thinking of investing in some bitcoins. I decided to do some research. 99% of everything I read blows way over my head.

What you need to understand is the size of the Bitcoin network versus how much or little the USG cares about online poker.

The amount of computing power it would take to get to ten percent is astronomical at the present. It is beyond any combination of the three (probably more) highest performing supercomputers in the world at the moment, and as the wiki article shows the dangerous attacks from superior computing power aren't fast. They require sustained focus on the bitcoin network, which gets very expensive when you start talking about not only the cost of the computers, but the electricity to run them.

The risk of a 51% attack happing is actually very, very trivial.
member
Activity: 155
Merit: 10
February 01, 2013, 08:34:12 AM
#8
I'm a professional online poker player. Life is tough for us as the US government keeps blocking online gaming transactions and bitcoins are popping up big on the poker forums as a way around this.

I wonder how much new users is commin from this direction. Since you are professional online poker player, can you provide some links and stats? Thanks.


Bitcoin is a regular discussion on 2+2 for two years.
Pages:
Jump to: