tl;dr: younger coins have fewer miners, so they are more susceptible to 51% attack. In particular BCash has same hash function as BTC, so those BTC miners could easily switch into mining BCash, and so is even more at risk.
It also fails to account for the possibility that Bitcoin Cash becomes more valuable, and then Bitcoin is the "vulnerable" chain.
It also doesn't mention the name of the author, and the HN user who posted this was created two hours ago.
HNers should understand there is a huge political divide in the Bitcoin community right now on this very subject. Anonymous write-ups of known attack vectors framed as genuine warnings are nothing more than unsubstantiated fear, uncertainty, and doubt.
> Any interest in bitcoin cash changing it's algorithm?
I doubt it. One of the reasons BCH hardforked was so large mining pools could continue to take advantage of Asicboost, a patented approach to Bitcoin hashing that provides a 20-30% speedup.
Asicboost is essentially taking advantage of a flaw in the original Bitcoin algorithm which leads to slightly predictable hashes. Segwit fixed this problem, nullifying their patented advantage.
All of the vocal BCH supporters are involved with large sha256 mining pools. I think it's very unlikely that they'll elect to change algorthms.
And who would engage in this 51% attack? The miners?
The miners are one of the biggest groups that SUPPORT Bitcoin Cash, so I find it unlikely that they would spend millions attacking it.
Anyway. It matters not. The people that want Bitcoin to be a settlement layer are free to spend 50$ per transaction to use Bitcoin, and those of us who want to use it as an actual peer to peer electronic currency will use Bitcoin Cash.
Everyone wins. It doesn't really matter what is the "real" Bitcoin.
Anyone who's mining Bitcoin could switch to Bitcoin Cash and work to perform a 51% attack.
> BCash shares hashing algorithm with Bitcoin. That means any hashing power on the Bitcoin network can work on BCash network. And there is typically 10 times more miners mining on BTC, than on BCH because of the difference in the price and minning fees.
And which miner SPECIFICALLY would do that? There are only like 7 major mining pools. Which of those 7 do you think would do an attack?
The miners were the ones who helped create Bitcoin Cash. Why would they attack it?
The miners are the largest supporters of big blocks, so it make no sense that they would attack the thing that they helped launch.
Also, people don't seem to realize that it is already possible to do a ~20 percent selfish mining attack. And yet we don't see THAT happening...
These attacks aren't realistic in practice because it would be immediately obvious that something is happening, and the miners would lose all their money as Bitcoin crashes.
Is it possible it's already happened? I have no idea what the mining breakdown looks like - but I'd imagine it's only a couple players mining BCH. I'd think you could rewrite the chain at will pretty much.
Please re-read the post, because you don't understand.
The 51% attack is carried in secret. Noone has any way to know if it is happening until the longer chain is published. And after that, it's too late already. Someone could try to catch up with (not anymore secret) longest chain, but the damage has been done - the state of the network has already changed. Actually switching it back is only adding salt to the wound. Noone would trust that coin again anyway, and it is worthless to try to rescue it.
AntPool is busy mining Bitcoin, because it pays better:
A 51% attack only allows you to (1) censor transactions for a short time, and (2) double-spend. The first part is a mild nuisance. The second one can be retaliated against off-chain, which puts the attacker (who must be a large entity) at great risk in the real world.
I believe it means that the recipient of the double-spent transaction can sue you or send goons after you just like they would someone who defrauded them without using cryptocurrency.
If you do a double spend attack of any significance, the other party will notice. Unless you are doing something completely anonymous, the other party will also know who you are and be able to pursue other remedies (eg. sue you for fraud).
Bitcoin still succeeds in making double spend attacks expensive. If I am selling pizza's at $10 a piece, I am not going to go after someone for a double spend attack. Attackers know this and so would be more willing to engage in this type of attack, possibly often enough for me to drop the proposed system entirely.
If I am engaged in a $100,000 transaction, I would definitely be willing to sue you.
Not to mention the fact that a double spend attack still involves a large capital investment, greatly limiting the number of people capable of pulling it off.
How could you possibly sue someone for double spending on a blockchain? I don't get it, isn't the point of this blockchain stuff to be the wild west? What is the grounds for a lawsuit? Why would a 51% attack be illegal? "Code is law", right?
>I don't get it, isn't the point of this blockchain stuff to be the wild west?
I guarantee you no judge in the world is going to accept that interpretation.
>"Code is law", right?
From a legal perspective, obviously not, and given how well accepted the etherium hard fork was in the wake of the DOA smart contract being exploited, you can be pretty sure that a large percentage of the crypto-user population doesn't think so either.
Cardano is speaking out in favour of "code is law". Not sure what they do when faced with an actual catastrophy. There are others also taking this stance to some extend.
Anyway, Cardano is cool (Haskell, PoS, lots of papers published)
If I agree to buy $100,000 worth of bitcoin from you, and you take my money without giving me the bitcoins you engaged in fraud and are liable to be sued. The fact that you did this through a double spend attack demonstrates a clear intent to defraud me.
Yes. A 51% attack is a popular whipping boy. It's not as dangerous as it seems.
The price would tank, for sure. But your money won't be gone. And eventually when the attack dies down you'll get your wealth back.
However, it remains a very interesting way for governments to completely destroy Bitcoin. It's the only way, and they have to do it now before centralized, dedicated mining facilities come online. It would disrupt the price enough and scare away enough people that the threat BTC poses will vanish, at least for awhile. And that will discourage miners from setting up facilities, such that the governments can just beat them again if they have to.
But it's already almost impossible.
The difference is intent. It's not really much of a problem for a miner to have >51% share. They're there to make money. And Satoshi pointed out they'll probably just keep mining rather than devaluing their own wealth.
But an organized, worldwide governmental campaign against cryptos would be another matter.
> And eventually when the attack dies down you'll get your wealth back.
Here's the attack the author is describing:
block 42: exchange sends 1 BCH to foo
block 42: in secret, BTC meanies solve a different block 42
block 62: foo is comfortable believing the transaction is confirmed, so is the exchange
block 62: in secret, BTC meanies are now solving secret branch block 63, or possibly secret branch block 64/65/etc. depending on how much hashing power they have
block 123: foo and many others have made transactions, exchange has made many other transactions. Maybe some users transfered out dollars during this time.
block 123: BTC meanies reveal their branch, which is at block 130 or whatever, propagate it, and all the BCH nodes accept it as having the greatest total difficulty because that is the rule for how the protocol works
block 150: the once secret branch now has twenty confirmations, some of those blocks holding transactions from bona fide BCH users. Maybe the exchange halted trading at block 124 because something looked screwy. Maybe the exchange eats the cost of sending more BCH to the users whose coins "disappeared."
Or perhaps the BTC meanies keep their branch secret for several days.
The point is the appearance of the secret branch undermines faith that 20 confirmations is enough to confirm a transaction, and the users don't know how to judge what constitutes the canonical state of the blockchain.
Avoiding that kind of confusion was a stated goal of the Bitcoin whitepaper.
Hm... it occurs to me that such an attack could be even more insidious. I'll call it the "Robinhood Attack." The BTC meanies could begin hashing their secret branch and include all the transactions they see happening on the main chain. Then for each new secret block, they could send the block reward to a random recipient chosen from the transactions on the previous block.
When the BTC meanies finally reveal their alternate chain, it gets picked up and includes all the transactions, except the block rewards have now been moved from the miners to the speculators. :)
Sure, but that is still a costly one-time attack. It only affects those who transfer coins, not those who hold them. So if you're holding wealth, it will be safe.
It will certainly tank te price for a little bit, but the market will readjust based on the probability that it will happen again.
And the theory is that miners would need to choose between spending $180k to execute this attack for a couple hours, causing relatively little damage, or just mining BCH faster than anyone else, which would increase their real-world bottom line.
The only one to do this consistently would be a government, probably. It's hard to imagine someone willingly burning $200k mostly for lulz. But I suppose BTC millionaires have more than enough, if they wanted to.
Also, why was this article flagged? That's frustrating. It was technical and informative. I don't see a vouch button either.
The spectrum is really marvelous. It's amazing to see how many different kinds of people, with many different motivations, will waste their time on speculative crypto-coins.
I like the math and theory on this. But really why would someone who's making millions on the status quo risk tanking the market for a one time gain? Seems unlikely.
You don't have to risk anything. If the trend continues, at some point one would be able to rent the mining power required.
On top of it, if you are a small miner, and you can't afford capital investments required to keep up with latest mining hardware, while loosing market share, you can use your soon-osolete hardware to make a one last buck. A big buck this time.
At this point 5-10% of hash rate is a huge cost in mining hardware (maybe hundreds of millions). Also the hardware improvements already slowed down a lot. Antminer S9 is more than a year old. I wouldn't risk decreasing the BTC price by attacking BCH.
Any organization/individual/government who has enough money that they aren't interested in cashing out and is also interested in medium/large scale economic disruption.
China, Russia, UAE, USA, sci-fi terrorists, evil villains, illuminati etc. (I'm only mostly joking)
One possibility would be to keep up and coming competitor currencies from gaining a foothold. The big ASIC mining farms bitcoin has won't work with some of the smaller currencies. The organizations running them have a lot of money, and don't necessarily want to see competition from less centralized mining. Destroying trust in a currency by executing a double spend attack on it could be one way to prevent that.
Who is seriously going to try and execute a 51% attack? It would be so incredibly expensive, you would have to keep spending more as people added hash power to shut you out, and most importantly if your attack worked you would instantly undermine the security of the blockchain making all the currency you've stolen worthless!
I can't take any criticisms against Bitcoin Cash seriously when the authors knowingly refer to it as BCash. It's not just a shortening of the name, it's part of a concerted effort by detractors to distance the chain from the Bitcoin legacy.
Any author that purposefully uses the term BCash is, on the face, incapable of being objective because they're advertising that they're detractors already.
The Bitcoin Core (no on-chain scaling at any cost!) crowd asked the on-chain scaling fans to "fork off and leave". Now that the coin is doing very well in terms of market value and especially in growing merchant adoption, they're desperate to push the narrative that it's a scam or dangerous or can't be taken seriously. They know that if they can't destroy Bitcoin Cash now, it has a reasonable chance of eventually overtaking the legacy Bitcoin network in every important respect.
Again, this is a myth spread by people trying to tarnish Bitcoin Cash's image.
The truth is that the money can't be lost. If you have the Bitcoin Cash private keys for the deposit address, you have the Bitcoin Core private keys on the Core chain. All that happens is that someone accidentally receives Bitcoin Core instead of Cash.
A lot of newbies put everything on an online exchange and don't bother with handling private keys. I haven't found a single exchange yet where you control the private keys. The public keys on exchanges I've seen are different for Bitcoin Cash and Bitcoin. Also, can you imagine the end result of paying for a good or service that accepts Bitcoin with Bcash?
When the BTC-BCH split happend I didn't really understand what everybody was talking about transaction fees. So after BTC continued to rise the past months and we have transaction fees >20$ I understand what was discussed earlier this year.
I just wonder why the core devs were against increasing the blocksize. Yes, it would not have been a solution for the next 20 years, but at least it would have left the fees at a place where BTC was still suitable for the everyday use until other solutions could be established.
How does it increase centralization and why have miners more power than 5 years ago? (Just because the value increased? Do they have more influence to the community?)
I think they have valid arguments for keeping smaller blocks, but this FUD is getting ridiculous.
This very post has no new ideas, has no listed author, and is posted by a two hour old user account. It's not even about discussing what's best for Bitcoin any more.
There are many technical reasons, but I'll respond differently.
Bitcoin is not a business-coin. Bitcoin is an idea-coin. It was never about the price, the price is just a side-effect. For many early adopters and developers, Bitcoin is about changing the world. Not in a marketing bullshit-world, but in a real way. We really believe that the world would be a better place if we've put a stop to government and banks monopoly on controlling the money. You may disagree, and it's fine. We believe in it, and we want to have the most secure, uncensorable and attack-resistant value transferring network. If it takes $30 to pay to transfer on such network, so be it. Increasing the block size compromises on that property, so we are not willing to do it, even though it's painful for everyone. We will wait. We have credit cards, we PayPal, and we can use altcoins before we get there. The price will rise and fall, users will come and go. We held at $1, we held at $10, we held at $20k, and we will hold at $10 again if it's required. We will get our layer 2 solution and get both our uncensorable, government-resistant network and instant cheap micropayments. That's why most of us dumped BCH coins without thinking twice.
What most other coins are (not all!) is a business-coin. They are mostly pointless. Ethereum could be really a centralized smart-contracts platform run by Google or Amazon, and noone would care much. Actually, I believe that's how ETH is going to end. I believe Amazon engineers are working on it already. Because who cares about centralization or censorship resistance, if the main use case is breading virtual cats? No government will be interested in censoring that.
What BCash is, is a scam coin. It's all about ASICBOOST and Roger Ver's hurt pride. He would like to be a pope of Bitcoin, but noone really cares about him. Except for a talent for scamming people for his own gain, he is noone.
I couldn't agree more. I'll add, if you are interested in making money there are plenty of coin's, including BCash, to spend your time with. Go for it. But if you are interested in something beyond speculation, it's pretty hard to ignore the shady reputations and ecosystem of many of the most valuable blockchains. Dash written and rewritten to centralize everything to Evan. Ripple is basically the first ICO with all token being issued in the same manner. It's pretty surprising these issues don't matter to anyone. The only outlier really is Etherium. I think there should be both centralized and decentralized systems and Etherium fits the former well and with the least amount of scammyness in it's foundation.
While I'd agree that Ethereum was not created with an intent of scammyness, I wouldn't single it out as an outlier for good behavior. The dream of Ethereum was "code as law," yet key players have demonstrated the ability and willingness to implement hard forks in order to undo unpopular outcomes of valid Solidity code. So while I don't believe Ethereum was created with a scammy intent, I think it is certainly too premature for public release, and attempts to "fix" issues caused by this immaturity has let to some scammy behavior.
62 comments
[ 3.6 ms ] story [ 170 ms ] threadIt also doesn't mention the name of the author, and the HN user who posted this was created two hours ago.
HNers should understand there is a huge political divide in the Bitcoin community right now on this very subject. Anonymous write-ups of known attack vectors framed as genuine warnings are nothing more than unsubstantiated fear, uncertainty, and doubt.
Was the author just talking about hashrate switching? Any solutions for exchanges or merchants such as just increasing the confirmations required?
Any interest in bitcoin cash changing it's algorithm?
I doubt it. One of the reasons BCH hardforked was so large mining pools could continue to take advantage of Asicboost, a patented approach to Bitcoin hashing that provides a 20-30% speedup.
Asicboost is essentially taking advantage of a flaw in the original Bitcoin algorithm which leads to slightly predictable hashes. Segwit fixed this problem, nullifying their patented advantage.
All of the vocal BCH supporters are involved with large sha256 mining pools. I think it's very unlikely that they'll elect to change algorthms.
You failed inside of 3 paragraphs.
And who would engage in this 51% attack? The miners?
The miners are one of the biggest groups that SUPPORT Bitcoin Cash, so I find it unlikely that they would spend millions attacking it.
Anyway. It matters not. The people that want Bitcoin to be a settlement layer are free to spend 50$ per transaction to use Bitcoin, and those of us who want to use it as an actual peer to peer electronic currency will use Bitcoin Cash.
Everyone wins. It doesn't really matter what is the "real" Bitcoin.
> BCash shares hashing algorithm with Bitcoin. That means any hashing power on the Bitcoin network can work on BCash network. And there is typically 10 times more miners mining on BTC, than on BCH because of the difference in the price and minning fees.
The miners were the ones who helped create Bitcoin Cash. Why would they attack it?
The miners are the largest supporters of big blocks, so it make no sense that they would attack the thing that they helped launch.
Also, people don't seem to realize that it is already possible to do a ~20 percent selfish mining attack. And yet we don't see THAT happening...
These attacks aren't realistic in practice because it would be immediately obvious that something is happening, and the miners would lose all their money as Bitcoin crashes.
* a miner losing its share in the competitive game could make a one last money grab before its hardware is obsolete
* BCash backing miners losing confidence in success of BCH could just damage the whole space, for revenge or and profit
* complete outsider like an angry government could try to disrupt the space to ban all crypto or at least heavily regulate it / buy some time
http://bitcoinclashic.org/
The 51% attack is carried in secret. Noone has any way to know if it is happening until the longer chain is published. And after that, it's too late already. Someone could try to catch up with (not anymore secret) longest chain, but the damage has been done - the state of the network has already changed. Actually switching it back is only adding salt to the wound. Noone would trust that coin again anyway, and it is worthless to try to rescue it.
AntPool is busy mining Bitcoin, because it pays better:
https://blockchain.info/pools
so it can't constantly police BCash chain by over-provisioning it.
What do you mean?
What makes Bitcoin interesting is the fact that you don't have to resort to the legal system for final arbitration.
If I am engaged in a $100,000 transaction, I would definitely be willing to sue you.
Not to mention the fact that a double spend attack still involves a large capital investment, greatly limiting the number of people capable of pulling it off.
Not necessarily. Even in an "Code is law" society, there could be some code/law specifically addressing 51% double spending attacks.
I guarantee you no judge in the world is going to accept that interpretation.
>"Code is law", right?
From a legal perspective, obviously not, and given how well accepted the etherium hard fork was in the wake of the DOA smart contract being exploited, you can be pretty sure that a large percentage of the crypto-user population doesn't think so either.
Anyway, Cardano is cool (Haskell, PoS, lots of papers published)
If I agree to buy $100,000 worth of bitcoin from you, and you take my money without giving me the bitcoins you engaged in fraud and are liable to be sued. The fact that you did this through a double spend attack demonstrates a clear intent to defraud me.
The price would tank, for sure. But your money won't be gone. And eventually when the attack dies down you'll get your wealth back.
However, it remains a very interesting way for governments to completely destroy Bitcoin. It's the only way, and they have to do it now before centralized, dedicated mining facilities come online. It would disrupt the price enough and scare away enough people that the threat BTC poses will vanish, at least for awhile. And that will discourage miners from setting up facilities, such that the governments can just beat them again if they have to.
But it's already almost impossible.
The difference is intent. It's not really much of a problem for a miner to have >51% share. They're there to make money. And Satoshi pointed out they'll probably just keep mining rather than devaluing their own wealth.
But an organized, worldwide governmental campaign against cryptos would be another matter.
Here's the attack the author is describing:
block 42: exchange sends 1 BCH to foo
block 42: in secret, BTC meanies solve a different block 42
block 62: foo is comfortable believing the transaction is confirmed, so is the exchange
block 62: in secret, BTC meanies are now solving secret branch block 63, or possibly secret branch block 64/65/etc. depending on how much hashing power they have
block 123: foo and many others have made transactions, exchange has made many other transactions. Maybe some users transfered out dollars during this time.
block 123: BTC meanies reveal their branch, which is at block 130 or whatever, propagate it, and all the BCH nodes accept it as having the greatest total difficulty because that is the rule for how the protocol works
block 150: the once secret branch now has twenty confirmations, some of those blocks holding transactions from bona fide BCH users. Maybe the exchange halted trading at block 124 because something looked screwy. Maybe the exchange eats the cost of sending more BCH to the users whose coins "disappeared."
Or perhaps the BTC meanies keep their branch secret for several days.
The point is the appearance of the secret branch undermines faith that 20 confirmations is enough to confirm a transaction, and the users don't know how to judge what constitutes the canonical state of the blockchain.
Avoiding that kind of confusion was a stated goal of the Bitcoin whitepaper.
Hm... it occurs to me that such an attack could be even more insidious. I'll call it the "Robinhood Attack." The BTC meanies could begin hashing their secret branch and include all the transactions they see happening on the main chain. Then for each new secret block, they could send the block reward to a random recipient chosen from the transactions on the previous block.
When the BTC meanies finally reveal their alternate chain, it gets picked up and includes all the transactions, except the block rewards have now been moved from the miners to the speculators. :)
Edit: typo
It will certainly tank te price for a little bit, but the market will readjust based on the probability that it will happen again.
And the theory is that miners would need to choose between spending $180k to execute this attack for a couple hours, causing relatively little damage, or just mining BCH faster than anyone else, which would increase their real-world bottom line.
The only one to do this consistently would be a government, probably. It's hard to imagine someone willingly burning $200k mostly for lulz. But I suppose BTC millionaires have more than enough, if they wanted to.
Also, why was this article flagged? That's frustrating. It was technical and informative. I don't see a vouch button either.
I'm curious to, however, whether a 51% attack has ever been pulled off.
On top of it, if you are a small miner, and you can't afford capital investments required to keep up with latest mining hardware, while loosing market share, you can use your soon-osolete hardware to make a one last buck. A big buck this time.
China, Russia, UAE, USA, sci-fi terrorists, evil villains, illuminati etc. (I'm only mostly joking)
Any author that purposefully uses the term BCash is, on the face, incapable of being objective because they're advertising that they're detractors already.
The Bitcoin Core (no on-chain scaling at any cost!) crowd asked the on-chain scaling fans to "fork off and leave". Now that the coin is doing very well in terms of market value and especially in growing merchant adoption, they're desperate to push the narrative that it's a scam or dangerous or can't be taken seriously. They know that if they can't destroy Bitcoin Cash now, it has a reasonable chance of eventually overtaking the legacy Bitcoin network in every important respect.
The truth is that the money can't be lost. If you have the Bitcoin Cash private keys for the deposit address, you have the Bitcoin Core private keys on the Core chain. All that happens is that someone accidentally receives Bitcoin Core instead of Cash.
I just wonder why the core devs were against increasing the blocksize. Yes, it would not have been a solution for the next 20 years, but at least it would have left the fees at a place where BTC was still suitable for the everyday use until other solutions could be established.
Could you pleace elaborate on that?
This very post has no new ideas, has no listed author, and is posted by a two hour old user account. It's not even about discussing what's best for Bitcoin any more.
Bitcoin is not a business-coin. Bitcoin is an idea-coin. It was never about the price, the price is just a side-effect. For many early adopters and developers, Bitcoin is about changing the world. Not in a marketing bullshit-world, but in a real way. We really believe that the world would be a better place if we've put a stop to government and banks monopoly on controlling the money. You may disagree, and it's fine. We believe in it, and we want to have the most secure, uncensorable and attack-resistant value transferring network. If it takes $30 to pay to transfer on such network, so be it. Increasing the block size compromises on that property, so we are not willing to do it, even though it's painful for everyone. We will wait. We have credit cards, we PayPal, and we can use altcoins before we get there. The price will rise and fall, users will come and go. We held at $1, we held at $10, we held at $20k, and we will hold at $10 again if it's required. We will get our layer 2 solution and get both our uncensorable, government-resistant network and instant cheap micropayments. That's why most of us dumped BCH coins without thinking twice.
What most other coins are (not all!) is a business-coin. They are mostly pointless. Ethereum could be really a centralized smart-contracts platform run by Google or Amazon, and noone would care much. Actually, I believe that's how ETH is going to end. I believe Amazon engineers are working on it already. Because who cares about centralization or censorship resistance, if the main use case is breading virtual cats? No government will be interested in censoring that.
What BCash is, is a scam coin. It's all about ASICBOOST and Roger Ver's hurt pride. He would like to be a pope of Bitcoin, but noone really cares about him. Except for a talent for scamming people for his own gain, he is noone.