Plus, the model of BTC as “digital gold” is pretty resilient to 51% attacks: if you don’t touch your coins, no one can take them away from you. (A 51% attack can’t reassign coins.)
Of course, the price of BTC might tank in response to the news of a successful 51% attack, but it’ll probably bounce back just like every other event in BTC history.
> if you don’t touch your coins, no one can take them away from you. (A 51% attack can’t reassign coins.)
it can't generate new unsigned transactions but it can roll back the network to a state when someone else owned those coins. from a practical perspective there is no difference, you no longer have those coins.
"Rolling back" the network means successfully creating a new longest chain that forks off of an arbitrary old block.
The further back in time you to "rollback" to, the less probable it is for the 51% to successfully mine all those needed blocks to get up to par with the existing longest chain.
Realistically speaking, this sort of attack is highly improbable.
> The network nodes only accept the first version of a transaction they receive to incorporate into the block they're trying to generate. When you broadcast a transaction, if someone else broadcasts a double-spend at the same time, it's a race to propagate to the most nodes first. If one has a slight head start, it'll geometrically spread through the network faster and get most of the nodes.
> A rough back-of-the-envelope example:
1 0
4 1
16 4
64 16
80% 20%
> So if a double-spend has to wait even a second, it has a huge disadvantage.
I'm not sure anyone has put the infrastructure into place, though.
Oh, you're probably right. It seemed related because the further back an adversary wanted to roll back to, the more hash power they'd need to get ahead. But it's a different category.
I wonder if there has been an analysis of how much hash power you'd need relative to how many blocks in the past you'd want to roll back.
If you have 51% of the power, you can roll back everything if you spend enough time on it. If you have 30%, you have a 4% chance of being able to catch up from 10 blocks behind, even if you spend infinite time on that specific fork.
I'm curious, has anyone done any back of the envelope calculations on this?
Let's say the US Government started a side-chain starting at the very first transaction and has kept it within it's own firewall, and has been mining for years at optimal difficulty levels so that they have to put in the least amount of work. Which now that I think about it, would just be difficulty 1, and the only reason to go above difficulty 1 would be because you started after the original chain, and you would only up the difficulty right before you were going to release it to the public.
Could they at any moment open it up and everyone would move over to their chain since it is the longest, where suddenly the US Gov owns every single coin and there's never been a single transaction?
You'll need way more hash power for that. Remember if you have 51% hash power, you'll be able to do the 51% attack roughly half of the time.
To rollback the Bitcoin chain, you'll probably need 90-95% of the hashing rate to eclipse all other miners. That requires that the other 50% becomes 5%; or in other words you multiply your hash rate by 10. Which is not even remotely possible.
Couldn’t you retransmit the transaction to the nodes (assuming you had a copy of the old
blockchain) and assuming let’s say Kraken/Coinbase etc isn’t wanting to profit from the attack and already spent it to another address,
you can receive the funds “again”
Of course, the price of BTC might tank in response to the news of a successful 51% attack, but it’ll probably bounce back just like every other event in BTC history.