pull down to refresh

A soft fork is a 51% attack on Bitcoingithub.com/libbitcoin/libbitcoin-system/wiki/Glossary#soft-fork
3473 sats \ 12 comments \ @Scoresby 1h bitcoin

A soft fork is a 51% attack on Bitcoin

A 51% attack can happen when a miner gets a majority of hashpower and is able to control the blockchain by refusing to build on valid blocks from other miners. A miner with a majority of hashpower can do this because we expect them to be able to produce a chain with the most work more quickly than the rest of the miners, thus orphaning blocks found by other miners.
A coalition of miners with a majority of the hash power can achieve the same effect. In fact, this is what happens every time we implement a soft fork.

Hard forks vs soft forks

You've probably heard the difference between hard forks and soft forks described like this: hard forks loosen block validation rules while soft forks tighten them. While this is a popular description, it doesn't always help us think about what is actually happening.

Your node can enforce a hard fork, even if the majority of the network disagrees with you

For a hard fork, nodes that run old software and don't update to the new rules will reject blocks that have transactions following the new rules. This is because the new rules are an expansion: some transactions that weren't previously valid now are. There is no way for old nodes to know about these rules unless they run new software. The choice is update or fork.
Under a hard fork, new nodes think old-style blocks are invalid, and old nodes think new-style blocks are invalid. Thus if old nodes continue creating old blocks, we get a chain of old blocks, and a chain of new blocks. Each community thinks theirs is the one true blockchain. -Nate Eldredge
If there is a chain split, it's fairly straightforward: the nodes and miners who like the new rules will end up on one chain and the node and miners who don't like the new rules will end up on another chain.

Your node must follow a soft fork if the majority of hashpower enforces it

In the case of a soft fork, nodes that don't run updated software with the new rules will still see blocks that follow those rules as valid. Old nodes won't reject blocks on the chain following the soft fork rules because the new rules are a subset of the previous rules.
Under a soft fork, new nodes think old-style blocks are invalid, but old nodes think both types of blocks are valid. New miners, which we assume are in the majority, will create a chain of new blocks only. Old miners may try to create old blocks within this chain, but since new miners won't accept those blocks, they'll get orphaned. The old nodes will think the old miners are just unlucky, and they'll continue to accept the longest chain of blocks which they consider valid. -Nate Eldredge
Even if there are miners still producing blocks that follow the old rules, old nodes won't recognize those blocks unless they are also part of the longest chain. So what determines whether a soft fork is implemented is if the majority of hash power enforces it.

An op_return soft fork example

Imagine there is a soft fork that imposed this new rule: transactions can no longer include op_returns. If you don't run these new rules on your node, you can still stay on the chain that is following the new rules, it may just look like no one is making those kind of transactions anymore.
But what would happen if you created a transaction with an op_return in it?
None of the new nodes would relay the transaction because they don't think it's valid. But, perhaps there are still enough old nodes out there for your transaction to make it to a miner (it doesn't take many).
If the miner is running the new rules of the soft fork, they won't mine your transaction because they don't think transactions can have op_returns in them. But if you reach a miner who hasn't updated their software to the new rules of the soft fork, they very well may include your transaction in a block.
Now we have a problem: all the nodes that are running the new rules of the soft fork won't accept this block as valid.
As far as you are concerned, this isn't much of a problem: all nodes can do is reject blocks that don't follow their rules. No skin off your nose.
But it may be a problem for the miner who mined your transaction. Miners who are running the new rules of the soft fork will throw out the block with your transaction in it because they don't think it's valid. They will keep building on the previous block and if there are enough of them, they'll build new blocks faster than the old miner and the block with your transaction will be orphaned. It all comes down to how many miners are using the new soft fork rules.
And now it may become a problem for you: if a majority of the hash rate refuse to build on the block containing your op_return transaction, it won't become part of the chain with the most work. Even worse: your node won't think there's anything wrong with this.

We need a 51% attack to enforce the soft fork rules

For a soft fork to be successful, a majority of the hash power must be enforcing the soft fork. In such a case, the miners who enforce the rules of the soft fork can refuse to build on top of a block that is mined by a miner who isn't following the soft fork.
This is exactly what a 51% attack looks like: a majority of hash power refusing to build on valid blocks.
I've been reading Cryptoeconomics again, and this is an attempt to work through the definition of "Soft Fork" in the Glossary, which I am copying below.
A Fork that implies a Split unless Enforced by Majority Hash Power. Contraction of the set of potentially-Valid Blocks.
write
preview
related posts
171 sats \ 4 replies \ @047b99aa4d 1h
So expand on that. What happens to the nodes running the new software IF less than 51% of the hashrate isn't mining blocks using the new software? Mechanic has described some kind of mechanism where the chain split can eventually catch up to the other and then a wipeout occurs. Any thoughts on that scenario or how/if it could happen?
reply
271 sats \ 2 replies \ @Filiprogrammer 40m
Let's imagine a fork happens and 40% of hash is on the new rules and 60% of hash remains on the old rules. The chain with the old rules outgrows the one with new rules. (for now) Let's say at a later point in time more miners switch from the old rules to the new rules. Now 60% of hash is on the new rules, while 40% is on the old rules. In this case the new chain will eventually outgrow the old one. Now the new chain is also the valid one according to the old rules, since it is longer. Thus the blocks on the old chain are replaced by the ones on the new fork.
reply
10 sats \ 0 replies \ @Scoresby OP 29m
the new chain will eventually outgrow the old one
This makes sense. Thanks for explaining it. The important point seems to be that a fork needs sustained period of majority hash power enforce its rules.
Thus the blocks on the old chain are replaced by the ones on the new fork.
This comes with a reorg of some length because the old chain that miners were working on gets orphaned.
reply
0 sats \ 0 replies \ @047b99aa4d 9m
So this is the wipeout scenario. If only Ocean is mining blocks on the new software split I don't know how they think their chain would ever be able to catch up... Also, how do block subsidies work in the "split then catch-up" scenario? If there is a reorg after 100 blocks pass does it invalidate the 3.125 Bitcoin awarded?
reply
0 sats \ 0 replies \ @Scoresby OP 1h
To be honest, I find this stuff difficult to reason about, so here's my best guess:
If a soft fork doesn't have majority hash power enforcing it
and if a block gets mined containing a transaction that is invalid according to new rules
miners running new rules won't build on that block
If majority of hash power will build on that block
chain will split
and miners and nodes enforcing new rules will fork off from rest of chain
I don't see how the soft fork side of the split is ever reconnected with old rules side.
reply
202 sats \ 3 replies \ @Filiprogrammer 53m
A 51% attack would be a single entity reorging the chain because they have the majority of the hash rate.
A soft fork does NOT require a 51% attack. We had soft forks in the past. It just requires consensus among at least >50% of the hash rate.
reply
100 sats \ 2 replies \ @Scoresby OP 38m
What is the difference between "consensus among at least >50% of the hash rate" and a single entity with a majority of the hash rate?
reply
202 sats \ 1 reply \ @Filiprogrammer 34m
One turns Bitcoin from decentralized into centralized. The other is just the usual decentralized consensus forming.
reply
0 sats \ 0 replies \ @Scoresby OP 16m
I suspect that it is difficult to make a distinction between "centralized" and "decentralized consensus forming."
Decentralization doesn't necessarily mean good decisions, just like democracy doesn't necessarily mean good decisions. Decentralization just helps us share risk.
It's not hard to imagine a decentralized consensus forming around something that you and I consider antithetical to Bitcoin (for instance, the jpeg people are somewhat decentralized).
My point here is not whether a soft fork is good or bad and I agree that we've had many soft forks in the past, but I want to point out that the mechanism is surprisingly similar to that of an attack.
reply
102 sats \ 2 replies \ @optimism 55m
If done straightforward, it's more like a 95% "attack".
reply
100 sats \ 1 reply \ @Scoresby OP 54m
oh man, I wish I'd said that.
reply
0 sats \ 0 replies \ @optimism 40m
No worries - haven't seen an activation proposal that was straightforward lately. Don't listen to a renaissance man if you're living in modernity; in this case, the modernity of lot=true and bringing out the uasf stick before even proposing a masf.
reply