.png){kind=small}
🚀 Here's my new paper "Bitcoin: Censorship Resistance Against Hash Dominance"
🆕 I'm making this work public to demonstrate that even with 90% of hash dominance a state or group of states cannot censor through regulations not even a single Bitcoin transaction. They can only delay it for few blocks.
🦾 The research also for the 1st time, measures how resistant is Bitcoin to a combination of attacks against its neutrality and immutability and to which breaking point.
📺 Thanks for Richard DÉTENTE for this popularization of science video by Grand Angle Crypto that presents the main findings. I'm happy to name the attack that can break the neutrality: Detente Attack ;)
🎙️ Join me at Surfin' Bitcoin at Biarritz Aug 30th for a keynote that presents the important results of the paper:
Here's an english version of the Video vertbatim :
Here is video script translated to French to English:
And there you have it, Trump has started to delve into the topic of Bitcoin for electoral reasons but why not after all, his first reaction is of course to declare that he wants to take control of the protocol so as not to leave it to others.
Of course, because he fears nothing, he's an American. Jokes aside, as you know, we have invested millions of dollars in Data Factory, our first power farm from A to Z is coming out of the ground by early September and our first customers will be Bitcoin miners.
So it's a topic that deeply concerns us at the highest level because it is strategic for us at least until we diversify our clients to other power consumers.
Today, I have the pleasure of announcing that Michel Khazzaka has published a new paper of his own whose goal was to test the so-called 51% attacks and notably a type of attack he named the detente-attack in reference to our numerous exchanges where I strived for two years to design the most perverse attack possible against the protocol.
And to spoil the result right away, yes, it works. What you see on the screen now is the final simulation of the detente-attack with 60% control of the hashrate. The letters B represent a block mined uncensored, and when the small B's turn into small C's, it means that the blocks have been censored by a miner who controls 60% of the mining network in this case.
It's relentless, as you can see in the simulation report, 100% of the blocks are censored. Under the conditions of this attack, the neutrality of Bitcoin is dead.
But beware, if Donald Trump, the G7, the UN, or any other entity wants to take control of Bitcoin, it requires three conditions to be met.
First, implementing strict regulation for the miners who participate in the attack. Second, setting up continuous hacking of the chain known as Selfish Mining. And finally, merging the hashrate of the attacking miners at a pool level.
But if you look at it from the perspective of a state, and especially in the case of the USA, all these steps are theoretically achievable, and this chain attack would be immensely profitable for the country or international organization that manages to execute it.
Before we begin, I would like to thank Michel because I have loved our exchanges for several months on this theme of resistance to Bitcoin censorship. He gave me the chance to test my hypotheses and model them brilliantly.
It took him an insane amount of time, and today we can present results that you will not see anywhere else in the world since, as a good scientist, he first scoured the existing literature on the subject.
For my part, formulating hypotheses, trying to understand what works and what does not, and having the ability to test reality scientifically, must be one of the things that excites me the most in life.
In short, thank you, Michel.
The last point I want to emphasize is that this work demonstrates that Bitcoin is highly resistant to censorship, and this study allows us to measure, to quantify the limits of this resistance up to the breaking point.
So, let's go, let's pose the problem.
Fundamentally, what we call a 51% attack involves having at least 51% of the computing power on the Bitcoin mining network to pass a tampered transaction as authentic on the network.
Why does this attack exist? Fundamentally, what is the problem that Satoshi Nakamoto sought to solve? Since Bitcoin is a decentralized blockchain, the whole problem is to find a rule so that the network recognizes an honest transaction from a dishonest one.
But it's a scientifically messy problem that is well known under the name of the Byzantine Generals Problem for those who want to dig deeper into the subject.
And this problem does not have a clean and pure mathematical solution.
In one sentence, it is not possible to agree on the authenticity of a registry as long as there is no chief to decide what is authentic and what is not. Without centralization, it is not possible to authenticate transactions, information as being honest or dishonest.
But here it is, Bitcoin is indeed decentralized. And to achieve this result, Satoshi Nakamoto proposed a solution that does not absolutely solve the problem of the Byzantine Generals but bypasses it with an elegant recipe that allows for the most acceptable compromise possible.
And be careful so that we understand each other well, even if it's not the solution of a mathematician but rather that of an engineer who accepts the compromise, the 51% consensus on the Bitcoin network is really a class act invention.
To put it simply, and pay attention, it's very important to understand, Nakamoto circumvents the problem of the Byzantine Generals by saying, "Well, let's say that if the majority of the network agrees, that is, 51%, go ahead, it works, we consider the transaction to be honest, otherwise we'll never get out of this thing."
Well, all this being said, let's start with the most well-known attack with 51% of the hashrate, the double spend, which is also one of the oldest attacks that can be made on Bitcoin.
The principle is simple, first, you succeed in taking 51% of the hashrate in your hands, which theoretically allows you to mine a competing chain while waiting enough time. You can thus create the longest chain.
In these theoretical conditions, which do not work in practice with only 51% of the hashrate, you can make a spend, that is, you sell $100,000 of BTC to an exchange for dollars, and then you ignore your transaction in the chain that you mine.
In this way, when your chain becomes the longest, your Bitcoins reappear in your wallet because the nodes recognize a new chain that you have mined which does not include this transaction. And in principle, you can repeat as much as you want.
Well, this attack is serious in the sense that it undermines trust in the protocol, but at the same time, from the attacker's point of view, it does not hold up over time and it is not profitable.
Moreover, another interesting point, a 51% double spend attack is feasible with, for example, 40% of the hashrate, but its success becomes very dependent on luck. This is why exchanges and various operators on Bitcoin wait several blocks for confirmation because it allows to neutralize, among other things, this type of attack very effectively.
However, this is one of the advances of Michel's paper, this study allows to precisely quantify the probability of success of a 51% attack with less than 51% of the hashrate.
To conclude on this type of attack, yes, it is not the most dangerous because fundamentally, it consists of lowering the value of the protocol because Bitcoins tend to disappear from wallets without explanation from time to time and mechanically the attacker will destroy the value of the protocol he wants to parasite, and moreover for an exorbitant price.
Keep in mind that Bitcoin is designed to be uncensorable and freely accessible, so if you want to hack Bitcoin for your greatest profit, at the expense of others, but cleanly, you will have to attack on these aspects.
As a result, the detente-attack is not intended to kill the Bitcoin protocol, because a virus that kills its host has little future ahead of it, no, the subject is to think of an attack that allows to control the network intelligently to be able to exploit it to its financial and geopolitical advantage.
For example, Donald Trump could easily justify without anyone shedding a tear to censor 3 Iranians and 2 North Koreans who nobody cares about and who might rightly or wrongly be accused of being bad guys.
The goal of the detente-attack is also to establish a regulation of the protocol for the benefit of the United States for example but leaving enough benefits to the majority of users so that everyone accepts the abandonment of free access to the network and its uncensorability without too much grumbling. For example, it would amount to setting up a FAC list to put wallets of nasty terrorists on it, or to freeze wallets whose holder is under judicial investigation, just like one can freeze bank accounts, etc.
And finally, the icing on the cake, once Bitcoin is tamed, to use it as a base layer for the entire financial system so that the USA realizes monstrous savings on the payment systems industry. Here, we are talking about savings in the order of several hundred billion dollars potentially, and the mastery of an international commercial balances settlement system under American control. And I'm not even talking about all the potential of imposing the identification of wallets via what we call the kawaii-c, kawaii-b, and kawaii-t for connoisseurs, so that the USA has the greatest knowledge of the network on a global scale.
In short, the goal of the detente-attack is an attack on the international financial system in a Bretton Woods 2.0 mode, which consists of building a mining network in the USA for the USA, in accordance with the desire of Donald Trump as he stated, without upsetting 95% of the network users.
For yes, bitcoin maximalists are a small portion of the world population. And if you think that freedom is something that people as a whole will not give up, because they attach a lot of value to it, I will refer you to the sad fate that net neutrality has suffered, or to the enthusiasm of a brand like Apple, which has largely won the hearts of users while free solutions based on Linux exist.
Compliance Attack
So let's go, how to censor bitcoin? The starting point, the first step would be the compliance attack. We draw up a list of bitcoin addresses belonging to bad guys on which you want to freeze the funds.
So we start by drawing up a list that would likely be managed by the OFAC, which is already in charge of this type of list for the traditional banking and financial sector.
Moreover, the OFAC is already operating on Ethereum, you may have heard of Tornado Cash. Although the USA cannot technically prohibit you from using Tornado Cash, which is a crypto mixer, if you do it anyway and Uncle Sam finds out, you are going to have serious problems.
So, friend's advice, do not use Tornado Cash unless you want to risk getting Assange'd, if you know what I mean.
So yes, in a way, this compliance attack is already in place on Ethereum, but it does not work well technically, it censors nothing. Tornado Cash works.
So on the Bitcoin protocol, it works a bit differently because the OFAC does not have a blacklist of bitcoin addresses today, but it could do it, and other money laundering fighting institutions already have. It's a matter of time.
Thus, regulators could impose in each country lists of prohibited wallets and this is already a serious first attack on the neutrality of bitcoin.
To be precise, let's assume that the OFAC wants to censor a specific transaction. It sends the address of a wallet to all the miners who are under its jurisdiction then forbidding to include the transactions of these wallets in a block that it mines.
Let's also assume that the OFAC has under its control 60% of the hashrate via American miners. This is where many people thought that the censorship would be total. But it is not because bitcoin is no more resistant to censorship than that. This is what Michel's paper demonstrates and especially quantifies. Technically at the first block, there is a 60% chance that the transaction will be censored but nothing prevents the sender from waiting for the transaction to pass to the next block.
So, the probability of censorship goes from 60% of 60%, that is 36%, then 21%, then 12%, in short, after an hour, there is a 95% chance that the transaction has passed. The compliance attack alone causes a nuisance for the censored wallets but it is not enough to censor more than a few blocks of a transaction.
In this simulation of a compliance attack, you see that bitcoin very regularly lets uncensored blocks pass. Note lowercase B, and consequently, we can talk about a nuisance to pass blacklisted transactions, but not about censorship.
This nuisance was defined as an indicator by Michel to give it a quantifiable size. In the final report of the simulation, the nuisance noted N represents the average number of blocks to bypass the censorship. This is what happens on Ethereum, where there are blocks that are compliant with the OFAC list, but since there are non-compliant blocks that pass every day, the OFAC list has no technical impact of censorship on wallets listed as fraudulent by this administration.
At the same time, this attack costs nothing at all to set up since it is a list shared with the miners.
On this chart, you see that this compliance attack on bitcoin imposes a waiting inconvenience of about 10 blocks, that is 2 hours, when you control 90% of the hashrate all the same. In itself, this attack is neutralized by the bitcoin protocol. So one point for bitcoin.
Selfish Mining Attack
From the point of view of an attacker who would want to censor wallets on bitcoin, it is therefore necessary to go one step further. The idea of selfish mining is to mine a parallel chain with the aim of exceeding in size the honest chain to replace it and cancel all the honest blocks as soon as a transaction on a blacklisted wallet has been spotted.
And there, we are talking about a direct hacking of the neutrality but also of the immutability of the chain on a portion of it when the attack begins because all the blocks mined after the start of a hidden attack in case of success will be erased from the blockchain. So it's very serious.
However, there, if the attack fails, it means that at some point the miners will have to abandon the attack and re-anchor themselves on the chain including fraudulent transactions. So they will have lost all the value of the electricity spent during the attack plus the depreciation of the machines.
From the point of view of the attacker, a failure can therefore cost from expensive to very expensive. All this is quantified in Michel's paper according to the parameters of the attack.
So concretely, if we take the case where 60% of the hashrate is concentrated between countries that have agreed on a list of wallets to censor and who cooperate on the mining of hidden censored chains, does it work?
In the same way as at the beginning of the video, you see a simulation with 5 pools, so 5 groupings of miners who each proceed to the mining of a parallel chain to be anchored only on a compliant block. And as you can see, it absolutely does not work.
The nuisance on the network is very small and it's a disaster for the miners who respect this regulation because every time you see blocks marked B pass, which are not invalidated, it means that all the parallel chains are abandoned and that the miners on the side of the censorship have mined at a loss. They haven't touched a penny of rewards from the network during all this time.
As a result, we can say that Bitcoin also resists this double attack.
In the end, only 5% of the blocks are censored, so back to square one, all the fraudulent transactions pass quietly. However, for this exorbitant price, the nuisance has gone from 25 blocks to 4 blocks. Yippee! For the attacker, it's a disaster. So 2 points for Bitcoin.
And it's at this moment that Michel said to me, "Ah, you see that it doesn't work and that Bitcoin is really uncensorable."
And to that, I replied, "Ah yes, but wait, Michel, you divide the forces of my attack because you put 5 pools that create 5 parallel chains while they are on the same side from the regulator's point of view. And it's a bit of grouping all the attacking forces in a single pool that would be part of the compliance.
Any miner who wants to comply with the law of this grouping must mine via the Trump pool." Michel then answers me, "Ok, but be careful, that means that the detente attack is the combination of 3 attacks. A compliance attack plus a selfish mining attack plus a mutualization of forces on a single merged pool.
And that's starting to be a lot, but let's assume, I'm going to do the study. And from my point of view, it's quite plausible because in itself, it seems quite logical to me that the regulator imposes a coordination of forces in order to enforce its regulation.
But yes, indeed, it's a strong additional constraint. And that's where we get to the final result. With 52% of the hashrate, the attack passes in 100% of the cases with a delay that can be more or less long to invalidate the uncensored chain.
But with 60% control of the hashrate, it is extremely unlikely that it will take more than one day. And if we go for two days, then it's dead.
However, there is a big obvious limit to this attack, the decentralization of the hashrate. Today, it doesn't seem very obvious because the USA is concentrating the hashrate at a high speed thanks to its integration programs, particularly on the Texan electrical grid via very interesting Demon Response programs, but also thanks to very cheap energy because in extra capacity.
On the other hand, the two other major industrial poles of the world, China and Europe, have not identified Bitcoin mining as a geopolitical issue and are willingly letting the train pass.
Apart from an integration to the developed electrical network that provides a very high value-added industrial fabric, there remain the countries that do what is called off-grid mining, that is to say on pure extra capacities like in the Virunga farm in Congo which has the effect of decentralizing the mining network.
And there, it will be the subject of another video, to know if the Bitcoin mining network fundamentally tends to concentrate around the major industrial poles of developed countries or then to decentralize towards all the extra off-grid capacities. It's a whole subject in itself whose answer is much less obvious but on which we work hard at Data Factory.
To define the problem, on one side it is necessary to determine which is the most profitable between off-grid mining and good on-grid mining with an integration to the network well excited in the service of very high value-added industries.
But on the other hand, it is also necessary to see if the extra-capacity energy on the electrical networks with high added value will not be trusted by the needs of other consumers of flexible power with higher added value than Bitcoin like video rendering, weather simulations, AI, or what do I know, what we call more generally HPC, High Power Computing.
So for today, let's remember that Bitcoin is still very resistant to censorship. Abruptly having 60% or 90% of the hashrate with a compliance attack is not enough to break Bitcoin's uncensorability.
However, if we combine a compliance attack with centralized selfish mining, then we constitute the detente attack which, it, allows to censor Bitcoin at 100%.
But be careful, if theoretically Michel's paper demonstrates that it's possible, in terms of execution, it's a whole other matter. Just passing a law will not be enough.
So for my part, my confidence rate in the neutrality of Bitcoin is not 100%, obviously. How can we affirm that something is reliable at 100% but remains sufficiently high under conditions that Michel described in a documented paper so that I can defend the idea in front of any interlocutor that Bitcoin is the most uncensorable protocol we have?
But yes, I admit that I am proud like a bartabat that the attack that allows to break this uncensorability bears my name even if it actually has little chance of seeing the day one day.
Moreover, the adoption of Bitcoin is progressing rapidly in the USA.
So to better understand how bitcoinization is progressing in the USA, go see this video where we explain how Democrats and Republicans are integrating Bitcoin as a real political issue in American politics.
Valuechain Verbatim
Comments