• 255

Other Problems


A secondary worry is what would happen if a 51% were to engage in attacks. And contrary to commonly-repeated assertions, a monopolist can engage in subtle attacks that are hard to detect.

Transaction Differentiation: A 51% miner can simply render certain Bitcoin addresses (what clients perceive as "wallets") either unspendable or highly-deprioritized unless a high mining fee is paid. This is tantamount to ransom. In effect, the miner would turn to the Winklevii, who have large Bitcoin holdings, and say "my, my, my, nice fat wallet you've got there, you'll have to attach a 1% mining fee if you want to ever spend those coins again" while brandishing the virtual equivalent of a steel pipe.

About that steel pipe: one way of doing this is a draconian "pay a high fee or else we'll not only ignore your transaction, but we'll ignore every block found by anyone else that contains that transaction." This is pretty overt and would invite scrutiny. A smart monopolist will simply keep certain transactions from the blockchain, but accede if other miners add them. Recall that a 51% attacker doesn't just have 51% of the hash power, he may brandish far more. GHash actually had a fairly sustained 55% last weekend, and there is no reason why it couldn't be, say, 80%. So a 1-confirmation transaction would suddenly take 40 minutes instead of 10.

Of course, they would not do this across the board -- if the miner is smart, they will continue to accept everyday payments from Joe Sixpack for pennies a piece, so Sixpack can proselytize on the Internet about Bitcoin's virtues, create memes, and fancy himself as one of the moon-bound early adopters.

If the miner is smarter, they would couch this in technical terms that might even sound reasonable to the uninitiated. For instance, they might hit gambling sites with higher fees, because gambling sites perform many small transactions. They would justify the higher fees "to reduce the size of the blockchain" or "to reduce the resource requirements for embedded clients" or some such. This will divide the community and neutralize an effective social response. Besides, few people would stick up for a gambling site. In short, they'd get away with it.

There is great precedent for this, because the underlying driving force is a universal phenomenon called price differentiation: every entity wants to extract more from people who have the ability to pay [†]. My colleagues Vijay Erramilli and Nikos Laoutaris have documented that online merchants do this often [‡], and everyone knows that airlines charge higher prices based on seemingly random facts (e.g. a Saturday layover) to identify the business travelers.


Perhaps most tellingly, it would be "crazy" for a phone company to drive away customers by stealing their money. But a certain large phone company, one with punctuation in its name, engages in price discrimination by constantly changing their plans: you sign up for the Friends and Family World Plan, and lo and behold, discover that they have silently jacked their prices up after 6 months. You need to call and talk to a helpful agent, who tells you that there was an announcement on some obscure web page, and they'd be happy to move you to their new World Family and Friends Plan, which has the same features as the old Friends and Family World Plan, but you have to make that call to switch. And rinse and repeat, for all variations of those three words every 6 months. They are making you play this game in order to identify the professionals whose time is valuable: if you cannot watch your statements like a hawk and call them every few months, you get hit with exorbitant fees. If you are old, infirm, or easily confused by the various numbers that do not add up properly on your bill, tough. The upshot is that poor old grandmas pay extra, while the phone company makes a bit more money on the side; some middling MBA pads his resume with how he improved the bottom line by a few percent, and conveniently leaves out the fact that he pretty much stole it from your grandparents. Did the large phone company start out their day with "let's shake down the elderly"? No, if you asked them, they'd say "Absolutely not, it'd be against our interests to exploit our older customers!" Except it isn't, because the incentives are far more complicated, and simpleminded models don't capture what's happening.

These companies are riding a differential equation, where they balance unfair profits against money lost by turning people away. There is no reason why GHash will not do the same, if not now, after it has hired a few Wharton MBAs. The backlash can be quantified, the popular effort divided, and the process managed. Why do you think GHash first achieved 51% for just 12 hours, then 12 hours and 30 minutes, then just shy of 24 hours? They were probing the public reaction, carefully treading the line of backlash versus profit. Once the masses are inured to their games, the real fun starts. Did anyone ever see a phone company reform its practices on its own? Why would they? Armchair economists who are dying to claim that a monopolistic mining pool would never do anything "against their interests" really need to think through the complex interests of a monopolist.

Block Races: Recall that miners on occasion get into head-to-head races when they both discover blocks at the same time. It's kind of like two people who scratch off winning lottery tickets, where only the first person whose ticket is seen by the public wins the entire lottery sum. Normally, the packets from the two miners will race through the network, and it's difficult to tell who will win if the two miners are approximately equal-sized. If the world consisted of two 49%ers and a 2%er, each of the two 49%ers would win these races with 50/50 odds. But if one of them usurps the 2% pool to achieve 51%, he can win all of the subsequent races. The fact that the nearest competitor is pretty close in size does not matter. A 51%er never need experience what is called an "orphan block." This will ding the profit margin of competing miners.

Selected Miner Targeting: A 51%er can simply choose to ignore, say, a few percent of the blocks found by its nearest competitor. In effect, it would be entering into a block race even though it did not find a competing block by accident at the same time -- it purposefully ignored the competition's block, and decided to push its own instead. Because block propagation is not instantaneous, it would have plausible deniability. A smart 51% would continue to mine on old blocks for 13 seconds longer, and if it comes up with a competing block in that time frame, it'd simply claim that lady luck was on its side and don't you know that it takes 13 seconds for blocks to propagate? This would reduce the profit margin of the competition.

Discouraging Miner Investment: The mere presence of a monopoly miner creates an ongoing problem for other miners: Seeing that they are in a vulnerable position, they may shift their future investments away from Bitcoin. Perhaps they'd veer towards other profitable currencies where they themselves have a chance of becoming the monopolist. This would further consolidate the Bitcoin monopoly and leave us in a deeper hole than we are currently in. The decentralized trust narrative, having already collapsed down to "we trust a single monopolist but we monitor him diligently," would have to be completely abandoned.


Selfish Mining: This has been discussed previously. It needs to be addressed before a selfish miner emerges.

Double-spends: These have also been discussed extensively. GHash actually engaged in such an attack before it reached the 51% mark, and it could do so again.

Total Denial of Service: A DoS seems counterintuitive on the surface, but it might make sense if and when a monopolist wants to take exclusive advantage of favorable exchange rates. And it can also easily happen as a result of a software error on the part of the monopolist. If the phrase "Bitcoin is down" is ever uttered, something has gone very wrong. This can happen if we allow a monopoly.