Video - Bitcoin 101 - The Nightmare of a 51 Percent Attack - Part 1 - Calculating the Costs

Proof of work is a new technology, and it has amazingly protected Bitcoin for five plus years. Still, there may be no greater point of weakness in Bitcoin. While a 51% attack doesn't appear to offer a lot of financial gain, monetary gain may not be the motive of the attacker.

In part one, we go through a cost analysis of the current hardware needed to launch a successful 51% attack to get a better picture how much it might cost. Unfortunately, the numbers are lower than expected, and most of the previously published values come in three to fifty times higher than actuality. In part two we will talk more about what an attacker might be able to do (double spending is not the worse tool at their disposal) and we prod at some possible solutions.


Hello, this is James D'Angelo and welcome to the Bitcoin, 101 blackboard series today.  We're doing part 1 on a two-part series about 51% attacks.  And in this episode, we're going to be looking at the cost of doing a 51% attack.  Now, you don't have to look too far online to see people already offering prices for you so if you go to this site right here, you get an up to the minute, up to the second cost and right now they are suggesting that the price is $758,620,805.  Well, when Bitcoins price was higher you heard things like even a billion dollars, but it's important to calculate these things for yourself and that's exactly what we're going to do.
So what are the ingredients of creating a 51% attack.  Well, the attack is mostly hardware so what you're going to need is a number of ASICS.  And remember ASICS are Application-Specific Integrated Circuits.  And these are chips manufactured at one of the world's big chip foundries, maybe in China, Taiwan, other places and the chips themselves are actually pretty small so they're less than a half inch square.  And these chips, the ASICS, the application specific thing they do is they do SHA256.  And SHA256 in the early complex algorithm, but the chip can do one SHA256# in 1 clock cycle which makes it significantly faster than CPUs or GPUs.
So really, if you were mining Bitcoins these days you are using ASICS, chips that are designed strictly for mining Bitcoins because really there's no other application on earth that needs superfast SHA256.  So once you have your ASICS, you're going to need to power yourself up, you're going to have to run these things with electricity.  They're pretty power hungry and kind of a good rule of thumb is that you're going to need about 1 Watt per giga hash.  And then you're going to need some computers, right.  This ASICS need something to connect to.  Connect to the internet, have some access to block chains, connect to a mining pool.  They're going to need something that can get them online but because most of this ASICS now being developed come with a little bit of their special hardware you can mostly just use really cheap Raspberry Pis.  And with one Raspberry Pi, you can even run a number of ASICS.
Okay, so you can just think of Raspberry Pis are very cheap computer,  Okay, so now that we have the ingredients, let's figure out how much these things cost.  So in terms of buying ASICS, there's a number of companies that are now offering sort of the fastest ASICS available and to get our baseline numbers we're going to look at KnC.  So let's hop online and here we are at KnCMiner's page and they're about to release this thing called Neptune Second Batch, which is a three Terahash miner for $10,000.  And that's really all the numbers we're going to need from KnC.  So let's go back the KnC Neptune gives you three Terahashes per second for 10,000 USD.  And so you can think of that as one Terahash per second.  It's going to cost you 3,333 USD.
Okay, so now we're missing one very important numbers as we do our calculation.  We're going to need to know the total hash power of the network.  And fortunately, that's very easy to find.  We just head over to block chain dot info right here, and we look at their chart which plots total hash power over time.  So here we are November 2013, the total hash power of the network was approximately four hedahashes, okay.  And then in January, it went up to around 10 or 11 pedahashes and then in March, we're looking at 30 pedahashes and right now a pretty good round numbers to consider that the network is at 50 pedahashes.
Okay, so the total hash power of the network today is 50 hedahashes per second.  And so we know that one pedahash is a thousand times bigger than one terahash.  So if we wanted to run a 51% attack there are two ways to do it.  The first way would be to somehow wrestle over half the hashing power from people that are already hashing, okay.  So what you would need to do to get 51% attack is you need to grab around 26 pedahashes from current miners, so you'd leave the rest of the network with 24.
And that's not perfectly 51% but for a 51% attack it's approximate that matters, all right.  You just have to be over 50% of the network and clearly if we grab 26 pedahashes we'd be pretty close to running a 51% attack.  The other way to do it is to add hashing power to the network.  So right now, it's at 50.  If we were to add 51 pedahashes to the network right now this very second, we would have a 51% attack because the total hashing power would suddenly be at 101 pedahashes per second and we would own 51 which again is not an exact calculation, but it's greater than 50%, okay.
So these are the two ways that you could do it and so the calculator 51% attack for today, let's calculate using the higher number.  Let's add on to the network 51 pedahashes today and figure out how much that's going to cost.  So the first thing we're going to want to do is we're going to want to figure out how many of this KnCMiners right here, these three terahash per second that we're going to have to buy to get 51 pedahashes.  Well, that's pretty easy.  We take 51,000 and we divide by 3.  Remember a pedahash is a 1,000 times a terahash so this is the calculation we'll need.
So let's go to our calculator and we'll type this in 51,000 divided by 3 equals 17,000.  So we're going to need to call up KnC and get 17,000 Neptune.  And we know the price of those Neptunes they are $10K a piece, okay.  So 10,000 times 17,000 gives you $170 million.  So just to get the ASICS, to run a 51% attack today we would need to have $170 million.
Okay, so the next thing we need to do is we need to figure out how much electricity we're going to need today to run our 51% attack.  And fortunately, that's also kind of available online, so we'll go to this Bitcoin mining profitability calculator.  And here hopefully it's giving you the current difficulty but it's actually not even important to know the difficulty as long as we know that we have 51% of the hashing power, Bitcoins per block again not that big a deal if we just want to run a 51% attack regardless of how much we're going to make but right now we know for the next couple years that the amount of Bitcoins that you can earn per block are 25 Bitcoins.  The conversion rates we have to get the current Bitcoin price which is around $450 and then our hash rate and clearly, I have already typed this in, but we're looking for 51 pedahashes which is 51,000 terahashes, right, and over here you can select megahashes, gigahashes and terahashes but since no one has miners that are pedahashes they don't allow that option so we wrote in 51,000.
The electricity rate is about 0.15 cents per kilowatt hour and a power consumption and so for power consumption remember we're going to assume that it's 1 watt per gigahash.  We can actually do better than that, but this will up the price if we assume 1 watt per gigahash.  And so that's fairly easy to calculate and these numbers not correct, okay.  We would need 15 million because here is gigahashes, right, here is terahashes and here is pedahashes.  And the timeframe, well, months we don't really care we can put in whatever number we want because this thing will give you the price per day and the cost of our mining hardware.
Now, remember our mining hardware cost a 170 million but since computers are required to run this mining hardware and you don't need very expensive computers at all, in fact, you can buy and much, much cheaper than you would buy the ASICS themselves.  Let's toss on another 5 million bucks worth of computing basically Raspberry Pis, okay.  So that our total hardware is going to be $175 million.  And again, that number is not truly important but let's make sure we've got thousands, millions, hundred and seventy-five.  And profitability declined per year again we don't really care.  But this thing fortunately is now going to calculate our electricity costs.
And here it is.  Power cost per 24 hours and that price is in dollars and we are talking a $183,000 dollars.  So if we wanted to run a 51% attack today now we have a pretty good price.  We've got $170 million just for the ASICS.  We've added another 5 million for the computers and now we've added electricity.  And our electricity in the United States was 183 so it's called $185,000.  So our total price is $175,185,000.
Well, what's very interesting about this is if you go and look back over here you see that they're giving you a number of 758 million and the number's changed since we started so it's keeping it up-to-date.  And so contrary to what we saw before you get a current price of running a 51% attack of $175 million, just call it $176 million, okay.  Now, a lot of people are going to have troubles with this.  They'll say you can't get all those ASICS today, the hashing power is always going up, you have to take that into account because by the time you get the ASICS, the hashing power is going to go up.  But one thing that's clear is that we're significantly less than the price we were seeing on the website.  And often we hear in talks.  People talk about a billion dollars to do a 51% attack.
The other interesting thing about this is that this price is actually gone substantially up over the past couple months.  A few months ago, this price was under $100 million.  And again, the price is going to rely a lot on announcements of KnC and the other miners, right, so if they come in with much, much cheaper miners or if their prices are going up or whatever this is going to dramatically change the ability to do a 51% attacks.  So if someone comes in with a much cheaper version of KnC Neptune which seems likely, right, you can see that the price might draw from a 160 million again to under $100 million.
So regardless of what you think about future hashing power growing or whether hardware is limited theoretically it seems very clear that for $200 million we could probably run a 51% attack.  And it seems even more likely that if we were going to use something like $600 million where we could run better than a 51% attack.  We could run a 66% or a 75% attack.  And every increase you make over 50%, allows you to go back in time and actually start tearing apart the blockchain.
And so yes, as we've suggested the hashing power is growing exponentially but there were something that counters that which is new companies are also dropping the prices of ASICS and in fact they're dropping the price of hashing power and something that's kind of related to Moore's Law.  So there's an exponential increase in hashing power in the network but there's also an exponential crease in price of ASICS.  And so this tends to leave the price of running a 51% attack about the same.
Now, one thing we have to concern ourselves is that hardware is limited, right.  If you went to KnC right now and you said you wanted to buy 51 pedahashes.  What seems likely that they won't have that on hand, okay.  So even if you have the money you might not be able to put all that online right away.  Well, one thing we have to ask right now is what happens if you're an employee of KnC?  Will you have the ASICS right when they arrive at cost and who knows what cost there is but say they're doing a 50% markup.  Well then, you know, while you're holding the chips that you might be able to run 51% attack at half price.  And that issue can be multiplied by another factor because what if you're an employee at the chip foundry, if we realized that there are actually people sitting at these chip foundries, right, the employees of these semiconductor plants and there's a number of them, right.
So list of semiconductor fabrication plants.  And you've got all these guys a lot of it are repeated right there.  You have Intel, Global Foundries, TSMC, which I think is the biggest in the world, right.  But if you're working at one of these foundries which cost billion or a few billion dollars to make, how expensive would it be for you to get control at 51% of the network.  And again, the price seems to drop consistently more, okay.  You might even be the first one to get a hold of, say, 5 terahash chip or something like that.  And if you're able to run those off at night well it's clear that you won't need to be running them off that long so you get a 51% attack or greater.
So as we talk about trust and trust list networks, we have to really consider how much we're trusting the folks who are working at TSMC, who are able to manufacture as many chips as they want, how much we have to trust the folks at KnC, right.  We've already had a lot of issues with mining companies, butterfly labs, et cetera possibly mining before they're actually sending out their product.
So again, we may not question proof of work or big mining pools but we really have to question who's at the chip foundries and what kind of access did they have to a SHA256 CHIP.  And is this really something that you need a private design to make?  No.  This is a fairly easy chip to design.  So that's one big question we really have to think about as we're looking at the future of Bitcoin.
And so we really have to consider the possibility that someone working at a chip foundry or even a group of people working at one of these chip fabrication plants could drop the price of a 51% attack to well under %20 million.  And this is troubling because whenever you go online and you see talks, you hear people talking much, much larger numbers.  Often in the billions, but certainly in the 700, 800 millions.  And if you could really run an attack for $200 million well this is dangerous.  And so we really have to start thinking about who can afford that type of attack.  Well, we know that LeBron James, Tiger Woods and number of soccer players, they're all making between advertising and salary well more than $20 million a year.  So do we have to consider them as possible attack vectors for Bitcoin.  We really have to understand that $20 million is a very small amount.
So in part 2 when we look at malicious attackers, we're going to really have to consider that, yes, for a bank this is tiddlywinks.  Remember HSBC paid $1.9 billion just in fines in December so $20 million, $100 million, $200 million, $500 million is really not that big a deal to the banking industry certainly if they were going to get together, but people talk about a sovereign like a country that feels like their financial power is going to be evaporated by Bitcoin running this attack and some of these sovereigns may have access or even control of chip foundries, but think about that, but then we have to think that even just a regular old terrorists, right, and not all terrorists are poor.  In fact, most of them are, okay.  Osama bin Laden's father was a billionaire, he was constructing half of Saudi Arabia.  A lot of terrorists have a lot of money and $29 million just starts to sound a little bit like $20 million.  Starts to look very dangerous for Bitcoin.
And certainly, if you were going to run a malicious attack you have to consider that there's more than one thing you can do.  You can add hashing power, but you can even buy up coins and as you're hitting with a 51% attack maybe will dump millions of dollars of coins at the same time to really make the price drop or and we'll talk about both of these in the next video.  There might be a way to lure miners away from Bitcoin as you're running an attack, okay.\
And the real key here is not to land us with a specific price, but it's really to start to consider how inexpensive the price of a 51% attack might be.  And then at the very end of part 2 we're going to look at some of the methods that we might be able to use.  One, proposed by Gavin Andresen in 2012 so it's almost two years ago that we could put in algorithmically to make it more difficult and more imposing for an attacker to attack Bitcoin.
So I hope this helps.  Please stay tuned for our next video when we really look at all the shenanigans that can happen with a 51% attack and it's not just double-spending some really devilish things that can be done with a 51% attack, that cannot be done with a 49% attack.  So please stay tuned for that.  And remember to like, comment, subscribe, do whatever it is you do and we'll catch you at the next video.
Written by James DeAngelo on April 12, 2014.