No, you need to reject blocks that other miners who follow the right protocol put online. >50% is the amount that you need that you can reject their blocks and still have the largest chain and therefore the ability to have the most authoritative chain.
Could government use this to fight Bitcoin? Keep all the seized bitcoins, precommit to never sell any, and destroy the whole network when they have over 50%. The users would not know when the moment comes, because they wouldn’t know exactly how many bitcoins the government has currently, only that the number is always increasing...
The attack that people are worrying about involves control of a majority of mining power, not control of a majority of mining output. So the seized bitcoins are irrelevant. The way the attack works is that the attacker would generate a forged chain of bitcoin blocks showing nonsense transactions or randomly dropping transactions that already happened. Because they control a majority of mining power, this forged chain would be the longest chain, and therefor a correct bitcoin implementation would try to follow it, with bad effects. This in turn would break the existing bitcoin network.
The government almost certainly has enough compute power to mount this attack if they want.
51% of hash power only grants the power to roll back recent transactions which you sent. It does not make it possible to enter invalid transactions, to roll back transactions you weren’t party to, or to steal coins at rest. The risk is that you could receive coins, do something in response to receiving those coins, and then discover that they were clawed back. But the further back in time the transaction was, the more computationally expensive it is for them to do this.
While it doesn’t allow invalid transactions, it does enable rolling back other people’s transactions, by a combination of rolling back time and rejecting a class of transactions, such as a particular address. In particular, it allows ignoring all other miners and taking all the newly mined coins.
It’s true that the further back in time you want to rewind, the more computational resources. In particular, the further back in time you want to go, the more time it takes to accomplish the maneuver. But if you are a consortium of miners, you were going to spend these resources mining, and the total number of blocks is fixed, so does it cost electricity? I’m not sure.
The more damage you want to do the longer it takes.
Would having control of a massive number of computers for a few minutes be enough?
Definitely not. To give you a sense of scale, a new bitcoin block comes out every five minutes and it would take control of the block chain for multiple ‘ticks’ to do serious damage.
If you control more than 50% of the relevant metric can you secretly take actions that harm other Bitcoin users?
No, you need to reject blocks that other miners who follow the right protocol put online. >50% is the amount that you need that you can reject their blocks and still have the largest chain and therefore the ability to have the most authoritative chain.
Could government use this to fight Bitcoin? Keep all the seized bitcoins, precommit to never sell any, and destroy the whole network when they have over 50%. The users would not know when the moment comes, because they wouldn’t know exactly how many bitcoins the government has currently, only that the number is always increasing...
The attack that people are worrying about involves control of a majority of mining power, not control of a majority of mining output. So the seized bitcoins are irrelevant. The way the attack works is that the attacker would generate a forged chain of bitcoin blocks showing nonsense transactions or randomly dropping transactions that already happened. Because they control a majority of mining power, this forged chain would be the longest chain, and therefor a correct bitcoin implementation would try to follow it, with bad effects. This in turn would break the existing bitcoin network.
The government almost certainly has enough compute power to mount this attack if they want.
51% of hash power only grants the power to roll back recent transactions which you sent. It does not make it possible to enter invalid transactions, to roll back transactions you weren’t party to, or to steal coins at rest. The risk is that you could receive coins, do something in response to receiving those coins, and then discover that they were clawed back. But the further back in time the transaction was, the more computationally expensive it is for them to do this.
While it doesn’t allow invalid transactions, it does enable rolling back other people’s transactions, by a combination of rolling back time and rejecting a class of transactions, such as a particular address. In particular, it allows ignoring all other miners and taking all the newly mined coins.
It’s true that the further back in time you want to rewind, the more computational resources. In particular, the further back in time you want to go, the more time it takes to accomplish the maneuver. But if you are a consortium of miners, you were going to spend these resources mining, and the total number of blocks is fixed, so does it cost electricity? I’m not sure.
For how long would you have to control the computing power? Would having control of a massive number of computers for a few minutes be enough?
The more damage you want to do the longer it takes.
Definitely not. To give you a sense of scale, a new bitcoin block comes out every five minutes and it would take control of the block chain for multiple ‘ticks’ to do serious damage.
Ten minutes, on average.
Thanks.