It seems very simple to me. The network would be controlled by custodians including exchanges and banks. And under an attack the network would be over: the malicious stakers can basically pay themselves and suffer no cost to continue the attack. Conversely with PoW there is a sustained huge expense to continue to perform an attack, and the PoW can be changed by a fork. I would never consider this to be acceptable. Not that ASICs run by China aren't currently an abysmal situation either, but that is only a problem because bitcoin has no privacy
But what does the attack get you? Sure you could mine empty blocks and double spend, but that would hardly be worth the investment. Besides, if payment processors detect the hashing rate doubling overnight they can simply require more confirmations.
If a nation state invested in permanently disabling bitcoin that would require a big investment in ASIC's, at which point I imagine a bitcoin fork would be introduced with a slightly different PoW, but that's just speculation.
> Let's say one day China had enough of Bitcoin, and used their essentially limitless resources to gain enough hashing power at will, to block transactions or rewrite them or what have you. Entirely plausible with Bitcoin
That's the Maginot Line attack, at Tim Swanson calls it. The more realistic attack is that China just hacks into five data centers and serves a warrant to another ten. An interesting property of the PoW incentive structure is that there is actually fairly little incentive to protect oneself against hacks, so I would not be surprised if it was fairly easy.
> By hacking enough organizations to take control of their nodes?
The key point in Stellar consensus is that even if enough nodes are hacked, then users can just stop trusting them and switch to other nodes, and so the network would "route around" the damage. With Bitcoin PoW, there's no way to exclude an attacker from participating; you have to accept their work just as much as everyone else's.
It is correct, but I'd add that the adversarial environment means that if 51% of miners were to collude to take some portion of the money, they'd rather collude to take all the money, which takes away the incentive for anyone to arrange a fork to do this, and if that were going to happen it would be happening all the time.
What would probably actually happen is that such a fork would be obviously illegitimate to users, exchanges, etc and people would use the unforked chain deliberately, and after some hash rate adjustment and delayed block times, the forked chain, even with 51% of the hash rate, would be close to valueless. Miners don't like mining valueless chuck e cheese tokens, so their hash power would return to the broadly accepted network.
This BTW demonstrates a security property of PoW that you don't get with PoS: you can't mine two networks with the same hash power, you have to pick one or the other. If bitcoin were a PoS system, validators could just stake both chains and make a riskless bet on the winning one, and even benefit from both.
Well, the security of Bitcoin == amount of transaction fees + block rewards. The cost to 51% attack the network is opportunity cost of mining valid transactions
So you either get secure wasteful bitcoin, or insecure bitcoin. Not really any other options with PoW
Controlling 51% of all staked ETH is enough to launch some attacks, but the cost of the attack is way way higher than in PoW. The gist of it is that the community can reach a new consensus in which the malicious majority staked funds simply don't exist anymore. This means any single attack costs a lot of money, and there's a well-known recovery process to negate the attack and penalize the attacker.
True, I do conflate the two. But the article was about hashrate, and you do need enormous hashrate to modify even one past block. Attacks of that kind are fairly unreasonable, even on the scale of the Chinese govt.
Would I be wrong to think that every miner (or at least every entity who is mining, not nessesarily every computer that is mining) would have a vested interest in running a full node as well? That would put control of the nodes in roughly the same hands as those who control the miners right?
1. Under PoW, a 51% attacker can continuously attack profitably. All the energy they expend gets returned as mining rewards just like normal, and they can potentially even (up to) double their rewards if they censor the other 49%. The only way to stop this aside from changing the PoW algorithm is to physically locate and seize the mining rigs.
2. Majority stakers can't change the rules of the system either.
While I mostly agree with you - it's easier said than done. How exactly are you going to buy $150 million (or whatever the needed amount is) of ASICs without being noticed? The government could obviously do it - but at least in the near future that sounds far fetched.
Like wise as soon as your attack is noticed your IP addresses would be blocked by the other clients preventing you from adding to the chain.
Edit: after looking more into the 51% attack IP blocking wont really solve it since it only would take a handful of unique IPs to pull off.
Edit2: Couldn't we prevent the double spend part of the 51% attack (or at least make it more like 90%) by doing 2 things:
1) Merchants would only accept bit coins that have been in the block chain at least 6 blocks ago (this already is the recommended case)
2) Nodes reject any blocks received if they receive it over an hour (6 blocks worth) past receiving the 'sister' block in the competing (true) chain. This would prevent an attacker from 'reversing history.' What would be the drawbacks to this?
Edit3: like wise we could stop the "prevent other people from making transactions" part of it (the only other part) by doing this:
They can literally stop the network though by perpetrating their own attacks. Even if the bitcoin network is perfectly secure to a subtle cyber attack in the vein of stuxnet, all the US or any major power would need to do is bring the mining power low enough that it can undermine the block chain through brute force.
Honestly seems more likely to be a tactic employed in China though due to the more top down nature of that country's power structure.
If a hypothetical criminal valued breaking bitcoin at a significantly higher amount than the profit derived from mining, then the criminal would just attack the network and win. Remember that I'm not describing the security of a PoW network, I'm describing energy consumption and only assuming that individual miners will not mine unprofitably.
No I agree you can't prove they are distributed, but I don't see the threat as realistic. I also think the only reason for someone to take a controlling stake and attack the network would be to kill Ethereum and make everyone lose confidence. Bitcoin is susceptible to the exact same attack, someone could build or buy enough mining power and cause a huge reorg to wreak havok.
I take your point that Bitcoin could more easily recover from this, as new mining hardware can be built by honest participants unlike tokens, but it would take too long. It would be too late to restore confidence at that point anyway.
I think both networks are resistant to the attack for the same reason, it's just too expensive. You could argue that Ethereum is actually more resistant, as buying tokens drives up the price. Bitcoin has the opposite economies of scale. The more chips an attacker produces, the better they get at making them, and the more cheaply they can amass hashrate.
Dormant POW could be as much of a benefit as it is a drawback.
If someone owns 10s of millions of dollars worth of miners that are temporarily turned off, do you think this entity would want an attack to succeed?
No. They'd want to protect their future investment in mining equipment. They might just turn that hashpower back in, if an attack was in progress, and take a temporary loss to fight off a temporary attack.
Even the threat of a big player coming in to prevent an attack would make the risk of attacking way to high.
We saw this happen recently when someone tried to attack the Bitcoin Cash network. Defending miners temporarily turned on their hashpower to stop any attacks. And it worked.
In spite of your condescension, I don't think you understand what a 51% attack is. You are confusing agreement on hard-forks with POW consensus in your defense of why Bitcoin is not vulnerable to a state mandated 51% attack from China.
Satoshi's brilliant solution to the Byzantine generals problem of consensus is proof of work, not "nodes decide what code to run" precisely because nodes are vulnerable to sybil attacks.
-How would these nodes know that the 51% attack history is bad?
-A proof of work change is a hard fork, and these take months to deploy properly according to core.
We call it a 51% attack an attack, but from the perspective of PoW it's always about the chain with the most work. Anyone is just as valid as anyone else to propose blocks. That's the point of Bitcoin: a way to always figure what the truth is, and make it as expensive as possible for people to attack/change this truth.
The only problem here is that PoW only knows one cost: hashing, and due to macro shifts in mining hardware this can sometimes go down a lot more than the value of a coin (which makes the cost of this attack worth it).
As soon as you start introducing measures to subvert this attack you are subverting either decentralization or stability. If you for example program clients to not accept reorgs deeper than 10 blocks (for example) you simply introduce new attack vectors that can split the network (into following different chains - which is even scarier than 51% attacks).
If every x blocks you snapshot the chain and force everyone to follow that snapshot you just centralized the chain, etc.
Call it economically improbable. Right now you could maybe get 51% with a 10-20 million dollar investement in ASICs. If you took control of the network and started forging transactions, bitcoin would no longer be useful and all those coins you stole wouldn't be worth very much.
EDIT: I vaguely remember the Linode hacker mention that a more reasonable attack possibility would be if you slipped an backdoor into the popular bitcoin client libraries, and then it could be used to steal.
Yes. Also, an attack would be fairly obvious and miners invested in the future of the blockchain (i.e. everyone using ASICS, which is everyone that matters) would increase their hashrate to mount a defense, increasing the cost by some hard-to-predict but significant amount.
Only if the attack is from the outside, which is not a requirement. It's not mutually exclusive.
The miners who control the bitcoin network are already centralized on a handful of organizations in China. If they colluded on this attack they would take over >51% of the network because, hey, they already own and operate most of that computing power you're eluding to.
Edit: There is also no evidence that the price would plummet from this, and given the history of theft, scams, forks, etc. involving bitcoin that do not drastically affect the price, I don't think it would either.
Would it not be easy for a state actor with a large amount of resorces be able to launch an attack on the network by providing most of the mining capacity for a short burst and effectively take control of the currency? I thought that was a thing.
If a handful of governments that control fabs agree Bitcoin has to go, the efficiency of ASIC mining becomes a big threat.
Governments can purchase large runs of ASICs while other mining will revert to GPU. Controlling 51% of the hash rate in this manner isn't as outlandish.
Further, you're not limited to double spend attacks. If you're the government with a decent advantage, you just treat your own chain as true and never accept blocks from other miners. The reward for mining will collapse, since even if you produce a valid block it'll not be on the longest chain once government miners catch up.
And once the reward for mining collapses you can probably even power down some of the ASICs.
There are counter measures, but combined with attacking the financial onramps and making possession criminal, it's hard for me to believe that BTC would survive an attack like this.
But of course, it's predicated on large governments agreeing it's worth seriously attacking. I don't know how likely that is.
reply