I think they are claiming it's less than 51 percent of hashpower - because they can reduce/disable the 51% by attacking some centralised points, including:
- The c20% of nodes that have outdated software could be eliminated
- The c60% of nodes that run on the three ISP's could theoretically be blocked by a nation state if those ISP's could be controlled.
i.e. it might be more like 51% of 30% = 15% of hash power, which are the 4 entities.
right, but those "nodes" are basically proxy nodes which fan out to thousands of individual miners which are actually burning the hashes. since downtime is extremely costly, i expect that those operators to have multiple geographically distributed proxy pool leaders ready to be switched on at a moments notice.
for the purposes of an entity that can be attacked, yes, the pool leaders are such... but since the pools are just proxies and the actual miners have incentives to stay online, i imagine new pools would form pretty quickly.
finally, everyone focuses on the 51% attack as the end-all, be-all. the only net effect of a 51% attack is that someone might be able to double spend. the cost of running the attack would require that the double spend be pretty massive to make it worth it, and for any massive transaction anyone prudent would wait until said transaction was quite deep in the chain before considering it done (thus requiring even more hashpower to undo it).
- The c20% of nodes that have outdated software could be eliminated - The c60% of nodes that run on the three ISP's could theoretically be blocked by a nation state if those ISP's could be controlled.
i.e. it might be more like 51% of 30% = 15% of hash power, which are the 4 entities.