Bitcoin Unlimited Miners May Be Preparing a 51% Attack on Bitcoin
Although it is hard to say how big the chance actually is, Bitcoin Unlimited miners may soon start mining bigger blocks. If they do, they will diverge from the current Bitcoin protocol to split off to a new blockchain. This could also result in two separate currencies, by many exchanges referred to as “BTC” and “BTU.”
However, it increasingly seems that not everyone in favor of a Bitcoin Unlimited hard fork wants to settle for a coin-split. Instead, several prominent Bitcoin Unlimited proponents have indicated that it may be better to ensure only their chain survives. This is probably also the only chance it has to be widely considered the “real” Bitcoin rather than a “spinoff altcoin.”
To ensure that only one chain survives, they have suggested that the (original) Bitcoin blockchain can be made unusable. That way it would die off and only the Bitcoin Unlimited chain would remain.
Specifically, if miners favorable toward Bitcoin Unlimited are able to overpower the remaining Bitcoin miners with a majority of hashrate, it’s been suggested they could launch a 51% attack.
Here is a brief overview.
Former Bitcoin Lead Developer Gavin Andresen
Gavin Andresen is the former lead developer of Bitcoin Core (then called Bitcoin-QT or simply “Bitcoin”). He has since contributed to Bitcoin XT and Bitcoin Classic. He now endorses Bitcoin Unlimited — though he does not contribute to the project nor is he a member.
Although Andresen has in the past argued that a “minority chain” would be unlikely to sustain itself, he now acknowledges such a chain could, in fact, survive. As such, he noted on Twitter last February that “preventing a minority-hashrate fork from confirming any transactions is a good idea.”
Preventing a minority-hashrate fork from confirming any transactions is a good idea. Nakomoto Consensus != unanimity.— Gavin Andresen (@gavinandresen) February 4, 2017
More recently, on Reddit, Andresen elaborated on what the most effective way to attack the original Bitcoin chain would be. The former lead developer wrote:
“It would be even more destructive to mine an 11-block-long empty chain, then wait until the slow chain gets 9 blocks until announcing it to the network. Or keep them guessing; choose a chain length at random, from 1 to some secret N, and orphan that many blocks at a time. Allow a couple normal blocks, then do it again.
“It would be impossible for exchanges to know how many confirmations were safe for deposits and would be a nightmare for their withdrawal accounting.”
Additionally, he said he wasn’t sure whether such an attack would be immoral or not.
“I’m not even sure this kind of thing should be considered immoral — majority hashpower acting selfishly for their own economic benefit (both short and long term) is the basic incentive structure that makes Bitcoin work.”
And last weekend, Andresen on Twitter further distanced himself from a moral endorsement of such an attack. Instead, echoing comments he made on Reddit, Andresen claimed to have merely been exercising adversarial thinking.
Pointing out all the ways majority hashpower might mess with a minority chain is good adversarial thinking; don't shoot the messenger.— Gavin Andresen (@gavinandresen) March 25, 2017
Though he did add that an attack is very likely to happen.
@h_msln no, not just a thought exercise, it is very likely to happen.— Gavin Andresen (@gavinandresen) March 26, 2017
Whether is is moral or not is the thought exercise.
BTC.TOP Pool Operator Jiang Zhuoer
BTC.TOP is a relatively new Chinese mining pool. Launched in late 2016, the pool currently controls some 5 percent of hash power on the Bitcoin network.
BTC.TOP is operated by Jiang Zhuoer, a former employee at China Mobile in Shanghai. Much like several other small mining pools that have appeared over the past six months, BTC.TOP has been signaling support for Bitcoin Unlimited.
In an interview with Cryptocoins News in March, Zhuoer was the first who explicitly said a 51% attack against the original Bitcoin blockchain, if it were to survive after Bitcoin Unlimited miners split off, is on the table.
“We have prepared $100 million USD to kill the small fork of CoreCoin, no matter what [proof-of-work] algorithm, sha256 or scrypt or X11 or any other GPU algorithm,” he said, of course referring to the continuation of the current Bitcoin protocol as “CoreCoin.”
The different hash algorithms mentioned by Zhuoer refer to a potential proof-of-work algorithm change Bitcoin users could deploy if the chain is attacked; a “nuclear” defense some Bitcoin Core developers have suggested may be proposed in such a scenario. (Whether this should still be considered “Bitcoin” or yet another spinoff altcoin is subject to different debate.)
“Show me your money,” Zhuoer added. “We very much welcome a CoreCoin change to [proof of stake].”
(If no proof-of-work algorithm succeeds in deterring the attack, a proof-of-stake consensus algorithm — where coin holders rather than miners vote on the longest chain — may be an alternative solution. But since this is unproven and perhaps insecure, this seems highly unlikely.)
Bitcoin Unlimited Chief Scientist Peter Rizun
Peter Rizun (better known as “Peter R”) refers to himself as the chief scientist of Bitcoin Unlimited, and has been one of the driving forces as the project’s secretary.
Last week, Rizun, along with bitcoin.com business developer Jake Smith, visited the offices of Coinbase and BitPay to promote Bitcoin Unlimited. Coming back from these visits, Rizun published a blog post on Medium. The message Rizun said he had gotten from these companies is that a hard fork to larger blocks should be “decisive and absolute.”
Rizun described three levels of “anti-split protection” that could accomplish this. The first is an explanation of how mining would probably be unprofitable on the original Bitcoin chain — decreasing the odds of the chain surviving in the first place.
The second level, however, is a type of 51% attack on a minority of miners. Once a majority of hash power signals support for Bitcoin Unlimited, Rizun wrote, the majority could reject (“orphan”) any blocks that do not signal this support.
“Miners will orphan the blocks of non-compliant miners prior to the first larger block to serve as a reminder to upgrade. Simply due to the possibility of having blocks orphaned, all miners would be motivated to begin signaling for larger blocks once support definitively passes 51%. If some miners hold out (e.g., they may not be paying attention regarding the upgrade), then they will begin to pay attention after losing approximately $15,000 of revenue due to an orphaned block.”
(It should be noted that this attack can be trivially subverted. Especially now that the attack is known, miners can, and probably will, signal fake support. Indeed, at least one small pool has literally “signaled support” with a poop emoticon.)
If the original Bitcoin blockchain survives even after these two levels, Rizun explained that a subset of miners in favor of Bitcoin Unlimited could disrupt this chain by exclusively producing empty blocks on the original chain. This would prevent any and all transactions from confirming as long as the attack is ongoing.
“To address the risk of coins being spent on this chain (replay risk), majority miners will deploy hash power as needed to ensure the minority chain includes only empty blocks after the forking point.”
And in line with the strategy described by Gavin Andresen:
“This can easily be accomplished if the majority miners maintain a secret chain of empty blocks — built off their last empty block — publishing only as much of this chain as necessary to orphan any non-empty blocks produced on the minority chain.”
(This attack can be waited out until the attacker’s funds run out, and perhaps dismantled altogether. Discussion on potential strategies is ongoing on the Bitcoin-development mailing list. And of course, there is the potential of a proof-of-work algorithm change.)
While noting that he doesn’t necessarily endorse the strategy, Rizun predicted that a coin-split would be avoided in this way: a “safe upgrade procedure,” he later noted on Reddit.
Bitmain Co-CEO Jihan Wu
Wu is a vocal proponent of Bitcoin Unlimited as well, and announced to Bloomberg that he would switch the hash power in his pool to Bitcoin Unlimited in anticipation of a hard fork — which he has since indeed done. (Though, notably, BTC.com has not.)
And in an interview with Forbes, Wu said he wouldn’t rule out attacking the Bitcoin blockchain, or, “undermining Core” as it is described in the article.
“It may not be necessary to attack it,” he said. “But to attack it is always an option.”
Thanks to Libbitcoin lead developer Eric Voskuil for feedback.