A review of the power requirements for a Bitcoin majority attack
Synopsis
A common belief exists in the online Bitcoin social environment that the network is resistant to a majority attack due to the strength of its Proof of Work (PoW) consensus algorithm [1].
The resistance of a PoW consensus algorithm to a majority attack is directly correlated to the total network hashrate, which in turn directly relates to electricity usage, assuming that the total hashrate is contributed by hardware of constant efficiency [2,3].
Before Bitcoin reached the global adoption levels of today, a 51% attack seemed futile. This was in part due to the fact that most governments ignored the technology and a publicised majority attack would significantly influence the price of Bitcoin, discouraging big players. However, since a public futures market with high liquidity opened in December 2017 [4,5], the attacker now has the option of shorting the currency and reap significant financial reward from market movements should such an attack be reported. Due to regulatory resistance from most jurisdictions [6,7], a state sponsored majority attack may also be a reality now in order to demonstrate the importance of centralised systems.
This article contains the outcomes of a model with which the author challenged the common belief that a majority attack would be impractical due to the cost of electricity. The model’s accuracy is heavily dependent on the assumption that all of the network hashrate is executed by ASIC mining hardware with a conservative average efficiency of 87% [8]. It shows that the total electricity consumption of the Bitcoin network is less than 9 GW at any time, allowing a double spend with six confirmations to be executed at a electricity cost of less than R7 million (+- US $500 000).
Hypothesis
The amount of electricity utilised to maintain the Bitcoin network is not enough to discourage entities from executing a majority attack.
Background
The electricity consumed by the Bitcoin network is directly related to the underlying security of the network. The Bitcoin protocol requires a strong consensus algorithm to solve the Byzantine General’s problem since there is no presumed trust between the nodes. It achieves a near absolute solution to the Byzantine General’s problem by forcing mining nodes to stake their resources (electricity) as a promise to include correct information in the ledger. Other blockchain networks, particularly private permissioned networks where there are some form of inherent trust between the nodes, are by nature not required to solve the Byzantine General’s problem entirely and can rely on consensus algorithms that are less resource-intensive [9].
Bitcoin mining nodes compete against each other to solve a cryptographic problem. The first node to find a solution to the problem earns the privilege to decide which transactions are added to the ledger and subsequently announces the next block. Solving this problem is an independent process (called hashing) and contains no relation to the actual data in the block. The only function of this process is to add a degree of immutability to the blokchain and prevent majority attacks, since an attacker will have to possess at least 51% of the hash rate to be successful [10]. This means that the more mining nodes compete to solve the cryptographic puzzle, the more electricity is consumed and the more expensive it will be to acquire a majority of resources and attack the network [3].
Several sources estimate the current energy consumption by mining nodes. The most recent studies report total usage of 2.55 GW to 7 GW [11,12]. Comparisons of the network energy demands to countries, number of households and other financial institutions are also common [13,14,15,16].
Methodology
A model was built to calculate the collective amount of electricity consumed by all mining nodes to maintain the Bitcoin network, and evaluate the cost of a 51% attack with six block confirmations. This was achieved by referencing manufacturing data of a wide range of commercially available mining hardware and estimating their relative contribution to the total network hashrate [8].
The total hashrate of the network cannot be observed directly, but a sufficiently accurate number can be calculated from the difficulty and block solving times. Blockchain.com reported a total hashrate of 38 112 981 TH/s on 1 July 2018 [17].
Even though the hashrate can be estimated with acceptable accuracy, it remains a challenge to calculate the electricity consumption of the network since it’s impossible to determine the exact efficiency of all the contributing mining hardware. It was therefore assumed that the entire network hashrate is contributed by ASIC hardware. If any GPU / CPU mining still take place today, it was believed to be negligible.
In building the model, six different commercial ASIC miners were considered to contribute 70% to 85% of the total network hashrate. The remaining 15% to 30% of hashing power were conservatively considered to be old machines with a hashing efficiency of less than half of today’s most efficient hardware. A minimum and maximum power consumption value was considered for each miner, as reported by users on a wide range of online platforms [1,8]. Bitmain is the most prominent ASIC mining hardware manufacturer in the world, and their contribution to the total hashrate can be estimated from the mining pools they control [18,19]. With this information, it was assumed that Antminers contribute at least 70% to the total network hashrate. The mining hardware specifications are summarised below.
Results
In order to achieve a normal distribution of results, the variables “hashing efficiency” and “fraction of total network hashrate” were changed for each for the miners. Two scenarios were formed this way, namely “lowest consumption” and “highest consumption”. For each scenario, a minimum and maximum electricity usage value was calculated.
The results were as follows:
From these results, the total network electricity consumption has the highest probability of being between 5412 MW and 6301 MW, which correlates well with other studies [11]. The most conservative electricity consumption base value for calculating the resource cost of a majority attack should be 8361 MW.
Eskom, South Africa’s public power utility, generates electricity at an average of 83.6 c/kWh [20]. If six confirmations are needed to double spend bitcoin at an average block time of 10 minutes, it would require 8.4 million units of electricity at a production cost of R7 million.
Conclusions
A majority attack would require a constant power supply of 8400 MW for six confirmations, or approximately one hour. At a cost of only R7 million (+- US$ 500 000) for the electricity, such an attack is within reach of many individuals, corporates and especially governments. The only practical limitation would be to physically acquire the ASIC hardware.
Eskom typically has between 10 000 MW and 20 000 MW of spare capacity daily between 11PM and 5AM [20], which, if used will substantially lower the cost even more. If a similar power utility would have a motive for attacking the network, the cost of electricity would not be a deterrent.
This study did not take into account the challenges and capital expenditure required to procure / manufacture the hardware, which can be a topic of further investigation. Another interesting area of research would be to quantify the amount of power needed to discourage any entity from attacking the network and compare this to the demand of centralised financial institutions. A conclusion could then be drawn on the potential environmental impacts of moving towards decentralised monetary systems.
References
[1] Various. 2018. Bitcoin subReddit. https://www.reddit.com/r/Bitcoin/.
[2] Nakamoto, N. 2008. Bitcoin: A Peer-to-Peer Electronic Cash System. https://bitcoin.org/bitcoin.pdf.
[3] Antonopoulos, A.M. 2014. Mastering Bitcoin: Unlocking Digital Cryptocurrencies. 2nd ed.
[4] CME Group. 2018. Bitcoin Futures. https://www.cmegroup.com/trading/bitcoin-futures.html.
[5] CBOE. 2018. Bitcoin Futures. http://cfe.cboe.com/cfe-products/xbt-cboe-bitcoin-futures.
[6] IRS. 2014. IRS Virtual Currency Guidance: Virtual Currency Is Treated as Property for U.S. Federal Tax Purposes; General Rules for Property Transactions Apply. https://www.irs.gov/newsroom/irs-virtual-currency-guidance.
[7] SEC. 2014. Investor Alert: Bitcoin and Other Virtual Currency-Related Investments. https://www.investor.gov/additional-resources/news-alerts/alerts-bulletins/investor-alert-bitcoin-other-virtual-currency.
[8] Anon. 2018. Mining Hardware Comparison. https://en.bitcoin.it/wiki/Mining_hardware_comparison.
[9] Greenspan, G. 2017. The Blockchain Immutability Myth. https://www.multichain.com/blog/2017/05/blockchain-immutability-myth/.
[10] Eyal et. al. 2018. Majority is not enough: bitcoin mining is vulnerable.
[11] de Vries, A. 2018. Bitcoin’s Growing Energy Problem. Joule 2 [5]: p801 — p805. https://www.cell.com/joule/fulltext/S2542-4351(18)30177-6.
[12] Digiconomist. 2018. Bitcoin Energy Consumption Index. https://digiconomist.net/bitcoin-energy-consumption.
[13] Quiggin, J. 2015. Bitcoins are a waste of energy — literally. http://www.abc.net.au/news/2015-10-06/quiggin-bitcoins-are-a-waste-of-energy/6827940.
[14] Deetman, S. 2016. Bitcoin Could Consume as Much Electricity as Denmark by 2020. https://motherboard.vice.com/en_us/article/aek3za/bitcoin-could-consume-as-much-electricity-as-denmark-by-2020.
[15] Bank of International Settlements (BIS), 2018. BIS Annual Economic Report 2018, Chapter V. Cryptocurrencies: looking beyond the hype. https://www.bis.org/publ/arpdf/ar2018e5.pdf.
[16] Digiconomist, 2018. Bitcoin Energy Consumption Index. https://digiconomist.net/bitcoin-energy-consumption.
[17] Blockchain.com. 2018. Hash Rate. https://www.blockchain.com/charts/hash-rate.
[18] Blockchain.com. 2018. Hash Rate Distribution. https://www.blockchain.com/pools.
[19] Cheng, E. 2018. Secretive Chinese bitcoin mining company may have made as much money as NVidia last year. https://goo.gl/BFBdeS.
[20] Eskom. 2017. Annual Integrated Report. www.Eskom.co.za.
About the Author
Carel de Jager is currently employed in two diverse positions. He is a chemical engineer on a fossil fuel power generation plant in South-Africa, and he works as a consultant and public speaker to the Blockchain Academy Pty Ltd.
The Blockchain Academy delivers worldwide training on blockchain technology to individuals, corporations and financial institutions. LinkedIn profile: https://www.linkedin.com/in/careldejager/. Twitter Handle: @BlockchainJag
