Do you need to crack it if the government can be a majority hashrate of the miner pool? One need not crack it to control it. You'd be able to double spend, mine empty blocks, orphan blocks from other miners, etc. Just need to get to and sustain 51% of the hash pool.
But you are wrong, it would absolutely not work.
The only way to make sure no one has 51% and no one can simply get 51% (buy cloud computing for example) is if the 51% is more than what feasibly can be bought or it would at least need to cost more than what you could gain from a double spend.
Also its about hash power not number of miners, that's completely irrelevant. 100 or 1000 miners that means nothing.
If a handful of governments that control fabs agree Bitcoin has to go, the efficiency of ASIC mining becomes a big threat.
Governments can purchase large runs of ASICs while other mining will revert to GPU. Controlling 51% of the hash rate in this manner isn't as outlandish.
Further, you're not limited to double spend attacks. If you're the government with a decent advantage, you just treat your own chain as true and never accept blocks from other miners. The reward for mining will collapse, since even if you produce a valid block it'll not be on the longest chain once government miners catch up.
And once the reward for mining collapses you can probably even power down some of the ASICs.
There are counter measures, but combined with attacking the financial onramps and making possession criminal, it's hard for me to believe that BTC would survive an attack like this.
But of course, it's predicated on large governments agreeing it's worth seriously attacking. I don't know how likely that is.
Your statement doesn't work out, because even if a single official mining pool doesn't have >50% of the hash rate, a bunch of small mining pools could be secretly colluding, or even just a bunch of individual people.
If you have >51% of the mining power, you can overpower the rest of the network. Simply pick a block in the past and start mining from there, ignoring everyone else. With >51% of the hashrate you _will_ overcome the rest of the network and enforce your new chain.
They can do it in secret. Build a secret parallel chain while they transact, then release the chain after they've got their BTC.
And 51% is not "insane". It's absolutely tiny. As I said, _any_ of the large pools could do it, right now.
Owning >51% of the mining power for a sustained period would make it impossible to trust and presumably eventually wipe it out. The hashing power is frequently compared to small states, so a large state could presumably put together enough hashing power to sustain such an attack.
It works only if you convince most (in terms of hashing power) pools and mining operations to merge mine your coin. Otherwise 51% is obvious and simple.
> With enough political or legal pressure, you easily deploy a "51% attack" on the chain, and fork it as you like.
A 51% attack can do two things: Enable "double-spend" attacks - where the hash rate majority will ignore a block which was previoulsy mined and had a "confirmed" transaction, and instead mine from an older block which didn't have that transaction - but instead place a transaction paying themselves the money back. Anyone accepting payments over Bitcoin should use their common sense as to how many confirmations they should wait depending on the amount of money being transmitted. A 51% attack might eventually be able to write a chain longer than the current one, but it will take some time - and there is the chance that if it fails, the miner will have wasted his electricity costs.
The other attack a 51% hash power can perform is denial-of-service. They can ignore blocks containing transactions they do not want to include in the chain, and as long as they continue to mine the longer chain, those transactions will not succeed.
51% attacks can not change the rules of Bitcoin (although there are many people who wrongly believe this to be the case). If you try to change the rules, the rest of the network will reject your blocks and ignore you.
> what would stop a government from running the majority of blockchain nodes and gain consensus majority?
The costs, primarily. In the case that one party did accumulate a majority of hashing power, the network participants can agree to change the hashing algorithm to one which runs on commodity hardware. That would be many billions of dollars of specialized hardware equipment going down the drain, and will only make the system stronger by encouraging individual participation. Monero did this successfully, and plans to do it each 6 months to deter attempts to game their proof-of-work.
It would be possible to fork to create a higher limit with that hashpower. It would also be possible to have 51% without making it publicly known. But nobody needs to bother with that when they can just double spend.
The paper outlines two attacks that a hash rate majority can undertake: (1) double-spending; and (2) sabotage (force a decline in exchange rate).
But there is a far more benign and profitable attack: collect all of the block reward. No need to tell anybody, and no need to upset users by double-spending. Business as usual.
In other words, establish a benevolent mining monopoly:
The hash rate majority becomes an effective monopoly by censoring blocks from outside the cartel. The incentive is equal to half the block reward. If done properly and gradually, few users would notice. Nor would many care. Those who did would simply leave.
I suspect there's even a version of this attack in which a cartel makes public threats to censor blocks it disapproves of. This is, after all, what BIP-9 does:
Using this approach, a cartel may be able to leverage a hash rate below 50% to 100%.
There's some precedent for this with UASF. The hash rate of the group threatening to censor blocks there was quite small (certainly below 50%). Depending on who you talk to, the threat of block censorship by this group was enough to shut down segwit2x.
It’s always trivial to perform a 51% attack by forming a large mining pool. You don’t have to kick people out of China to do that. The only issue is convincing the miners to go against their economic interest.
China could have relatively easily done that previously but now it will probably be difficult for any one country to become that non-economic actor with both control of hash rate and the ability to coerce miners.
All that would accomplish is taking control of the revenue generated while they are in control. If the big mining centre is working with private keys that are unknown to the operators, then they would not be able to spend the coins previously mined. If they gain control of more than 51% of the hash rate in this way, they would be able to censor transactions or reorg the chain. That would still leave most of the blockchain in tact. A deep reorg might even get forked away from by the rest of the network, leaving them alone in a situation analogous to Ethereum Classic.
You're not trusting the miners, you're trusting a system that was designed so that one would need 51% of the mining power to perform an attack. While there is a worrisome level of centralization in mining, you are also trusting the economic incentive structure of the miners is sufficient for no one to coordinate a 51% attack given the current dynamics.
So what if you are incorrect? Is that what you mean to say?
What about double spending allows miners to control all future transactions afterwards? Double spending is of course undesirable but its hard to imagine its profitable to organize such an attack when it immediately begins burning money once word gets out, and if it didn't it would devalue the miners' own infrastructure when people lose faith in the currency.
You can dream up many a scheme where it can happen, and renting hash is certainly a problem down the road for many coins, but you're exaggerated presentation of the 51% attack is clearly flawed and stemming from your simple understanding how the network reaches consensus.
The biggest mining pools have known identities[1]. If some unknown group started mining and the hashrate jumped 50%, it would draw lots of attention. There's no way it could be done secretly. A more likely attack would be a government bribing or coercing a few of the biggest mining pools to manipulate their blocks.
BTC proponents don't want to admit it, but performing a 51% attack has never been difficult: just form a large mining pool. The only issue is convincing all those miners to go against their economic interest.
China could have relatively easily done that previously but now it will be more difficult for any one country to become that non-economic actor with both control over hash rate and the ability to coerce miners.
reply