Are 51% Attacks a Real Threat to Bitcoin?
While mining pools offer better returns for miners, they have caused concerns over their power over the bitcoin network.
Ghash.io, one of the largest pools of individual bitcoin miners on the network, continues to cause headaches for bitcoin supporters who believe the mining process should remain decentralized and free of control from any single influencer.
To date, Ghash.io has twice come dangerously close to obtaining 51% of the bitcoin network's hashing power. The popular pool was able to gain 42% of the network in January, and, just last week, the pool reached a worrying 50%.
In theory, obtaining a majority of network power could potentially enable massive double spending and the ability to prevent transaction confirmations, among other potentially nefarious acts.
However, despite widespread concern about the vulnerability of the bitcoin network to large mining pools, there remains no easy solution to the issue.
Putting aside the ideological quandaries posed by the issue, many individual miners believe bigger pools can provide them with the best financial rewards – an important consideration given the substantial investment in power and computing equipment the process can require.
Rewards remain the primary reason pools are important. With the increasing difficulty of any one miner actually mining a block of bitcoin and vast competition, given the expanding number of individual miners, a miner attempting to go it alone risks never being able to solve a single block in today's mining market.
Still, Ghash.io has succeeded at moving the issue of this perceived vulnerability in the bitcoin network to the forefront of the conversation, and solutions are emerging from the debate that could potentially reduce the power of mining pools on the bitcoin network.
The Ghash incentive
Further to support from individual bitcoin miners, industry observers also recognize that mining pools have become a force in the ecosystem due to practical considerations inherent in the mining process.
Dave Hudson, chip architect with mining technology company PeerNova, told CoinDesk that he understands the comfort large bitcoin mining pools can provide miners in the form of steady payouts and rewards that come in equal and predictable amounts.
Miners are looking for solid return on investment, and Ghash.io further entices by not charging any fees for participating. Thus, miners are ability to obtain monetary benefit with little risk or additional cost.
Despite Ghash.io's size, little is known about the company, aside from its relationship with CEX.IO – a trading exchange that uses the Ghash.io pool for cloud mining as well as gigahash trading.
So far, Ghash.io has argued against quick fixes to the problem, instead focusing the conversation on the larger issue that mining pools, by their very nature, are growing.
Now, given its involvement and the negative perception around Ghash.io, CEX.IO has entered the conversation, publicly voicing its stance on the issue of the 51% issue.
Should Ghash.io, become smaller, CEX.IO reasons, miners may simply form another equally large pool, thereby simply creating the same problem elsewhere.
CEX.IO Chief Information Officer Jeffery Smith said in a recent blog post that while the decision by large industrial miner BitFury to move to another pool in light of the issue is helpful, it's only a stopgap solution for the time being:
It's also unknown how problematic this shift could be given that the size of many mining pools is unknown.
For instance, the 'unknown' pool normally seen in network charts that currently has 26% of total hashing power.
Some observers think that 'unknown' is a collection of private pools, while others see it as one single entity – it’s a murky subject that has caused much discussion as to who or what it represents.
Mining pool operators, while trying their best to stay out of the limelight, do still have to utilize the block chain, however, meaning work could be done to shed more light on this part of the industry. Further, major names in the bitcoin space are advocating for such community action.
Help us improve @blockchain’s mining pool identification by submitting known tags or mining addresses via PR here: https://t.co/IasBYaUF4G
— AndreasMAntonopoulos (@aantonop) June 19, 2014
Hudson, the PeerNova chip designer, says that while Ghash.io and the ‘unknown’ pool are concerns, they could theoretically be tracked down with some effort:
Influence of industrial mines
Together with the rise of large mining pools, bitcoin has also seen the consolidation of mining equipment into large industrial mines, some of which – like MegaBigPower in the US – have been estimated to churn out $8m a month in bitcoin at peak prices.
ASIC mining designer BitFury is one such industrial mine that is able to exert control over mining market. It also notably provides equipment to other industrial mines, including MegaBigPower.
Niko Punin, Head of Product Development for BitFury, told CoinDesk that the company's chips power around 40% of miners today. It's notable that BitFury has become vocal and proactive about the issue of possible 51% attacks, given its ability to potential to take the lead on any potential solution.
Speaking to CoinDesk, Punin reiterated his company’s stance that Ghash.io, while lucrative for miners because of less margins as a result of no fees, still needs to have a smaller share of network power:
In fact, removing its 1PH/s of power from the pool has helped to bring Ghash.io’s share of the network down to just over 30%.
Furthermore, BitFury itself is also in the process of making its influence better known to the larger bitcoin community, following the $20m it recently raised in funding.
The investment will help BitFury to build out its operations and, many hope, continue to be an influential check to the balance of power among the larger pools like Ghash.io.
The 51% debate
For now, though, there remains a heated debate around whether there should be cause for concern, should one mining pool grow to comprise more than 50% of the bitcoin network.
Hudson has been studying the current state of bitcoin mining as part of his work at PeerNova, the mining conglomerate that formed as a result of a merger between hosted miner service CloudHashing and hardware designer HighBitcoin.
Hudson believes, along with thought leaders in the industry such as Andreas Antonopoulos, that possessing 51% of network power is not enough to enable an all-out attack.
In theory, one might be able to affect the next block or two, launching a double-spending attack by holding on to enough power to confirm the majority of transactions. However, this would take a huge amount of expense and effort and, should a big double spend be attempted, the data would likely appear on the block chain for all to see.
Worse, such an attack could possibly destroy the integrity of the system as a whole, causing the price to crash. This is not something anyone with a vested interest in bitcoin would want – especially miners, whose profits depend largely on the price of bitcoin being high. Hence, there is no real incentive to attack the network.
Furthermore, as Antonopoulos points out, should a pool try to mount such an attack, bitcoin's core code could be changed to destroy that company's business. It just wouldn't be worth the risk on several levels.
However, the larger philosophical debates are now yielding to real action on a grassroots level.
Bitcoin Foundation chief scientist Gavin Andresen recently advocated on the non-profit's official blog for miners to use more decentralized practices in order to prevent any sort of pool majority from theoretically taking over the network.
is decentralized mining pool software, that, working in combination with the bitcoin client and mining hardware, will complete proof-of-work through bitcoin nodes.
This is similar to the way bitcoin itself is designed to confirm transactions through nodes on its network.
The P2Pool software is free and while it requires a bit more work to configure than just using a pool, it is a better network protection method over mining with Ghash.io.
P2Pool is also competitive from a cost perspective, as it only has a 1% optional fee for development purposes, while potentially appealing to bitcoin purists who favor decentralization.
P2Pool, or any decentralized pool solution for bitcoin mining, though, is only as good as the number of people who are using it. This means that until miners flock to them, they will have the same amount of volatility as small pools currently do.
It’s up to the miners to decide: More centralization with large pools, or less with smaller or distributed ones?
In the end, options are open. If the mining community wants to keep the network distributed, that's a choice made for the future of bitcoin's decentralization, the foundation many argue it was originally built upon.
Travis Skweres, co-founder of the CoinMKT crytpocurrency exchange, agrees that the Ghash.io issue is a long-term problem that needs a solution:
It’s no wonder, then, that Skweres' exchange is trying to manage bitcoin's vulnerabilities. With CoinMKT also offering a wide choice of altcoin trading pairs, the startup is hedging risk against bitcoin's potential problems down the line as a result of centralized mining.
Distributed bitcoin image via Shutterstock
The leader in news and information on cryptocurrency, digital assets and the future of money, CoinDesk is a media outlet that strives for the highest journalistic standards and abides by a strict set of editorial policies. CoinDesk is an independent operating subsidiary of Digital Currency Group, which invests in cryptocurrencies and blockchain startups. As part of their compensation, certain CoinDesk employees, including editorial employees, may receive exposure to DCG equity in the form of stock appreciation rights, which vest over a multi-year period. CoinDesk journalists are not allowed to purchase stock outright in DCG.
Learn more about Consensus 2024, CoinDesk’s longest-running and most influential event that brings together all sides of crypto, blockchain and Web3. Head to consensus.coindesk.com to register and buy your pass now.