Since the bitcoin was created five years ago, one of its defining security characteristics has been that due to high production costs and the popularity of the cryptocurrency, it was theoretically improbable that a single person or entity could claim majority control over the bitcoin. This, in effect, prevented the creation of a centralized authority, keeping the cryptocurrency democratically-controlled and free of any semblance of governance.
Last week, GHash — which billed itself as the “#1 Crypto & Bitcoin Mining Pool” — became the first mining pool to effectively contribute more than 51 percent of the total bitcoin cryptographic hashing output at one time, for spans lasting as long as 12 hours. For many in the bitcoin community, this constituted a doomsday situation.
“A 51 percenter can control which Bitcoin transactions happen,” wrote Ittay Eyal, a postdoctoral researcher in Cornell’s Department of Computer Science, in an email to Ars Technica. Cornell University had previously published the findings of research into bitcoin security, suggesting that the 51 percent majority issue was a critical flaw that must be resolved.
“It becomes a monopoly. It can set arbitrarily high transaction fees, for example, or even extort someone to allow them to perform transactions. It could block or delay all transactions but its own. One of Bitcoin’s goals was to be a free system, independent of anyone’s control. With small pools, no one has this kind of control. With a 51 percenter, there is,” Eyal’s email continued.
With a ”51 Percenter,” independent verification of all transactions is impossible. In theory, a “51 Percenter” can double-spend its own bitcoins or block the registration of new bitcoin blocks or transactions. A “51 percenter” could also impose fees on new bitcoins or transactions, control the effective price per bitcoin or disqualify individuals from using their bitcoins.
GHash
While the threat of the existence of a possible “51 Percenter” is significant on its own, the notion that the “51 Percenter” is GHash has not alleviated fears. “Rapid growth of GHash.IO mining pool, seen over the past few months, has been driven by our determination to offer innovative solutions within the Bitcoin ecosystem combined with signifificant investment in resource,” read a Tuesday press release from GHash, in which the mining poll attempts to address concerns of its recent run as majority bitcoin processor.
“Our investment, participation and highly motivated staff confirm it is our intention to help protect and grow the broad acceptance of Bitcoin and categorically in no way harm or damage it. We never have and never will participate in any 51% attack or double spend against Bitcoin.”
This statement followed another statement in which GHash asserted that it is actively preventing an accumulation of hashing power over 51 percent. It came out roughly the same time GHash maintained 51 percent of the hashing power for 12 hours.
Additionally, GHash has been accused of double-spending its mined bitcoins at a number of online casinos in a form of a “past-posting” con — the player would play a game at an online casino, using personally-mined bitcoins. If the player wins, then nothing happens.
If the player loses, however, the bitcoin is double-spent. Bitcoins and bitcoin transactions are stored in a public database known as the blockchain. As the blockchain is open and automatically updated, it is considered a reliable double-check on the history of a bitcoin’s transactions.
If a hacker was able to produce enough processing power, he or she could create a fraudulent fork in the blockchain. As bitcoin wallets are programmed to seek out the fork with the most activity, a hacker could create a fork that is rebuilt at a rate faster than the original blockchain in order to draw transaction logging to it. If the hacker spent his bitcoin with the transaction on the original blockchain, he would be able to use the same bitcoin again once his fraudulent fork is operational, since the original transaction is not present on the new fork.
The “51 Percenter” threat
So, in theory, a hacker with enough computational capability can use his bitcoins repeatedly, rendering the bitcoins useless monetarily. In addition, a hacker can use the fraudulent blockchain to block transaction confirmations and reverse his own transactions. In a nightmare scenario, a “51 Percenter” can opt to block miners he or she does not like from registering their bitcoins to the blockchain, driving them out of business; allow merchant access to the blockchain as he or she fits; and limit bitcoin mining to his computers, thus monopolizing bitcoin profits.
While “51 percenting” cannot be used to steal bitcoins that did not originally belong to the hacker and it cannot easily change historical transactions, it can be used bring new bitcoin transactions to a halt, effectively collapsing the bitcoin market.
However, many argue that the fear of the “51 Percenter” is overstated and represents a correctable flaw in the bitcoin protocol.
“There are dangers in having concentrated power with influence over Bitcoin and it should be remedied for certain. No damage has been caused by this but it is clearly a priority to find a solution,” Bruce Fenton, president of the Bitcoin Association, told MintPress News.
“The age of decentralized money is here to stay and new mechanisms to avoid centralization must be created.”
Rethinking bitcoin security
The GHash situation, however, undermines a core philosophy for bitcoin use that the technology itself would be a hedge against human greed. Many who use bitcoins do so because the cryptocurrency is truly without centralization — its value is based on trading volume, there are no banks to limit the circulation of the currency, and while there are means to trace a bitcoin’s use, the bitcoin is practically anonymous. However, with the collapse of Mt.Gox and with the rash of bad actors that have plagued the bitcoin recently, the suggestion of a “51 Percenter” that can act as a central authority may be too much for the casual bitcoin user.
While it cannot be argued that GHash actually has 51 percent of the computational capacity for the cryptographic hashing community, it can be argued that the group is likely to be close. During the group’s runs as a “51 Percenter,” it is possible that there was not a significant level of processing activity happening elsewhere in the community, but it should be noted that the group hit the 51 percent mark twice. This suggests capability in excess of the 40 percent the group was thought to be capable of.
In order to address the “51 Percenter” threat, the community would need take a number of actions. It would need to change the bitcoin protocol so that blocks are restructured to disincentive mining pools, or networks of computers working in parallel to help solve the bitcoin algorithm quicker. It would also need to close the possibility of “selfish mining” attacks, in which stronger miners hoard bitcoin blocks from weaker miners by not disclosing discovery of them, and improve visibility to make any attempt to manipulate the blockchain more noticeable.
However, the very efforts being proposed to save the bitcoin may be interpreted as efforts to control the bitcoin and to disincentivize mining.
“I think that, as a rule, that bitcoiners are very sensitive to regulations,” said Stephanie Alexander, a director with the law firm Tripp Scott.
Alexander has written extensively about bitcoins and their use in the legal community. “If there was some forced changing in mining, it would be met with some considerable measure of resistance,” she told MintPress.
“However, there have been changes to the bitcoin protocol, because the Bitcoin Foundation and others look out for the need for changes to the underlying program. So, because bitcoins were the first cryptocurrency, it highlighted some of the issues that could come up and has been a great model. Because of how it was modeled, it has been easy to discern what parts have been working better than others; but, there is room to better some of the less-than-optimal components of the bitcoin ecosphere if it is done wisely and done by the stakeholders.”
Ultimately, the “51 Percenter” issue is one that must be resolved if the bitcoin is to survive. As Eyal and co-researcher Emin Gun Sirer wrote in a blog post Friday, “Overall, there is absolutely no reason to trust GHash or any other miner. People in positions of power are known to abuse it. A group with a history of double-expenditures just blithely went past the 51% psychological barrier: this is not good for Bitcoin.”