The bitcoin community has been critical for the past two days of the increasing hash rate of the biggest bitcoin mining pool Ghash which states that it is currently able to process 37.92 Ph/s leading to an estimation of 42% – 47% of the total network hashrate.
Ghash has not yet responded to requests for comments. However, in a press release issued in January 2014 to alleviate fears of 51% control of the total hashrate, Ghash, whose hashrate is stated to consist of approximately 45% BitFury ASIC based miners and 55% independent miners, publicly stated in clear terms that:
“GHash.IO does not have any intentions to execute a 51% attack… it could risk our investments in physical hardware and we see no benefit from having 51% stake in mining”.
Concerns however have been raised in response to suggestions that Ghash can be trusted even in the theoretical scenario that it gains 51% hashrate of the entire network. It is argued that although Ghash itself might not profit from such an attack, they might be coerced or bribed by government entities or entities which may see bitcoins as a competitor. The currently increasing hashrate share of Ghash therefore is seen as alarming by some, while others consider it to be a temporary blip due to numerous unpredictable factors.
How Big of a Problem is 51% Control of the Hashrate?
[dropcap size=small]I[/dropcap]f an entity controls 51% of the hashrate and has malevolent intentions, they would be able to perform three and only three actions. Firstly, they can double spend by spending twice an x sum of bitcoins that they currently hold even if the first spending transaction has 6 confirmations.
One way such a double spend attack could be carried out, as shown by other altcoin 51% attacks, is by the attacker creating a private blockchain from blocknumber N which does not broadcast to the wider network. The attacker would then spend the bitcoins by purchasing, selling or depositing in an exchange and wait for the required number of confirmations. Finally, the attacker would publish the private blockchain, thus effectively forking, at the blocknumber N transaction or just before, in the process invalidating Blocknumber N and all subsequent transactions.
A 51% attacker can further prevent some or all transactions from gaining any confirmations and they can prevent some or all other miners from mining any valid blocks. In some instances, such as Litecoin's recent brush with a pool controlling over 51% of the network hashrate, the issue is a manifestation of mining power centralisation.
Possible Defences against a 51% Attack
There are at least four lines of defence against a 51% attack. The number of confirmation requirements can be increased, the attacking entity can be boycotted or more drastically the attacking entity can theoretically itself be attacked via a Distributed Denial of service attack or there can be coding changes at the protocol level.
As the attacker has to wait for the transaction to be confirmed prior to carrying his double spend attack, an easy solution to the double spend problem would be to simply increase the number of confirmations before considering the transaction fully completed. BTC-e responded to a 51% attack on Feathercoin by increased their confirmation requirements to 100 blocks rather than the usual six. The Reddcoin merchants also increased their number of confirmations from 6 to 60 when Reddcoin was 51% double spend attacked.
The reason for this first line of defence is because although a 51% double spend attack will succeed 100% of the time, the required waiting time and the monetary expenses of a successful double spend increases with each confirmed transactions. The more the number of confirmations, the more blocks the attacker needs to “reverse” or “undue”. Thus the longer the required time and the more expensive to “catch up” and “overtake” the public ledger.
The effectiveness of this first line of defense however depends on the time frame of a fuller response to the attacker as theoretically he can reverse even very old transactions if he always maintains 51% control, but it is likely that any such control would only be temporary as these and other lines of defences are implemented. Increasing the number of confirmations therefore would be the fastest and easiest response to a 51% double spend attack.
This can be followed by a complete boycott of the attacking entity which might sufficiently decrease the hashing power to below 51%. Any such boycott is likely to be permanent regardless of the reasons or the causes of the attack. This line of defence therefore is explicit and acted upon during an attack, but also an implicit threat to any profit orientated entity.
If neither is successful, depending on the time frame of the attack and the effectiveness of any protocol level reaction, some have suggested that a DDos is possible on a theoretical level and have argued that it would be immediately effective in lowering the hash rate of the attacker or to slow them down. It has been estimated that there have been 3,000 DDoses of bitcoin entities, including numerous bitcoin pools such as BTCguild and Deepbit. This would only be a temporary defence however.
A fuller response to any such attack which would have the added long term benefit of strengthening the protocol against such attempts may be to tweak the code to add resistance or to fully neutralize a possible 51% attack. Gavin Anderssen, the Chief Scientist at the Bitcoin Foundation, has stated that while a 51% attack would be “bad”, it is “pretty easy to defend against” as rules would be quickly figured out to reject the attackers blocks by:
“Something like "ignore a longer chain orphaning the current best chain if the sum(priorities of transactions included in new chain) is much less than sum(priorities of transactions in the part of the current best chain that would be orphaned)" would mean a 51% attacker would have to have both lots of hashing power AND lots of old, high-priority bitcoins to keep up a transaction-denial-of-service attack. And they'd pretty quickly run out of old, high-priority bitcoins and would be forced to either include other people's transactions or have their chain rejected.”
On a practical level, no entity is likely to want to be seen as having more than 50% of the total computing power of the network. While they might temporarily inch close, they are likely to take drastic action to lower their hashrate as shown by Ghash's actions in January. Any other entity is likely to do the same to protect their investment in hardware as well as maintain their profit margins.
Control of 51% of the networks power therefore is concerning, but considering that core developers have stated that it is “pretty easy to defend against” a 51% attack, it seems to be a manageable event which, if it does happen, it would only be temporary, cause minimal damage or be fully neutralized if action is immediately taken and is only likely to further strengthen the protocol.
Last modified (UTC): June 8, 2014 8:38 PM