1
I've been reading about the vulnerabilities of PoW crypto, and there's a part of it that I don't understand.
Suppose I wanted to stage a 51% attack on Bitcoin (not really feasible, but bear with me). This would involve waiting for height n to be achieved, and then immediately working with my superior hashpower to produce blocks at heights n+1, n+2, ..., f without broadcasting said blocks to the network. For simplicity's sake, let's say I'm adding empty blocks to my private chain. When I feel like it, I can then broadcast my chain (which is longer than the trusted chain), which will nullify all transactions starting from block n+1 inclusive (is this correct?).
Firstly, on a semi-low level (i.e. in terms of actual data/file operations), how does one keep and cultivate the secret chain? Would I be saving a sequence of valid hashes for each block, while remaining disconnected from the network?
Secondly, how does one broadcast the bigger chain? My understanding is that when you connect to the network and submit a block at height k, it will be rejected if the main network is already on block k+1 or greater. So even if I sequentially broadcast my solutions, wouldn't they be rejected before it could be revealed that the number of solutions I have exceeds that of the main network's chain? For example, after starting my 51% attack after block n is found, the main network eventually gets to block n+3 while I am secretly at block n+5. In terms of actual operations, what would I need to do in order to supersede the main chain?
And when we say network of nodes, is that the pool of miners that the attackers initially hides his chain from? – Tiwa Aina – 2018-06-09T16:10:20.377
I mean the public network of full verification nodes that miners and all other users connect to by default. The network isn't working correctly if you can deliberately hide from one pool connected to it with without hiding from everyone else too. – David A. Harding – 2018-06-09T16:29:51.487
Thanks for your responses. If an attacker wanted to exclude his double spend (well, at that point it'd be the initial spend, but you get what I mean) on his malicious chain, but otherwise use the trusted chain's transactions (this is as opposed to just mining empty blocks), how would this be done? If he disconnected from the network, then he'd be unable to see the pending transactions and therefore be unable to "mimic" the trusted chain with the exception of the double spend transaction. – Tiwa Aina – 2018-06-09T18:12:09.423
He can keep one non-mining node on the honest chain and use that to relay transactions to the dishonest mining node. Do you need specifics? (If so, please say why---I don't mind discussing theory, but I refuse to help someone actually execute an attack.) – David A. Harding – 2018-06-09T18:24:46.130
Thanks! That's about as specific as I need; I just wanted to understand 51% attacks deeper than the abstract theory. I intend to create a PoW-based crypto from scratch in the near future as a hands-on project to learn more about how blockchain platforms work, so if there's a need, I'll probably ask the nitty-gritty questions once I get to that advanced level. On that note, how did you get proficient in all things Bitcoin-related? – Tiwa Aina – 2018-06-09T18:31:06.280
1@TiwaAina a significant part of the answer for how I got proficient is that I investigated the source code in order to find answers to a lot of questions on this StackExchange. :-) – David A. Harding – 2018-06-09T19:29:17.163