#Peercoin is Highly Vulnerable to 51% Attack
Myth: Given enough coins, it’s very easy to control the blockchain
Concerns are Overblown
By design, the blockchain can only be updated by an entity controlling coins. While different myths details different ways of acquiring and using coins to attack the network, most of them is based on the assumption that given enough coins, the blockchain can easily be controlled. But is it really that easy?
The short answer is that, no it’s not easy. The implementation of Proof-of-Stake (PoS) in Peercoin is designed in such a way that there are several counter measures against attacks on the blockchain. It’s difficult to describe these defense mechanisms, without going into technical details, but the general idea is that those that create blocks (in Peercoin this is called minting) must commit coins to a stake and therefor has money at stake in the wellbeing of the network.
An example of a defense mechanism, is that the coins used in the stake, will be locked for a period of time and therefor can not be sold on an exchange or likewise. Another defense mechanism is that coins have to mature for a period of time, before they can be used in a stake again. Perhaps the best way to understand the implications of this, is to compare it with how Bitcoin works, where mining machines can be used uninteruptedbly in a 51% attack. In Peercoin, an attacker have to wait a long period of time before the coins used in the attack, can be used again in a new attack. Another difference compared to Bitcoin, is that AltCoin compatible mining machines can be used to attack the Bitcoin network, whereas in Peercoin the attacker has to use peercoins, i.e. the attacker can not use coins from an AltCoin as a stake in Peercoin.
How many coins are actually needed to pull off an attack, is still being debated (http://www.peercointalk.org/index.php?topic=3141.msg29474#msg29474) but consensus is that a huge amount is needed. As the price of peercoins increases the cost of acquiring these coins increases. The incentive for more people to mint also increases which pushes up the Proof-of-Stake difficulty and hence the attacker has to acquire even more coins, which will push up the price even more. But let’s say the attacker is able to pull it off, then what happens?
Just as in Bitoin, a reorganization attack on the Peercoin blockchain can’t do anything that goes against the protocol. More coins then the protocol allows for, can’t be created. Other peoples coins can’t be spent. Coin days can’t magically appear from nothing and the attacker still has to consume coin days during the attack. So why would the attacker even attempt an attack? Perhaps one of the most cited reasons for doing so, is to double-spend coins.
The double-spend attack works like so, first the attacker sell all of his coins and then publish a new version of the blockchain where the sale of the coins didn’t happen. In the attack scenario detailed above, this means that the market have to be able to absorb a very large chunk of the total supply of coins. In the current environment this could create a market crash. But let’s say the attacker has bought a financial derivative where he stand to profit from a market crash, what happens then? To begin with the attacker has now increased both the cost of the attack and increased his own financial risk, should the attack fail. Then one has to consider that one does not simply consume so much coin days required for an attack, without network participants noticing.
Besides the massive amount of coin days consumed, the mere fact that 6 blocks have been replaced, is an inescapable symptom of an attack taking place. This in-itself would be enough for the receiving end of all of those peercoins sold, to wait more then 6 confirmations.
Yes, protecting oneself against this attack is just that easy. When the alarm bells goes of, one simply just wait a few more confirmations (the receiver can actually calculate how many confirmations he should wait, since it is known how many coin days have been consumed) thereby decreasing the odds of the attacker successfully pulling off the attack considerably. Its also noteworthy that the attacker can’t possibly know with certainty how many confirmations the receiving end of the transaction will wait under such conditions, which complicates and increases the cost of the attack even further.
In summary, as Peercoin matures the difficulty and cost associated with this attack will go up considerably. Even if an attacker is able to accumulate all the coins needed for an attack, it’s still not risk free and far from certain that it will be economically justifiable to do so. Instead of attacking the network, the coins could be used to ensure the integrity of the blockchain and for this work, there is an almost guaranteed risk free return.
In Bitcoin a mining pool could decide to attack the network and do so continously, making money by double-spending coins and shortselling bitcoins on financial markets. It’s not certain that the mining pool have a vested interest in Bitcoin either, since there are several AltCoins that are using the same hashing algorithm as Bitcoin, which the mining pool could decide to mine instead after the attack on Bitcoin. Furthermore there is clear evidence that mining is an expensive operation and that the current trajectory of the Bitcoin network is that of cloud mining services, pool mergers and centralization.
Peercoin is in many ways the total opposite. Only money invested in peercoins, can be used to mint new blocks. Minting is energy efficient and reqires no special hardware. It’s an open network with a trajectory towards decentralization.