What You Need To Know on Bitcoin 51% Attacks.

Much has been said about this topic, but the economic interest in mounting such attacks is non-existent.

This issue of In Bitcoin We Trust Newsletter is for all subscribers. To get more insights on Bitcoin, you may be interested to upgrade to the premium package.

See the Plans

Bitcoin is an incredible monetary revolution. At the heart of this revolution is the Proof-of-Work (PoW) algorithm that allows the network to operate in a fully decentralized manner. Bitcoin's miners ensure that the network functions properly by providing their computing power, usually called hash power.

The higher Bitcoin's hash power, the more secure its network is.

A potential flaw in this consensus system is when a miner takes control of at least 51% of the Bitcoin network's hash power. There is then a risk of an attack on the integrity of the network, which is commonly referred to as "Bitcoin 51% Attacks". You've probably seen this term used in the past without always understanding what it really means.

In what follows, I'll go over what you need to know about Bitcoin 51% hash power attacks.

Two main types of attacks are possible for an entity controlling at least 51% of the hash power of the Bitcoin network

Basically, an entity that controls 51% of the Bitcoin hash power can execute 2 main types of attacks:

  1. Rearrange the transaction blocks of the Bitcoin blockchain to undo transactions that the entity sent to the network.

  2. Prevent someone else's transactions from being confirmed by the network.

Before going further into these two types of potential attacks, a quick reminder is for those who are not sure to know how Bitcoin works.

The Bitcoin network is based on a Blockchain. Each block of transactions is public and linked to the next one. This creates a chain of blocks that keeps growing over time:

This contains the history of all the transactions made on the network since its launch on January 3, 2009.

As I write this, the size of the Bitcoin blockchain is approaching 355 GB.

A malicious entity controlling 51% of the network's hash power decides to purchase 1,000 BTC worth of goods

Imagine if a person or entity with malicious intent were to gain control of 51% of the hash power of the Bitcoin network while wishing to mount an attack. This last point is not a requirement, but for what follows, consider this.

This malicious entity decides to buy $30 million worth of goods in Bitcoin. To do so, it sends 1,000 BTC to the seller via the Bitcoin network.

The person selling the goods knows that for a transaction of this amount he must wait for a certain number of confirmations on the Bitcoin blockchain. For such an amount, the person decides to wait for at least 6 block confirmations. This means adding 6 more blocks after the block where the transaction of 1,000 BTC was recorded.

This is when the malicious entity decides to attack the Bitcoin network.

Once the transaction is completed, the malicious entity puts its miners to work to mine a secret chain without this 1,000 BTC payment

The rogue entity creates a separate transaction sending the same 1,000 Bitcoin back to itself. It then sets its miners to work mining a secret chain that includes this transaction, but does not include the transaction sending payment to the entity that was selling the goods:

The entity that is to receive the 1,000 BTC transaction for the sale of its goods will therefore wait for the 6 confirmations before delivering the goods to the rogue entity. Meanwhile, the latter continues to mine the secret chain while the network is mining the main chain in green:

The selling entity sees the 6 block confirmations. It is reassured and thinks that its transaction is definitely validated on the Bitcoin network. It lets the bad entity leave with the goods.

After 6 block confirmations, the selling entity gives the goods to the malicious entity which can then submit its longer secret chain reversing the transaction

The problem is that at this moment in time, the secret chain that the malicious entity has been mining for several hours is probably longer than the green chain that is the main chain:

The malicious entity then immediately publishes its secret chain on the Bitcoin network. All Bitcoin nodes are programmed to accept the chain with the most work behind it with no questions asked.

The nodes in the Bitcoin network therefore immediately recognize the malicious entity's secret chain as the true version of the Bitcoin blockchain. The nodes de facto invalidate the old version in green which becomes invalid in yellow in the illustration below:

The transaction in block n+2 that contained the payment of 1,000 BTC to the entity selling the goods simply no longer exists. It has been replaced in the new version of the Bitcoin Blockchain by a transaction of 1,000 BTC from the malicious entity to itself.

By rearranging the blocks of the blockchain with its hash power exceeding 51% of the total available on the Bitcoin network, the rogue entity was able to reverse a payment that had exceeded 6 confirmations.

When the selling entity realizes this, it is too late. The malicious entity is already long gone with the goods worth 1,000 BTC.

The second type of attack is to prevent an entity or person from executing transactions on the Bitcoin network

Now we can look at the second type of attack that the malicious entity may decide to carry out with a Hash power of more than 51% on the Bitcoin network. In this type of attack, the malicious entity will prevent the transactions of another person or entity from being mined.

The entity can do this by systematically excluding that entity's transactions from the blocks it will mine, and only mining blocks that do not include those transactions on top of the Bitcoin Blockchain.

Since the malicious entity controls the majority of the hash power of the Bitcoin network, it will always be able to end up with the dominant Blockchain. These systematically censored transactions will appear in the nodes of the Bitcoin network, but they will remain stuck at 0 confirmation as long as the malicious entity is in control.

The possibilities of attacks are limited to that, nothing more

The 51% hash power takeover attacks on the Bitcoin network have been much talked about for ages.

However, their scope is limited to the two main attacks I just detailed above. This implies that the entity controlling at least 51% of the Hash power of the Bitcoin network will not be able to :

  • Create new units of BTC out of thin air.

  • Send BTC that does not belong to him.

  • Reverse transactions of other network users.

Indeed, this is made impossible by the fact that all the nodes on the Bitcoin network will be checking that the Bitcoin rules are being enforced at all times, which will prevent the malicious entity from taking these actions.

Final Thoughts

Generally speaking, Bitcoiners are not too worried about an entity attempting such an attack on the Bitcoin network. Indeed, a 51% hash power takeover attack is risky and extremely difficult to pull off. Moreover, if an entity has that much hash power, the game theory will encourage the entity to play by the rules of the network to make a profit by mining.

Besides, reorganizations of the Bitcoin blockchain of this magnitude have never occurred. If this were to happen, it would quickly become clear to the other players in the network that something was wrong. The attacker would then risk sacrificing all his future Bitcoin mining profits simply to compromise the integrity of the network.

The attacker would have no incentive to do this. It is simply not economically viable.

Some reading