backtop


Print 9 comment(s) - last by The Von Matric.. on Jun 22 at 2:31 AM

Risk of double-spending at 51 percent continues to threaten three years after Deepbit nearly pulled it off

The media has been in a frenzy (see: The GuardianTechCrunch and Ars Technica) the last few weeks about "GHash.IO".  Associated with the digital cryptocurrency "Bitcoin" (BTC), the collective is among those responsible for seeding the market with bitcoins via proof of effort on cryptographic hashes.

I. The 51 Percent Attack -- Difficult, But Dangerous

What almost no one reported on or realized is the entire panic was identical to one almost three years ago when Deepbit, an early mining poll, gained a 49 percent market share back in July 2011.  The concern then was identical to now: that the most powerful miner would get access to 51 percent of the mining traffic (in terms of hash rate) and be able to abuse fundamental flaws in the Bitcoin's mathematical basis.

The concern is founded, in part, in reality.  As The Bitcoin Foundation (bitcoin.org) writes:

The block chain is a shared public ledger on which the entire Bitcoin network relies. All confirmed transactions are included in the block chain. This way, Bitcoin wallets can calculate their spendable balance and new transactions can be verified to be spending bitcoins that are actually owned by the spender. The integrity and the chronological order of the block chain are enforced with cryptography.

A transaction is a transfer of value between Bitcoin wallets that gets included in the block chain. Bitcoin wallets keep a secret piece of data called a private key or seed, which is used to sign transactions, providing a mathematical proof that they have come from the owner of the wallet. The signature also prevents the transaction from being altered by anybody once it has been issued. All transactions are broadcast between users and usually begin to be confirmed by the network in the following 10 minutes, through a process called mining.

Mining is a distributed consensus system that is used to confirm waiting transactions by including them in the block chain. It enforces a chronological order in the block chain, protects the neutrality of the network, and allows different computers to agree on the state of the system. To be confirmed, transactions must be packed in a block that fits very strict cryptographic rules that will be verified by the network. These rules prevent previous blocks from being modified because doing so would invalidate all following blocks. Mining also creates the equivalent of a competitive lottery that prevents any individual from easily adding new blocks consecutively in the block chain. This way, no individuals can control what is included in the block chain or replace parts of the block chain to roll back their own spends.

In other words, after the first bitcoins -- the so-called "Genesis block" mined by the possibly pseudonymous Satoshi Nakamoto back in 2009 -- mining since has been key to verify all transactions.

Bitcoin block chain
[Image Source: Bitcoin.org]

The problem is hinted at in the above text.  Miners pack logs of transactions into blocks on the chain.  During the process, they must also pack in the information about the previous blocks.  For any given block there's a random award of Bitcoins based on an inherent weighted lottery aspect based on your hash rate.  But what if they spent their own money and then posted it to the block chain?  This could be a problem if even someone controlled 10 percent of the market.

That's where the hash comes in.  After you pack the block you create a hash which describes its contents, along with previous transactions.  This provides a quick check to make sure your transaction is real, providing a scaling difficulty for mining, and continually logging Bitcoin's historic record so that if fraud occurs, it can be tracked down with great effort in extreme cases. If you packed a bad block in a fraud attempt, it would be detected by the consensus.

Bitcoin nodes
[Image Source: iunewind]

The problem is if one party controls even 50.1 percent of the mining market, they control the consensus.  Bitcoin fraud checking in the block chain is majority rule.  If someone or some group is the majority mining-wise, they can win the lottery roughly half the time, getting the ability to modify the blocks.  And since they control the consensus ("I AM THE LAW!" -- Judge Dredd), whatever they say goes.  And if their transactions are in that block they can remove them, confirm the bad block, and then double spend.  Or you could delete valid transactions to stifle fell miners.

Such efforts wouldn't exactly be invisible.  You could easily check if the minority's hashes were at odds with the majority miner's in a suspicious way and confirm your suspicions via inspecting the publicly broadcast set of transaction over the Bitcoin's global network.

II. GHash.IO Backs Down, Backs Reform

But they could still be highly dangerous and difficult to track down.  That's why it's a good thing that this time around -- as with Deepbit -- GHash.IO has backed off its path to a mining supermajority.

In a statement it writes:

Our investment, participation and highly motivated staff confirm it is our intention to help protect and grow the broad acceptance of bitcoin and categorically in no way harm or damage it. We never have and never will participate in any 51% attack or double spend against bitcoin.

What's interesting is that the media caught wind of this only around when that statement was posted.  Most media outlets missed that the real quasi-crisis occurred way back in Jan. 2014, when GHash.IO's pool hit around 45 percent of the hashing.

To placate its critics, a top GHash.IO miner, BitFury, has agreed to leave the pool, taking his large 1 PH/s stake with him.  And other Bitcoin fans took it upon themselves to self-police the currency, targeting GHash.IO's IPs with distributed denial of service attacks, further sinking its market share.

BlockChain market share

GHash.IO now "only" owns a third of the mining market.

At press time GHash.IO owns 33 percent of the market.

In the long term this somewhat misunderstood event and its 2011 predecessor have led some to suggest it's time to change Bitcoin so that one group can not change the consensus.

GHash.IO is open to the discussion, but warns against "hasty" solutions, such as antitrust rules to break up any pool that gets too big.  It comments:

In any market, competition and innovation drives growth and that is particularly true in an emerging and disruptive environment such as bitcoin. Successful and innovative companies cannot be expected to limit their growth or competitiveness as a direct result of their success.

At the same time, it admits that BitFury's departure is a poor solution at best as it does not provide a workable fix to the underlying issue.  It writes:

It also does not address the core issue only pushing the problem a few weeks or months down the road when another pool or perhaps GHash.IO again grows towards 51%.
 
Bitcoin's biggest miner is toeing the fence on the issue, arguing for a discussion that ensures that large miners and small ones alike are respected.  A roundtable discussion is expected on the issue (which GHash.IO supports) is to be held on the issue later this year, possibly at the July 10-11 CoinSummit Conference in London, UK.

If Bitcoin can survive U.S. government scrutiny and the self-proclaimed "King of Bitcoin" being outed as fraud with a long history of workplace misconduct, the currency can surely find a way to balance various parties' interests and survive.

After the debacle of Mt. Gox -- formerly Bitcoin's largest money trader -- becoming insolvent (which began in Nov.-Dec. 2013), filing for bankruptcy (Feb. 2013), and resorting to increasingly laughable attempts to prove its innocence (e.g. "finding" part of the lost/stolen Bitcoins), Bitcoin certainly suffered.  It fell from a market capitalization of more than $13.9B USD to around $5.1B USD after Mt. Gox's fraud.  That massive devaluation led more than one deeply invested fan, sadly, to take their own life.  Since then market has climbed back to between $7.5B and $8B USD, an impressive recovery, though.

Bitcoin market cap
Bitcoin's market cap has been on a rollercoaster ride since late last year.

While far from a stable or wise investment, it's not in as dire straits as misinformed commentaries might lead you to believe.

Sources: CoinDesk [1], [2], Bitcointalk.org [Deepfish discussion]



Comments     Threshold


This article is over a month old, voting and posting comments is disabled

No malicious intent
By The Von Matrices on 6/19/2014 7:18:12 PM , Rating: 4
I think it's worth noting that obtaining >50% of the hashrate is not dangerous in itself. You have to obtain >50% and want to attack the network. There are altcoins that receive >50% attacks throughout the day and continue to survive because the miner doesn't have malicious intent.

In all of Bitcoin's history, the only organizations that have approached or exceeded 50% of the network hashrate have been groups largely dependent on the network not being attacked. For example the BTC Guild came close in the past, but its fees are based entirely in Bitcoin; if the network goes down, BTC Guild's owner has lost all his earnings. GHash.IO has a different business model not dependent on fees, but it is still dependent on the block chain it mines being widely accepted, which it would lose should Bitcoin be attacked.

The real danger is that some governmental organization gains that >50% share because they actually have an incentive to take down the network and there's not very much that can be done to stop such an entity.

The bigggst looming issue for Bitcoin is not >50% attack but the 1MB per block transaction limit. Once that limit 1MB limit is reached, then transaction fees will increase (the same way as anything with limited supply increases in price to curb demand) and Bitcoin will no longer be low-fee alternative to conventional currencies like it is right now. The end of cheap transactions could kill the currency.




RE: No malicious intent
By mushkins on 6/20/2014 11:45:44 AM , Rating: 2
Forgive my ignorance here, but if the 51% attack is purely based on hashrate, and the real danger is an organization like the US government looking to take down the network, why can't the US government just spin up some of it's absolutely massive supercomputer infrastructure to dwarf the hashrates of all of these other organizations combine and immediately spam the network with fraudulent transactions, bringing bitcoin to its knees overnight?

I cant imagine people like Ghash.IO or BTC Guild having resources to come close to what the US government has in its closet.


RE: No malicious intent
By EricMartello on 6/20/2014 11:12:05 PM , Rating: 2
They probably could, but they won't because they realize how irrelevant bitcoins are and have been for some time.


RE: No malicious intent
By The Von Matrices on 6/21/2014 12:06:22 AM , Rating: 2
The FBI is auctioning off all the Bitcoins it seized from the Silk Road. If the US government wanted to manipulate the market, using those coins would be great way to do it. It seems like the US government isn't all that interested in manipulating Bitcoin.

Creating a huge farm of miners to take over the network isn't that simple either. You can't just repurpose a supercomputer since the Bitcoin network has a higher computational power than all the top 500 supercomputers combined. You would need to buy masses of ASICs and set up a giant datacenter, and I'm not sure that it could be done unnoticed.


How about several malicious miners?
By w8gaming on 6/20/2014 2:40:26 AM , Rating: 2
Several miners with fraud in mind, could work together to achieve the 51% attack even if each of them hold a smaller share, no?




RE: How about several malicious miners?
By snyper256 on 6/21/2014 11:20:01 PM , Rating: 2
That would definitely take millions of dollars worth of dedicated mining equipment at this point.

If a 51% attack were to occur, the blockchain would be split in two.

One of them would have no transactions on it (the new one created by the double spend), and one of them (the one which exists now) would have all the transactions from the beginning.

So, pretty much everyone would abandon the 'forked' blockchain and keep using the one with actual data. :)


By The Von Matrices on 6/22/2014 2:31:42 AM , Rating: 2
The problem with your reasoning is that the attackers who bought all the mining equipment could then just switch to attacking the fork that the community picked therefore creating another fork. The coin would fork so frequently it would create chaos as to which chain is the correct one, killing the coin.

The only way to stop a 51% attack at that point is to switch to an algorithm incompatible with the hardware the attackers purchased. This is a very risky proposition because the community has to come to a consensus as to what algorithm to switch to, some people would never upgrade (maintaining the old block chain as a competitor to the new one, limiting adoption), and everyone who invested in mining equipment for the old algorithm (not just the attackers) would lose their investment. It would be very difficult for the coin to recover from such a situation.


Now say after me:
By integr8d on 6/19/2014 5:40:30 PM , Rating: 2
Thou shalt not control more than 50% of the Bitcoin market.

There. Fixed. Next problem.




RE: Now say after me:
By Arkive on 6/20/2014 2:31:44 PM , Rating: 2
"Market" is not the term that should be used (not slamming you, the article did so as well). The risk is not owning >50% of the market, it's owning enough computing power to produce >50% of the mining traffic for a given period of time.


"If they're going to pirate somebody, we want it to be us rather than somebody else." -- Microsoft Business Group President Jeff Raikes














botimage
Copyright 2014 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki