In Section 6 of the celebrated original Satoshi paper on bitcoin we read that:
“If a greedy attacker is able to
assemble more CPU power than all the honest nodes,
he would have to choose between using it to defraud people
by stealing back his payments, or using it to generate new coins”.
And later we read that he “ought to find it more profitable to play by the rules” which do “favour him”.
Fake Dilemma
This dilemma is entirely fake. Very clearly Satoshi says that the attacker must choose between these two options. In reality the second (honest) option is bogus, immaterial, a product of wishful thinking. Let us explain why.
The key remark is that in the mining process the miner just needs to know the PUBLIC KEY in order to mine or commit a 51% attack and /or steal “back his payments”. In contrast one needs to be able to steal or modify the PRIVATE KEY in order to “generate new coins” for the attacker.
There is plenty of ways for miners to operate and in most cases the attacker will be able to make the miner work for him without being able to access his private key. In almost all bitcoin mining scenarios known to us, the attacker does NOT control the money from mining: he does NOT have the private keys used for mining. The attacker can hardly expect to control the private keys which can easily be stored at another place. This regardless whether this private key is hold by individual miners (e.g. when mining with Eligius) but however typically will be hold on a different device, or by the pool manager (with most other pools) in which case we should hope that the pools not to put private keys on a pool manager web server connected to the Internet.
We see that the honest option claimed the by Satoshi does not exist, in most typical scenarios, what remains is the dishonest option. Who said that 51% attacks are not a threat?
Note: there are also exceptions, some very powerful network attacks where the attacker totally impersonates the pool, see for example here, and therefore CAN control the income from mining, which attacks however could be prevented by standard network security techniques such as TLS and by a careful choice of which pool website we trust.)
Mistakes Never Die
The mysterious visionary founder of bitcoin can potentially be forgiven for this technical blunder. After all he clearly makes another major confusion here: he says “nodes” and he should say “miners”. He clearly did not anticipate things such as pooled mining: Satoshi has written that in bitcoin every peer node will be mining, cf. Section 5 of his paper. Satoshi would probably be very astonished to see that now the number of miners is now much higher than the number of peer nodes which is reaching dangerously low levels.
However Satoshi is not the only person who gets it badly wrong.
- For example two Cornell researchers Eyal and Sirer in this blog post also clearly badly confuse between miners which may “hold 49% of the [mining] revenue”, with the control of hash power for the purpose of mining blocks (easier).