On Fri, Apr 5, 2013 at 2:30 AM, Melvin Carvalho <melvincarva...@gmail.com> wrote: > There was some chat on IRC about a mining pool reaching 46% > http://blockchain.info/pools
The estimates on there may be a bit lossy. > What's the risk of a 51% attack. The whole fixation on "51" as a magic number is a bit confused— I'll say more below. > I suggested that the pool itself is decentralized so you could not launch > one None of the pools listed there are meaningfully decentralized— before Luke whines, in theory the ones supporting GBT could be if used in a way that no one actually uses them. P2Pool is decentralized based on the same technology as Bitcoin itself, but it's certainly not as point and click easy as a centralized pool. > On IRC people were saying that the pool owner gets to choose what goes in > the block That is correct. Though I'd point out— the major pool ops all seem to be great folks who care about the future of Bitcoin— and the continued success of their very profitable businesses: a 50% mining pool with a 3% fee rakes in 54 BTC per _day_. The more likely threat isn't that pool owners do something bad: It's that their stuff gets hacked (again) or that they're subjected to coercion. ... and the attacker either wants to watch the (Bitcoin) world burn, or after raiding the pool wallet can't exploit it further except via blockchain attacks. > Surely with random non colliding nonces, it would be almost impossible to > coordinate a 51% even by the owner That makes no sense. A centralized pool is the miner, the remote workers are just doing whatever computation it tells them to do. Certainly these remote workers might switch to another pool if they knew something bad was happening... but evidence suggests that this takes days even when the pool is overtly losing money. Miners have freely dumped all their hashpower on questionable parties (like the infamous pirate40) with nary a question as to what it would be used for when they were paid a premium for doing so. It seems even those with large hardware investments are not aware of or thinking carefully about the risks. > It would be great to know if this is a threat or a non issue It's important to know exactly what kind of threat you're talking about— someone with a large amount of hash-power can replace confirmed blocks with an alternative chain that contains different transactions. This allows them to effectively reverse and respend their own transactions— clawing back funds that perhaps had already triggered irreversible actions. This doesn't require some magic "51%"— its just that when a miner has >50% the attack would always be successful if they kept it up long enough (long enough might be years if you're talking really close to 50% and he gets unlucky). Likewise, someone with a sustained supermajority could deny all other blocks— but that attack's damage stops when they lose the supermajority or go away. More interesting is this: An attacker with only 40% of the hashpower can reverse six confirmations with a success rate of ~50%. There is source for computing this at the end of the Bitcoin paper. I did a quick and really lame conversion of his code JS so you can play with it in a browser: https://people.xiph.org/~greg/attack_success.html ------------------------------------------------------------------------------ Minimize network downtime and maximize team effectiveness. Reduce network management and security costs.Learn how to hire the most talented Cisco Certified professionals. Visit the Employer Resources Portal http://www.cisco.com/web/learning/employer_resources/index.html _______________________________________________ Bitcoin-development mailing list Bitcoin-development@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/bitcoin-development
