Ninjastic
PostEdited versionsQuotes to this post
Post
Topic
Board Mining
Re: FPGA mining for fun and profit
by
MoonShadow
on 21/05/2011, 14:31:09 UTC
Quote from: Zibbo on May 21, 2011, 02:16:28 PM
Quote from: creighto on May 20, 2011, 10:13:44 PM
Quote from: Grinder on May 20, 2011, 09:23:02 PM
Quote from: kjj on May 20, 2011, 07:41:28 PM
What are the odds of getting the next block, and being able to prevent transactions that you don't approve of for ~10 minutes?  51%
You don't get it. If you have more than 50% of the mining power you can just continue searching for a valid block even after somebody else has found one before you. This way you can make sure that you control every block. This is listed in the weaknesses on the Wiki. Yes, you can technically still add transactions, but there's not much point if they'll never get confirmed.

No, he gets it, and you are still a little behind on the curve.  Having control of 51% of the hashing power of the whole network makes it possible to successfully attack the blockchain for a short period of time.  That period of time being one 10 minute interval.  The whitepaper doesn't go into detail about the odds of success of such an attack, other than to show how it's not really possible at all at less than 50%.  Having just over 50% of the network hashing power doesn't really give you very good odds of success past one block, and an attacker intending to deny transactions into the blockchain for longer than one block has to be able to be certain that no blocks can sneak in under him, for if one gets in and the next is built on top of that before he build one to overwrite that one and one on top to secure his false one then it become exponentially more difficult for him to overwrite two blocks back.  In practice, an attacker wishing to keep this up for an extended period of time needs at least double the hashing power of the network because it's like the attacker is trying to wade up river while the honest nodes are wading down river.  And even with double the rest of the network, some blocks are going to slip in and be covered up again anyway.  At which point the attacker has to choose between trying to overwrite two blocks and then write another before a third is made by the network or simply ignore the one that got away and overwrite the last one to take the network back.

If that's true, there must be some mechanism for preventing long chain splits (or rather reorganizations) that I don't know about. I mean if I have 51% of total hashing power, I can just start building my own chain in the dark, and wait for it to get longer than the "official" chain, which it always eventually will. Then I announce my chain to the rest of the network, and clients have no choice but to accept my chain as the official record of transactions. Rinse and repeat... Right? Tell me what I'm missing here. I mean sure, people will notice very quickly that something fishy is going on, but what can they do? Nobody has the authority to pick and choose from two valid chains for the rest of the network. Clients will automatically switch to the longest chain. Right??

What you are describing is a slightly different attack.  This is the double spend attack in a nutshell, and not a denial of service attack.  The DOS requires live participation in the network.

Still, it's not about the longest blockchain, it's about the one with the greatest proof of work.  But yes, hashing a false chain in the dark, so long as you have a least as much power as the remainder of the network, will eventually get you ahead of the true chain.  51% of the network still doesn't cut it, though.  This would only give you 2% more power than the rest of the network, meaning that you would only be able to get one block ahead every 50 blocks or so, and if the rest of the network continues to grow as it has for the past two years, your still a loser in less than a day.