51% Attack, the Doom of POW Cryptocurrency and ASIC Miners?

No Comments 1347 Views0

51 Attack the Doom of POW and Miners IMG 00

As the pioneer of bitcoin, POW (Proof of Work) is widely regarded as a solution integrating security, decentralization and fairness in the consensus mechanism. The stable operation of bitcoin network for nearly decade is the best example.

The only way against POW mechanism is the 51% attack —- when certain attacker controls more than 51% of all the hashrate, he can generate the longest chain singlehanded —- the attacker can make hard fork with double-spending attack anytime. It is easy to see that such an attack demands big price from the attacker, so it only theoretically exists on paper until May 2018.

Starting from this May 2018, several cryptocurrencies have consecutively suffered from 51% attacks. Let’s review the situation of each cryptocurrency being attacked.

BTG was attacked on May 18, 2018. According to the official report issued on May 24, it suffered from 51% attack; the relevant situation and solutions were also elaborated.

XVG was attacked on May 22, 2018. The official did not directly illustrate the attack in detail. The official twitter only issued a message on the 22nd that multiple pools had suffered from DDOS attack, but they did not make any response on the effect of attacks.

51 Attack the Doom of POW and Miners IMG 01

ZEN was attacked on June 3, 2018. The official website almost immediately declared the details such as the TXID, amount and wallet address of attacker during the three double-spending transaction in the attack. It declared that the official party will increase the block confirmation to improve the attacking difficulty. Such a positive attitude of responding to the crisis is worthy of appreciation!

51 Attack the Doom of POW and Miners IMG 04

Why hasn’t bitcoin suffered from 51% attack within a decade of stable operation while others currencies have within the past month? Let’s start from the “equipment upgrade” of attackers.

The Bitmain launched two ASIC miners with two different algorithms on 2018. The X3 with Cryptonight algorithm was launched at the end of March and the Z9 mini with Equihash algorithm at the end of April.

Antminer X3 Cryptonight ASIC Miner IMG 14

For the coins based on the Cryptonight algorithm, the representative currency is Monero(refer to: The Untraceable Private Crypto Currency Monero). The Monero community started the hard fork once receiving the news of launching the X3 miner, to change the algorithm for the sake of the safety of its own hash.

The Untraceable Private Crypto Currency Monero IMG 02

To sum up, the Monero community started the hard fork before the first batch of X3 miners were launched for sale, which made the amazing profits of XMR by the X3 miner come to a premature, then Bitmain had to fork out XMC for the mining workers for the sake of X3 miners.

Another currency favored by X3 buyers was ETN, whose developer was of a little hindsight. Instead of changing the algorithm as soon as possible, it only adjusted the algorithm to avoid the concentrated hashrate at the end of May, and it encountered very embarrassing situation then as shown below:

51 Attack the Doom of POW and Miners IMG 03

For instance, the nanopool owns high hashrate in ETN network. At the block height to fork, the X3 miner has to reduce the hashrate due to being unsuitable for the new algorithm, so the pool hashrate has also reduced abruptly from 400K down to 2-3K, directly resulting in too much difficulty to produce any new blocks (According to CryptoNight algorithm, the difficulty will be adjusted every 720 blocks). The ETN community was forced to turn to cloud hash service provider for help with extra payment to survive the most difficult days. With less difficulty and more mining benefits later, it could attract some GPU mining workers to support the ETN network to survive.

All these stories are about the X3 miner bringing currencies with CryptoNight algorithm. Although the ETN is a little miserable, it has survived after changing the algorithm. However, the currencies with Equihash algorithm (ZEC, ZEN, BTG, etc.) are not so lucky and they have suffered from heavy blows continuously nowadays.

The Z9mini released by Bitmain is designed for the currency with Equihash algorithm(refer to: Review and Analysis for ETH and ZEC ASIC Miners). It owns 10K sol/s hash with designed 300W power, which is equivalent to the hash of 33 GTX1060 graphics cards. The total power consumption of the latter is up to 4000W. In fact, everyone knows that Bitmain has reduced the number of chips on newly released single miner in order to avoid “excessive force”, so that the parameters look less dazzling. However, its appearance is still fatal for the currencies in the GPU mining era.

Antminer Z9 mini 10k ASIC Zcash Miner IMG 06

Therefore, the currencies with Equihash algorithm announced in early May. ZEC, ZEN, and BTG respectively declared to change the algorithm on their official websites.

The ZenCash hashing algorithm is Equihash, inherited from Zcash. Creating optimized hashing functions is done by advanced cryptography practitioners. It is worthwhile to read the original Equihash whitepaper describing how it was created and how it can be optimized and changed.

Zen has even explained very clearly about the mechanism of specific algorithm adjustment. The following contents are quoted from the official blog of Zen:

Fortunately, the Equihash algorithm is flexible enough to make changes without a complete replacement, so changes can be made relatively quickly which do not require large software development efforts.

The Equihash algorithm has parameters which affect the solution calculation, called the N and K parameters. They affect the amount of time it takes for different combinations of processing power and memory, as well as the size of the solution. The Zcash parameters that were selected before launch were N=200 and K=9. After the launch of Zcash, cryptographers determined that values of 144 and 5 appeared to produce a smaller and more ASIC resistant solution.

ASIC resistance in this case refers to requiring more memory, with the optimal amount of memory for the parameters 200,9 being about 512MB, with 144, 5 it is closer to 2.5GB. It is expensive to build memory into an ASIC miner, so higher memory optimized hashing algorithms tend to be more ASIC resistant. We can call this version of the Equihash algorithm Equihash-144-5 for differentiation.

The members of the ZenCash community do not know if the Bitmain Z9 Antminer can be modified to mine Equihash with adjusted N and K parameters, as no one has shared the actual architecture of the device. It may be a purpose built ASIC with limited internal memory, or it may be a reprogrammable cryptography optimized computing device with external memory. Depending on the architecture, changing the Equihash N and K parameter may delay Bitmain from producing a purpose built Equihash-144-5 miner for a period of time.

—- from ZenCash Statement On Potential Equihash Algorithm Change

It is a pity that some stakeholders may be resentful when they find the dilemma of no currency mining available before the new miners are launched. Also, the 51% attacks may occur before these currencies are hard forked. Because the attack of Zen has been described very clearly, we’d like to take some data for analysis.

At the time of the attack the Zen network hash rate was 58MSol/s. It is possible that the attacker has a private mining operation large enough to conduct the attack and/or supplement with rental hash power.

—- from ZenCash Statement On Double Spend Attack

Before the appearance of ASIC miner, it’s impossible for such an incident to happen, because the threshold of 51% attack is the hash of more than 29MSol/s. If the hash is 300Sol/s per GTX1060, about 100,000 graphics cards and 15,000 professional miners will be needed. The costs of launching attack with so many miners will be much higher than the benefits from the successful double-spending, so nobody will make such a fool mistake.

How to Assemble Your Own Mining Rigs with Eight Graphics Cards IMG N01

With ASIC miners, to control 29M hash only needs 2900 sets of Antminer Z9mini (take Antminer Z9mini as an example only, the attacker may use other models of ASIC miners). The ground and power to deploy 2900 sets of Antminer Z9mini are less demanding than that of the previous 15,000 GPU miners. Therefore, it’s possible to launch such an attack.

Now we can answer the previous question: The POW 51% attack has almost never happened in the past decade, how come it frequently occurs nowadays?

That’s because the emergence of bitcoin and litecoin ASIC chip is a relatively moderate evolution process. Moreover, they were the only two currencies which could be mined at the time. So, the total network hashrate was so high that it would be very costly to launch the 51% attack.

A Bitcoin Arms Race Triggered by 7nm Chips IMG 03

Now the situation is different. Many currencies can be mined nowadays. Most hash power in the network is still controlled by several leading currencies, so some unpopular currencies are less focused by the mining workers. The ZEN and BTG being attacked this time just belong to the second-tier currency with Equihash algorithm. Although the hash in the network is much lower than that of ZEC, it is still listed on some big platforms such as Binance with good liquidity, so it seems to be a good target for some malicious attackers.

Emerging New Cryptocurrencies IMG 05

Just as we have said, the hash ecology of small currencies is very fragile in the face of ASIC miners. To make a metaphor, when everyone is still using iron shovel to mine, suddenly came a bunch of people driving excavators, how can you compete with them?

In the future, it is foreseeable that communities of all currencies will pay more attention to the emergence of ASIC chips and the prevention of booming hash power of ASIC miners. Perhaps once the ASIC chip manufacturer has released the product with a specific algorithm, the currency adopting such algorithm will immediately declare to change the algorithm against the mining capability of ASIC miner(more: Rivalry Between Miners and Hash Algorithms). That’s certainly a situation unfavored by ASIC miner manufacturers and the miner buyers.

It’s believed the POW will never lose its future, but as for the ASIC miner resulting in POW centralization, it’s still very confusing to confirm its direction of development.


Leave a Reply