Sunday, October 7, 2018

My estimate of 51% attack cost on BURST

Someone wants to perform a 51% attack on Einsteinium.

Because I think that is not cool (not because of the moral aspect, but because it is a very easy task), I cordially invited him to try Burst.

51% attack susceptibility of small PoW coins is a well-known and long-standing problem. Since the attacks on Bitcoin Gold - classified as 'rare' by Forbes - and Verge we know it's not just theoretical.

https://www.crypto51.app/ lists the theoretical cost for several PoW cryptocurrencies. There you also can see why I consider an attack on Einsteinium a very easy task.

So we all believe Burst is pretty resistant to 51% attacks - but how resistant exactly? Here's my stab at it:

First off, there is no such thing as "cost per 1h", because you have the upfront cost and time required to plot. I will assume some exceptionally talented and well funded hacker group could pull it off in 1 month at slightly lower cost than I was able to find. 1 month seems to be the minimum one can find in storage rentals.

Therefore:

1 Month of 240 Petabyte of storage space: ~$5033165 (based on AWS S3 standard storage - not infrequent access - for "more than 500TB requirement" this is listed at $0.021 per GB per month, so I assumed $0.02 * 1024 * 240 * 1024)

The capacity to plot this space within 1 month I base on the luxurious PMR 10TB Ironwolfs, not some SMR disks. If I assume each disk to be potentially plotted at its max speed (~ 220 MB/s) within 14 hours, I have 2 choices:

  • as many plotters as possible in parallel
  • plot in a way so we are finished in 1 month minus 1 hour (let's say 715 hours for the inevitable reserve even for 1337 hackers)

240 PiB in 10TB Ironwolfs is 27007 HDDs If a batch needs 14hours and I need to be finished in 715 hours, I have 51 sequential batches at most. Meaning, I need to plot roughly 530 HDDs per batch

Plotting at 220 MB/s meaning 225280 KB/s, or 13516800 KB/min - meaning 52800 nonces/min

Let's assume a p2.8xlarge AWS instance could plot 16 HDDs at once, we would need 34 such instances each priced $7.2/hour, meaning $245/h this would leave us at surprisingly low $175175 plotting cost

Total cost: $5208340


If I choose to go for the ASAP plotting, I would need 1688 p2.8xlarge instances for 2 hours (if you want 1 hour of pure compute time, there is setup time and then you pay for each started hour) meaning even lower $24308.

Total cost: $5057473

I'm making here lots of assumptions in favor of the hacking endeavor. Like:

  • The resources actually being available. In my experience Amazon puts quotas on the use far below what would be needed here
  • I'm assuming cheaper availability of both storage as well as compute instances than the cheapest prices I could find
  • I'm assuming theoretical performance (e.g. one/each GPU in p2.8xlarge being capable to deliver 141600 nonces/min)

So my best case (for the hacker) scenario is $5M cost of a 1h 51% attack on Burstcoin.

If the person would choose to mine and sell the Burst before the attack, he could theoretically have mined 1.74 million Burst in the "slow plot" case, representing $17400. This could either be subtracted from the total cost or assumed to have been paid for all the adverse events (for the hacker) that'd were likely to occur in such an attack scenario

In the "fast plot case" mining revenue would be roughly double of that: ~$34800

What was surprising for me, that the cost for plotting is not the major component, but that it's actually the capacity that puts a big barrier in there. On the other hand, if you think about it, it makes sense.

$5M attack cost on a $20M coin makes this attack expensive by 25% of the MktCap. Bitcoin has an attack cost of around $512,349 per hour, which is 0.00045028505054496202% of the MktCap

Of course the protection of Bitcoin results from the fact that there is no one available who had the material to rent you that capacity for 1 hour.

Still, you read right: in absolute numbers, it is 10 times more expensive to attack Burstcoin, than it is to attack Bitcoin. In relative numbers (profitability), Burstcoin would be a more than 55000 times more bitter pill than Bitcoin.

I really tried not to make Burstcoin look nicer here. No one is helped if we would hide behind some delusions of some grand protection. These numbers are about as good as my estimate gets for now and I am aware they may look "too good to be true" (as did the 500 000 more energy efficient numbers at first).

You are also cordially invited to refute these numbers.


No comments:

Post a Comment