If there’s one structural flaw that could cause Bitcoin to collapse from within, it’s the network’s vulnerability to what’s called a “51 percent attack.”
Threat of a 51 percent attack was, up until very recently, a theoretical problem that would only come about if one entity came to control more than half of the computing power being used to mine Bitcoin. In theory, with the majority of the network’s computing power, an entity could double-spend Bitcoin and engage in what’s called “selfish mining,” a process that would allow it to mine a disproportionately large share of new Bitcoin blocks.
The threat of a 51 percent attack became very real for many Bitcoin owners this week, when the world’s largest Bitcoin mining pool, GHash.IO, flirted with, and may have even surpassed, 51 percent.
— Tim Swanson (@ofnumbers) June 13, 2014
Bitcoin communities on Reddit and the BitcoinTalk forum reacted to this news with much apprehension. Peter Todd, a prominent figure in the Bitcoin world, wrote a long post on Reddit titled “Why I just sold 50 percent of my bitcoins: GHash.IO,” which was upvoted to near the top of the Bitcoin subreddit.
“GHash.IO shows that the economic incentives behind Bitcoin are probably very flawed, it might take a disaster to get the consensus to fix it,” Todd wrote, “and if that happens, I want to make sure I can pay my rent and buy food while we’re fixing it.”
It’s important to note that no one is saying GHash.IO plans to carry out a 51 percent attack, but the group’s ability to do so is troubling to many.
While the Bitcoin community has long feared the 51 percent threat, those of us who aren’t seasoned Bitcoin users may not have heard about it until now. In the simplest terms possible, here’s how it works.
Currently, there are nearly 13 million bitcoins in existence, and about 25 new ones are added every 10 minutes through a process called mining. Of course, Bitcoin mining doesn’t involve a pickaxe and hardhat.
To mine Bitcoin, one just needs to run the Bitcoin software on a computer. As it’s typically explained, the computer will join all the other computers running the software in trying to solve a complex mathematical problem. Whichever computer solves the problem is rewarded with a “block,” currently worth 25 bitcoins. When enough of the other computers confirm that the solution is legitimate, the block is added to the Bitcoin’s public ledger, the blockchain, and the computers begin working on the next problem.
At this point, no ordinary computer is powerful enough to mine Bitcoin. It takes fantastic computing power to compete, the likes of which you can only get by a machine specifically designed for this type of task.
Even with a custom Bitcoin-mining machine, there is still much competition. Many miners have joined forces to form mining pools in hopes of being able to uncover blocks more regularly, then split the reward.
The 51 percent threat
The first and most apparent problem with a mining pool that has more than 51 percent of the computing power of the entire network (hashing power, as it’s also called) is the potential for double-spending. The people trying to mine Bitcoin are the same ones tasked with auditing the network by confirming Bitcoin transactions.
If you want to buy Bitcoin from me, first we settle on a price, then you ask the network to confirm that I haven’t already spent the Bitcoin I say I’m selling to you. When the network signs off on the confirmation, the transaction goes through and those who confirmed it receive a small transaction fee.
So, basically, an entity that controls most of the mining power also controls most of the auditing power. If it chooses to act maliciously, that entity could potentially spend the same Bitcoin twice.
In addition to allowing double-spending, a 51 percent entity could engage in what Bitcoin researchers call “selfish mining.”
A person’s or group’s ability to mine Bitcoin should be about proportional to the amount of computing power the person or group is contributing to the network. Once an entity controls 51 percent of the computing power, it’s possible for the entity to mine much more than 51 percent of new blocks of Bitcoin.
It works something like this:
All Bitcoin miners are trying to solve a sort of mathematical problem based on the most recently discovered block on the blockchain, which is called the lead block. Even though there are multiple solutions to each problem, the blockchain must remain as one long continuous entity. It can not be “forked.” Thus, the first discovered solution to each block is the one that the entire network decides to accept.
If two miners, let’s say you and I, discover separate solutions to the lead block’s problem and we both try to publish them to the blockchain at near the same time, the network ultimately determines which of us had the first solution.
It’s likely some miners will begin hashing on the block you discovered while others will hash on mine. Maybe 75 percent of the miners saw your solution first and began hashing on the block you discovered, but only 25 percent saw mine. In all likelihood those 75 percent will determine a solution to your block before the 25 percent determine a solution to mine.
Either way, when an acceptable solution is published for either of the blocks, that part of the chain becomes the longest and all miners resume hashing on the longest continuous chain.
A selfish miner looking to execute a 51 percent attack starts by solving that problem but not publishing the solution. While the rest of the network is still searching for that initial solution, the selfish miner begins working on the next problem.
If the selfish miner solves the second problem before the rest of the miners solve the first, the network is in deep trouble.
The selfish miner continues to secretly get as far ahead as possible. When the other miners eventually publish a solution to the initial problem, the selfish miners immediately publish their hidden solution causing a fork. Then, as the network goes to determine which solution came first, the selfish miners publish their second solution making their chain the longest and thus the most legitimate.
Not only that, but the selfish miners have a head start in hashing off the second published block. They might have already found the solution. They might be 20 blocks ahead and no one would know.
If this happens, honest Bitcoin miners have no chance to discover new blocks, and all the rewards go to the selfish miner.
Cornell researchers Emin Gün Sirer and Ittay Eyal have even argued that a selfish mining attack is possible with less than 50 percent of the network’s computing resources in a 2013 paper titled “Majority is not Enough: Bitcoin Mining is Vulnerable.”
At the time, it seemed implausible to many that a pool would ever grow to 51 percent. The Bitcoin community has historically been relatively good at self-policing, and a 51 percent pool would be bad for business because it would rattle everyone’s confidence in Bitcoin.
When we discovered selfish mining, we cautioned #bitcoin that pools could grow to 51%. Bitcoiners claimed “no one would do that.” Mwhaha.
— Emin Gün Sirer (@el33th4xor) June 13, 2014
Is this the end of Bitcoin?
This wouldn’t be a true Bitcoin story without talking about how Bitcoin could be doomed. In reality, Bitcoin has proved time and again that it is resilient, and it has overcome many obstacles.
Earlier this year, GHash.IO released a statement, saying it was “preventing accumulation of 51 percent of all hashing power.” That was when the pool controlled just over 40 percent of the hashing power.
“GHash.IO does not have any intentions to execute a 51 percent attack, as it will do serious damage to the Bitcoin community, of which we are part of,” the statement reads. “If something happened to Bitcoin as a whole, it could risk our investments in physical hardware, damage those who love Bitcoin and we see no benefit from having 51 percent stake in mining.”
GHash.IO has not replied to our inquiry as to its apparent change of heart. CryptoCoinsNews got in touch with Jeffrey Smith, the chief information officer of Cex.io, which is a cloud-based Bitcoin mining company that’s associated with GHash.IO. Smith said the following:
We understand that the Bitcoin community strongly reacts to GHash.IO’s percentage of the total hash rate. However, we would never do anything to harm the Bitcoin economy; we believe in it. We have invested all our effort, time and money into the development of the Bitcoin economy. We agree that mining should be decentralised, but you cannot blame GHash.IO for being the number one mining pool.
Not exactly a confidence-inspiring response, but the situation is not quite dire for the moment, as GHash.IO has dipped back down below 50 percent control of the network, according to this nifty tool that most view as somewhat accurate. Other estimates have GHash.IO at closer to 40 percent of the mining power.
It is possible, however, that some members left the pool to avoid shaking up the Bitcoin community’s confidence at a time when the value of the cryptocurrency has been trending upward.
One way or another, this appears to be an important crossroads for Bitcoin, and an issue so often-discussed that it seemed inevitable that it would one day come to pass.
In fact, the 51 percent attack is even something Bitcoin’s anonymous creator, Satoshi Nakamoto, foresaw and wrote about in Bitcoin’s now-famous founding document. Since there’s no more appropriate way to close a discussion on Bitcoin than with Nakamoto’s own words, here they are.
If a greedy attacker is able to assemble more CPU power than all the honest nodes, he would have to choose between using it to defraud people by stealing back his payments, or using it to generate new coins. He ought to find it more profitable to play by the rules, such rules that favour him with more new coins than everyone else combined, than to undermine the system and the validity of his own wealth.
Photo via antanacoins/Flickr (CC BY SA 2.0) | Remix by Jason Reed