Why adjust the stake instead of assume a fixed 32ETH minimum stake? I think we all agree that total_cost_to_attack_usd = stake_amount * usd_per_eth, if stake_amount is fixed, then the total cost increases proportional to usd_per_eth.
That’s not true, those are two different things. Requiring 100x the total number of possible stakers is 100x lower. Versus if the price increases 100x, that means the same number of possible stakers is possible, but it’s now 100x more expensive to do a 51% (or whatever the PoS % needed is) attack.
Indeed, this is true. I was also assuming you would be buying the ETH from other stakers (if not, you would need $8B in ETH at spot price) and that you as an attacker have the ability to make the network desynchronous (if not, you would actually need 1/2 the total stake rather than 1/3). These are just generous assumptions that give us a lower bound on how much money it would actually take to attack the network.
Controlling 51% of all staked ETH is enough to launch some attacks, but the cost of the attack is way way higher than in PoW. The gist of it is that the community can reach a new consensus in which the malicious majority staked funds simply don't exist anymore. This means any single attack costs a lot of money, and there's a well-known recovery process to negate the attack and penalize the attacker.
>The higher the price of Ether is, the harder it gets to loan enough ether to stake to attack the network.
On the other hand, the higher the price of Ether is, the higher the incentive to do so. The return on investment of an attack is independent of the price of Ether (assuming one can actually gain something from attacking a POS chain).
> The threat of a 51% attack still exists in proof-of-stake but it's even more risky for the attackers. To do so, you'd need to control 51% of the staked ETH. Not only is this a lot of money but it would probably cause ETH's value to drop. There's very little incentive to destroy the value of a currency you have a majority stake in. There are stronger incentives to keep the network secure and healthy.
The keypoint seems to be that if your attack fails your stake gets destroyed so besides the positive incentives (a good stable network working for all) this system also relies on punishing failed attacks.
Interesting site. Only thing I would change would be to find the attack cost based on block time. Ethereum has a block time of 15 seconds whereas Bitcoin has a block time of 10 minutes. This changes the amount of damage that can be done in a given amount of time.
> In a PoW system, the amount of work done must be proportional to the total value of all BTC (if not, it would make 51% attacks feasible).
I’m confused. Why must this be the case and how would it lead to a 51% attack if it were not?
I know the difficult goes up when the price goes up because more people are able to mine profitably and the system will automatically scale the difficulty to maintain the 1 block per 10 minutes rate, but I don’t understand what the difficultly being proportional to value has to do with 51% attacks being feasible.
> which makes the cost per attack $0.003. on the other hand, the PoW is much lower.
If your attacker isn't even paying for the resources they use, such as from botnets or borrowed, then your attack value has gone out of the window. If the indivdual attack is free to the attacker, then you're left with time. PoW guarantees a time value. If a single PoW is too cheap, then ask for more values.
This just seems like handwringing at the circularity of using stake (i.e. past transactions) to decide what blocks get validated (i.e. future transactions.) But it's wrong:
First, attackers would need to collude to control 51% of the staked coin on the network to double-spend. There's no disincentive to stake (you won't lose coin if you're acting honestly), so stakes should approach the market cap of ETH itself.
Second, even with a 51% attack you can't keep giving yourself money to solidify your stranglehold on the network. All you can do is double-spend, which doesn't help you raise your stake. And when your attack eventually fails, you're punished by losing your entire stake - wiping out 51% of ethereum.
Finally, the "healing" the author alluded to of ETH would still happen. If an attack were carried out, and somehow managed to persist, honest miners would fork ethereum and blacklist all the coins that went into the malicious stake, rendering it impossible to mount again.
Just because security is circular in a sense doesn't mean it's insecure.
Really surprised by the relatively low cost of attacking Bitcoin with 51% for one hour - claimed to be about $300k.
Is this number for real? I can think of many actors for whom this is just small change, and who might have incentive to break trust in the Bitcoin network by successfully performing such an attack.
> Is this number for real? I can think of many actors for whom this is just small change, and who might have incentive to break trust in the Bitcoin network by successfully performing such an attack.
Sorry if this is confusing - the attack cost is calculated based on the cost of hashing power from NiceHash * the global hash rate. If the 'NiceHash-able' column is <100%, NiceHash doesn't have enough hashing power to complete an attack (and thus the price is greyed out).
This page [0] has more details.
> Using the prices NiceHash lists for different algorithms we are able to calculate how much it would cost to rent enough hashing power to match the current network hashing power for an hour. Nicehash does not have enough hashing power for most larger coins, so we also calculated what percentage of the needed hashing power is available from Nicehash.
Note that this ignores the fact that large mining operations could easily switch coins to carry out attacks.
> e.g. any payment on ethereum that is more than $745 [1] is at risk at one block.
The attack cost is based on extrapolated hashing power rental costs from NiceHash. NiceHash has 4% of the necessary hashing power needed to carry out an attack on Ethereum, so you would not be able to complete an attack for this cost.
From the 'Learn More' page:
> Note that the attack cost does not include the block rewards that the miner will receive for mining. In some cases this can be quite significant, and reduce the attack cost by up to 80%.
I made this website a few months back, and the goal wasn't to show the cost to attack Bitcoin, Ethereum, etc - it actually shows the exact opposite - it would be incredibly hard to pull off an attack without buying a ton of equipment since there isn't enough hashing power available for rent.
The point was to show the large risk that smaller coins have to being attacked.
Would you agree that attacking Eth2's consensus requires a certain percentage [1] of total voting power? If so, then by extension, it requires a certain (somewhat different) percentage of the total Eth supply.
> The exchange rate from USD to ETH is irrelevant.
Unless the attacker already has a large enough portion of the Eth supply to execute an attack, they'll have to pay to acquire it.
[1] 1/3 voting power would theoretically let an attacker double spend by getting two conflicting forks committed; 2/3 would let them commit invalid and/or unavailable state.
I pointed this out elsewhere in this comment thread, but resurfacing here since it's perhaps not as clear as it should be: The attack cost is based on the the extrapolated cost of attacking the given coin based on the current hashing price on nicehash. If < 100% of the necessary hashing power is available via nicehash, it's greyed out, and the nicehash-able column shows a value of < 100%.
Another caveat: It's potentially cheaper to attack these coins than the number shown on this site since you receive block rewards from the time period when you attack a coin. In a lot of cases this will recover a majority of the money you spend on the attack. That said, this isn't guaranteed, and you are forced to put up this amount of money in order to carry out the attack.
reply