One chain or two chains? The Bitcoin community fears that the Bitcoin blockchain will split into two persisting chains when Bitcoin Unlimited miners initiate a hard fork, even if it is done with a majority of the hash rate. But is this true? How can the majority chain attack – and how can the minority chain resist?
The past days and weeks have seen a lot of talk about a hard fork. Nearly every discussion either exaggerates or understates the problem with hard forks in some way.
With Bitcoin Unlimited the events that follow can happen; a miner mines a block which violates the consensus rules of Bitcoin Core, for example, because it has a block size of 1.2MB. Some miners accept the block and build on it while others reject it and continue mining the Core chain.
If the Bitcoin Unlimited chain has more hash power, the nodes of the Bitcoin network will cease to follow all the same chain. Those with Bitcoin Unlimited consensus rules will track the chain with the majority of the hash rate, while those with Bitcoin Core rules will only see the minority chain.
The outcome could be a disaster; two competing bitcoins, their communities apparently extreme hostile to another; bitcoin’s value split in two, and if you assume panic sells, it becomes possible that another altcoin takes the lead in the market caps of cryptocurrencies. Bitcoin risks being shattered in two altcoins.
Are Attacks on the Minority Chain Immoral? And Does it Matter?
Ideally, hard forks end with one Bitcoin, and not with two, because every miner, exchange, and user accepts the new Bitcoin as the one and only real Bitcoin. So some people assume that the miners will apply dirty tricks to enforce the desired outcome of the fork – that they use their hash power majority to attack the legacy chain.
Usually just thinking about this is encountered as morally shameful. The miners are not satisfied with quitting the consensus with the network unilaterally – they also want to force everybody to go with them. That is not the voluntary system Bitcoin should be, but coercion.
Bitcoin, however, is not built on morals or politics. If Bitcoin was built on the assumption that anybody acts not malice, it would have broken long ago. In the case of a Bitcoin hard fork, it would be malicious to attack the minority chain, for sure, but it would be irresponsible not to consider this to happen. To be successful, Bitcoin needs to survive in a digital war zone; especially when it comes to forking.
Difficulty Adjustment Attacks
The history of altcoins is a fascinating laboratory for hard forks and competing chains. In late 2013 the altcoin community had to realize that Bitcoin’s basic setup is badly prepared for a world of multiple chains with the same mining algorithm.
To understand why it is important to understand the concept of difficulty. In mining, difficulty defines how hard it is for miners to find a block. It adjusts every 2,016 blocks, which roughly sums up to two weeks under normal conditions, so that a block is found every ten minutes.
“However, this method of difficulty readjustment is flawed for new altcoins entering the market today for a number of reasons,” a developer of so-called Megacoin explained in late 2013. Some of the SHA-256 coins which use the same mining algorithm as Bitcoin’s “already felt the pain of difficulty readjustment problems due to the influx of ASIC miners and an activity known as ‘pool-hopping.’”
Megacoin, an altcoin seemingly attempting to attract investors by somehow appearing as if it were affiliated with Kim Dotcom, also suffered from these attacks. “The Megacoin network gets barraged by an influx of new (and very powerful) miners. This causes the block confirmation time to plummet and subsequently causes the difficulty to skyrocket at the next difficulty readjustment.”
When difficulty drops, miners of other chains hop on, produce easy coins, dump them and drive up the hash rate. After the increase of the difficulty, the miners turn back to other chain. “What remains is an extremely high difficulty and only the ‘core’ group of Megacoin miners left to deal with the aftermath. In extreme cases, the difficulty may be so great in proportion to the number of miners left that the entire network grinds to a halt. This has happened in the past to Terracoin and Feathercoin, among others.” The coins being attacked by multipools could not help each other as to sit out periods in which the coin “is basically unusable.”
If Bitcoin Unlimited forks with a hash rate of something like 80 percent, and the Core minority chain survives, it would constantly be robbed by the majority chain and could end in an alternating sequence of a frozen network and the dumping of new coins on the market. Most probably this would end in a dead cat bounce of the legacy chain.
The Unlimited miners do not even need to be malicious. They just need to be not nice enough to waive profits for good. The attack is not an attack, but the natural behavior of self-rational actors of markets. They do nothing but mine the chain which is most profitable at the moment.
The chances of survival for the minority chain should be very low, if it does not prevent such an attack. To do so, they can learn from altcoins. Beside the “Kim Dotcom Style” Megacoin promoted itself with the so called “Kimoto Gravity Well.” This was the first solution for the problem of pool hobbing; the Gravity Well simply adjusting the difficulty every block based on some average data instead only every 2,016 blocks.
The Kimoto Gravity Wall reduced the effects of a difficulty attack significantly. It minimized both profit and damage of pool hobbing and made a blockchain able to survive in an environment of different chains with the same algorithm and miners, which care for profits and not morals.
But the Kimoto Gravity Well opened the door for another difficulty attack called Time Warp. It goes something like this; if a powerful miner finds the last blocks before the difficulty is adjusted and places them some hours in the future by manipulating the date, he can reduce the difficulty significantly. For example, Auroracoin was more or less broken by a series of Time Warp attacks.
Further incarnations of the Kimoto Gravity Well, for example, DigiShield and Dash’s Dark Gravity Wave, seem to have solved such problems. When Ethereum forked, the minority chain – Ethereum Classic – could survive even with only one percent of the hash rate, as the difficulty fluidly adjusted.
If in the case of a Bitcoin hard fork the minority chain can implement a fluid difficulty adjustment, it has very good chance for survival even with a very low share of the hash rate. But it has to be done fast, properly and with absolute consensus, as it would require another hard fork (what for some is the main reason to reject a block size-increasing hard fork).
When Miners Become Evil
There are more attacks a majority hash rate can conduct on a minority chain. Most of them belong to the family of “51 percent attacks.” These attacks can happen if the majority chain is so much more powerful than the minority chain that its miners can reach more than 50 percent of the minority chain’s hash rate when they redirect a small part of their own hash rate to the minority chain.
With more than 50 percent of the hash rate, the miners have a higher likelihood of finding several blocks in a row. This enables them to do things that should not be done with a cryptocurrency; undo their own transactions, even after confirmation, block other transactions from being confirmed or even reorganize parts of the blockchain.
Jiang Zhuoer, operator of Bitcoin Unlimited using mining pool BTC.TOP, recently announced that the miners would fight a minority chain with 51 percent attacks:
“We have prepared $100 million to kill the small fork of CoreCoin, no matter what POW algorithm, sha256 or scrypt or X11 or any other GPU algorithm. Show me your money. We very much welcome a CoreCoin change to POS.”
Other than pool hopping attack the 51 percent attack is not driven by profit-seeking but by malicious intent. Doing so does not earn, but costs, money; profits from double spends and market manipulation are most likely illegal. Some effects of 51 percent attacks can even be neutralized like Gavin Andresen once pointed out. The altcoin laboratory indicates that these attacks could happen – but also that they are temporary problems and do not destroy a chain with a stable community.
In fact, if the Bitcoin Unlimited miners would openly engage in such attacks, the Core chain most likely would gain popularity and support of the wider Bitcoin community, while the majority chain would lose legitimacy. When Chinese miner Chandler Guo threatened to attack Ethereum Classic, it became a turning point in the drama of Ethereum’s hard fork; Chandler realized that he could not destroy Classic and became himself a big supporter of it.
While being no mortal danger, the pure possibility of 51 percent attacks, however, could downgrade the basic security of the minority chain.
In the case of a hard fork between “bigger blocks Unlimited” and “1MB blocks Core,” some interesting transactions congestion scenarios emerge, which can be ground for attacks on both chains.
If the minority chain does not implement a fluid difficulty adjustment, its situation is a disaster. Its capacity will immediately decrease fundamentally, maybe down to 10 or 20 percent. But, as outlined above, this is not the biggest problem.
Even after a difficulty adjustment, the minority chain could suffer from congestion attacks. For example, miners may wait for the activation of a hard fork until a huge mempool has built up. In this case, the increased block size would give the majority fork a lead in confirming transactions. Also, the majority miners could decrease the capacity of the minority chain by mining empty blocks on it. They even could have the option, as Gavin Andresen posted, to premine a chain of eleven empty blocks which is compatible with the old chain or to confuse the legacy chain nodes with several pre-mined chains.
An important factor for chain congestion is replay attacks. The exchanges recently urged Bitcoin Unlimited to implement replay protection, which means doing something that makes transactions for the one chain invalid on the other to prevent confusion and double spends. The obvious solution, changing the transaction format, has the downside that it breaks all compatibility with every existing software written for Bitcoin, which is why neither Bitcoin Unlimited nor Bitcoin Core should be expected to implement it.
As long as no replay protection is merged, transactions remain valid on both chains, as long as if their inputs have no traces of newly mined Bitcoin; this results in several interesting scenarios. Imagine the increase of the limit results in more Bitcoin transactions. In this case, the minority chain would suffer under an ever-growing mempool of unconfirmed transactions and demonstrate that it is not able to deal process the demand for Bitcoin transactions. On the other hand, the minority chain could display a higher degree of security: A transaction of an unsplit Bitcoin would first be confirmed on Unlimited’s chain, and, if it pays enough fees, later on the Core chain. This makes it easy to double spend transactions, which are confirmed on the Unlimited chain, then on the Core chain, but not the other way round.
Core chain confirmations could become more valuable than Unlimited confirmations. This bears the vision of a cooperative coexistence of both chains, in which the legacy chain can be an option to add security for important transactions, and in which a market emerges for Core and Unlimited transactions.
But this scenario also bears the vision of further attacks. The minority chain could turn the game around by implementing network-wide mempool fee policies which ignore cheap transactions and then start spam attacks on the main chain – while they finally activate SegWit and follow their scaling roadmap.
Change the Algorithm!
As a “nuclear option” or measure of last resort the community started to talk about a change of the PoW, the Proof of Work, which is the algorithm the miners use to find blocks. In the current climate for some, this is an attractive option mainly because it does not only protect against 51 percent attacks by the Bitcoin miners but also punishes them. A PoW change threatens to invalidate the hardware they invested in and make it worthless, while it offers to recreate a world of private GPU miners.
Changing the PoW algorithm is not only not necessary for the survival of the weak chain – it is also the best option to burn it down. There is a long list of reasons, why:
- First, a PoW change would make Bitcoin Unlimited the only coin backed by the world’s most powerful computer network.
- Second, because you could perceive it as a destruction of other people’s property, which goes against everything Bitcoin upholds.
- Third, because changing the PoW would be a strong signal for the minority chain to be an altcoin. At least more than a small increase in the block size limit should.
- Fourth, because the minority chain would make itself highly vulnerable to attacks from supercomputers, botnets, and miners of other altcoins, which might at this moment be worth more than the minority chain.
Changing the algorithm has the “advantage” that it punishes miners, if, and only if, everybody in the ecosystem, wallets, exchanges, holders, users and so on, share an absolute consensus that the miners must be fired. Like, if they produce only empty blocks for weeks or reorganize the blockchain. If so, the ecosystem can fire the miners, but has to pay a large price.