Explained: 51 percent of attacks on Bitcoin and other cryptocurrencies

One of the worst things that happen to a cryptocurrency job test is a 51% attack. Such attacks undermine the immutability, and consequently the confidence in a blockchain.

Satoshi Nakamoto summary test as "one-processor-one-vote. "Since then, the cryptocurrency extraction the industry has gone further processor extraction, which could calculate Bitcoin algorithm thousands of times per second, application-specific integrated circuits that can perform billions of calculations. This hardware specialization tends to centralize over time and is only available to high-tech manufacturers.

Does this make it inevitable that every cryptocurrency yields to 51% of the attacks?

The foundations of the labor test

The proof of work is the underlying algorithm theorized by the anonymous inventor of Bitcoin, Satoshi Nakamoto. In a work trial system, participants (miners) use computer hardware to complete a difficult one algorithm, the SHA-256 algorithm.

After that algorithm is resolved, the transaction data is grouped together for all the transactions presented within a window of about 10 minutes, called block. The miner who finds the solution to SHA-256 algorithm the first is the one that decides which block to include in the next chain. The longest chain of these solutions is the canonical or "true" version of the blockchain.

The hash rate (hashing power) of any piece of computer hardware is determined by the number of attempts it can make to solve it algorithm. The greater the number of attempts, the greater the likelihood that the solution will be found at the next block.

Although Satoshi Nakamoto originally conceptualized "one-processor-one-vote " extraction it is now dominated by application-specific integrated circuits (ASICs), machines built specifically to solve the problem SHA-256 algorithm at the speed of light.

Details of a 51% attack

In Bitcoin and other cryptocurrencies, a 51% attack is possible if a single miner, or a group of colluded miners (a cartel), can assemble more hashing power of everyone else extraction participants. Advancement in separate ASICs, hashing the power is approximately proportional to the amount of money a miner is willing to spend on engineering research, hardware and electricity.

If a situation occurs in which a group of miners has control over 50 percent of the total hashing power in a network, then that group could 'fly over & # 39; the honest miners. As mentioned earlier, the canonical blockchain is always the longest chain based on the rules of Nakamoto. This means that these malicious miners would statistically control who has the longest chain and then determine which transactions to include in the blockchain.

This behavior is problematic because it invalidates one of the problems that Bitcoin solves in normal conditions, at double expense, in which a user tries to spend the same Bitcoin several times.

Ramifications of an attack

Once the attacker has met enough hashing power, Nakamoto describes two options:

"…[the miner] he should choose between using it to defraud people by stealing his payments, or using it to generate new coins. "

An attacker can defraud people through different methods. The malicious user could create conflicting transactions, then refund the coins to themselves or someone else after a transaction. Or the miners could extract the empty blocks and simply invalid transactions, returning the coins to the attackers again.

An example of how an attacker could profit from this is by targeting an exchange. After making a deposit and converting the coins of the attacker to another precious cryptocurrency, the attacker could then repay the coins to himself while retaining the illegally obtained cryptography.

Taking honesty

That said, Nakamoto claims that playing with the rules of Bitcoin is more profitable than attacking it:

"It should find it more profitable to play according to the rules, such rules that favor it with more new coins than all the others combined, rather than weaken the system and the validity of its wealth".

Nakamoto is right in saying that if someone were to conduct a 51% attack on Bitcoin, it would greatly reduce the value of the coins, and consequently the profitability of any Bitcoin ASIC and any BTC possession possessed by an attacker.

Unfortunately, this only applies if Bitcoin, or any other cryptocurrency in question, is the leader in that particular extraction algorithm. This applies to EthereumEthash, Zcash & # 39; s Equihash, or Litecoin & # 39; s scrypt algorithms. Reuben Yap, the COO of Zcoin, effectively summarizes why this is the case:

"As a ASIC this can only do one thing [mine one particular crypto], it makes no sense to attack the coin that gives mine ASIC value. When I'm invested in a ASICI'm actually investing in the coin family[elasua[andits[elasua[anditsalgorithm]".

When incentives encourage attacks

There is a situation that occurs when a cryptocurrency uses a particular algorithm while not checking most of hashing power inside that algorithm. For example, there are dozens of criptos that use Bitcoin SHA-256 PoW algorithm. Competitors who use the same algorithm they are vulnerable.

When a situation occurs where there are incentives to weaken a competitor, follow the attacks. For example, during Bitcoin Cash Hash Wars, when two forks (ABC and S.V.) of BCH were formed, the miners of each fork used their hashing power to actively undermine the stability of their competitor.

There are other cases in which a 51% attack becomes rational behavior. Mark Nesbitt, a security engineer at Coinbase, explains in detail how Vertcoin endured four attacks:

"In four separate incidents, the last of which ended 12/2 [Dec. 2nd]Vertcoin (VTC) has experimented with 22 deep chain reorganizations, 15 of which included double spend of VTC. We estimate that these attacks could have led to the theft of over $ 100,000. The biggest reorg. it was over 300 blocks deep ".

Vertcoin uses Lyra2RE extraction algorithm. The problem arises when the miners in this algorithm the family can choose from a range of different and profitable projects, including Verge, Monacoin and others. If users of Vertcoin are defrauded of their funds, this does not substantially affect the value and profit potential of these Lyra2RE ASICs.

Manipulating the immutability

There are several ways in which an attacker can manipulate the blockchain to conduct an attack. To understand these methods, first of all, it is necessary to consider another presumed characteristic of a blockchain: the immutability.

The immutability arises when the probability of an inversion of the transaction is almost impossible. The reason for this is the same reason that there are "confirmation times" or "confirmation numbers" before sellers consider a transaction to be valid. As mentioned by Nakamoto:

"To modify a past block, an attacker would have to redo the block job test and all the blocks after it and then recover and overcome the work of the honest nodes … the probability that a slower attacker will recover exponentially decreases as they are added the next blocks. "

Based on this fact, the possibility of a transaction being reversed by malicious actors, or by a simple possibility, decreases exponentially as more time passes and blocks are added to the chain.

Even under normal conditions, sometimes transactions are invalidated due to this process. If a group of miners finds the correct solution for Bitcoin algorithmand another group finds one immediately after, requires a tie-breaker (another block) to determine which chain is the canonical (true) version of Bitcoin. The block that is not chosen is then called "orphan", with those transactions considered invalid.

Once a transaction has had a sufficient number, with five to ten as a common number, of blocks extracted on it, the probabilities that it is reversed by pure chance become so infinitely small that it is considered immutable. Unless, of course, there is an attack.

How to conduct an attack

An attacker can conduct attacks in many different ways. The attacker could do it gradually, publishing blocks found and invalidating blocks (orphans) found by other honest miners.

The aggressor could also extract him privately. In this case, network users would assume that everything works as usual. Then, the miner suddenly goes online and publishes a long series of valid blocks and invalidates a large number of transactions (called reorganizations or reorg.), Replacing the old segment of the chain with the new segment of the attacker.

Profit from an attack

Through this process, an attacker could profit in several ways. The miner could conduct transactions on the honest chain while at the same time creating conflicting transactions on the attacker's secret chain. Once published, the miner may restore such transactions or send it to another party.

These attacks can be performed on a large scale against a cryptocurrency exchange. By depositing the coins in an exchange, the attacker could exchange risky currencies, such as Vertcoin, for another precious cryptocurrency.

So, by conducting an attack, they could reverse those transactions and defraud the participants on that bag, returning those coins to the attacker wallet. The attacker could repeat this process as long as the coins have value.

Or, the attacker could perform the same process over while extraction Blocks & voids & # 39; or blocks that do not contain transactions. This would also restore the funds to the attacker by invalidating the transactions conducted by the attacker on the honest chain. Invalidating the blocks found by other miners, the miner could earn all of it extraction rewards. In Bitcoin, this award is currently 12.5 BTC newly created.

Another way to profit is simply to undermine the usability of a competitor's blockchain. If a miner owns a BTC, he could benefit from the fact that the miner causes long delays in transactions and reverse operations on a competitor, such as BCH, which has less than 10 percent of the hashing Bitcoin power. These BCH owners could then exchange their holdings with the most reliable BTC, making sure that the holdings of this miner have value in value.

Centralization and ease of a 51% attack

The ease of a 51 percent attack is largely determined by the dollar cost of exceeding the total hash power of a network (in hardware and electricity). Another factor is how central a network is, which factors in the ease of collusion of miners.

On the Bitcoin network and other networks with ASIC hardware, extraction over time it naturally becomes more centralized. The process of creating advanced computer chips needed to efficiently extract involves significant research and development costs and requires billions of dollars of multi-million dollar production foundries.

Companies that create this hardware must decide whether to keep or sell these ASICs. Unlike other computer chip makers, such as Intel, AMD and Nvidia, it makes no sense to accumulate its products. However, in the case of extraction ASIC, every machine is practically a device to earn money.

This encourages these large companies to do their own extraction hardware, centralized extraction over time. Because these participants accumulate more hashing power, it becomes easier to conduct attacks on the network, as it requires fewer participants to collude.

Currently, 70-80 percent of Bitcoin extraction It is conducted in China, while the manufacture of extraction The hardware is also controlled by several Chinese companies such as Bitmain and Bitfury. In another article, CryptoSlate conducted its research and estimate that it would cost about $ 1.4 billion to organize a 51% attack on Bitcoin.

Bitcoin & # 39; s Safety

That said, even though these miners could accumulate 51% of the network hashing power, it would not make sense to attack Bitcoin (from the profit point of view) as long as Bitcoin remains the dominant cryptocurrency in terms of the number of miners that can advantageously draw from it.

Overall, the risk of a 51% attack is reduced to incentives. As long as the incentives of miners and users are aligned, a cryptocurrency will continue to remain safe. If such incentives are misaligned, chaos may occur.

tag