Author [EN] [ZH] [ES] [PT] [IT] [DE] [FR] [NL] [TR] [SR] [AR] [RU] [EN] [ZH] [ES] [PT] [IT] [DE] [FR] [NL] [TR] [SR] [AR] [RU] [EN] [ZH] [ES] [PT] [IT] [DE] [FR] [NL] [TR] [SR] [AR] [RU] Topic: On 51% Attacks  (Read 2037 times)

0 Members and 1 Guest are viewing this topic.

Offline bytemaster

On 51% Attacks
« on: May 22, 2014, 02:00:37 PM »

The nature of the 51% attack is often obscured so I would like to expound upon it generally (for all systems).

If someone has 51% of the bitcoin hashing power they can exclude blocks produced by the other 49% and thus end up producing 100% of the blocks actually included in the blockchain.   Difficulty will adjust down by 49% and block rate will return to 10 minutes (after being 20 minutes).   The other miners (in the 49%) would have to get on the bandwagon and ratify the blocks produced by the attacker (and not produce blocks that violate the attackers rules).   

So someone with 51% of the blocks has the power to enforce a STRICTER set of transaction rules.  This allows accounts to be frozen, etc. 


Likewise with Nxt, if 51% of the active forgers (which is less than 51% of the shareholders) decide to collude they can exclude the 49% of the active forgers, those 49% will be 'punished' for not producing a block and the 51% will eventually control 100% of the active forging.  Once again they gain the ability to enforce a STRICTER set of transaction rules and this allows frozen accounts.


Likewise with Ripple, if 51% of the original UNL decide to exclude someone from their UNL then their opinion is ignored. 

Likewise with DPOS if 51% of the delegates collude, they can ignore blocks produced by the 49%. 

The principle here is that consensus always has a tipping point when the 'majority' goes with it.  You cannot enforce a consensus of 90% without the potential of deadlock. These systems must allow people to abstain to be robust against failure because if you require everyone to reach 90% agreement then if 11% of the network goes down you have no consensus.

Recognizing this reality, we can embrace it fully and allow 51% of the delegates to fire any other delegate.   It wouldn't actually change the security model, it would simply make it slightly easier to coordinate among the delegates and the rest of the network. 

All networks are only as secure as the trust you place in the 51%.
For the latest updates checkout my blog: http://bytemaster.bitshares.org
Anything said on these forums does not constitute an intent to create a legal obligation or contract between myself and anyone else.   These are merely my opinions and I reserve the right to change them at any time.

Offline voldemort628

  • Full Member
  • ***
  • Posts: 117
    • View Profile

Offline toast

Re: On 51% Attacks
« Reply #2 on: May 22, 2014, 02:33:21 PM »
https://nxtforum.org/transparent-forging/is-this-true/msg26631/#msg26631

Ignorance is bliss? How on earth can the answer be "no"?

In fact for nxt wouldn't it be even worse since most stake is offline and not producing blocks most of the time?

Sent from my SCH-I535 using Tapatalk

Do not use this post as information for making any important decisions. The only agreements I ever make are informal and non-binding. Take the same precautions as when dealing with a compromised account, scammer, sockpuppet, etc.

Offline bytemaster

Re: On 51% Attacks
« Reply #3 on: May 22, 2014, 02:44:37 PM »
https://nxtforum.org/transparent-forging/is-this-true/msg26631/#msg26631

Ignorance is bliss? How on earth can the answer be "no"?

In fact for nxt wouldn't it be even worse since most stake is offline and not producing blocks most of the time?

Sent from my SCH-I535 using Tapatalk


This is exactly the point... I think someone should expound upon how they avoid this.

If I am a forger and I pretend I didn't see the blocks of others then the network must go on.  The network clearly doesn't hang until the block is produced.   Sure the network may FORK.   

If they have some magic solution to this problem then I WANT IT!   

For the latest updates checkout my blog: http://bytemaster.bitshares.org
Anything said on these forums does not constitute an intent to create a legal obligation or contract between myself and anyone else.   These are merely my opinions and I reserve the right to change them at any time.

Offline atmos

  • Newbie
  • *
  • Posts: 2
    • View Profile
Re: On 51% Attacks
« Reply #4 on: May 22, 2014, 03:01:06 PM »
Bytemaster, with all the examples you mentioned you talk about 51% being enough to gain the ability to produce 100% of the blocks. How is that possible if with Bitcoin the chance of finding a block is based on the probability relative to your hasing power? Wouldnt it be the case that 49% of the blocks would still be produced by the 49% minority? The same for NXT because it is also probabilistic. And for the deterministic DPOS wouldnt the non colluding 49% be able to produce blocks as they wish when it's their turn?

Offline bytemaster

Re: On 51% Attacks
« Reply #5 on: May 22, 2014, 03:07:15 PM »
Bytemaster, with all the examples you mentioned you talk about 51% being enough to gain the ability to produce 100% of the blocks. How is that possible if with Bitcoin the chance of finding a block is based on the probability relative to your hasing power? Wouldnt it be the case that 49% of the blocks would still be produced by the 49% minority? The same for NXT because it is also probabilistic. And for the deterministic DPOS wouldnt the non colluding 49% be able to produce blocks as they wish when it's their turn?

The block producers get to choose which blocks they build off of.  They can safely ignore blocks found by the 49%.... sure they 49% will still find blocks, they will just be orphaned.
For the latest updates checkout my blog: http://bytemaster.bitshares.org
Anything said on these forums does not constitute an intent to create a legal obligation or contract between myself and anyone else.   These are merely my opinions and I reserve the right to change them at any time.

Offline toast

Re: On 51% Attacks
« Reply #6 on: May 22, 2014, 03:20:00 PM »
Recognizing this reality, we can embrace it fully and allow 51% of the delegates to fire any other delegate.   It wouldn't actually change the security model, it would simply make it slightly easier to coordinate among the delegates and the rest of the network. 

51% of delegates by stake?

The bottom 51% of delegates might have less than 51% of stake. I know the clients smooth things out automatically and there are hard caps... make the % cutoff based on those theoretical hard caps.
Do not use this post as information for making any important decisions. The only agreements I ever make are informal and non-binding. Take the same precautions as when dealing with a compromised account, scammer, sockpuppet, etc.

Offline bytemaster

Re: On 51% Attacks
« Reply #7 on: May 22, 2014, 03:24:06 PM »
Recognizing this reality, we can embrace it fully and allow 51% of the delegates to fire any other delegate.   It wouldn't actually change the security model, it would simply make it slightly easier to coordinate among the delegates and the rest of the network. 

51% of delegates by stake?

The bottom 51% of delegates might have less than 51% of stake. I know the clients smooth things out automatically and there are hard caps... make the % cutoff based on those theoretical hard caps.

All delegates have equal power in the system as selection of the next delegate is not based upon their net votes.  This means a delegate has nothing to gain by having more than 1% and nothing to lose by having less than 1% unless they are not in the top 99. 
For the latest updates checkout my blog: http://bytemaster.bitshares.org
Anything said on these forums does not constitute an intent to create a legal obligation or contract between myself and anyone else.   These are merely my opinions and I reserve the right to change them at any time.

Offline toast

Re: On 51% Attacks
« Reply #8 on: May 22, 2014, 03:30:42 PM »
Recognizing this reality, we can embrace it fully and allow 51% of the delegates to fire any other delegate.   It wouldn't actually change the security model, it would simply make it slightly easier to coordinate among the delegates and the rest of the network. 

51% of delegates by stake?

The bottom 51% of delegates might have less than 51% of stake. I know the clients smooth things out automatically and there are hard caps... make the % cutoff based on those theoretical hard caps.

All delegates have equal power in the system as selection of the next delegate is not based upon their net votes.  This means a delegate has nothing to gain by having more than 1% and nothing to lose by having less than 1% unless they are not in the top 99.

Exactly, so by allowing 51 delegates to fire regardless of stake-vote you are making a 51% attack into a ~40% attack.
Do not use this post as information for making any important decisions. The only agreements I ever make are informal and non-binding. Take the same precautions as when dealing with a compromised account, scammer, sockpuppet, etc.

Offline bytemaster

Re: On 51% Attacks
« Reply #9 on: May 22, 2014, 03:51:35 PM »
Recognizing this reality, we can embrace it fully and allow 51% of the delegates to fire any other delegate.   It wouldn't actually change the security model, it would simply make it slightly easier to coordinate among the delegates and the rest of the network. 

51% of delegates by stake?

The bottom 51% of delegates might have less than 51% of stake. I know the clients smooth things out automatically and there are hard caps... make the % cutoff based on those theoretical hard caps.

All delegates have equal power in the system as selection of the next delegate is not based upon their net votes.  This means a delegate has nothing to gain by having more than 1% and nothing to lose by having less than 1% unless they are not in the top 99.

Exactly, so by allowing 51 delegates to fire regardless of stake-vote you are making a 51% attack into a ~40% attack.

Perhaps... but delegate votes are 'net votes' which means that you can vote against a delegate as well as for a delegate.  What this means is that if 40% of the shares are held by the attacker, 40% of the shares can vote against the attacker and thus the attacker gets 0 delegates.   

So to the extent the network divides its votes among 'loosing delegates' it is like the inactive NXT or Peercoin users.   Ideally delegates get elected and 99% of the votes are for (or against) one of the active delegates.  The only time someone would vote for someone not on the current active list is if they think there is a problem that needs to be resolved to make things better.

 
For the latest updates checkout my blog: http://bytemaster.bitshares.org
Anything said on these forums does not constitute an intent to create a legal obligation or contract between myself and anyone else.   These are merely my opinions and I reserve the right to change them at any time.

Offline atmos

  • Newbie
  • *
  • Posts: 2
    • View Profile
Re: On 51% Attacks
« Reply #10 on: May 22, 2014, 06:02:28 PM »
Bytemaster, with all the examples you mentioned you talk about 51% being enough to gain the ability to produce 100% of the blocks. How is that possible if with Bitcoin the chance of finding a block is based on the probability relative to your hasing power? Wouldnt it be the case that 49% of the blocks would still be produced by the 49% minority? The same for NXT because it is also probabilistic. And for the deterministic DPOS wouldnt the non colluding 49% be able to produce blocks as they wish when it's their turn?

The block producers get to choose which blocks they build off of.  They can safely ignore blocks found by the 49%.... sure they 49% will still find blocks, they will just be orphaned.

And the 49% could ignore the blocks found by the 51%
So it just means that in the long run the 51% attacker has the longer chain?
This would be called a fork then?

Offline toast

Re: On 51% Attacks
« Reply #11 on: May 22, 2014, 06:06:17 PM »
Bytemaster, with all the examples you mentioned you talk about 51% being enough to gain the ability to produce 100% of the blocks. How is that possible if with Bitcoin the chance of finding a block is based on the probability relative to your hasing power? Wouldnt it be the case that 49% of the blocks would still be produced by the 49% minority? The same for NXT because it is also probabilistic. And for the deterministic DPOS wouldnt the non colluding 49% be able to produce blocks as they wish when it's their turn?

The block producers get to choose which blocks they build off of.  They can safely ignore blocks found by the 49%.... sure they 49% will still find blocks, they will just be orphaned.

And the 49% could ignore the blocks found by the 51%
So it just means that in the long run the 51% attacker has the longer chain?
This would be called a fork then?

Yes, and since the client treats the longer chain as the "correct" one the attacker has control of the network even if the 49% disagree. It doesn't matter what you think is the "right" chain if your client shows the balance from the "wrong" chain.
Do not use this post as information for making any important decisions. The only agreements I ever make are informal and non-binding. Take the same precautions as when dealing with a compromised account, scammer, sockpuppet, etc.

Offline gamey

  • Hero Member
  • *****
  • Posts: 2253
    • View Profile
Re: On 51% Attacks
« Reply #12 on: May 22, 2014, 06:59:59 PM »

I am likely confused here, but the problem seems to occur when your vote distribution is lopsided it opens the process up to being exploited by a minority.  This could be mitigated by keeping the vote distribution as equal as possible.  To do this the client software should have some form of a ordered list of delegates to vote for.  So that the one favored guy doesn't get 30% of the votes. (for example)   The list will move your vote "down the line" so to speak.  This optimizes the power of each stake's vote and helps prevents situations where a minority is able to have undue influence due to the clumping of the votes towards the most popular delegates.
I speak for myself and only myself.

Offline bytemaster

Re: On 51% Attacks
« Reply #13 on: May 22, 2014, 07:07:48 PM »

I am likely confused here, but the problem seems to occur when your vote distribution is lopsided it opens the process up to being exploited by a minority.  This could be mitigated by keeping the vote distribution as equal as possible.  To do this the client software should have some form of a ordered list of delegates to vote for.  So that the one favored guy doesn't get 30% of the votes. (for example)   The list will move your vote "down the line" so to speak.  This optimizes the power of each stake's vote and helps prevents situations where a minority is able to have undue influence due to the clumping of the votes towards the most popular delegates.

There is a maximum vote per delegate equal to 2x what they could receive if all delegates had an equal vote.  This means for 100 delegates, the max vote is 2%.
For the latest updates checkout my blog: http://bytemaster.bitshares.org
Anything said on these forums does not constitute an intent to create a legal obligation or contract between myself and anyone else.   These are merely my opinions and I reserve the right to change them at any time.

Offline gamey

  • Hero Member
  • *****
  • Posts: 2253
    • View Profile
Re: On 51% Attacks
« Reply #14 on: May 22, 2014, 07:22:32 PM »

I am likely confused here, but the problem seems to occur when your vote distribution is lopsided it opens the process up to being exploited by a minority.  This could be mitigated by keeping the vote distribution as equal as possible.  To do this the client software should have some form of a ordered list of delegates to vote for.  So that the one favored guy doesn't get 30% of the votes. (for example)   The list will move your vote "down the line" so to speak.  This optimizes the power of each stake's vote and helps prevents situations where a minority is able to have undue influence due to the clumping of the votes towards the most popular delegates.

There is a maximum vote per delegate equal to 2x what they could receive if all delegates had an equal vote.  This means for 100 delegates, the max vote is 2%.

Does the client instantly kick the vote back so a person can make another decision?  Or is it decided by the network and thus the vote floats around in limbo ?  You also need to give delegates some sort of name or otherwise they are just #s to people which will not lead to effective voting choices.  Names introduce cognitive biases which aren't exactly good, but it is better than a pure #.  Is the name of a delegate a public key ?
I speak for myself and only myself.

 

Google+