calculate 51% attack cost

[raedah]

This can be put anywhere on dcrdata. Its a frequently discussed number, and dcrdata is the best place to be able to reference the equation as well as get the current calculated result.

[jzbz]

The problem with this is it requires making a bunch of assumptions.

• The easy part is figuring out the cost of acquiring 51% of the hashrate assuming you could just buy the most efficient miners in bulk (this is highly unlikely).

• The next part is more complicated, if we are to assume the attacker does not already have the DCR necessary to purchase the PoS tickets to effectuate the attack we will need a way to estimate what acquiring enough DCR in the open market would do to the price. This is extremely complex and taking a cursory look at the order books will make it clear that even if the price of DCR were not influenced by the huge buys that would be taking place (impossible) it would still be an uphill battle to acquire enough size.

• Cost of DCR in USD terms also also dovetails with the final issue of figuring out the cost of the requisite tickets in DCR terms as the sdiff algo does its thing and price ratchets up to maintain target pool size, calculating this is likely doable and it would definitely be interesting to model some scenarios where millions of new DCR begin to compete for tickets.

[oregonisaac]

• I think we can assume SOMEONE could purchase the ASICs at bulk, so it seems like a reasonable assumption to include as is.
• We don't know who some of the stake accounts are, but we know they max out at 537,907.035, so there could be two calculations, internal and external attack price, which would just bump your starting place on the PoS purchase calculation by maximum of 10% - https://www.dcr.observer/#voting-stakesubmission which is below the threshold to impact the PoW percentage required for an attack, and there is only 1 staker out there with that much power. We could still include it though rather than leaving an assumption that could be attacked by trolls.
  
• While cost of DCR is influenced by huge buys, we could make the assumption that available supply on exchanges could be purchased at the prices in the books today, and see what that comes out with...I think the numbers will show some high prices, but there are OTC desks holding DCR and selling for miners at market rates, perhaps a logical 3rd variable would be "time to prepare attack" with the assumption that at approximately the rate of PoW reward DCR can be purchased at market rate. This is not completely accurate, it is very conservative and the cost of course will likely go higher and if someone was buying all the DCR at PoW reward rate that would also spike the market, but it helps to illustrate the complexity and security of the multiple variables at play.

[raedah]

Electricity cost could be added in for the PoW. Electricity cost is a variable. Market depth, which there likely is not even enough of, will be a challenge. To start, Id be curious to iterate and just see the cost is to attack at the current market price. A variable to consider is asset value of the coins someone would have to hold at current market price vs the cost to attack if someone had to buy the coins on the open market today. Could then factor in all the coins available on the books and see where that gets us. Could do a best estimate from there (maybe) by looking at % of coins available on books, and % price increase. I can likely get the market depth information built. Percent of coins being staked will need to be included in the equation.

[raedah]

Including these related linked here. They have not been verified accurate.

https://medium.com/decred/decreds-hybrid-protocol-a-superior-deterrent-to-majority-attacks-9421bf486292

https://blog.usejournal.com/apples-to-apples-decred-is-20x-more-expensive-to-attack-than-bitcoin-68bafeb4546f

https://www.crypto51.app/

https://www.reddit.com/r/decred/comments/8o0vuf/estimating_the_costs_to_51_attack_the_decred/

https://www.reddit.com/r/decred/comments/8mvj8j/decred_question_are_we_double_spend_proof/

https://www.reddit.com/r/decred/comments/7sijy5/51_attack/

[buck54321]

We can assume that the ticket price stays constant, which will yield cost curve like this (PCA -> cost of attack).

The temptation is to take the minimum of that curve, and call it the attack cost, but the minimum occurs in precisely the region where we have the least confidence because of the complicated economics mentioned above.

Another approach would be to just quote the cost at zero stake, but that would be quoting a cost for an impossible attack because at low stake, it would take literally years to mine and validate a block on a private chain. The attacker must control an appreciable portion of the total stake, but exactly what portion do you pick.

[0xmzz]

A few ideas to calculate cost of attack.

Calculating cost of acquiring hashpower:

1. Using nicehash is an idea that may be simple. Crypto51 bases attack cost for bitcoin like this even though it does not have sufficient hashpower. We can, in theory, calculate the cost of attack using the curve for whatever hashpower is available on nicehash, for example, you would need ~89% of the staked dcr if you had ~1% of the hashpower.

2. Hashpower based on the price of current ASICs on https://www.asicminervalue.com/

• We could adjust price based on gross margin to make it more realistic, but this is not public information.

3. Calculate the cost to fabricate ASIC's. This is something I am attempting to research and see if it is beneficial over the previous two ideas. But it will likely have its own sets of assumptions like:

• production cost per wafer(300mm/12'', industry standard) for the 7nm and 5nm process
• Figuring out die size to see how many chips per wafer per unit + rest of standard parts ( ps, heatsink, etc.).

• Imo Opex could be omitted if we assume block reward + txfees = electricity cost + facilities costs

Calculating Cost of Acquiring stake

• cost of the closing price on cmc * % of the ticket pool value requirement we choose to use.
  I think the only uncomplicated way is to assume that the attacker already has the stake. The dcr price can be the closing price, for example on cmc (https://coinmarketcap.com/currencies/decred/historical-data/). More sophisticated attack ideas can be added over time.

[noahpierau]

This issue was referenced in a recent discussion: https://matrix.to/#/!OfChXgczrIlpEZSFAv:decred.org/$15629762372052350sNIgB:matrix.org

Reason for reference:
"it would be fascinating to add a section that displays the cost of attack of Decred in real time, since sites like www.crypto51.app conveniently decided to leave Decred out (...) Immutability is probably the most important factor of a strong SoV, and we need to do a better job at educating the public about Decred's unique and powerful security approach."

There seems to be a concept tool available built by Raedah Group.

Raedah mentioned:
"It will require some assumptions. That's why the page is interactive, so users can tweak the variables as they see fit. Even with the most conservative settings, it will demonstrate how much more expensive the attack is on Decred relative to Bitcoin. (...) Would be good to have some standard default settings and make the attack cost value available on an API to be integrated on sites that list coin attack costs."