Different kinds of 51% attacks

Feb 16, 2019 · 5 min read

Recently, I made a blog post explaining that 51% attacks are not a network failure. While I still believe this, I think it is important to mention that there are different kinds of 51% attacks. They all do the same thing but are fundamentally different for the network participants.

Proof of Work

I like to think of an energy ball that makes sure we don’t have to trust each other. The energy balls can be of different colors (networks use different hash functions) and an energy ball can only compete with another energy ball if they are of the same color. The bigger the energy ball, the more secure the network is. The idea is brilliant and works well.

External energy attack

Image for post
Image for post
51% attack where a new energy ball appears that is bigger than the mainnet energy ball

It’s relatively easy to protect yourself as a participant of the network against these cases. Just wait enough confirmations. It’s important to note that the networks that are more in danger of such attacks are those where energy renting services provide more than 51% of the total network energy. Another unfortunate scenario is if another networks energy ball shares the same color (the same hash function) and that networks energy ball is bigger. To protect against an attack from another energy ball we know exists, alert systems could be set up that check whether these energy balls get smaller — the energy that went away could be used to attack other networks.

Internal energy attack

Image for post
Image for post
51% attack by using most of internal energy from the mainnet energy ball

The energy attack in the picture above looks the same as the external energy attack, but what is different is that the number of confirmations the network participant needs to wait to be convinced the transaction is secured can no longer be derived from the size of the energy ball — the probability of the transaction being set in stone is no longer a function of the security provided by the energy ball, but merely a function of time. To illustrate this more clearly, let’s imagine a network secured by an energy ball so big, that it amounts to 90% of the total energy spent on the planet. It’s impossible to perform an external attack in such case, but the internal energy attack is no different than if the energy ball had 0.0001% of the total energy. This is because this kind of attack is using a percentage of existing energy and can thus scale indefinitely. In this case, a network participant can only rely on time passed. The size of the energy ball does not provide any security against this type of attack. This is why I think the two scenarios are a different kind of 51% attack. Internal energy attacks might be easier to spot on networks that have shorter block times, because we could see the distribution of pools in shorter span of time and act accordingly if some pools stopped mining.

Internal + External energy attack

Distribution of energy in Bitcoin

At the time of writing, the Bitcoin energy ball looks like this

Image for post
Image for post
The current energy distribution of Bitcoin’s energy ball

Having ~10 sources accounting for vast majority of the energy seems suboptimal and increases the risk of internal energy attacks. Even if these 10 sources are controlled by good people, their systems could be hacked or they could be using the same software and that software could be exploited. In the end, I still think Bitcoin is the most secure network for transfering value with minimal trust needed, but it does look like there is room for improvement.


Ethereum Classic

The original, immutable, decentralized Ethereum chain

Welcome to a place where words matter. On Medium, smart voices and original ideas take center stage - with no ads in sight. Watch

Follow all the topics you care about, and we’ll deliver the best stories for you to your homepage and inbox. Explore

Get unlimited access to the best stories on Medium — and support writers while you’re at it. Just $5/month. Upgrade

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store