As I understand this, a typical use of such an attack would be to revoke a payment after it has been done, apparently. If everyone sticks to the rule to await six confirmations before deeming a payment secured (and the payer can barely influence this as the receiver decides how to handle this), then a later revoke can only be done by secretly computing a longer block chain than the public one. So this would mean the following steps:
- Alice issues a payment, sending some BC to Bob.
- Alice secretly creates a payment which sends the same BC to herself.
- Alice starts computing a blockchain not containing the payment to Bob, but the one to herself.
- Miners create a block confirming the payment to Bob.
- Miners create five successive blocks based on this one, cementing the payment to Bob.
- Alice overtakes the Miners in creating blocks based on her payment to herself but keeps everything secret.
- Bob hands out goods in exchange to the payment.
- Alice suddenly reveals her longer blockchain, not containing the payment to Bob, but the one to herself.
- Everybody switches to this blockchain because it is longer than the up to then public one.
- Bob has gotten no payment but has handed out the goods, thus the fraud is complete.
Okay, this is possible. But: This would mean to have a switch to another block chain which was secret for six iterations. This would be an obvious case, wouldn't it? Every BC user would be able to detect such a case. The results would be that everybody in the community would be able to understand that this is probably only happening to commit a fraud. A majority attack would never go unnoticed by the public. As a result of this obvious abuse of the system, everybody would lose confidence in the currency, everyone would try to get rid of their BCs, the market price would drop massively. Nobody capable of doing a majority attack would be interested in such an outcome.
Doesn't this render the concept of a majority attack completely useless in practice? Please correct me if I'm wrong, but otherwise the article should mention this aspect.
I'd also be interested in information about the typical or longest ever overtaken blockchain. I guess it never was six iterations, but what was the longest chain ever overtaken by another, longer one which was unknown up to that point in time so that it came as a complete surprise? --Alfe (talk) 09:38, 1 June 2016 (UTC)