|
|
|
|
|
|
by algo646464
1944 days ago
|
|
|
Ok that makes sense. But I wonder why doesn't this problem also arise in the current Proof-of-Work system. A sufficiently well-funded group, with about 20% hash-rate can try to extend the current head of the blockchain by 6 fake blocks at every time. If they succeed, i.e. all 6 fake blocks are mined before the real network mines 6 real blocks, then they can publish their parallel chain with the fake transactions and it would be longer than the real chain. This is equivalent to the expected number of coin tosses to get 6 consecutive heads, where the coin is heads with probability 1/5. Here, heads means that a fake block is mined before the corresponding real block is mined.
This number is less than 20000, which corresponds to about 6 months of time. This is expensive, but not infeasible. They just need to remain solvent until they succeed and then easily cover the costs. |
|
|
People often misunderstand it to be completely secure if no attacker has more than 50% hashrate.
In reality (and as described in the whitepaper), the 51% limit is described as the state where no number of confirmations is sufficient.
If an attacker has less than 50% hashpower, you can plug in some numbers like hashpower and cost of attack and come up with a number of confirmations that is likely to be secure.