51% Attacks for Newcomers: Blockchain’s Majority Problem Explained
Author: Biz, Lead Developer at Blur
Most members of the blockchain community are very familiar with the concept of 51% attacks. Upon typing the term into a search engine, one can easily find many articles which detail the (post-mortem) impact of attacks that have occurred in the past.
But despite these numerous examples, there remains a remarkable lack of reading to answer questions such as:
“How does a 51% attack actually happen?”
“Why are these attacks possible?”
“How do network majority attacks relate to mining processes like Proof-of-Work and consensus?”
In this article, we’ll concisely describe many of the building blocks that go into a Proof-of-Work blockchain, mining, and network majority attacks.
Proof-of-Work and Mining
Mining on a Proof-of-Work blockchain is performed by repeatedly hashing select data fetched from nodes on the network.
What does hashing mean?
Hashing is the process of generating numbers with a cryptographic hash function. Put simply, hashes are the numbers that result from this function.
A hash function can be thought of like an equation. This equation can accept any data as its input, and it spits out a very large number. This very large number is your hash value. Typically, these are represented with alphanumeric characters (0-9 and A-F), and are commonly 64 characters in length.
Hash functions have some unique properties in that:
- Given the same inputs, the same number is always output.
- Changing any part of that input will result in a completely different output.*
*With a statistically negligible chance of a collison (1 in 2²⁵⁶)
These are useful properties in a lot of situations. But, especially so for blockchains.
How does this relate to mining?
When mining, the lower number results are considered higher difficulty. Difficulty is a threshold, below which these numbers must fall. Finding a lower number than necessary for a given difficulty is fine. But, larger numbers will be rejected. This threshold adjusts programmatically (by a “difficulty adjustment algorithm”), and scales up/down in response to how quickly blocks are being mined.
Each hash calculation is effectively random (similar to repeatedly rolling a die with many, many sides). More computing power allows you to roll the die faster. But, the chance of rolling a low number does not increase with each roll. These are known as independent trials, statistically.
On the Bitcoin blockchain, hash values with more zeros on the left-most side are considered higher difficulty.
On the Monero blockchain, the orientation is simply flipped (zeros on the right-most side of the hash, rather than the left).
See below for an easy-to-understand depiction, generated from Monero-based source code.
What does this mean for 51% attacks?
A common misconception is that a 51% attack requires an attacker to mine a longer chain of blocks than the rest of the network. The truth is: an attacker’s chain need only be a higher cumulative difficulty. In practice, these are often the same, leading to the misconception.
One can see the necessary distinction when considering chains of equal length (a situation that happens often on every network).
Congratulations! You now have the basic knowledge to understand a 51% attack! Now, onto the good stuff…
Why and How are 51% Attacks Performed?
Blockchains rely on the majority of the network operating in lock-step. Peers on the network continually communicate back-and-forth. In doing so, they reach agreement on a common “best” solution, by comparing their records of blockchain history. This agreement, and the mechanism by which it occurs, is known as Nakamoto Consensus. Named for the great Satoshi Nakamoto; Satoshi’s consensus mechanism is the greatest technological feat of Bitcoin.
How does consensus happen?
Recall from the earlier discussion of hash functions, that first property:
- Given the same inputs, the same number is always output.
This is known as a deterministic property (as opposed to stochastic). It allows peers to verify anothers’ solution easily and reproducibly. Consensus is reached by giving preference to the highest cumulative difficulty chain.
If two conflicting chains arise, the higher difficulty one is considered the “best” solution. Consequently, a chain reorganization occurs for peers with the inferior solution.
What motivation exists for performing a 51% attack?
Network majority attacks are (usually) prohibitively expensive on larger blockchains. As a result, one can infer that the primary motivation must be financial.
But, let’s take a moment and view the chart below, taken from crypto51.app, which tracks the hourly cost to maintain a majority of various networks:
How does an attacker recoup these costs for larger networks?
An attacker performs a double spend. This term is a bit of a misnomer. No coins are actually being spent twice… so there is no inflation occurring! Blockchain history will only reflect that one transaction took place in the end.
That’s a little confusing, so let’s break this down by steps:
- Attacker chooses a point to begin a 51% attack, and starts mining while withholding their solutions from the rest of the network.
- Attacker deposits coins from the victim chain (Coin A) onto an exchange.
- Attacker sells Coin A for Coin B on the exchange.
- Attacker withdraws Coin B from the exchange.
- Attacker keeps mining and excludes their deposit of Coin A from their local record of the blockchain.
- Once the attacker has a higher cumulative difficulty chain, they stop withholding their solutions, and broadcast their record of the blockchain to the broader network.
- Peers recognize the attacker’s blockchain as the “best” solution, and reorganize their chains in response. (The network now agrees that the original deposit of Coin A to the exchange never happened)
- Attacker now has ownership of both Coin A and Coin B, and the exchange loses custody of both.
It’s worth a note that exchanges are not the only victims in the event of such an attack. Honest miners lose rewards, and honest users can also have their transfers impacted if they occurred during the active attack period.
Mitigating 51% Attacks
Proof-of-Work blockchains are essentially built around the same consensus mechanisms that are exploited to perform a 51% attack. Therefore, few solutions for them exist that don’t belie the decentralized nature of these networks.
Because 51% attacks require a substantial amount of computing power, they are often carried out by renting hashrate. There are a number of hashrate rental services. The most popular of which is NiceHash. With that in mind, we’ll list below some of the ways to mitigate such attacks. These can be mostly broken down into three methods:
- Unique Proof-of-Work algorithms
- Alternative consensus mechanisms
- Checkpointing systems
This is the first in a series of articles to be published The Blur Network, surrounding our work on 51% attack mitigation. Feedback is encouraged as we continue writing and publishing.
Our next article in this series will detail the three types of mitigations listed above. We’ll also talk about some projects that are innovating within those categories, as we weigh the pros/cons for each approach and break things down further.
Got some feedback, or want to tell us about a novel solution? Reach out via one of our social channels below!
