Hacker News new | ask | show | jobs
by michaeltoth 4357 days ago
Not really.

For an attack to be possible, the attacker needs to generate an alternate blockchain faster than the honest blockchain. This problem can be thought of as a binomial distribution where the "success" is the honest blockchain mining a block and extending its lead by a block and the "failure" is the attacking chain being extended by one, reducing the gap by 1 block.

p = probability of honest blockchain extension by 1 block q = 1 - p = probability the attacker extends by 1 block

If p <= q, the probability of the attacker catching up at some point in time is 1. This is what makes a 51% attack possible.

If p > q, the probability of the attacker catching up is (q/p)^z where z is the number of blocks behind at the beginning of the attack.

There is a reasonable possibility for small values of z (small number of blocks behind), that 40% control would allow for the creation of an alternate blockchain longer than the honest chain, but this is mitigated by the fact that transactions require confirmations, which extends the number of blocks and makes the likelihood of an attack very unlikely.
2 comments
sp332 4357 days ago
51% attack is not the only kind of attack. A "selfish mining" attack can break the system too. http://hackingdistributed.com/2013/11/04/bitcoin-is-broken/ Here's the paper http://arxiv.org/abs/1311.0243
link
michaeltoth 4357 days ago
Thanks for the articles. I recall reading about this last year when the paper was published, but I had since forgotten about this form of attack. This is definitely interesting.
link
nullc 4357 days ago
While the factual you said we're true, they aren't anywhere near as useful as just linking to a calculator— http://people.xiph.org/~greg/attack_success.html

I don't agree with your conclusions though— at 40% a determined attacker reorgs 6 confirmations with a 50% success rate. Many users don't wait even six.

Consider, even with 20%— thats analogous to having five parties 'signing' blocks— a result which is less decentralized than a fair amount of traditional financial systems. (The comparison is better than it would be with other pools because ghash primarily physically controls their own infrastructure).

Even though this is all quite concerning, Bitcoin is very dynamic— the current state isn't something that will last, one way or another.

link