6

Let's say Alice has two CPUs, and Bob has only one. Let's assume Alice and Bob are the only miners in the Bitcoin network.

What will happen if Alice did the following:

  1. Calculate the nonce for the next block and send it occasionally.
  2. Whenever Bob solves and transmits a block, DON'T accept his block, but instead try to solve another block at the same height, and a successive block.
  3. When done calculating, send both blocks to the network. They should be accepted instead of Bob's transaction, and since you're 2 times speedier than Bob, in average you'll be able to prevent Bob from mining coins.

While this is a somewhat artificial example, I think that it might represent a real problem. A group of strong participants can prevent weaker players from mining, even if this group does not control the majority of CPU resources in the network.

Chris Moore
  • 14,825
  • 6
  • 66
  • 87
Elazar Leibovich
  • 393
  • 1
  • 7

3 Answers3

9

That is essentially a 51% attack. It is a very real, but unlikely threat to the Bitcoin network. Historically as it turns out, it is more lucrative to simply add more processing power to the network than fight it.

Community
  • 1
cbeast
  • 93
  • 3
  • It could happen without intention. If there are many strong players which calculate really fast, slower player would rarely be able to mine any coin. I didn't do the math, but I'm not sure you actually need 51% to make such an "attack" effective. – Elazar Leibovich Feb 19 '12 at 19:09
  • @ElazarLeibovich That's how it is at the moment. If you only have 1% of the hashing power, you only get to mine 1% of the blocks. But that's different than >50% of the network deliberately ignoring blocks from weaker miners. – Chris Moore Feb 20 '12 at 03:15
  • 3
    @ElazarLeibovich You actually need 51% to make such an attack effective. Otherwise, you lose more than you gain with this attack. If the rest of the network finds a block before you find a second block, you lose the first block you found. – David Schwartz Feb 20 '12 at 04:43
  • @DavidSchwartz you lose more bitcoins than you gain, but you can psychologically deter small players from mining, which would leave the mining fields to big and rich players only (say, with the resources to use special purpose hardware), setting an effective lower bound for CPU power to begin mining, leaving the mining field more centralize. – Elazar Leibovich Feb 20 '12 at 09:15
  • 2
    @ElazarLeibovich: mining already is exclusive to special purpose hardware, AFAIK mining with normal GPUs costs more in electricity than the bitcoins produced. – o0'. Feb 20 '12 at 09:35
  • 2
    @Lohoris: No, it doesn't. ATI series 5+ cards are still profitable to run and even to buy used (maybe not new), and that's probably were most of the network hashrate comes from. This is starting to change as special-purpose products are now entering the market. – Meni Rosenfeld Feb 20 '12 at 10:39
  • @ElazarLeibovich Mining is essentially a zero-sum game. The block reward is fixed and the block discovery rate is nearly fixed. Any strategy that causes one miner to lose more than they gain necessarily gives the other miners a better shot. It's hard to see how that would deter anyone. – David Schwartz Feb 20 '12 at 20:40
  • @DavidSchwartz As I see it, one miner may be willing to lose his rewards, to ensure that no client with less than X CPUs will mine. Similar to big company selling items below their net worth, so that competitors will move to other business. – Elazar Leibovich Feb 20 '12 at 20:44
  • @ElazarLeibovich It doesn't matter whether they're willing to do that or not, it just plain won't work. If the miner has less than 51%, this strategy is a net loss to him. So all it does is reduce the difficulty and ultimately increase everyone else's mining returns. If you mine a block and it doesn't wind up in the longest chain, it's no different than if you never mined the block at all, which is no different than if you weren't mining at all. – David Schwartz Feb 20 '12 at 20:48
7

This isn't something that can happen unintentionally. If everyone plays by the rules, someone who has x% of the hashrate will find x% of the blocks, no matter how small or large x is (of course, for very small x the variance will be substantial, but without any change in the expectation).

You can attempt a double spend even without having >50% hashrate, but the probability of success is small. The chance improves as your hashrate approaches 50%. What's special about >50% is that you are guaranteed eventual success, no matter how many blocks the receiver waits.

There's a little-known hashrate amplification attack (discussed here and here) that allows you to find more blocks than your hashrate normally allows, which doesn't require >50%. It still requires a relatively large hashrate, about 41%. For example, with 46% of the hashrate you can get 51.29% of the total blocks. For >50% hashrate you get 100% of the blocks.

Meni Rosenfeld
  • 19,700
  • 37
  • 70
  • 2
    Can you give a reference to the little known attack? – Elazar Leibovich Feb 20 '12 at 09:12
  • -1 for "little known attack" without any kind of link or reference. – o0'. Feb 20 '12 at 09:37
  • 1
    @Lohoris That was a bit harsh. Anyway I added a link. – Meni Rosenfeld Feb 20 '12 at 10:37
  • @MeniRosenfeld harsh? sorry, I just posted it as a fact, nothing personal. – o0'. Feb 20 '12 at 10:45
  • 1
    @Lohoris I meant that downvoting for this reason is harsh. – Meni Rosenfeld Feb 20 '12 at 10:49
  • @Lohoris - for the record, I agree. It deserves a comment, not a -1. – ripper234 Feb 20 '12 at 12:56
  • @MeniRosenfeld, yep, this is more or less what I had in mind. Note that those "Cartels" don't have to do that intentionally. It can be one strong player releasing two blocks at a time instead of one, for efficiency reasons, getting a similar result. What bothers me is, that it can cause the bitcoin network to be ruled by few big cartels, impenetrable by layman users, which will make more similar to banks-controlled economy than we want it to be. – Elazar Leibovich Feb 20 '12 at 13:03
  • I miss your point. I put the -1 because it lacked a source, now she added the source and I changed it to +1. That's how it is supposed to work. – o0'. Feb 20 '12 at 13:13
  • @Lohoris: We understand that, what we're trying to say is that my transgression was too minor to have deserved the initial downvote. 0 -> comment -> fix -> +1 would have been more appropriate than -1 -> comment -> fix -> +1. Anyway, I'm male. – Meni Rosenfeld Feb 20 '12 at 13:34
  • @MeniRosenfeld oh, sorry for the misunderstanding :) – o0'. Feb 20 '12 at 13:39
  • @ElazarLeibovich: Honest miners release blocks immediately, lest they risk losing the block's reward. The discussed effect isn't a result of randomly releasing two blocks at a time if they happened to be found quickly, it can only be a result of intentionally holding on to blocks and releasing them in strategic circumstances. – Meni Rosenfeld Feb 20 '12 at 13:41
1

It appears that some strongest players - e.g. manufacturers of ASIC devices - purposely give up their chance at monopoly in exchange for immediate profit (sell their devices to multiple customers) - precisely to increase the reliability of the network.

While the network is vulnerable to the "51% attack", its result will be an immediate, catastrophic and permanent crash of the bitcoin economy. All of the investment in hardware that let whoever did it achieve the 51% hashpower will be irrevocably lost - as they will be able to dominate the market for a worthless resource, compromised bitcoin being deprived of any value.

The big players understand it and willingly give up a part of their hashing power, simply to keep Bitcoin strong, reliable, and desired - keeping the prices up. That way they produce less but earn more simply because that unit is more valuable.

In other words, it is in best interest of anyone producing or owning a lot of bitcoin to keep the bitcoin network running smoothly = keep value of bitcoins they produce/have high. Bitcoin is a network of trust; break that trust and it loses all value.

Such an attack would be possible e.g. by a financial institution with a grudge against Bitcoin, or some government. It would be costly but its only returns would be in whatever profit destroying bitcoin entirely would bring. Any immediate profits of corrupting the transaction process would be relatively small, and very short-lived compared to the damages (including own hardware becoming worthless) - so it is in best interest of anyone holding any power capable of doing it not to do it - a powerful economic incentive against this.

SF.
  • 292
  • 1
  • 8