The 51% Attack. What is it?
In the world of Bitcoin and Cryptocurrencies it’s not uncommon for people to come across concepts and expressions never heard of before and never get to the bottom of what they really mean. In this article I’ll try to demystify one of these concepts, shedding some light on what is known as the 51% Attack.
The topic of the 51% attack is strongly related to other concepts such as mining, the consensus protocol, orphan blocks and the double spending problem, and cannot be understood if the reader is not familiar with them. All of those concepts have been explained in previous articles (see list of relevant readings at the bottom of this page). Here I will limit myself to preface the discussion of the 51% attack with a very short introduction to these foundation concepts in an attempt to make this article as self-contained as possible. The reader is however advised to read the original pieces for a more in depth understanding of these topics.
A very short introduction
Bitcoin is a system of payment peer-to-peer based on a distributed ledger that is shared by all the participants of a network. This distributed ledger is a “record book” where all the transactions between the stakeholders of the network are recorded. The ledger is structured as a chain of blocks — hence the term blockchain — where new transactions are recorded in new blocks that are progressively added to the existing chain.
Adding a new block (with the transactions therein contained) to the existing chain requires some intense computational work. This work is called mining and is performed by special nodes on the Bitcoin network called miners. The computational power of a miner is called hashing power and is measured in hashes per second (H/s) or some of its multiples. All miners are competing with each other in a race where the winner gets to add the new block to the chain and receives in return a remuneration. The higher the hashing power of a miner the higher his chances to win this competition.
Because the Bitcoin’s ledger is distributed, i.e. every node in the network has a copy of the blockchain, it is necessary for the different participants to agree on a set of rules that allow this system of payments to be reliable and consistent across the entire network. This set of rules is referred to as the consensus protocol.
One of the issues that the consensus protocol addresses is how to cope with a scenario where different nodes ends up (although briefly) with different versions of the blockchain. This scenario occurs when two miners elongate the blockchain independently at approximately the same time, resulting in two slightly different and competing versions of the ledger. This inconsistency is resolved by waiting for a further new block to be added to either of the two chains by any of the miners in the network. The version of the chain that gets elongated first wins the consensus of the network over the other, which is consequently dumped. To go with a commonly used expression, the longest chain is king. The blocks (usually only one) that were contained in the chain that lost the consensus but NOT in the winner chain are called orphaned blocks. The transactions contained in the orphan blocks — unless they were also present in winner chain — return to the Mempool, a sort of limbo where all the unconfirmed transactions wait to be picked and included in a new block.
If a transaction (whether coming from an orphaned block or not) remains in the Mempool for too long (a few days) it is cancelled and the funds return to the wallet from which they were sent. This can potentially lead to the double spending problem, where the transaction used to buy a good or a service is eventually cancelled, and the buyer receives his funds back while keeping the good or service that was originally bought.
To avoid the double spending problem, a transactions is considered confirmed only after a certain number of new blocks are added to the chain on top of the block where the transaction in question resides. This number of new blocks is set to 6 in the case of Bitcoin.
Now we have all the notions and terminology to finally talk about the 51% attack.
The 51% attack
The 51% attack does not try to disrupt or interfere with the consensus protocol. Rather it plays along with the protocol’s rules in order to attain the effect of chancing the blockchain’s content to the benefit of the attacker.
To explain how a 51% attack would be carried out, let’s consider the following scenario. A group of miners that amount to more than 51% of the hashing power of the entire Bitcoin network decide to separate themselves from the rest of the network, while keeping the communication open within their own group.
After severing the connection with the rest of the network, this group of miners will continue their mining activity as usual, with the difference that now they wont share any advancement with the other group, nor will they receive any update on the advancements made by the other group. In other words, while at the moment of the separation the two groups have identical copies of the ledger, after the separation these two groups will start elongating their internally shared copies independently from each other.
Now, which version of the blockchain will be elongated faster? As the separating group (the attackers) has more hashing power than the rest of the network, it will be able to elongate its own copy of the chain faster than the other group. Given a certain amount of time, the difference in length between the two versions of the chain will be statistically proportional to the difference in the hashing power between the two groups.
If the separating group of miners now rejoins the other group, the two competing versions of the chain will propagate through the entire network, and, based on the consensus protocol’s rule, the nodes will keep the longer version and delete the short one. This means that all the blocks mined by the remaining group, from the time of the separation to the time of the reunion, will be orphaned, and their transactions (or at least part of them) will be released back into the Mempool.
This scenario opens the door to the possibility of double spending, in case the transactions released back into the Mempool were used to buy goods. On top of that, the group of miners that originally broke up from the network can prevent those transactions from been picked and included in new blocks as they still have 51% (or more) of the total hashing power. If these transactions remain in the Mempool for more that a given time limit (for Bitcoin is 72 hours) then they are cancelled and the coins return to their original recipients (the buyer’s wallet). This way the buyer will keep both the coins and the goods originally purchased with those coins. If the 51% attack is carried out in a planned and concerted way, the attackers could take advantage of this unresolved double spending and end up owning goods that they eventually didn’t pay for.
