Across bitcoin’s network, confirmed transactions are irrevocable once they have been recorded onto the blockchain, provided that they do not get incorporated into a discarded fork branch. Forks often arise off the main blockchain, but are usually discarded as per the rule that states that the chain with the greatest “total difficulty” should prevail. In most cases, forks tend to be benign, leading only to delay of confirmation of transaction present on the fork’s wrong side, which can be considered nothing more than a temporary rejection, except if an adversary launches a double spending attack.
This mechanism is efficient, under the hypothesis that no adversary can ever control sufficient computational power to be able to counterfeit and broadcast an “alternative history”, which can be considered more credible when compared to the real history. Whenever such event actually takes place, the rules of forking would lead to elimination of the real history and the alternative history will be used by the network beginning from the point of forking onwards. This form of attack is referred to as the “History revision attack”. In extreme cases, when forking takes place around time zero, the attacker can replace all the coinbase ever recorded with a counterfeited transaction history.
Although to launch a successful history revision attack, an adversary has to control an enormous amount of computational power, the threat is seriously real given the monetary and technical features of bitcoin.
The feasibility of a history revision attack depends on Moore’s law, which postulates that computational power per unit cost doubles every around one year. If we assume the presence of stable group of miners, block difficulty, which is a parameter set by the protocol to ensure that a block is generated every around 10 minutes, is defined by an exponential function of time:
f(t) = α e t/τ
Accordingly, the blockchain’s total difficulty at any point in time can be formulated via the integral:
Apart from the length of the blockchain, an adversary that can control a multiple, e.g. 2x, of the overall computational power of all legitimate miners, and launches an attack at time t = t1 will have the capability to create an entire counterfeited transaction history that forks at t0 i.e. origin time. The total difficulty F'(t) overtakes F(t) at a point in the future where t=t2 and the length of attack Δt = t2 − t1 is determined by a constant (somewhere between 1 and 2 years for a multiple of 2x).
The problem is furthered by the deflationary model of bitcoin. Bitcoin is a currency that is definitely going to explode in value, and so is attractive for cybercriminals. However, when deflation is considered, along with the money supply’s hard cap, the mining rewards, which currently attract many miners to donate their computational power to the network rendering the process of block creation a hard task, will decline. As mining rewards drop, economics’ laws denote that the competitive efforts channeled to verify transactions and create blocks will decline as well. Let me restate this; even though the block difficulty is expected to rise from time to time in the future, it will start to decline eventually to the point that a typical PC can provide the necessary processing power to create a block, which will render history revision attacks much easier to launch; this is just a vision based on a certain postulation.
Image from Flickr