Destroy kryptonite. Is it possible to protect the coin from 51% attack?

A cryptocurrency was attacked by 51 percent. Recently, the list of the lucky ones at least got Ethereum Classic, MOAC and Callisto. We spoke in detail about the principle of attack and its features in this article.

The flames on the eve poured the Creator of Litecoin Charlie Lee, who made provocative statement. According to him, cryptocurrency susceptible to 51 percent by definition. And if you make it impossible, then, the cryptocurrency adjustable or centrally controlled.

Whether the rights of Charlie? Whether cryptocurrency is doomed to failure and created to be destroyed? Or methods of protection is still there? Understand.

The contents

The dominant coin of the algorithm

The dominant coin — the coin with the largest hasraton in the framework of this hashing algorithm.

Back to the old Charlie. He is right or not — everyone decides for himself, but in his tricks no doubt. Here are two good examples from his life:

  • when creating Litecoin Charlie Lee did not use the Bitcoin algorithm SHA-256, and created a self — Scrypt;
  • the founder of the project sold all my bitcoin at the peak prices in December 2017. Well, flair!

Charlie didn’t become to use a different algorithm for mining Litecoin. He knew that to compete with Bitcoin will be difficult to impossible. The developer is also aware that it is very important to be the dominant coin of the algorithm. Try to grasp the essence of the process on the fingers.

Suppose we have a coin Xcoin with hasraton network 100 TH/s coin Ycoin on the same algorithm hasraton 1 TH/s. Suppose that a tenth of the miners of this algorithm digs through Nicehash, so available for purchase around 10 TH/s of power. If we take out all 10 TH/s and try to manipulate Xcoin — we have nothing. But Ycoin will be great to annoy, because in this case, Herat will be 10 times larger than the whole of Hasrat network.

No matter, we have own capacity or leased is very difficult to find hardware to capture 51 percent Hasrat dominant coins of the algorithm. Look at the king of the cryptocurrency Bitcoin. Current Hasrat network is 41 572 PH/s. Imagine that the only existing Bitcoin miner in the network is Antminer S9 with a capacity of 14 TH/s. Then we need to find around 3 million such devices with a capacity of 1.4 KW each. To run this wealth needs a separate power station of the big city. And its placement is another big question.

By the way, in may 2018 Charlie Lee commented on the attack on Bitcoin Gold.

Bitcoin Gold was attacked by 51 percent. The miners will not be problems if the BTG will die because they will easily switch to another PoW-coin. Bitcoin/Litecoin is not going to happen, because they are the dominant coins in their algorithms.

Any cryptocurrency can be attacked?

The cost of attack of different coins described here, and to answer in numbers, drop in service Crypto51. It is obvious that to attack Bitcoin, Litecoin or Ethereum expensive and dangerous. The hour of attack such cryptocurrency worth 275, 33, and 73 thousand dollars, respectively.

Most often attacks are redominantly coins on the algorithm Ethash (Dagger Hashimoto). The explanation is simple:

  • Ethash coins very much, so the choice is large;
  • on Miningrigrentals and Nicehash is available a lot of free capacity;
  • relatively low Hasrat some coins implies low cost of the attack.

For example, our crypto currency works on an algorithm Ethash or Equihash, after all, invent your own hashing algorithm — how did Zcoin — does not work. What to do now? Close? No extremes, because there are ready decisions from the developers of several cryptocurrencies. First and foremost is the protection system Horizen, Komodo dPoW, PirlGuard. Get acquainted with each of them.

Protection Horizen

In 2018, the developers Horizen (formerly Zencash) suggested that protection from attack 51%. Zencash (ZEN) works on an algorithm of mining Equihash, like his older brother zcash for (ZEC). ZEC has always been the dominant coin of the algorithm, and all the bumps, that is attack, got ZEN and ZCL (Zclassic).


ZCL at that time did not have active developer support. Suffering primarily from attacks by 51 percent of the exchange — because the funds are derived at their expense — came up with one solution. We are talking about increasing the number of confirmations for all deposits up to 200 or even 500. Enrollment ZCL still have to wait a long time — up to several days.

Developers ZEN went the other way and came up with a new PoW-approach to the delay blocks in cryptocurrency network called “The delayed block submission penalty approach”.

Remember how the attack 51 percent. Look at the illustration below, where NB is the normal blocks in the network cryptocurrency, and MB — blocks of the attacker.


Here is the block chain. Starting with NB100, the intruder turned off his node from the rest of the cryptocurrency network N and mine started his own branch of M alone. When the whole world came to NB116, the attacker was already MB119, that is, it nominal to 3 units more than others. If there was no protection after connecting to the other nodes, the attacker would have done the job the rest of the world invalid and canceled units NB100-NB116. The last would take MB100-MB119.

Team Horizen proposed protection mechanism, which “penalizes” the branch of the attacker with hidden from the rest of the network bloccano. The penalty is that the attacker will need to continue your branch mine N blocks. Depending on the settings of the algorithm, the parameter N can be different.

In the above example, after the block MB122 the attacker will have mine in my branch 133 of the block. The function works very simple. The current block in the network NB116, the first unit of the attacker MB100.
116-100=16 penalty points.
The second block of the attacker MB101.
116-101=15 penalty points and so on.
For each block 116 after the attacker gets a minus score. In the end we have 16+15+14+13+…+1+0-1-1-1=133 block.

Difficult? Try even simpler:

Suppose we disconnected from the network and minim own branch. After reconnecting, I want to put 20 new units, and a network meets the following.

You’re a great guy, but go smayni another 231 new unit in your branch, and then we’ll talk.

Network ZEN block is 2.5 minutes, so the attack should last at least 10 hours. The profitability of the process is clearly not high. Most importantly, the exchange can monitor such attacks and block unwanted deposits.

Komodo Delayed Proof of Work (dPoW)

The developers of cryptocurrency Komodo (KMD) proposed a universal solution. It is suitable for all cryptocurrency with a small hasraton, and PoW and PoS algorithms. The basic idea is the permanent record of the condition of the blockchain the coins in the blockchain of Bitcoin. To make an attack on the BTC blockchain extremely difficult, and this is what I propose to use the developers KMD.


For the system Komodo dPoW you need the following:

  1. a network of 64 of the notary (parent) node.
  2. individual Bitcoin node for each parent node.
  3. the supply of BTC for transactions in the Bitcoin blockchain.

The principle of operation of notarial nod Komodo is similar to the working principle of mastered. The difference lies in the fact that to run masternode need to freeze a certain amount determined by the developers of this cryptocurrency — DASH 1000, 1000 Zcoin or 500 000 $for PAC. At the same time, in the notary nodes Komodo no funds are blocked. Masternode can run anyone, and the owners of the notarial nod Komodo KMD are elected by the community. Notary Komodo nodes receive approximately 75 percent of the total remuneration for new blocks and transactions in the network of KMD.

Average time unit in the network Komodo — 1 minute.
The average time of a block in Bitcoin network — 10 minutes.

1 every 10 minutes node notary certify (endorse/write) information on the status of Komodo blockchain the blockchain the Bitcoin. Ideally, you need to send a notarized transaction in the Bitcoin network for a few seconds before hashing a new block. To predict the exact time of his stay impossible. Accordingly, if the network Bitcoin no blocks for 20-30 minutes, and endorse the current status of Komodo will not work.

As a system of Komodo dPoW resists 51% attack?

For example, take a perfect world, where every 10 minutes we record the status of the Komodo blockchain the blockchain the Bitcoin. During this time, the network manages Komodo Sinitsa 10 new blocks.

After the state entry into the blockchain of Bitcoin to change the chain is impossible.

This is the basic principle of protection dPoW. After recording mining, mandatory starts from this point. Sight works the same way as immutable amount in the game “Who wants to be a millionaire?”.

Suppose we want to attack the network Komodo. At block 100 disable your nod, minim 15 blocks to block 115, and then connect your node, waiting for a reorganization of the blockchain and at the same time patiram hands. But it was not there: it turns out that the block 110 of the notarial nodes Komodo recorded the state of the blockchain in the Bitcoin blockchain. They created “the fireproof sum”, so our 15 units just not one to take.


But if Bitcoin blocks are stamped not once in 10 minutes and every hour — due to the delay? Well, the attack will succeed? In this case, the exchange can always err and to set the required number of confirmations for incoming deposits. For example, when the required 50 blocks (50 minutes) to confirm deposits to hold a 51 percent attack on the network of KMD is pointless. Don’t forget that the exchange still takes time to share, and the subsequent withdrawal of funds obtained by illegal means.

Komodo offers a truly reliable, but very difficult method of protection. A detailed description of KMD dPoW is on github and in the blog Komodo.

Protection PirlGuard

Cryptocurrency Pirl many times under attack by 51 percent. It was sad, but in the end, the developers came up with its own system of protection PirlGuard. Let’s say in advance that it was disappointing.


The only article describing the process PirlGuard team Pirl on Medium. The caption says that it is an innovative solution to combat the attack 51 percent. The article was copied/overwritten/perifosine on a large number of Internet resources devoted to cryptocurrency. Let’s look at the description of the mechanism of PirlGuard.


If the attacker disables your node from the network, mainit parts, and then reconnects, the network penalizes it, causing mine X blocks in the same branch. The number of penalty units depends on the number of new units in the branch of the attacker. The principle is exactly the same as the defense ZEN, right?

Unfortunately, the article nowhere is there a description of calculation procedure of the parameter X. We clarify this point and asked the specialists of the mining-pool 2Miners to help you explore the code PirlGuard. It turned out that PirlGuard doesn’t work that way, as narrated in the official description.

if penalty > 0 {
context := []interface{}{
a "penalty", penalty,
log.Error("Chain is a malicious and we should reject it", context... )
err = ErrDelayTooHigh

Work PirlGuard boils down to this: the developers of cryptocurrency set a specific parameter — number of blocks, for example, 20. If an attacker is after you re-connect your node to the network “dumps” her 15 blocks (15 less than the specified parameter 20), the network will accept them and reorganized. If blocks will be 25, this branch will be rejected. That’s all. No sophisticated system of fines and the X parameter is not there at all.

We thought that perhaps something did not understand, so asked for help from the Creator of Pirl. Two days communication in the shell has not led to any result. He argues that PirlGuard works like protection ZEN and we just don’t understand. Even the impression that they spoke different languages.

Another developer Pirl commented on the mismatch between the description of PirlGuard with the real work of the algorithm.

These texts are not I’m a developer.


Since we spent a spontaneous audit code PirlGuard, I decided to complete the work, creating an official request issue in their git repository. It pointed to the mismatch between the description and the code. The Pir response was as follows: “PirlGuard successfully implemented in 7 of the block chain. Many of them have already tried to attack, but to no avail”.

Seems pointless to argue, but in fact it is real. Cryptocurrencies protected PirlGuard itself is quite exposed to attacks by 51 percent, if the attacker puts the network a small number of blocks is less than the parameter, which was discussed above. Another thing is that you can always insure a number of confirmations on the exchange. For example, if you set the tuning protection at 50 units and the number of confirmations on the stock exchange — more than 50, hardly the cryptocurrency will attack.

Global problem of the security of cryptocurrency

Our small study, unfortunately, once again begs the question: “And if anyone reads the code?”. We all use crypto products, but don’t know how many holes they contain. And they certainly are. And because there is no crypto police: if anything happens, no one will return your savings.

Remember, as covered MultiSig wallets Parity with Broadcast for $ 150 million.

But as the developers of Ethereum ppl were canceled the day before the release, noticing the mistake? Okay, what else has noticed.

Now the developers of the coin Callisto, the main purpose of which is the audit code of smart contracts, after the next attack 51 per cent hastily implement code PirlGuard. It seems that in the operating principles they did not understand. And if understood, then cheat on their users without telling them about the real possibilities of protection.

Decentralization of cryptocurrency is a huge plus, but he is also a huge minus. Not all users of the coins have sufficient knowledge and time to analyze the code of the products they use. We have to take our word for it. And live.

Subscribe to our channel in the Telegram. With us miners all over the world.

Leave a Reply

Your email address will not be published. Required fields are marked *