51% attacks aren’t a network failure

In regards to recent events on Ethereum Classic blockchain, I’ve decided to write a bit about 51% attacks since there’s a bunch of misunderstanding about them (read this medium post for a good 51% attack explanation).

In order to reach a consensus on which blockchain is the real one, every network participant agrees to follow a simple rule that the ‘real’ chain is the longest one you can find. If a node in the network could see every other node (forming a complete graph) you could just check which is the longest and accept it as a reality. Unfortunately, due to real life constraints a node is not connected to every other node and so has a limited visibility of the graph. This means that at any given time, a longer blockchain might exist that you are not aware of but the idea is that you will eventually get to the longest chain if you just follow the rule to switch to the longer one if you find it.

Chain Reorgs

Consider a scenario where we have 2 sub-graphs of nodes where a node from graph A does not communicate with any node from graph B meaning the graphs are building 2 different blockchains. Each has it’s own reality of what the ‘real’ blockchain is and if each sub-graph mines 2 blocks, eventually when they find each other one of them will be longer and the other one will be thrown away — because of the rule we mentioned above that the longest chain automatically wins. In the case if node A was longer when they met, node from graph B has to reorganize its chain which makes it lose the two blocks it mined because they are not a part of the chain of node from graph A. This happens every now and then and is a network feature. It is why we have confirmations and the more confirmations the less probability that the block will disappear along with its transactions.

Probabilistic Transaction Finality

If exchanges had confirmation times of 1 block, there would have been many double spends just because of chains finding each other but since they have a bigger number of confirmations this usually doesn’t happen naturally. There is however a way to create a longer chain than any other node in the network and abuse that. But in the end, it’s still the same process as described above ‘we just find a longer chain’ so it is not an attack on the network itself because it is a feature of how the network works — it was designed this way. The 51% attack is not an attack on the network itself but rather on ‘naive’ network participants. Whenever we make a transaction we can decide the number of blocks we are willing to wait to ‘convince ourselves’ that the transaction is set in stone. In both Bitcoin and Ethereum chains, the transaction finality is merely probabilistic. However, even though it is probabilistic, with the current Bitcoin network hashrate you can be pretty sure that waiting 30 blocks will give you a VERY nice guarantee that the transaction will stay on the chain. There’s still a very very slim chance that it won’t in case a longer chain appears that does not include the transaction but since everything is probabilistic we have to accept the risk at some point — but we can be careful and try to minimize it.

So what did we learn?

Lesson to be learned here is to be more careful about the confirmation times. Confirmation time should probably be set to give a certain guarantee relative to the amount of money that would have to be spent in order to create such a longer chain. It’s a better variable than the network hash rate because there could be another chain using the same hash algorithm with a much higher network hashrate (as is the case of ETH and ETC). Take special care if the transactions include huge amounts of money.

There’s a bunch of unreasonable FUD on twitter like the one below

At which reorg length a reorg becomes a deep reorg? Is it 10? or 30? 100 is probably deep enough? Who gets to decide this? It’s subjective and subjectivity in a blockchain is a vulnerability that calls for trouble.
So just no, it doesn’t mark a failure of immutability. Reverting the 51% attack would mark a failure of immutability. Ethereum Classic network was merely following the consensus rules and functioned correctly as designed. For better or worse, ETC doesn’t give a fuck if humans lost money.

Well said ETC, well said.