Hello, friends, readers, Sovryn community members. This article serves as a bookend to the first block of knowledge offered by the Dojo. In previous parts, we covered the fundamentals of the Proof of Work algorithm, the responsibilities of miners, hashes, and hashing functions. In this episode, we will cover two potential risks of PoW blockchains that are related but are frequently misrepresented. 1) The fraud, which allows an attacker to spend their funds and then use the 51% attack to spend those same funds again by reverting the first transaction from the history on-chain. double-spend 2) The does not aim to attack users on exchanges or an exchange, but instead attacks the chain itself. In this method, the attacker tries to mine a block faster than the rest of the blockchain network to revert their transaction history. If they succeed in this private mining and add a block with fake history on the chain, they have won. Thanks to the rule of using the longest (difficulty-wise) chain used in PoW, the blockchain consensus must accept this tainted block, which allows the attacker to erase the log of their original transaction to keep the money they already spent. 51% attack A ”Double-spend fraud” utilizes the “51% Attack” as a method of reverting the history of the blockchain. This commonly known attack combination is an ever present risk in the Blockchain industry, which may threaten the integrity of a cryptocurrency system. The purpose of this article is to shed some light on the matter for those who don't think of themselves as blockchain experts, but want to get better acquainted with this issue. A blockchain re-organization is a process that can be done without 51% or more hashing power, so why do we care if the attacker has access to 51% of it? What is special about having 51% of hashing power is that the reorganization (assuming the attacker starts from the chain tip) will always succeed, whereas with less than 51% of hashing power they only have a minor probability of succeeding. A blockchain re-organization: Mentioning this type of attack in a series of articles about Bitcoin, where the 51% attack has never happened (that we know of), can create doubts. However, this article aims to enhance your know-how and provide you with a complete picture of PoW by showing an attack method developed against this consensus algorithm. Even though we don't have a record of the Bitcoin blockchain being “51’d”, we do have some records of a double-spend fraud on other chains: GHash.IO and double-spending against BetCoin Dice Peter Todd on Twitter The 51% attack has never occurred on the Bitcoin blockchain in its entire history, but it has happened several times with other PoW blockchains between 2016 and 2018. Similar to Sybil attacks from the previous chapter, PoW’s energy requirements make the 51% attack economically unfeasible in reality and almost impossible on the Bitcoin blockchain, since: The attack becomes less and less feasible as new blocks are confirmed. But, If an attacker has >50% of the hashrate and wants to double-spend a tx in block n, then they can fork the chain at block n and secretly build an alternate chain that is guaranteed to be longer than the mainchain (since the attacker can mine slightly faster than the rest of the network). So they could reorganize an arbitrary number of blocks after block n as long as they maintain >50% hashrate. A recommendation of waiting for at least six confirmations on the Bitcoin network after a transaction is sent makes it difficult (and more difficult the higher the network's difficulty is) to reorganize the history of blockchain after these six additional confirmations. These six transactions are just an arbitrary number or a rule of thumb suggested since the early days of Bitcoin. The correct answer here would be waiting for a proportional number of confirmations based on a current mining difficulty corresponding to the value of the transaction you're receiving. To better understand the steps involved in a 51% attack, let’s look at an example from the world outside of blockchain - in particular, one where you could double-spend your money (but probably end up in jail afterwards!). Non-blockchain example If you are old enough to remember the days before electronic credit card systems, you may recall the manual, hand-operated credit card press, used to make a carbon copy of your card information when you paid with your card in a store. The store would mail off the copy to Visa, Mastercard, or whoever issued the card, and they would deduct the paid sum from your account and pay the store. Imagine going into a shop today that is still using one of these machines. Your debit card has $1,000 on it, and you buy a new watch for $1,000. The store gives you the watch and uses the machine to get a copy of your card, in order to get their money from the card issuer. Then, you walk into a jewelry shop next door and buy another watch for $1,000, except this time, they have the electronic machine that we are all used to today. You buy the watch, they swipe your card and get your $1,000 right away. Now you have two watches, and you spent the same $1,000 twice! By the time the first store tries to get their money, it's already gone! Watch the following clip to get an idea: https://www.youtube.com/watch?v=a7wutgAlNHk The vulnerability of blockchain The video above is a good example of a double spend, but a 51% attack is something different, though not unrelated. Think about a 51% attack like this: “You have a voting contest consisting of 100 voters and you bribe 51 of them. You can now control the result of the vote using your majority control.” Now, let's look at this problem from a Blockchain perspective. I will use a quote from an article I have found to be very educational and well written. The author of this piece is Coinmonks and you can read . the full length article here “Let’s say I spend 10 bitcoin on a luxurious car. The car gets delivered a few days later, and my bitcoins are transferred from me to the car company. By performing a 51% attack on the Bitcoin blockchain, I can now try to reverse this Bitcoin transfer. If I succeed, I will possess both the luxurious car and my Bitcoins, allowing me to spend those Bitcoins again.” This example abuses blockchain’s design philosophy. Blockchain’s brilliance comes from its decentralized nature that is reached by mathematical consensus, where multiple people verify a transaction. If it is legitimate, the consensus will accept it and will treat it as a lawful history on the public chain. However, on any PoW-based blockchain, it only takes 51% to form the majority. As such, illegal transactions and fraudulent activity may be possible on smaller blockchains, where achieving the majority is realistically viable. The key element here is the democratic aspect of the blockchain, where most miners need to agree with a particular state of the network. By doing this, they can define what the truth is and what is not. This happens thanks to the full blockchain nodes, which define what is "legit" by setting the consensus rules. And under these rules, two or more competing versions of the chain can potentially be "legit." But according to the "difficulty-wise longest valid chain" rule, only one chain can be the most legit. This consensus statement lays down the fundamentals for the follow-up question that miners are helping to answer by mining on one chain instead of another: "Of all existing valid chains, which one should the users' full nodes follow?" But what if this majority is a single big entity with the advantage of having more computation power or having a majority of votes, at least temporarily, and they use their power for malicious activity? The 51% Attack A 51% attack is a possible attack on a blockchain when somebody obtains more than 51% of all hashing power (hashing is used for mining). If somebody has more than 51% of this power, they can mine much faster than anybody else, and that provides an advantage in a “cheat race". If a scammer is mining faster, they will also be faster than their competitors in finding a solution that leads to another block being mined and added to the current state, thus creating the “longest” chain. This will make their chain longer and the network will, by design, (keeping with the rule of the longest chain) need to accept their chain (which includes the not valid block) as the final result. Basically, if there is a conflict on the blockchain, the network will always use the longest and the most difficult chain to mine as “the right one” to accept, and since the attacker has more hashing power, the rest just can't win. That's unfortunately bad in this case, but that's how this tech works. But how can somebody get that much hashing power? It can be a whole community or a few people with many resources. The intention of the attacker is to perform a “double-spend” using their money and to cover their tracks with a 51% attack. This means that an attacker uses their own cryptocurrency for purchasing goods or services. These transactions are added and visible on the public network. Meanwhile, they will mine their own private version of those blocks, where those transactions never happened and will attempt to swap those two elements (change the history of the transactions that happened on the public chain). What the attackers do is that they mine a longer valid chain in private (not peered with the rest of the network). That is only possible if they control more than half the hash power and then use it to their advantage. Then, they “cheat” on the blockchain, with the intention to double-spend tokens that belong to the attacked chain. Effectively, the attacker mines new blocks but does not announce it to the other 49% of the network. Therefore, the others don't know that the alternate version of the blockchain exists and is ready to rear its ugly head. When attackers want to make their attempt on a 51% attack, they usually mine with a higher hash rate on a particular node that is not attached to the network. When they get ahead a little bit against other nodes, they switch the connection from the node of their private chain to the network of the public one. Then, the following can happen: The network uses the longest possible chain. The consensus will approve it as valid, and a 51% attack is here in its full glory. The target is usually a blockchain that uses a PoW consensus algorithm. A crypto-asset exchange cannot solve this problem for a particular attacked project. This is not a responsibility of any exchange, but a quick reaction and cooperation is a critical aspect of getting things in the original order. Final example Imagine that we have a public chain. Every block in this chain has its own name. We will use capital letters like A, B, C, D, and so on. Then, we will have our attacker, who is a really big miner and is in possession of more than 51% of the hash rate. They are trying to scam this public chain by changing the history of the original public chain. They will use the vast hashing power at their disposal, as well as their own private version of the public chain. We will call that private chain with lower-case letters: a,b,c,d. We know that the attacker has more hashing power at the moment and wants to use it for validating a new block faster than the miners of the public chain. Since the attacker has more potential, there is a higher possibility that they will guess the right (unique number) that will allow them to add another new block to their private chain while public chain miners are still mining a previous block. nonce The situation goes like this: 1) The public chain is A+B+C+D; 2) The fraudulent private version of that public chain is also a+b+c+d; 3) Now we are in the race for the block (or " " in the case of the attacker). Who do you think will have a higher probability of adding a new block to the chain in a shorter time frame? E e Yes, the attacker. They might have to spend a lot of money, electricity, space, and time to do this, but right now, they are in possession of higher hashing power, and are basically running this race on steroids. When the attacker successfully validates a new block and adds this block to their chain, they will get an a+b+c+d+ chain while miners of the public chain are still mining that block, which the scammer already has. e E 4) The attacker then switches their connection and adds their private blockchain to the public network. Now, the Network will accept the longest chain (a chain with the highest block height), which is the chain A+B+C+D+ . As a consequence, miners of the original public chain will have to end mining block and need to accept the A+B+C+D+ state of the chain, and continue their work on this chain. e E e 5) Now back to double-spending. Imagine that the attacker uses their coins for purchasing goods. They spent their coins in block C on the public chain, but on the private chain that they were mining in private, they are still in possession of all their coins. Their private chain doesn't have any marks of them spending money. When they do this manipulation with the help of higher hashing power, they change the history of the original public chain, which is now A+B+ . c+d+e When they take a look at their wallet after the new block is added, they will see the full original unchanged balance they had before purchasing any goods, even though the goods are already on their way to the scammer’s door. The attacker just performed a double-spend thanks to the 51% attack. Coda 51% attacks are the biggest known security issue with Bitcoin and other Proof-of-Work blockchains. That being said, the more hash power devoted to a chain, the more secure it is, while smaller chains could easily be taken over by a small proportion of miners switching from a large chain like Bitcoin or Ethereum to a chain with much less hash power. However, these attacks are mostly prevented by two things: firstly, that large mining pools abide by rules they’ve set themselves to not grow too large, and secondly, a 51% attack can have a serious economic impact on a coin, so why would a large miner risk it when it usually means drastically hurting the price of a coin, and in the case of ASIC-mined coins, hurting the value of their mining hardware too! In the end, you must remember that behind all of the algorithms and hardware, there are still humans controlling everything with their own economic incentives and desires. If a successful 51% attack were to facilitate a double-spend on the Bitcoin network, for example, the value per bitcoin would decrease drastically, meaning the attacker's funds and mining hardware would also decrease in value - a meaningless financial incentive for an attacker to attempt a double-spend in the first place. Keep in mind that attacks like this are extremely hard and expensive to perform, and almost every year somebody discovers an improvement or a new idea on how to make fraudulent activity like this almost impossible. After all, no matter how brilliant an idea you have, somebody can always find a little loophole in your security and is able to use it to their advantage. Congratulations. You made the fourth step in becoming a blockchain expert. Further reading What everyone gets wrong about 51% attacks - by Dankrad Feist Have you enjoyed reading this episode? Head over to the Sovryn Dojo database full of technological episodes about blockchain technology, written in plain English with the aim to foster basic knowledge in blockchain newcomers. See You in the next episodes about the What is that Fork for? Until then, stay Sovryn! Part 1: Determinism Part 2: "Mining", "Miners", and the Proof of Work Algorithm Part 3: Hashing Functions Part 4: The 51% Attack Part 5: Why do blockchains forks? Part 6: What is a Blockchain Transaction? Part 7: What is Inside A Bitcoin Block? Part 8: Blockchain Contracts - Go Beyond Smart... Part 9: Blockchain Around the Worl d Mickey Maler Sovryn Wiki
