51% Attack Rewriting the blockchain.
A 51% Attack refers to the act of intentionally building a new longest chain of blocks to replace blocks in the blockchain. This allows you to replace transactions that have been mined in to the blockchain.
This kind of attack is easiest to perform when you have a majority of the mining power, which is why it’s referred to as a “Majority Attack” or a “51% Attack”.
How does a 51% Attack work?
Nodes always accept the longest known chain of blocks as the valid version of the blockchain. So if you want to “undo” a transaction from the blockchain, you just need to build a new chain of blocks without that transaction in it.
When nodes receive this new longer chain of blocks, they will perform a chain reorganisation to deactivate blocks in their old longest chain, and activate the blocks in the new longest chain you have given them.
So by building a new longest chain to replace an existing one, you are effectively rewriting the blockchain and creating a new history of transactions for every node on the network to accept. As a result, you have reversed transactions that we previously thought to have been a permanent part of the blockchain.
However, actually performing a successful 51% Attack is not quite this simple…
Note: You would want to include a replacement transaction in the new chain to send the bitcoins to a new destination (e.g. to your address and not to the car dealer’s). Otherwise the original transaction could get mined in to the main chain again.
What prevents a 51% attack?
Every miner is incentivised to build upon the current longest chain of blocks. So if the combined mining power of every other miner on the network is greater than yours, it makes it incredibly difficult to be able to outwork the other miners to build a longer chain and replace the existing one.
But of course, if you can actually acquire more mining power than all other miners combined, then you have the ability to outrun the current longest chain and build a new longer chain for everyone else to adopt.
So to prevent this from happening we need to ensure that no single miner has the ability to acquire a majority of the mining power. This is achieved by allowing anyone in the world to mine, and incentivising these miners to do so by offering block rewards.
As a result, miners focus their energy on building the same chain, making it difficult for any individual to be able to rewrite what has already been written to the blockchain.
As long as a majority of CPU power is controlled by nodes that are not cooperating to attack the network, they’ll generate the longest chain and outpace attackers. – Satoshi Nakamoto
How difficult is it to perform a 51% attack?
The tricky part would be getting all the hardware needed to be able to perform the attack in the first place. That would be incredibly expensive and difficult. However, if you did manage to acquire a majority of the mining power, then it’s only a matter of time before you build a new longest chain.
Having said that, it does take more work to replace a large number of blocks than it would to replace just a few. So the further down a transaction makes it in to the blockchain, the more time and energy it’s going to take to reverse it.
But again, this is assuming you can get the hardware to attain 51% or more of the mining power to outpace all the other miners. Good luck with that.
Nonetheless, you can still try and perform this kind of attack with less than 50% mining power, but the odds are very much against you…
Can you rewrite the blockchain with less than 50% mining power?
Yes, but you’ll need to have luck on your side.
Mining is unpredictable, so even if you’ve got a small amount of mining power, there’s nothing to say that you wouldn’t be able to get lucky and mine the next 2 blocks in a row. It’s highly unlikely, but not impossible. The probability depends on how much mining power you have relative to everyone else.
Of course, the further down a transaction is in the blockchain, the luckier you’ll need to get to be able to mine X blocks in a row. If nobody has a majority of the mining power, it gets exponentially more difficult to replace a transaction the further it gets in to the blockchain.
So unless you’ve got a significant proportion of the total mining power on the bitcoin network, your chances of replacing a mined transaction are slim, and those chances diminish quickly as the transaction makes it further down the chain.
Here’s a table of your exact odds:
|50% Control||40% Control||30% Control||20% Control||10% Control|
Tip: The numbers in the table above assume you are attempting to replace blocks by building an alternate chain that is one block longer than the current longest chain.
The probability of being to able to intentionally rewrite blocks in the blockchain is just a function of how much mining power you have and how many blocks you want to try and replace.
Anyway, here’s what that equation looks like in Ruby code:
# p = probability honest node finds the next block # q = probability attacker finds the next block # z = number of blocks to catch up def attacker_success_probability(q, z) p = 1 - q lambda = z * (q / p) # expected number of occurrences in the poisson distribution sum = 1.0 for k in 0..z poisson = Math.exp(-lambda) # exp() raises e (natural logarithm) to a number for i in 1..k poisson *= lambda / i end sum -= poisson * (1 - (q/p)**(z-k) ) end return sum end # Example puts attacker_success_probability(0.4, 5) #=> 0.5506251290702077
Tip: The equation above works out the probability of catching up with the longest chain (from being a specified number of blocks behind). If you want to replace blocks in the chain, you need to go one block longer.
Has anyone successfully performed a 51% Attack on Bitcoin?
Nope, not yet.
Some miners have come close to reaching 50% or more of the total mining power over Bitcoin’s history, but nobody has actually performed a successful 51% Attack.
Note: Even if a miner gets over 50% mining power, it doesn’t necessarily mean that they’re actually going to perform an attack (it just means that they can). If anything, if you’ve got that much power it’s probably more lucrative to keep mining blocks and collecting block rewards than it would be to reverse a single transaction (and sink the value of bitcoin because of your attack).
How much hashpower do I need to perform a 51% Attack?
You can use the current target value to estimate how much hash power you would need to get majority control.
Tip: The target moves up and down based on how much quickly all miners on the network are able to mine new blocks. We can therefore use it to figure out how fast we need to be able to hash to outpace the current speed of the network.
First of all, we can get the current target by looking at the “bits” field inside the block header of the most recently mined block.
$ bitcoin-cli getblockcount 619206 $ bitcoin-cli getblockhash 619206 000000000000000000015d7aa0d1fe406b106a626318bba05f7a786c061ec4f8 $ bitcoin-cli getblockheader 000000000000000000015d7aa0d1fe406b106a626318bba05f7a786c061ec4f8 | grep bits "bits": "17122cbc",
Now, this “bits” value is just the target in compact format. So converting from bits to target we get:
So that’s the number that all miners need to get below to mine a block.
We can work out how many hashes we would need to perform (on average) to get below this by dividing the range of all possible hash results by this target value:
$ irb irb(main):001:0> (2**256) / 0x000000000000000000148edf0000000000000000000000000000000000000000 => 66516801707887110732553
So that tells us that we need to do
66516801707887110732553 hashes on average to mine the next block. Or in other words, this is roughly how many hashes all miners on the network are performing every 10 minutes.
See the chainwork calculation explanation for more information on how we get this “expected number of hashes”.
Anyway, using this number we can work out the hashes per second of the network:
$ irb irb(main):001:0> 58805356298556988331095 / 600 # there are 600 seconds in 10 minutes => 110861336179811851220
So the current combined hash rate of every miner on the bitcoin network is
110861336179811851220 hashes/sec. Converting this to Th/s we get:
php -a php > echo number_format(110861336179811851220 / 1000**4); 110,861,336
Therefore, to acquire 50% control over mining blocks, we need to build a mining farm that is capable of performing over
- Coin Dance - Latest Blocks - Pretty website showing a pie chart of the current bitcoin mining distribution. The more distributed the better.