Majority attack: Difference between revisions

From Bitcoin Wiki
Jump to navigation Jump to search
Fresheneesz (talk | contribs)
clarification on when the mining effort will go to waste
Mala44 (talk | contribs)
No edit summary
Line 15: Line 15:
* [https://people.xiph.org/~greg/attack_success.html Attack success probability calculator]
* [https://people.xiph.org/~greg/attack_success.html Attack success probability calculator]
* [[Irreversible_Transactions]]
* [[Irreversible_Transactions]]
 
* [[https://medium.com/coinmonks/what-is-a-51-attack-or-double-spend-attack-aa108db63474 What is a 51% attack]]
[[Category:Technical]]
[[Category:Technical]]
[[Category:Attack vectors]]
[[Category:Attack vectors]]

Revision as of 15:31, 24 July 2018

A majority attack (usually labeled 51% attack or >50% attack) is an attack on the network. This attack has a chance to work even if the merchant waits for some confirmations, but requires extremely high relative hashrate.

The attacker submits to the merchant/network a transaction which pays the merchant, while privately mining a blockchain fork in which a double-spending transaction is included instead. After waiting for n confirmations, the merchant sends the product. If the attacker happened to find more than n blocks at this point, he releases his fork and regains his coins; otherwise, he can try to continue extending his fork with the hope of being able to catch up with the network. If he never manages to do this, the attack fails, the payment to the merchant will go through, and the work done mining will also go to waste, as any new bitcoins would be overwritten by the longest chain.

The probability of success is a function of the attacker's hashrate (as a proportion of the total network hashrate) and the number of confirmations the merchant waits for. For example, if the attacker controls 10% of the network hashrate but the merchant waits for 6 confirmations, the success probability is on the order of 0.1%. If the attacker controls more than half of the network hashrate, this has a probability of 100% to succeed. Since the attacker can generate blocks faster than the rest of the network, he can simply persevere with his private fork until it becomes longer than the branch built by the honest network, from whatever disadvantage.

No amount of confirmations can prevent this attack; however, waiting for confirmations does increase the aggregate resource cost of performing the attack, which could make it unprofitable or delay it long enough for the circumstances to change or slower-acting synchronization methods to kick in. A majority attack was more feasible in the past when most transactions were worth significantly more than the block reward and when the network hashrate was much lower and prone to reorganization with the advent of new mining technologies.

A majority attack has never been successfully executed on the Bitcoin network, but it has been demonstrated to work on some small altcoins.

See also: Weaknesses#Attacker_has_a_lot_of_computing_power

See Also