undefined | Better HN

0 pointspatio1112y ago0 comments

To be more explicit: if you have > 50% of the hashing power for a sustained period of time, you can with 100% probability dictate which transactions are accepted, which allows you to perform double-spend attacks essentially at will. [+]

If you control a significant percentage which is less than 50%, you can attempt to do this but it is both uncertain to work (on any given attempt) and costly if it fails. Note that you can take many bites at the apple if you're willing to suffer the opportunity cost, so if you have a sufficiently profitable transaction to cheat on, you'll come out ahead.

The most vulnerable players in the Bitcoin system currently are gambling sites, but in principle with sufficient hash power you can do this to anybody using Bitcoin. Gambling sites are particularly at risk because their intended behavior is swapping bitcoins for bitcoins very quickly, and if you can doublespend, you can swap bitcoins for bitcoins but then say "You know those bitcoins I sent you? Psych, I didn't have them, even though you thought I did." after you've been told that you lost a bet. If you win the bet, you simply don't rewrite history to invalidate your bet. Repeat as desired.

This is the planned and anticipated vulnerability in Bitcoin. Great news: it's rarely the planned and anticipated vulnerability that kills a system.

+ Double spend attacks are not the only attacks you can envision. For example, if you control 51% of hashing power for a month, you're capable of essentially invalidating all transactions globally in the past month, at a time of your choosing. Like, if an unrelated party Bob had been paid in bitcoin by his employer two weeks earlier, and Bob then attempted to transfer bitcoins to Mt. Gox to change into dollars, Bob's bitcoin client would suddenly tell him "Dude, you might remember that salary payment, but it never actually happened." and Mt. Gox would say "Umm, you don't have bitcoin to transfer in, what are you talking about?"

0 comments

4 comments · 1 top-level

X412y ago· 3 in thread

So even gambling sites use Bitcoin! That double-spend attack sounds so weird, I wonder why it's even possible. Why does Bitcoin trust the owner of larger amount of BTC (51%) more than those with less? I thought that trusting every client equally (less) would be a greater advantage, than trusting the largest group of clients. That part is hard to understand.

What would happen, if due to a war many of the datacenters on earth were destroyed and we would only have 1/4 of the computing capacity left. Would sending BTC become impossible, or is mining not possible then?

patio11OP12y ago

You should know that you don't understand enough about Bitcoin to reason about it [+], and before trusting my representations about it, you should know that I am approximately the most skeptical person about it in the entire tech community.

+ This phrasing is rather more robust than I'd prefer, but you're dangerously mistaken about something which many people will attempt to get you to equate with money.

The Bitcoin protocol does not trust owners of large amounts of bitcoins. An emergent behavior of the protocol is that it trusts people with large amounts of hash power over given periods of time. Why not trust every client equally? Because Satoshi believed that IP addresses were really easy to conjure up, and compute farms were really hard to conjure up, so a malicious actor could easily get a majority of the network if you were counting via IP addresses but it would be hard if you required computational proof of work.

This is one of the core engineering decisions in Bitcoin. One of the other ones is, to incentivize people to spend computational power on computations which have no utility the overwhelming majority of the time, periodically they're allowed by the protocol to claim bitcoins which are created from nothing. Every bitcoin in circulation first came into possession by someone who won a lottery with tickets basically bought by the expenditure of hash power.

Response to edit: In a war during which 75% of the world's datacenters are destroyed, the Internet collapses, Bitcoin dies along with many hundreds of millions of people, and cryptocurrency enthusiasts join Beanie Baby collectors in the long line of people who will not find their favorite hobbies treated well in a nuclear winter.

If you're answering purely as a math abstraction, though, the protocol will eventually self-correct by picking a new, lower block difficulty, with the goal being creating a new block approximately every ten minutes. The approximate upper bound on how long it would take to recalibrate if you lost 3/4th of the hashing power is plus or minus eight weeks. (I originally said "an hour", which is clearly in error.) During the interim, Bitcoin would be possible to transact in and mine but it would be slower than previously -- instead of it requiring about an hour to know that a given transaction was safe to rely on, it would require about four hours.

But again: Bitcoin is very much not robust against "the end of the world."

X412y ago

Thanks for the great and detailed answer patio11! Hope you have a great weekend =)

aestra12y ago

See the other posts in this thread for more technical details, it isn't the owner of the largest amount of bitcoins, it is the miners with the most amount of hashing power. See, miners are supposed to be decentralized to prevent double spending. When you mine in a pool, you are giving up your hashing power to a pool operator in exchange for a payout that is more regular. When that operator controls over half the bitcoin network, they become bitcoin God.

In theory everyone mines alone to prevent this, in practice, this isn't very feasible.

j / k navigate · click thread line to collapse