Bitcoin vulnerable to State/Institution 51% attack

[Gerald]

Clarification: I’m not worried about a double-spending scam, per se. But such an attack would cause the market to lose faith in BTC, causing a price crash. That’s worse.

[Ken]

I am running a bitcoin node on my virtual private server. It costs me $5/month and I use it for many things.

The nodes do not create the block chain, they just validate it. It is the miners that extend the block chain. To corrupt the block chain you would need the majority of the mining power and the majority of the nodes. If you have just the mining, you can win the races to create the blocks, but your blocks would be rejected by the majority of the nodes and so would not propagate. If you just have the nodes, you cannot create the bogus blocks. I believe you need both.

So to corrupt the bitcoin block chain you need the majority of the mining power, and since mining requires a lot of electrical power, you would need to dedicate a tremendous amount of electricity to the project. I did a quick search and found one source claiming that bitcoin mining consumed 67TWh in 2015. The corresponds to 7.5GW dedicated full time to bitcoin mining. I usually equate a nuclear reactor to about 1GW, so that is the equivalent to 7.5 nuclear reactors worth of power. That would only be within the reach of the most energy rich nation states such as the US, China or Russia, but they would have to be very highly motivated.

I just found http://www.cbeci.org (you have to ignore the certificate errors), which is a University of Cambridge website that estimates current mining energy usage, it is estimating 9GW with bounds from 3.6GW to 17GW.

Presumably once bitcoin becomes a reserve currency, the nation states themselves will have a strong incentive to defend the block chain and they will set up the means to bring additional mining online if it looked like there was a risk of a 51% attack.

[Gerald]

Thank you, Ken

I didn’t realize that you would need not only 50% of the transaction nodes but a!so a majority of the mining nodes to succeed. I don’t understand this yet, but I now know what I need to study.

Such an attack is not beyond the reach of the most likely culprit, Russia, but if you say it would be too hard, that is encouraging.

Cheers

[Ken]

I dug into this a bit more and found that my last response was not quite right. A 51% attack does not require any nodes to be corrupted. It just requires 51% of the hashing power.

The first step in a 51% attack for a bad guy to spend his bitcoin. That fact gets recorded in the block chain as the miners add blocks to the chain. Meanwhile he is dedicating a tremendous amount of mining resources to extending a hidden version of the block chain, where in this version he did not spend the bitcoin. He keeps his version of the block chain hidden until he is able to reap the rewards from his spend (for example he may exchanged his bitcoin for monero on a decentralized exchange, so in this case he would wait until the monero was in hand). Then he publicizes his version of the block chain. It must be completely valid otherwise the nodes will reject it. Also it must be longer than the public version of the block chain. This is why he needs tremendous mining resources, he must mine faster than every one else combined to assure that his chain is longer. When confronted with two distinct but valid versions of the blockchain, the nodes will always propagate the longer version. In this way, the bad guy gets to keep his bitcoin and his monero.

One more thing. There are roughly 11k active nodes, not 100k. The nodes enforce the consensus rules. If someone were to introduce nodes that changed the consensus rules in such a way to make previously invalid blocks valid, they would be introducing a hard fork. That in effect splits the network into two as blocks from the modified nodes would be rejected by the original nodes. This is what happened when the block size was changed when bitcoin-cash forked from bitcoin. Once the network splits, which fork you use is determined by the node you connect to. This is one reason to run a node. It allows to explicitly chose to stay on the main bitcoin fork. Running a node also increases your privacy.

[Gerald]

Thanks, that was really helpful. Yeah, I had heard something about how only 10k of nodes are ‘fully functional,’ out of 100k. I don’t understand this, so I was conservative wrt the resources for 51%.

[Gerald]

Delete me

[Gerald]

Thanks, that is really helpful. Yeah, I had heard something about only 10k nodes are ‘fully functional,’ out of 100k. But I don’t understand this so I went with 100k to be conservative WRT the resources for a 51% attack. And I emphasize that its not the attack so much as people losing faith in the network.

So what is your conclusion? Could it be easily accomplished by a state actor, like Russia?

[Gerald]

Uh oh!

https://www.buybitcoinworldwide.com/mining/china/

[Ken]

I don’t know where you are getting the 100k number. It has been around 10k for a long time.

At 60%, if all the miners in China acted together, they could orchestrate double spending, but they could not act in defiance of the rules. The rules are enforced by the nodes, and the nodes are well distributed (https://bitnodes.io).

It is hard to imagine all the miners in China colluding to double spend because in doing so they would be acting to destroy the value of bitcoin, which they have invested heavily to capture. If they are colluding, it think it is more likely that they would be acting to build up a supply of bitcoin for the Chinese government, which they could then use as a reserve asset. And this is a perfectly legitimate and desirable activity.

[Ken]

The most compelling scenario I have read on how to kill bitcoin is this one. It seems plausible to me.