Breaking Byzantine Fault Tolerance

From coinmetrics By: Matías Andrade

Introduction

The paper Breaking BFT: Quantifying the Cost to Attack Bitcoin and Ethereum authored by Lucas Nuzzi, Kyle Waters, and Matías Andrade presents a novel model aimed at assessing the costs associated with breaching Byzantine fault tolerance (BFT) thresholds within the Bitcoin and Ethereum networks. Published earlier this month, the study introduces the Total Cost to Attack (TCA) metric, which serves as a pivotal tool in understanding the economic incentives that safeguard these blockchain networks against potential threats.

The paper delves into the motivations of potential attackers, distinguishing between profit-driven and ideologically-motivated adversaries. It emphasizes the improbability of attacks being profitable given the substantial costs involved, thus underscoring the importance of analyzing the economic feasibility of such endeavors. In this week’s State of the Network, we dive into the method and findings of this paper and review the importance of network security and resistance to attack.

Total Cost to Attack

At the heart of the paper lies the concept of Total Cost to Attack (TCA), which serves as a metric for quantifying the cost associated with breaching BFT in both Bitcoin and Ethereum by a theoretical attacker. TCA is defined as the summation of Capital Expenditures (CapEx) and Operational Expenditures (OpEx) incurred over time by an attacker attempting to breach the BFT threshold of 50% in Bitcoin and 33% in Ethereum in order to perform an attack.

TCA serves as a measure of blockchain network security by enabling quantitative reasoning and comparative analysis of security. The paper emphasizes the importance of dissecting a network's security model in calculating TCA, which enhances understanding of specific cost drivers and contributes to better appreciation of security mechanisms like Ethereum's churn limit .

This paper also serves to highlight the differences between economic and non-economic or ideological attacks, the first type defined as those attackers that seek to profit and the second as those attackers that seek to destroy the network at a cost without seeking retribution or compensation. Although both types of attackers are subject to similar costs, the payoffs are fundamentally different and thus their motivations must be regarded separately.

TCA: Bitcoin

In applying the Total Cost to Attack (TCA) model to Bitcoin, the paper focuses on two main components: OpEx (Operational Expenditures) and CapEx (Capital Expenditures).

OpEx

As mentioned earlier, OpEx aims to capture the operational costs borne by the attacker throughout the duration of the attack. In the realm of Bitcoin mining, the primary component of these costs is typically the electricity required to power the ASICs over time. While there are additional operational expenses associated with mining, such as cooling, facility rentals, maintenance, and personnel, this paper focuses primarily on electricity consumption in this analysis due to limited publicly available data on other operational costs. For brevity, we only consider one scenario expounded by the paper, in this case assuming access to a distribution of ASICs that is similar to the market, calculated using the MINE-MATCH algorithm.

With the total electricity consumption per hour of the attack determined, the next step is to estimate the corresponding cost of that electricity. Given the considerable disparity in electricity prices globally, this paper calculates an average global rate for pricing purposes. Data on electricity costs across 147 countries allows us to calculate a global average of USD 0.15 per kilowatt-hour as of March 2023. This average cost is then applied to the total electricity consumed per hour of the attack to derive the OpEx, which is illustrated in the table below.

Source: Breaking BFT (2024)

CapEx

Having addressed OpEx, let's now delve into the Capital Expenditures (CapEx) side of the model. CapEx in Bitcoin represents the cost of acquiring Bitcoin ASICs, specialized machines designed to compute the SHA256 hash function. The paper utilizes the MINE-MATCH algorithm as an accurate proxy for the distribution of the Bitcoin ASIC network, which enables the estimation of the dominance of specific ASIC models and thus the competitive efficiency margin of the Bitcoin network over time.

Source: Coin Metrics’ MINE-MATCH

By tracking ASIC distribution, the model simulates how many machines an attacker would need to purchase to surpass the 51% threshold required to attack the Bitcoin network for one hour, allowing attackers to double-spend. The paper utilizes market prices of ASICs to estimate CapEx, considering factors such as machine efficiency and elasticity of ASIC supply, as well as the theoretical cost to manufacture S9s. The cost estimates corresponding to historical network hashrate values are illustrated in the chart below.

Source: Breaking BFT (2024)

As we can see, at the current network hashrate and ASIC market, the cost to attack Bitcoin ranges from $5B to $20B, varying in proportion to the elasticity of supply when acquiring ASICs by the attacker or, as an extreme scenario, manufacturing these themselves. However, the potential cost could escalate further depending on unprecedented market activity and supply chain constraints, illustrating the complexity and dynamic nature of estimating the financial investment required for such an attack.

TCA: Ethereum

In applying the Total Cost to Attack (TCA) model to Ethereum, the paper considers both CapEx and OpEx in a similar way, extending the analysis to Ethereum’s Proof-of-Stake consensus design. In the interest of brevity, we omit the analysis performed in the paper and focus on the resulting TCA, highlighting some of the assumptions given by the paper.

Given that the attackers would need ETH to perform the attack itself, the paper first estimates available liquidity in the most important exchanges, evaluating the feasibility of acquiring enough ETH to perform this attack. In order to estimate this value, the Coin Metrics measure of Ethereum held by account wallets tagged as exchanges is used, which is inclusive of the most important centralized exchanges.

Source: Breaking BFT (2024)

To successfully breach the BFT threshold the attacker would need to acquire ~15 million ETH. This figure surpasses the total ETH held by Bitfinex, Bitstamp, BitMEX, Binance, Bittrex, Gemini, Huobi, and Kraken combined. While other major markets like Coinbase, Uniswap, and decentralized lending platforms could potentially provide additional ETH for the attacker, the likelihood of a liquidity shock emerging before such a far-fetched scenario materializes is significant.

Source: Breaking BFT (2024)

The figure above highlights the relationship between Ethereum's price, the number of validators, and the estimated total cost to execute a potential attack on the network, the TCA. It seeks to map out a three-dimensional space where these variables interact, suggesting that as the Ethereum price increases, or as the number of validators grows, the cost of an attack also rises. The network status as of Dec. 31st, 2023 suggests that the TCA could be estimated around $34 billion. This steep cost serves as a testament to the security and resilience that the Ethereum network's proof-of-stake consensus mechanism aims to ensure, effectively deterring all but the most resourceful adversaries.

Conclusion

In conclusion, the research conducted by Coin Metrics and detailed in "Breaking BFT" provides an in-depth analysis of the robustness of Bitcoin and Ethereum against potential attacks. The Total Cost to Attack (TCA) metric introduced is a valuable tool for assessing the economic viability of such threats. The study's findings suggest that the security of these blockchain networks is underpinned by significant economic disincentives for potential attackers. With the TCA for Bitcoin ranging from $5B to $20B and Ethereum's TCA around $34 billion, it becomes evident that the costs to compromise these systems are prohibitively high.The milestone of Bitcoin's market capitalization surpassing $1 trillion once again, coupled with the excitement surrounding the newly-minted spot ETFs and the approaching Bitcoin halving event signals a dynamic and potentially transformative phase for digital assets.The security mechanisms of major blockchain networks appear to be well-equipped to foster increasing trust and growth in these networks, which, alongside favorable market indicators, paint a promising picture for the future of the cryptocurrency industry.