Different proof-of-work mechanisms and several altcoins that have been hit with a 51% attack

realityJonathan Levin was recently interviewed by CoinTelegraph.  One of the notable remarks was the following:

CT: You also mentioned at CoinSummit that Proof-of-work model may not be here to stay. What would you think would be a viable alternative which could be created should the popularity of Bitcoin explode in the next few years?

JL: I think the concept of proof of work is always going to be here to stay. Whether this proof of work will be running a hashing algorithm like SHA-256 or something different remains to be seen. I am a big fan of other forms of proof of work that can be combined with or replace the proof of work that Bitcoin uses. An example of this could be proof of solar power generation. There are many great minds thinking about this problem and I am sure there will be some interesting developments over the next year.

While I think that most proof-of-work (as seen so far) generally leads towards centralization (due to economies of scale), perhaps there will be solutions in the future (though I suspect that is not the case because of MV=MC).

With that said, there are several different types of proof-of-work mechanisms used in cryptocurrenices today:

  • SHA256d which is used in Bitcoin and numerous clones (good thread on StackExchange) and is based on HashCash
  • scrypt which is used with Litecoin, Dogecoin, Feathercoin and numerous others
  • X11 used notably with Darkcoin
  • Dagger which may be flawed but was intended to be used in Ethereum
  • Kimoto gravity well, which adjusts difficulty, is used with Megacoin (explanation here and here)
  • Other experimental variations include: Scrypt-N, Scrypt Jane, Groestel (Grøestl), Keccak, and Quark

Based on my blockhalving article, I received an email yesterday about the potential for a 51% attack on Bitcoin and other chains:

I’ve been told that the system is secure because anyone with the computational power to conduct a 51% attack would just mine instead. If all coins are mined and there aren’t high enough transaction fees then you lose that argument right?

In theory, you would think that is when the network was the most vulnerable but in practice there are numerous chains that become extinct long before coins (or the money supply) are completely divvied out and are actually never hit with a 51% attack.  A joke I heard last year when I helped build some mining system for a few friends is that most altchains do not survive their second halving.  While no one has yet to actually do the empirical study on this, the truth is (at least back in spring of 2013) probably pretty accurate.  If you spend any amount of time in the announcement alt thread on Bitcoin Talk most new chains are pumped and then dumped by a coordinated few (like Fontas).

When prices enter a prolonged bear market there are fewer incentives for miners to stick around to provide security and thus the chain is abandoned even before halvingday.  While there are several reasons why someone would spend the costs to actually attack a dying chain — to test out their old equipment (or “LULZ”) — I do not think any research has been published yet that categorizes the various empirical examples of such deaths.  If anyone is interested in reading about early attacks, I highly recommend reading through ArtForz‘s posts on Bitcoin Talk.  He figured out all sorts of exploits with some of the early alts like i0coin and SolidCoin.

Below are five chains that have been known to be hit by 51% attacks, I’m sure the actual number is in the dozens at this point:


There are other cheaper ways to attack the network that don’t require achieving 51%.  One is simply with social engineering: since there are only a small number of Bitcoin pools (roughly 12) you could go the old fashioned route and blackmail them, physically attack the locations, regulate them, etc.  But those can happen with other types of information security too.  Dave Babbitt is finishing up his master’s thesis and he has an interesting statistic that I will be sure to post once it is published.

As far as Dogecoin goes, something to keep in mind is even if it is temporarily profitable (or less costly) for Bob’s Litecoin Farm to attack the chain creating a loss-of-confidence in dogecoin, those dogecoin miners that leave the network could end up on Litecoin, creating new competition for Bob.  So while it would hurt the confidence in Dogecoin, those profitably able to hash on Litecoin would likely create more headaches for Bob than is worth the effort.  But not all miners think in these terms.

[Note: as of this writing the Dogecoin hashrate is ~40 gigahash/s versus roughly 220 gigahash/s for Litecoin.]

With that said, in reading through some of the comments from the article yesterday, Stephen Gornick posted the following hypothetical:

A 51% attack for the purpose of double spending against the exchanges would need about $5M worth of the new Scrypt ASIC hardware mining away on a private fork of the Dogecoin blockchain. LIkely even less than $5M is necessary as a successful attack will likely involve DDoS’g the existing pools such that the total hashing on the public chain is lowered.

Additionally, the attacker doesn’t need to invest $5M just on this attack. Those Scrypt ASICs are only needed for about an hour — and can go back to mining Litecoin or whatever after the attack. So all that is needed is to direct $5M worth of hardware to the private Dogecoin blockchain fork for a short time until the aim of the attack (sell Dogecoins for bitcoins, litecoins or other non-reversible payment method, then withdraw the funds) is complete.

Stephen is probably correct, though, again a 51% attack is probably best described as an opportunity cost attack.  That is to say, what other more profitable and productive effort could the systems you are using to attack with have been used for instead?

This topic is a never ending and there are many interesting papers, threads, articles, videos and podcasts covering the same topic from multiple angels.  Perhaps Dogecoin will stave off any such attack.

Leave a Reply

Your email address will not be published. Required fields are marked *