Update: Ghash.io has responded as expected. Two Cornell researchers that have been trying to poke holes in Bitcoin’s network security, Ittay Eyal and Emin Gün Sirer, have taken this opportunity to remind the Bitcoin community of many other theoretical attacks that can occur with a centralized Bitcoin mining network. In fact, many of the theoretical attacks described would arguably be more likely than a blatant 51% attack. However, any attack, no matter how subtle, could be detected on the blockchain and the Bitcoin community will react in their best interests.
Ghash.io is a Bitcoin mining pool that has been around for over a year. In the last year, Ghash.io has steadily grown a too-loyal backing of miners taking advantage of their large size and 0% fee structure. Ghash.io works alongside Cex.io, one of the first cloudhashing services to be adopted by the masses. Customers can buy Bitcoin mining contracts from Cex.io and receive mined bitcoins without having to worry about the hardware or software involved. Renting hardware in the form of contracts is an increasingly popular choice among “miners” who wish to reap all the benefits of mining without breaking a sweat. Miners use pools to smooth out their expected income: Mining with a large pool allows you to have relatively constant return in each difficulty period. Ghash.io has previously spoken on this matter at the beginning of the year when in the exact same situation:
“GHash.IO does not have any intentions to execute a 51% attack, as it will do serious damage to the Bitcoin community, of which we are part of. On the contrary, our plans are to expand the bitcoin community as well as utilise the hashing power to develop a greater bitcoin economic structure. If something happened to Bitcoin as a whole it could risk our investments in physical hardware, damage those who love Bitcoin and we see no benefit from having 51% stake in mining.”
[dropcap size=small]C[/dropcap]CN reached out to Ghash/Cex days ago and has just received a response from Jeffrey Smith, Cex.io’s Chief Information Officer, to a short interview:
CCN: What percentage of ghash.io’s hashing power is from cex.io? What percentage from other miners?
Jeffrey Smith: The hashing power of CEX.IO constitutes 25 percent of GHash.IO total hash rate. The rest are independent miners.
CCN: Also… how is the functionality for allowing cex users to point their hashing power elsewhere?
Jeffrey Smith: It is very hard to implement this functionality, since on CEX.IO we allow users to trade even small portions of GHS (e.g. 0.001 GHS), and these small amounts cannot be separately connected to other mining pools.
CCN: What has ghash.io learned from the last time this happened?
Jeffrey Smith: We understand that the Bitcoin community strongly reacts to GHash.IO’s percentage of the total hash rate. However, we would never do anything to harm the Bitcoin economy; we believe in it. We have invested all our effort, time and money into the development of the Bitcoin economy. We agree that mining should be decentralised, but you cannot blame GHash.IO for being the #1 mining pool.
CCN: What steps were put in place to ensure something like this didn’t happen again? (stop accepting miners when you guys are at 50%?)
Jeffrey Smith: <blank>
CCN: Which failsafes have been tripped in the last few days; what has ghash.io done in the last few days?
Jeffrey Smith: We strongly believe that Bitcoin mining should be decentralised. We have been working hard for the past several months to ensure decentralisation of Bitcoin mining. Soon we will present a valid solution to this issue.
CCN: What is ghash.io’s comfortable level for total percentage of network hashrate? It seems there might be some disconnect between your company’s vision and the community’s tolerance level.
Jeffrey Smith: The bitcoin community determines the comfortable level of the GHash.IO’s percentage. We aim to please our users and provide quality trading and mining environment, while maintaining stability and prosperity of the Bitcoin community.
In January, Ghash.io broached the 40% mark and the Bitcoin community responded in fantastic fashion, showcasing the power of the mobilized Bitcoin community. Before that, in April of 2013, BTC Guild also ended up with a large portion of the network hashrate. In the aftermath of Ghash.io’s January fiasco, Ghash.io put out a press release to reveal their own Mitigation Plan. Half a year ago, Ghash.io promised to allow Cex.io customers point their hashing power towards other pools to mitigate the blatant centralization of mining power under one pool: Ghash/Cex has yet to fulfill this basic promise. Given that 25% of Ghash.io’s hashing power (upwards of 10% of the total network hashrate) is from Cex.io, this functionality was Ghash.io’s answer to the risk of a theoretical 51% attack the last time this question came about. Technically, hardware rented from Cex.io, but pointed away from Ghash.io, would still ultimately be under the control of Ghash.io; however, it wouldn’t show up as such in our network pool charts.
BTC Guild’s operator, Eleuthria, espoused BTC Guild’s Mitigation Plan on the Bitcoin Forum, Reddit, and IRC. For the last year, BTC Guild has stayed true to its promise and BTC Guild’s pool speed has not risen over 50% of the total network hashrate. Eleuthria promised to raise fees by 50% to discourage new miners from joining the pool should BTC Guild’s percentage of network hashrate rise above 40%. Should it rise above 45%, BTC Guild would completely close off new registrations until the percentage of network hashrate dropped below 40%. BTC Guild released a proper mitigation plan that has worked to keep BTC Guild’s percentage of network hashrate at a manageable level for over a year. In stark contrast, Ghash.io’s mitigation plan has not had its desired effect because Ghash.io is unapologetic and has changed nothing despite repeated promises. Ghash.io has previously promised to never raise fees above 0%, which closes the door on that easy fix.
Thanks to CCN’s Scott Fargo for getting these quotes:
When asked about the dangers of mining pool centralization, BTC Guild operator Eleuthria had this to say:
I can say that the fear of pool centralization is pretty misplaced these days. The amount of privately controlled hash rate is massive, bigger than it has ever been. With the exception of a private miner that also runs a pool (like GHash.io), there is really no chance of any pool ever becoming 40%+ again.
In contrast, Nasty Mining’s OgNasty had this to say:
I don’t think typical Bitcoin miners realize the potentially disastrous consequences they are inviting by mining on large pools. There are too many possible scenarios to list that could result in one of the larger pools executing a successful attack on the network. By participating in centralized pool mining, Bitcoin miners themselves are unknowingly the greatest threat to the Bitcoin project. P2pool is a simple and effective decentralized mining solution to this combat this problem… any large portion of the network in the hands of a few is a risk. You can make the scenario that if the #2 goes down for maintenance and the #3 pool gets DOS’d by attackers, the #1 pool could then be able to perform a 51% attack while previously having much lower than 51% of the network. Many other scenarios exist as well, and while unlikely, it would be unwise to ignore the possibility.
Coinotron, a Litecoin mining pool, had over 51% of the Litecoin network hashrate by most metrics a few weeks ago: No 51% attack ever occurred. A large part of the general populace’s fixation with the theoretical 51% attack is its apparent feasibility. To those unversed in the economic incentive structure of Bitcoin mining, a single Bitcoin mining pool nearing 51% of the total network hashrate looks exactly like a centralized point of failure that could then successfully launch a double spend attack. People fear a successful double spend attack because it would signal loss of faith in the Bitcoin network as a whole. In reality, none of these points are anywhere near as true as mainstream media makes them out to be. With so called “selfish mining,” an attack attempt could occur with even less than 51% of the total network hashrate under centralized control. However, Bitcoin experts, Andreas Antonopoulos in particular, have been acting as a voice of reason to quell the sometimes misinformed fear.
Coinsider This video of Andreas Antonopoulos explaining the lack of a threat from 51% of the network hashrate being under the control of a single pool operator to the Los Angeles Bitcoin Meetup.
The community should realize that Ghash.io would never kill its golden goose by attempting a double spend. Even if Ghash.io were taken over or nationalized by an irrational and malicious actor, the Bitcoin community can and will still react to preserve the network. The 51% attack has become somewhat of a Bitcoin Boogeyman. In reality, the 51% attack is not the worst thing that could happen with centralization of mining power: Centralization is the worst thing in and of itself. Though the pool operator has every incentive to play by the rules, letting one Bitcoin mining pool have too much of the total network hashrate is implicitly allowing for unnecessary risk. As such, CCN recommends that readers use a P2pool, like Ognasty and nonnakip of NastyMining and NastyFans have set up.
Ittay Eyal and Emin Gün Sirer have taken this opportunity to remind the Bitcoin community of all the other theoretical attacks that can occur with a centralised Bitcoin mining network.
View our message to Ghash.io Bitcoin miners here.
Last modified: June 17, 2014 00:11 UTC