The one weakness that most people hear about when it comes to Bitcoin is the 51% attack. This is a possible attack vector that can appear when one entity has control over a large percentage of the overall network hashrate. Although the Bitcoin community tends to remain calm when it comes to the general topic of mining power centralization, everyone does usually freak out whenever a single mining pool approaches control of 51% of the network. Having said that, the number 51 may be getting too much attention in this context.
Do You Really Need 51% to Pull Off an Attack?
Blockstream Co-Founder Matt Corallo gave a talk at an SF Bitcoin Devs event where he covered some of the basics of what blockchains are and how they work. During the presentation, Corallo got into the topic of the 51% attack and how people need to understand that controlling 51% of the network hashrate is not some magic switch that makes double-spends and other nefarious activity possible. He made this point during his initial remarks on 51% attacks:
“I want to talk a minute about hash power attacks and what you actually can do with 51 percent hash power or, more specifically, what you can do with 40 percent, 45, and 51 . . . There’s this misnomer in the community that you need 51 percent [of the network hashrate] to pull this off. You really don’t, not even close.”
Corallo then pointed to Satoshi Nakamoto’s white paper where the creator of Bitcoin outlined how to calculate the probability that an attacker could conduct a double-spend through a 51% attack:
“[The Bitcoin white paper] has basic math for how to calculate the probability that someone can double-spend you with a given amount of hash power. At 45 percent hash power, their likelihood of winning — if they are trying to mine a fork or six blocks or whatever — is pretty damn high. It’s all just a probability. With 51 percent, you’re also still not guaranteed; you’re only guaranteed to win in the very long run — not for a very short fork.”
Bitcoin Users Should Do the Math
Corallo also discussed the idea that Bitcoin confirmations should not be taken at face value. In reality, a confirmation is not a black and white finalization of a transaction. The amount of work needed to reverse previous transactions simply becomes far greater and impractical over time (as more blocks are mined). Corallo warned that Bitcoin users should continue to do the math as the distribution of hashing power on the network continues to evolve:
“If you’re someone who is currently accepting coins with one block, you should reconsider that. If you’re currently accepting coins with six blocks of confirmations, you should sit down and do the math with today’s mining pools . . . It’s not as cut and dry as 51 percent [versus] 50 percent; it’s not at all.”
Don’t Be Scared, Just Be Aware
One final point Corallo made in relation to 51% attacks was that he wasn’t trying to scare users away from Bitcoin. He simply wants people to be aware of the somewhat-fragile nature in which Bitcoin works. The Blockstream Co-Founder explained:
“I’m not trying to present this as like, ‘Oh, Bitcoin isn’t secure, and we should all be waiting for 20 confirmations.’ Six is probably fine . . . and that’s why six was chosen. It’s a reasonable tradeoff. For reasonable amounts of money, it’s going to be secure — even with [the] current hashing power distribution. People should be very aware of this. Don’t just blindly follow what’s happening.”