Article by: Jerry Chan

The issue of blockchain security is a very complex issue that has many common misunderstandings and misconceptions.

Firstly, it is important to understand that the security model of proof of work systems is vastly different from proof of stake systems. Generally speaking any proof of work system is more secure than a proof of stake system. This is based on the fact that proof of work is an objective expenditure of cost, where as proof of stake relies on weak subjectivity model of the value loss for dishonest actors. This model as explained by Vitalik Buterin, founder of Ethereum, is a weaker security model than objective proof of work, and furthermore, he fails to acknowledge the more important aspect that the value loss by a dishonest attacker in a Proof of Stake system would be loss of their staked coins, which are coins in the native token of the blockchain. These coins would presumably, as a result of their attack, lose market value, and thus reduce the cost of the attack. In contrast, in a proof of work system, the hashpower needed to coordinate a 51% attack on a blockchain is paid in USD, as hashpower is derived from the costs of running hashing servers on the network, and thus this cost will not change the longer the attack is sustained. This is enough reason to presume that even a minority proof of work blockchain like BSV is more secure than any other alternative proof of work or alternative consensus blockchain (Thorcoin, etc) due to the fact that there are only 2 other proof of work blockchains (BTC and BCH) that have more proof of work security than BSV. In order to compare relative security of any proof of work blockchain, one must work out the cost of mounting a 51% attack on the network in terms of hashpower, and then add on the increasing losses per block of revenues forgone. This is simply a function of the number of coins per block multiplied by the market value of the coin.

So to summarize, in order to attack a proof of work blockchain, there are 2 costs to be paid:

  1. Cost of purchase and maintain 51% hashpower in USD (continuous cost)
  2. Cost of forgone revenue of blocks (which comprise partly of loss block rewards, and lost transaction fees)

While #2 is subject to the price of the coin falling vs USD due to market panic and sentiment, the first is a fixed USD cost.

In comparison, in a proof of stake system the costs are:

  1. Cost of purchase of 51% of the staking coins required (one-time cost)
  2. Cost of forgone revenue from loss staking

It is clear to see that while the second cost is similar between the two systems, in a PoW system the primary cost (namely the cost of purchasing and maintaining 51% hash dominance) is an ongoing cost and therefore must be continually paid. While in proof of stake it is a one-time cost of just acquiring the needed number of coins to stake.

Therefore, the most often quoted misunderstanding is that for BSV, where the average network hashpower is just 2 exahash, and with BTC having ang 120 exahash, one can come to the simplistic yet incorrect assumption that one could just purchase 2 exahash of the BTC hashpower (at a current market rate of $0.10 TH/s/day{a}) and thus control over 50% of the active hashpower hashing on the BSV network, and therefore would be able to ‘do whatever they want’. This is not true.

Cost of an Attack

Firstly, a 51%+ attacking miner would only be able to do one of two things:

  1. Double spend their OWN coins. (steal back your OWN payments)
  2. Mine no transactions or otherwise BLOCK other transactions from getting into the blockchain. (denial of service)

There is no possibility of stealing coins which do not belong to you. Having the majority hashpower just means that attacker can ‘roll back’ the blockchain, but at a continual cost. That cost would need to be sustained, because once the attack ceases to be funded, all the transactions that were held back would just be mined all at once by the honest miners, because there is no block limit on BSV that would prevent the backup from being cleared immediately.

Cost of Attack Breakdown:

  1. $200k USD in order to purchase 2 exahash from BTC miners
  2. Cost of forgone revenues from mining honestly. ($150{b} * 6.25{c} * 144{d} ~= 135k USD)

So, you see that the cost of a sustained attack on BSV would cost between 200k-335k USD per day. (#2 assumes that the attacker will diminish their revenue due to the drop in BSV price caused by the attack, similar to Proof of Stake systems). Additionally, the more paying transactions there are in the BSV network, the more revenues the attacker would lose in executing such an attack.

So what conclusions can we draw from this?

Clearly there is no reason to engage in this attack (not even considering the illegal nature of the attack which would fall under the cybercrimes act and thus be criminally prosecutable), unless you stand to earn more than 200k-335k USD per day from such an attack. And given that the only method that can actually earn the attacker gains is if they can get away with double spending their own coins, by purchasing something and then stealing back the payment, the only businesses that would be at risk are ones that are selling digital goods in excess of 200k USD. (because physical goods markets are not vulnerable to this attack given that such an attack would just result in the physical good not being shipped to the attacker.).

One then must look at how many practical businesses are selling virtual goods in excess of >200k-335k USD, and whether this actually applies to any real use case.

In Conclusion

While true that the BSV blockchain does not enjoy the same amount of security as BTC objectively speaking because of its relative hashrate, its security is seen to be good enough for most practical business use cases, and more importantly, clearly enough for supporting a microtransaction economy in which the goods and services purchased are less than $1. Furthermore, unlike BTC which has a block size limitation which would inhibit its own ability to recover from such a 51% denial of service attack, BSV has no block size limitation, so the moment the attacker were to run out of money, all the suspended transactions would simply be mined again. Therefore, there is no disruption for any businesses relying on BSV blockchain, unless that business was dependent on the transaction being in a certain block by a certain time.

There are other technical defensive measures being built into BSV blockchain that will further diminish the efficacy of such attacks and will eventually completely nullify their effects in upcoming upgrades, namely changes that will ultimately eliminate the dependency on block depths as a proxy for transaction finality (such as elimination of the child txn chaining limit). These shall be explored in later articles as they are released.

{a} This is taken from the current total miner revenues in BTC (~12m USD).

Over the total hashpower (~120 EH).

{b} Assuming a price of $150 USD per BSV.
{c} This ignores the value of transaction fees for simplicity. The addition of which would only make the attackers losses increase.
{d} Number of average blocks in a day.