51% Attack

From CryptoWiki

Basics

  • Also known as the Majority Attack

Within Smaller and Larger Blockchains

"If you are a miner who has decision making control over 51% of hashing power for a proof of work coin you can execute a double spend attack. This attack basically lets you rewrite history by mining a side chain and then revealing it at some point in the future, presumably after you have received some irreversible off-chain payment for your on-chain asset. This is the most commonly discussed 51% attack but it is pretty hard to execute in reality because you need to have a sufficient amount of capital available to convert from on-chain asset to off-chain asset and you need one or more providers who are willing to make that trade. Given the cost of 51% attacking some of the larger blockchains, it ends up just not being worth the effort/cost because you simply cannot exit with enough money. Against smaller chains however we have seen this attack executed (multiple times) because you can move enough assets relative to the cost of attacking the chain to make the attack worth it."

Dash's ChainLocks

  • Dash has implemented ChainLocks which tries to make 51% attacks impossible.

"The longest-chain rule is one of the most important parts of Proof of Work based consensus. The idea is that every node should consider the chain with the most accumulated work as the locally active chain (but only if it is also valid by all other consensus rules). The reason for this rule is that otherwise it wouldn’t be possible to find consensus on which chain to extend. Nodes need to find consensus based on limited information, and the only reliable information which is viable for this is the information found from the chain of headers. Using only the accumulated work (calculable from the headers) makes sure that every node can disconnect and reconnect, and still find consensus at any time.

With ChainLocks, this rule is still in effect, but it can be overridden by a valid CLSIG (a P2P message) message. Effectively, only the members of the responsible LLMQ are fully following the longest-chain rule, as they are the ones creating the CLSIG message in collaboration. As the CLSIG message can only be created if enough LLMQ members agree, the presence of the CLSIG message serves as a proof that the referenced block was (or still is) the block resulting in the longest-chain.

This puts quite some trust into CLSIG messages and the Masternode network, but we consider this to be an acceptable tradeoff. The assumption is that the majority of the masternode network is honest, which is basically the same assumption applied to miners in a plain Proof of Work system.

The difference with ChainLocks is that miners AND Masternodes representing 51% of each of the layers would have to collude in order to perform a working attack. And even if an attack succeeded, the attackers would still not be able to cause deep reorganizations, as previous CLSIG messages can’t be invalidated by the attackers. The worst thing that could be achieved is to NOT sign blocks, which would be noticed by all nodes. Also, if any LLMQ with mostly honest masternodes signed a block in-between the attack, all previously unsigned blocks would become fully confirmed as well, making reorganizations for these impossible as well. With the current parameters that we target for LLMQs, an attacker would have to buy at least 60% of all Masternodes to get a realistic chance of success."

Notable Attacks

“More odd behavior seen on Bitcoin from Satoshi in May 2009. With over 75% of the hashrate at the time, my best guess is that he was testing out how 51% attacks would actually work,” Wicked said. He continued, “By 51% attacking the network a few times throughout this week from the 19th to the 25th.”