Security risks a 'yellow card' for bitcoin, prof warns
A computer scientist is warning that the credibility of virtual currency bitcoin risks being undermined by one group that processes more than half of its transactions.
With a $7.7-billion market capitalization, bitcoin is the world's most popular cryptocurrency, with investors from Peter Thiel to Ashton Kutcher jumping on the bandwagon. While supporters often cite its security and decentralized structure as a reason to believe in the volatile currency, Cornell post-doc computer scientist Ittay Eyal cautions that recent developments threaten the very reasons for its popularity.
Bitcoin is produced with computing power, as "miners" race to solve an equation to unlock the next bitcoin in what is referred to as the blockchain. The equations to unlock the next block have grown so complex that it makes more sense for new entrants to join a "mining pool." Rather than using their computing power to occasionally earn a bitcoin, by participating in a mining pool these private users can earn a fraction of one on a regular basis, and the largest mining pools gain more market share as time goes on.
The popularity of the largest mining pool, GHash.IO, has grown so much that it now processes more than half of all Bitcoin blocks, potentially centralizing power in one entity, flying in the face of bitcoin's decentralized ethos.
Mr. Eyal says bitcoin users should be wary. "This is the yellow card for bitcoin. We need to solve this," he said in an interview.
By controlling 51 per cent of the blocks, GHash has the potential to be a dishonest broker and shut out other participants. Bitcoin blocks are approved by participants in the process, and so if one entity controls a majority of the process, it could approve all of its own blocks and ignore those produced by other participants.
There is no evidence that the theory, referred to within the bitcoin community as the "51 per cent attack," has ever come to fruition. GHash, an anonymous group headquartered in the Netherlands, has assured bitcoin investors that it has no intention of doing so.
Gavin Andresen, chief scientist of the Bitcoin Foundation, blogged in response to Mr. Eyal that such an abuse of power was, "unlikely from an economically rational mining pool – blockchain history would make it obvious that they were misusing their power, and I'm certain either technical or social solutions would be found to punish the bad behaviour." After all, if GHash did engage in this kind of behaviour and it became public, it could lower confidence in bitcoin , and undermine GHash. Yet at the same time, Mr. Andresen encouraged users to join small pools to to minimize the effect that centralization could have on the bitcoin economy.
Mr. Eyal, who is otherwise impressed by the security protocols in bitcoin, is not convinced that Mr. Andresen's reasoning is enough to look past the concerns raised by a potential 51 per cent attack.
"At some point, someone will be dishonest," he said. "This is not a healthy security paradigm. If we trust someone to be honest, then let's trust our bank."
Mr. Eyal argues that bitcoin needs to address these concerns with the developer community to create new security measures. "The coin has to adapt to this new economy of mining pools and large players."