## Does Bitcoin's SHA256 proof make a 51% attack more likely?

1

1

Ethereum's description says that Bitcoin's mining algorithm requires only a simple SHA256 computation, which caused the creation of specialised ASICs, which centralizes mining in the hands of a few actors (ie. ASIC manufacturers), making 51% attacks much more likely.

Is that right?

SHA256 >>> ASIC >>> Centralized mining >>> 51% attack?

## Answers

2

The algorithm used proof of work itself doesn't make an attack more likely. The reason why we are seeing SHA-256 ASICs but not scrypt is that Bitcoin has always used SHA-256 until now, and Scrypt and other algo-based coins have not had the value proposition of creating an ASIC make sense yet. This will come with time, but if anything would mean the opposite of a 51% attack.

The more developed mining becomes, the more expensive it is to make an attack happen. At this point an attack would cost millions and have a low chance of success. At the same time, if an attacker is successful, many people will sell their coins (and stop buying), pushing down the price. Depending on the attacker's motive, this may be an issue, but once the attack stops the network can continue to mine as it did before the disruption.

If anything, an attack gets more expensive the more specialized a technology gets, and I would be surprised to find any person/company investing in ASIC technology to want anything bad to happen to the network. After all, they just spent thousands of dollars on something which can ONLY mine SHA-256 currencies such as Bitcoin.

What do you mean by "Bitcoin has always used SHA-256 until now"? Bitcoin still uses SHA-256. – John T – 2014-03-17T18:20:25.667

Yes, it still uses SHA-256 but this could change should there be an issue with the security of it. – Mark – 2014-03-17T18:27:49.363

2That's true, but the "until now" will confuse people or even suggest that SHA-256 isn't being used. – John T – 2014-03-17T18:43:09.750

5

I think what most people making the 51% attack argument for memory hardness miss is that the base unit is meaningless when you're talking about percentages. Whether your mining algorithm is implemented with ASICs, consumer hardware or well-trained Rhesus monkeys it matters little - to launch a 51% attack you must amass enough ASICs, consumer hardware or Rhesus monkeys to represent 51% or more of the available power. This, in turn, becomes an economics problem and is far more affected by the scale of mining operations as a whole than by the specifics of how that mining is done. If three networks are mining using $1,000,000 worth of ASICs, CPUs and Rhesus monkeys, including those you control, your portion needs to exceed$500,000 worth of the underlying resource regardless of its nature.

The fear that this will occur automatically as one manufacturer comes to dominate the space is perhaps slightly more realistic, but it's a real fear in memory-hard altcoins as well since most of that consumer hardware is also made by a mere two companies: Intel and AMD. These companies may not care much about the coin you're mining today, but in the sort of world where ASIC manufacturers represent a threat to Bitcoin CPU manufacturers would represent an identical threat.

The article also dismisses the "botnet mining" argument by saying that the botnets would likely not be used to attack the coins and completely ignores the crux of the argument: That people are mining on botnets. If someone is stealing CPU cycles from my system I'm not particularly concerned with the ends, I'm more upset about the means. That Bitcoin's ASIC acceleration has made botnet mining all but impossible is, in this sysadmin's view, a positive thing.

Finally, the entire democratization argument hinges on the entirely false premise that if mining only uses general purpose hardware that people will only mine with the hardware they already have. It also neglects to account for the decreased lifespan of that already-existing hardware due to mining's extraordinarily heavy use of the resource. People can and do build additional computers for the sole purpose of mining and every computer used for mining lives a shorter lifespan than one used for casual browsing and office tasks. Mining power will still centralize because this is the nature of our economy, not of our technology - those with more money will always buy more hardware. Also, Bitcoin ASICs are only expensive because they are new. ASIC cost is almost entirely in the R&D process, which leads to a price curve whereby products become dramatically cheaper with time. The image processing chip that runs the camera in every cell phone was once new, expensive and high-tech too. Give it time.

But in the end, it is the economics, not the technology, that makes a mining algorithm secure. The nature of the hashing algorithm chosen has some interesting effects, certainly, but assuming neither algorithm has an exploitable flaw (which is less likely with widely-implemented algorithms like SHA256) the question inherently boils down to "how much would it cost me to become 51% of this network" and the resulting answer is the same whether you're mining with ASICs, CPUs or GPUs... Or Rhesus monkeys: To represent more than half of the network you must more than match the existing power of all equipment (or primates) used to mine it. If the mining equipment currently on-network is worth a million dollars, you have to spend at least a million and one.

1

Except one, most ASIC manufacturers are not using the machines they create to mine themselves - they sell them (either for fiat or for BTC) and thus get a rapid return on their investments plus a predefined profit at a low risk. Their clients absorb all the variance and uncertainties of the mining process and theoretically can reap all the rewards as well, which can be either much higher than the manufacturers' or a net loss.

SHA-256 vs. scrypt (and its derivative algorithms) certainly eases the creation of ASICs by about an order of magnitude, so had Bitcoin used scrypt from the very beginning probably (this is speculation on my part) ASICs would've taken some months longer to come to the market in spite of BTC's price increases.

As BTC mining becomes increasingly competitive it'll indeed tend to become much more concentrated, increasing the possibility of mining cartels appearing - I worry about cartels more than 51% attacks.

I'd worry even more should most of the mining move to Iceland for its abundant, cheap geothermal power and frigid air - imagine what could happen should 70% of mining be done over there and the island suddenly loses Internet connection or suffers a massive earthquake/volcanic explosion :(