Attack on Bitcoin easier than previously thought
It turns out to be easier than previously thought to attack the Bitcoin network, and thus to change the rules of the network. Researchers from the University of Twente presented this finding at an international conference at the end of last week. A successful attack is possible within a couple of days with just 20% of all the computational power of the network, computer scientists from the University calculated.
Bitcoin (with a capital ‘B’) is the name of the network to which all users of the cryptocurrency bitcoin (lower case ‘b’) are connected. The network uses blockchain technology, with all individual transactions appearing on blocks that are linked. In this way, a kind of trail of crumbs is created through time, recording forever which amount was transferred to whom at which point in time.
However, the size of such a block is limited, namely 1 MB. That means that the number of transactions on each block is limited, and the capacity to carry out transactions on the Bitcoin network is very limited: approx. seven per second. That is very low when compared, for instance, with the thousands of transactions per second that credit card companies carry out.
For this reason, a part of the Bitcoin community is keen to expand the capacity of the blocks. But this requires a majority of votes, and that is not yet forthcoming, as the rest of the participants want to maintain the status quo.
Now researchers from the University of Twente are the first to demonstrate that majority is not needed at all to create change. With just 20% of the computational power of the Bitcoin network, within a couple of days you can carry out an attack to enforce change.
Deeper
To better understand how that works, we must first dive deeper into how the blockchain works and into mining – approving transactions. Firstly, users are continually submitting requests for transactions. Computers on the network are constantly calculating complicated sums which, once solved, approve (validate) a transaction. The miner gains a small amount in bitcoins for this. Some 200,000 transactions are carried out every day on the Bitcoin network. Check out the website blockchain.info, which keeps a record of all the statistics.
Transactions take place at different locations at the same time, so it occurs regularly that two blocks are generated at the same time. Because the time stamp is the same, the blocks cannot be placed in sequence in the chain, but a fork arises, a split.
‘This is a completely normal process. A small split arises and new blocks can be strung onto both chains,’ says researcher Ansgar Fehnker of the University of Twente. However, because only the generation of blocks on the longest chain is rewarded, this chain grows further and the other chain remains a short stump. After about six blocks in the longest fork, this chain is considered as the main chain and the transactions are fully validated. ‘That is the reason that I always advise people to wait for a bit before spending bitcoins they've just received. It takes a little over an hour or so before you know for sure that the transaction is guaranteed.’
This is the normal state of affairs, but you can also deliberately and surreptitiously execute those six blocks in a fork. Then you mobilise a large group of miners, who often work in a pool. With the combined computational power, you surreptitiously generate new blocks with the new rules you want to use. That is not visible to the outside world.
And then comes the crux: if you have realised a sufficient number of new blocks in sequence, you publish them in one go. So, instantaneously, you add a long fork to the existing blockchain. The shorter fork now has no chance to win and a definitive fork is suddenly realised, to which the new rules apply.
Calculations by the computer scientists in Twente suggest that some 20% of the miners (read: computational power) would be enough to succeed in creating such a sneaky split. Which is why it still takes a couple of days to arrive at the necessary six or seven blocks. ‘You've got around a 20% probability with each block. So it's still a kind of lottery, and you would have to keep trying for a couple of days,’ says Fehnker. Get an impression here of the groups – pools – in which miners unite to get their computers working together on the calculations.
Theoretical
The work of the researchers in Twente is mainly a theoretical study, basically seeking to provide scientific proof that it is possible. But the question remains whether bitcoin miners would want to make that effort, just to force other agreements. ‘Most are indeed very well-behaved and simply let their computers calculate the approval of transactions. They keep obediently to the rules, as that means they earn money,’ says Fehnker.
And if such an attack on the rules of the Bitcoin network does occur by a minority, then the question is whether it would really occur unnoticed. After all, if 20% of the computers use their computational power for a couple of days, then that processing power is temporarily not used to approve transactions. This means that for a little while, transactions will take slightly longer and that may attract attention.
If you found this article interesting, subscribe for free to our weekly newsletter!