Bitcoin's consensus mechanism refers to the fact that it is very difficult, at least theoretically, for a miner (or mining pool) to attempt to use its own arithmetic power to practice deception or sabotage. Bitcoin's consensus mechanism relies on the premise that the vast majority of miners, in their own best interest, will maintain the entire Bitcoin system by mining honestly. However, when a miner or group of miners emerges with a large amount of computing power in the system, they can achieve the goal of undermining the security and reliability of the Bitcoin network by attacking the Bitcoin consensus mechanism.
It is worth noting that consensus attacks can only affect the future consensus of the entire blockchain, or, at most, the consensus of a few blocks in the near past (up to 10 blocks in the past). And as time goes on, it becomes less and less likely that the entire Bitcoin blockchain will be tampered with. In theory, a blockchain fork can become very long, but in practice, the arithmetic power required to implement a very long blockchain fork is very, very large, and as the entire Bitcoin blockchain gradually grows, past blocks can basically be considered untamperable by the fork. Also, consensus attacks do not affect the user's private key as well as the encryption algorithm (ECDSA). Nor can a consensus attack steal bitcoins from other wallets, pay out bitcoins without a signature, redistribute bitcoins, change past transactions, or change bitcoin holding records. The only impact a consensus attack can have is to affect the most recent blocks (up to 10) and to affect future block generation through denial of service.
A typical scenario of a consensus attack is the "51% attack". Imagine a scenario where a group of miners control 51% of the computing power of the entire Bitcoin network, and they join forces with the intention of attacking the entire Bitcoin system. Since this group of miners can generate the majority of blocks, they can intentionally create a blockchain fork to "double-pay" or block a specific transaction or attack a specific wallet address through a denial of service. A blockchain fork/double payment attack is when an attacker disowns a recent transaction and reconstructs a new block before that transaction, thereby creating a new fork and enabling double payment. With the guarantee of sufficient arithmetic power, an attacker can tamper with six or more recent blocks at once, thus making the otherwise untamperable transactions contained in these blocks disappear. It is worth noting that double payments can only be made on transactions that occur in wallets owned by the attacker, since only the owner of the wallet can generate a legitimate signature for double payment transactions. An attacker can only perform a double payment attack on his own transactions, but such an attack is profitable when the transaction corresponds to an irreversible purchase.
Let's look at a real-world example of a "51% attack". In Chapter 1, we talked about a transaction between Alice and Bob for a cup of coffee using Bitcoin. Bob, the owner of the coffee shop, is willing to provide Alice with a coffee when her transfer is confirmed at zero, because the risk of a "51% attack" on such a small transaction is small compared to the immediacy of the customer's purchase (Alice can get the coffee immediately). It's the same way that most coffee shops don't take the time and effort to ask for a signature for credit card purchases under $25, because it's more expensive to ask for a credit card signature than the risk that the customer might revoke the credit card payment. Accordingly, the risk of double payment for large transactions paid with Bitcoin is much higher, as the buyer (attacker) can cancel the real transaction by broadcasting a forged transaction across the network that is identical to the UTXO of the real transaction. The double payment can be done in two ways: either before the transaction is confirmed or by the attacker through a blockchain fork. The person conducting the 51% attack can cancel the transaction recorded on the old fork and then regenerate a transaction of the same amount on the new fork, thus achieving double payment.
To avoid this type of attack, merchants selling bulk items should wait until the transaction has received six network-wide confirmations before delivering the item. Alternatively, the merchant should use a third-party, multi-signature account for the transaction and also wait until the transaction account has received multiple confirmations across the network before delivering the item. The more confirmations a transaction has, the more difficult it is for an attacker to tamper with it through a 51% attack. For large transactions, using Bitcoin payments is convenient and efficient for both buyers and sellers, even if the goods are shipped 24 hours after payment. After 24 hours, the transaction will have at least 144 network-wide confirmations (effectively reducing the likelihood of a 51% attack).
In addition to the "double payment" attack, another attack scenario in the consensus attack is the denial of service to a specific bitcoin address. An attacker who has the majority of the computing power in the system can easily ignore a particular transaction. If the transaction exists in a block generated by another miner, the attacker can intentionally fork the block, regenerate it, and remove the transaction he wants to ignore from the block. The result of this attack is that as long as this attacker has the vast majority of the computing power in the system, he can continuously interfere with all transactions generated by a particular wallet address or group of addresses for the purpose of denying service to those addresses.
Note that the 51% attack does not require at least 51% of the attacker's computing power to launch, as its name suggests; in fact, it can still attempt to launch such an attack even if it has less than 51% of the system's computing power. The reason why it is named 51% attack is simply because when the attacker's computing power reaches the threshold of 51%, its attack attempt will almost certainly succeed. Essentially, a consensus attack is like a system where all the miners' arithmetic is divided into two groups, one with honest arithmetic and one with attacker arithmetic, and both groups are competing to be the first to compute new blocks on the block chain, except that the attacker arithmetic computes carefully constructed blocks that contain or exclude certain transactions. Thus, the less computing power the attacker has, the less likely he or she is to win the duel. On the other hand, the more computing power an attacker has, the longer the chain of forked blocks he or she may intentionally create, and the more recent blocks that may be tampered with or future blocks under his or her control. Some security research groups have used statistical models to conclude that 30% of the network's computing power would be enough to launch a 51% attack.
The dramatic increase in network-wide computing power has made it impossible for the Bitcoin system to be attacked by a single miner, as it is no longer possible for a single miner to occupy even 1% of the network's computing power. But centrally-controlled mining pools introduce the risk that a pool operator will attack for profit. The pool operator controls the generation of candidate blocks, and also controls which transactions are placed in the newly generated blocks. In this way, the pool operator has the power to exclude specific transactions or double payments. If this power is abused by the pool operator in a subtle and measured way, then the pool operator can launch consensus attacks and benefit from them unnoticed.
However, not all attackers are out for profit. One possible scenario is that the attacker is launching an attack simply to disrupt the entire Bitcoin system, rather than for profit. Such an attacker intent on disrupting the Bitcoin system would require a huge investment and careful planning, so it is conceivable that such an attack would likely come from a government-funded organization. Similarly, such attackers might purchase mining machines, operate mining pools, and perform consensus attacks such as denial of service by abusing the aforementioned power of the pool operator. However, as the Bitcoin network's computing power grows geometrically and rapidly, these theoretically feasible attack scenarios have become increasingly difficult to implement in practice. Recent upgrades to the Bitcoin system, such as the P2Pool mining protocol, which aims to further decentralize mining control, are also making these theoretically feasible attacks increasingly difficult.
There is no doubt that a serious consensus attack is bound to reduce confidence in the Bitcoin system, which in turn could lead to a dive in the Bitcoin price. However, the Bitcoin system and related software is also constantly improving, so the Bitcoin community is also bound to respond quickly to any consensus attack in order to make the entire Bitcoin system more robust and reliable than ever.