Satoshi planned for this 51% mining attack problem, and so far we're ok.
His premise was that if a miner ever grew so large as to be capable of performing a 51% attack, that they would have so much wealth invested in the Bitcoin network that they would never dare try anything.
The Bitcoin network is GHash's golden egg laying goose.
The Bitcoin network is entirely safe in GHash's hands imho.
The only real worry comes in when the 51% miner is a bad actor.
>at 35% hashpower and 3 confirmations, this means that GHash can currently steal altcoins from an altcoin exchange with 15.6% success probability – once in every six tries.
Yes, but come on. They never would. Would Bill Gates jump into an active volcano to pick up a penny? Even if he had a 15.6% of picking up that penny without dying a fiery death?
>So what if, for the sake of example, GHash gets over 51% again and starts launching 51% attacks (or, perhaps, even starts launching attacks against altcoin exchanges at 40%)? What happens then?
I'll bite. The ~75% of GHash's mining power that is being pointed at GHash by regular Bitcoin ASIC miners who are enjoying their 0% fees and merged mining drops off overnight. Their domain names are DDOSd at a record breaking level for weeks on end, and every other pool adopts a modified bitcoind that hard-forks (erases) any damange GHash might have caused.
GHash is left with a few thousand nearly worthless Bitcoin (because the USD/BTC value would tank on their 51% attack news) and they are also left without the possibility to basically print themselves free money until the end of time.
I find your claims that "worry comes in when a 51% minor is a bad actor" and "safe in GHash's hands" to be conflicting.
All it takes is one bad actor at GHash, as supposedly happened with the gambling incident, and suddenly you've got a problem again.
Just because GHash is successful now does not mean they won't change. Let's imagine a future where CEX.io decides to ditch GHash. GHash no longer has any form of profit (0-fee pool) and thus has no incentive to remain honest.
Satoshi's logic, that a large minor would have a selfish interest to be honest, actually completely falls down when it comes to mining pools. Mining pools have massive power, and yet (in this case) get 0 profit. GHash could easily have nothing invested in bitcoin while still having control of a large gashing power.
Now on to the other things you said. "Would Bill Gates ... for a penny?" is a terrible analogy. For one, this isn't a penny. 51% attacks could allow GHash to steal millions and extort further. They would also allow someone with a vendetta against bitcoin do do real damage... And the risk isn't nearly as severe as jumping in a volcano. A more relevant analogy might be "Would a company commit tax fraud on the order of a million dollars and risk being caught" (yes many have) or "would an executive steal from the company he works at and, when they notice, cut and run."
Your theoretical for what happens on a 51% attack is also silly. There would be signs of some attacks (like consistent double spending on high-confirmation things), but other attacks like extortion-for-inclusion could be silent for as long as the victims don't speak up. Furthermore, people wouldn't leave overnight.. not that many did when GHash performed attacks the last time. In addition, people are highly unlikely to change. Things won't drop off over night. They weren't DDOSed last time. Your entire speculation is optimistically assuming there won't be significant doubt and inertia... and betting against human lazyness is rarely a good idea.
Finally, you assume GHash is left with nearly worthless bitcoins. Well, sort of. The extortion could lead to them being paid in anything. If the entire company decided to do an attack they'd obviously sell all bitcoins first so any new bitcoins gained through any attack would be pure profit (and wouldn't be worthless for at least several hours until someone notices and news spreads). Furthermore, each employee of GHash that is capable of causing such an attack to occur might not have any bitcoins, even if GHash does.
I think that your defense of GHash is flawed, especially considering they've behaved badly in the past. and your arguments in general aren't strong.
I see it as fully plausible that if they maintain 51% hashing power for an extended period of time, a bad employee might modify their code for their own profit and then GHash will plead ignorance when it's discovered and carry on. I also see it as fully plausible that if GHash decides to close shop at over 51% they'll choose to go out with a bang and do what thievery and damage they can on the way out.
I fully agree with the article that this is a problem.
> Decentralization, n. The security assumption that a nineteen year old in Hangzhou and someone who is maybe in the UK and maybe not have not yet decided to collude with each other.
With parentheses:
> Decentralization, n. The security assumption that (a nineteen year old in Hangzhou and (someone who is maybe in the UK and maybe not)) have not yet decided to collude with each other.
I think it should be more like:
> Decentralization, n. The security assumption that a nineteen year old in Hangzhou and someone who is maybe in the UK (and maybe not) have not yet decided to collude with each other.
If you read your version using the rule that a parenthesised section represents an individual thought that can be removed, yours reads as:
> Decentralization, n. The security assumption that have not yet decided to collude with each other.
That was a great write-up. I've avoided BTC from the start because I always figured someone would commit the algos to silicon and crush everyone else. That said I'm doubtful there is such thing as a ASIC resistance system in anything that has a direct economic value to highly-repeated calculation ratio. Many years ago people would say of graphics systems "You'll never get X poly's/second" etc. But then gaming came along and all those hungry 3d gamers kept buying more and more powerful GPU's. Then data sciences came along and said "wow we can use these GPU's" and onward marches the power of the GPU. I have lived to see so many things over the years go from "impossible" to "common place" in technology.
Another thought that came to mind several times over the years is that China or USA could spool up enough hardware to swamp the BTC networks and crash them. If you think about advancements in these ASIC's and how cheap power can be to large governmental organizations all that is missing is the incentive to attack BTC. I take the recent slow but steady recognition of BTC by various governments with a certain cynical grain of salt. I think others see these things as proof that BTC is getting more generally accepted, but I see them as very large and powerful entities thinking, "If you can't beat them join 'em". It's entirely possible that these steps are more about staying closer to the enemy then being friends with BTC.
When I read this article making claims about heat and electricity being major blockers to centralization I started to think about how google and facebook have been solving these problems with amazing success in the last couple of years. Imagine an "BTC Factory" in a nice cold climate where power is cheap and labor to maintain the facility is cheap. If BTC continues to grow and become predictably tradable for other currencies then these farms could be built with great ease. All we're lacking here is a VC who sees 15% as a reasonable return and a handful of nerds who don't mind building the worlds most powerful mining environment in a 505,000 sq ft facility in North Carolina. Of course this would be a massive investment and could signal an amazing time for BTC or it could signify the centralization of a decentralized process that destroys the original dreams of BTC and yet again puts the people with the most power (literally) in control.
The only thing that stands between today and that potential future are forward thinking people trying to keep the BTC concept alive and continuing to improve what is today's state of art to stay ahead of tomorrow's state of art. I'm still on the sidelines watching but am enjoying the show!
10 megawatt. In Sweden. Datacenter should be at full capacity by now, so ~10 petahash/sec (= 10% of the global Bitcoin network) assuming ~1 watt per Ghash/sec. My numbers are all +/-30% depending on how much hw is 28nm (KnC's Jupiter systems) vs 20nm (Neptune).
How about relatively small BTC mining room heaters - plug them into an electrical supply they provide heat and offset the heating costs with returns from mining?
As it happens I was actually offered a Xerox Lisp Machine to take home when a university department I was associated with was throwing some old kit out. I was living in a tiny flat at the time so it wasn't really an option.
However, now we have plenty space and a property that is very difficult to heat and we need heating ~6 months a year, changing the property is not really an option (planning restrictions are really tight where we live - for good reasons, and any improvements would be incredibly expensive) - BTC room heaters might actually make sense....
The linked article touches upon that concept as a feasible application of mining heat:
"In a home, however, if the outside temperature is less than about 20′C, the cost of electricity is zero; all electricity spent by the miner necessarily eventually turns into “waste” heat, which then heats the home and substitutes for electricity that would be spent by a central heater."
The zero-cost figure is... um... wrong. Your central heater probably either does not use electricity (presumably using a cheaper fuel source) or is a heat pump (and thus gets efficiency greater than 100% on the electricity by stealing heat from the ground). The real cost is still lower than the nominal cost, but it's not zero.
> I started to think about how google and facebook have been solving these problems with amazing success in the last couple of years.
I read once that the way Google solves the heat problem is by not requiring people to be able to walk around the servers. This way they can keep high temperatures in server rooms (which the machines handle fine) and don't spend that much electricity on cooling things down.
One thing people keep forgetting: GHash.io is not a single entity. GHash is made up of miners who choose to be there. It is very easy for a miner to switch to another pool.
The thing I don't understand about the "50% attacks" is that they should be detectable. There's legitimately going to be a transaction on the bitcoin network, and then a ghash.io block is going to show up that invalidates it by spending the input. For the lower percentage ones, there's going to be an orphaned chain with a different set of transactions.
Absolutely, if pursued with intent, they'll be very evident. That doesn't necessarily mean you can do anything (inside the protocol) against them. The orphaned chain could be the victim of a 51% attack – or a failed attempt at a 51% attack, or an inadvertent side-effect of network lags. But by design, to converge on a shared serialized history, nodes eventually trust the longest chain as the winner-as-chosen-by-hashpower.
To have nodes consensually adopt some other chain, you'd need some other nice converging criteria for preferring a shorter chain. Those are hard without adopting some other centralizable or monopolizable authority role (like trusted timestamping).
One missing factor in the article is the source of energy. Free energy can be easily obtained from renewable sources like wind farms since as a result of wind variance only some fraction of generated power can be practically utilized. Variance is very different around the world making it difficult to centralize.
Though miners would then work only for 20% of their time making it feasible once electricity will be about 5 times more expensive than equipment.
Therefore the sooner we will reach state of the art equipment, the better. And for simple SHA it is much easier to reach the limits imposed by physics than for CPU.
I mean it is free for farm owners, since as of today they have nothing better to do with extra energy that is produced in good conditions. So it is basically wasted.
As of today that is true. But once we hit 10nm node the progress in terms of cost per transistor will probably cease dramatically. And it already slowed considerably.
Compare for example nvidia 460 gtx (2010) and 2014 760 gtx (2014). For same $ you get roughly 40% more transistors. Cards cost $200 and tdp is 130W which gives $450 at $.1/kWh in 4 years. So once cards with 2 times more transistors hit the shelves you would already spend 5 times more on electricity than card itself.
His premise was that if a miner ever grew so large as to be capable of performing a 51% attack, that they would have so much wealth invested in the Bitcoin network that they would never dare try anything.
The Bitcoin network is GHash's golden egg laying goose.
The Bitcoin network is entirely safe in GHash's hands imho.
The only real worry comes in when the 51% miner is a bad actor.
>at 35% hashpower and 3 confirmations, this means that GHash can currently steal altcoins from an altcoin exchange with 15.6% success probability – once in every six tries.
Yes, but come on. They never would. Would Bill Gates jump into an active volcano to pick up a penny? Even if he had a 15.6% of picking up that penny without dying a fiery death?
>So what if, for the sake of example, GHash gets over 51% again and starts launching 51% attacks (or, perhaps, even starts launching attacks against altcoin exchanges at 40%)? What happens then?
I'll bite. The ~75% of GHash's mining power that is being pointed at GHash by regular Bitcoin ASIC miners who are enjoying their 0% fees and merged mining drops off overnight. Their domain names are DDOSd at a record breaking level for weeks on end, and every other pool adopts a modified bitcoind that hard-forks (erases) any damange GHash might have caused.
GHash is left with a few thousand nearly worthless Bitcoin (because the USD/BTC value would tank on their 51% attack news) and they are also left without the possibility to basically print themselves free money until the end of time.