Photo from unsplash: Bitcoin-security-banner

How Secure Is Bitcoin

Written on April 30, 2024 by Renaka Agusta.

13 min read

Introduction

In the beginning of 2024, most people start to talk about cryptocurrency again. This happened because of an event considered as the big catalyst for the Bitcoin price surge, namely Bitcoin halving. Based on the following historical data, we know that after halving event, Bitcoin price goes up significantly.

Bitcoin halving price surge

Halving in the 2024 is marked as the 5th Bitcoin halving. This halving is considered slightly different from the previous halving because of big financial institutions participation. This situation makes this halving very interesting to follow.

However, as stated by the title of this post, we won't discuss about the price of Bitcoin further. Instead, we will focus on its technology as the underlying of Bitcoin price. The technology behind Bitcoin that i will cover particularly is about the security of Bitcoin since it becomes very important to be considered as a digital asset.

Blockchain

Before we learn further about Bitcoin security, it is better to back to basic. Basically, blockchain is a distributed and decentralized digital ledger that records transactions across a network of nodes. In simple analogy, if we usually used web2 services like Google, Facebook, TikTok and etc, the database is maintained only by them as a service provider. Users don't have privilege to maintain all of theirs data. In blockchain like Bitcoin and Ethereum, everyone has the same privilege to store all of their data.

Node

Bitcoin is distributed accross nodes in network. There is no one that has higher privilege than others. All nodes have the same privilege, so there is no centralized party. Every nodes can stores all transaction data. It's very different when we compared with traditional finance like banking system where all of transactions are stored only by them. As a user, we dont have privilege to store all of our data. It's totaly difference compared to blockchain where users can actively contribute to the system with their nodes. There are several types of nodes in a blockchain, such as:

Full node

Full node is a node responsible to store all blockchain data since the first block which is a genesis block. Genesis block is the first block generated without previous block hash.

Light node

Instead of store entire data of blockchain, a light node store only some data such as block headers. When they need additional data, they will query from a full node. The examples of light node are Trust Wallet and Bread Wallet.

ps: Not all mobile wallets are considered light nodes. Mobile wallet like Metamask doesn't store data as light node does. Instead, they only query from a full a node.

Miner node

Miner node is a node responsible to validate a new transaction and include it to the new mined block. Some people consider that full node and miner are same but actually they aren't. Both of miner node and full node are required to store all blockchain data. However, a full node doesn't have to perform mining. Mining requires high computational resources to solve mathematical problem before a new block is created.

Block

Basically, block is a container for data stored in a blockchain. The core data stored in block is transactions. Current block is linked to the previous minted block by storing it's previous block hash on it's header. Typically, a block is divided into two parts: a header and a body.

Bitcoin block structure

As we can see, header of a block contains

  • Current block hash: Result of hash function of current block content.
  • Previous block hash: Result of hash function of previous block content. This property makes current block is linked with the previous block directly and all of blocks is chained inderectly.
  • Version: Version of blockchain when the block is mined.
  • Nonce: Value that needed to find out by miners to solve the hash puzzle.
  • Merkle root: Unique structure data that contains hash of block's transactions that is used to verify validity of transaction.
  • Timestamp: Time when the block is mined.
  • Difficulty target: The number of leading zero required to solve the hash puzzle.

While the header stores various properties, the body of block stores list of transactions.

Transaction

Transaction is the core of stored data in the blockchain. It can be simplified as sending some Bitcoins from a Bitcoin wallet to another Bitcoin wallet. Below is the structure of Bitcoin transaction data:

Bitcoin transaction structure
  • Version: The version number used by transaction. Version number is used to specify rules to be used by miners and nodes for transaction processing based on it's version.
  • Input Counter: Indicates the length of inputs.
  • Vin (List of inputs): Contains reference unspent transaction outputs (UTXOs) from previous transactions on the blockchain. These UTXOs contain the amount of Bitcoin being spent. Just information, Bitcoin doesn't use Account-Based Model instead UTXO Model if someone who wants to transfer some Bitcoins, they have to include references to unspent transaction outputs (UTXO).
  • Output Counter: Indicates the length of outputs.
  • Vout (List of outputs): Contains some data that specify amount of Bitcoin, recipient address, special condition.
  • Locktime: Store timestamp when the transaction is considered as a valid transaction.

Then question arises, how someone can make a transaction in a blockchain?

Basically, it depends on the consensus of its blockchain. Consensus means a general agreement. Each blockchain has its own consensus. For example, Bitcoin uses proof-of-work to create a new valid block, while Ethereum uses proof-of-stake. Since we focus on Bitcoin, i will cover how to create a transaction in proof-of-work mechanism.

Proof Of Work

This mechanism requires a node, especially that act as a miner to trade off their own computational resources before proposing a new block to the network. Their computational resources are used by miners to compete to solve the puzzle. The first one who can solve the puzzle will receive a reward. The work to solve the puzzle is called as mining.

With proof of work mechanism, to attack Bitcoin network, someone doesn't need to control over the 51% nodes, instead, they have to control at least 51% computational resources of Bitcoin network. So, we can conclude that the higher Bitcoin network computational resources, the more secure Bitcoin network is.

Attacks

In the blockchain realm, there are various attacks possibly occur. The types of attacks are very depend on consensus used by a blockchain. As I have stated before, for a blockchain use proof of work, the security relies on its network computational resources. Absolutely, it might be difference with others blockchain like Ethereum that use proof of stake or solana that use proof of authority. Here are some some possible attacks that can occur to the Bitcoin network that use proof of work mechanism:

Double Spending

An attacker creates two conflicting transactions. The first transaction is created to send a number of coins to the recipient and the second transaction is created to send them back to himself. An attacker can mine a block to include the second transaction, while other miners will include the first transaction. Due To their computational resources, they can be the first one who can solve the puzzle. If the attacker continue to mining with a lot of resources they have, they can have a longest chain. So there are two different chains currently. This condition makes forking is required. Bitcoin follows the rules where the longest chain will be considered as the valid chain. So the attacker chain will be chosen. But for this scenario, it is not enough to take over of 51% computational resource, the attacker should have the recipient private keys to create the second transaction.

Transaction Censorship

An attacker who controls the network power can create a new block easily without including some unwanted transactions. This scenario can be detrimental to targeted parties because their balance becomes useless.

Denial of Service (DoS) Attacks

An attacker could disrupt the network by creating many invalid blocks. This attack causes delays in transaction processing.

Chain Reorganization

This attack change old blocks to give advantages to the attacker. For example, replacing the existing transaction recipient address with attacker address in mined blocks. Continue to mine until make his own chain as the longest chain will make his chain chosen by the network since Bitcoin follow longest chain as the valid chain.

Mining

Mining is the process of creating a new block in a blockchain. Actually, the term of mining can be considered as a misnomer. Most people use that term as it has similarity to the gold mining, where, as a miner we have to spend energy and resources to receive the valueable rewards.

Before discussing about mining further, we have to understand how transaction lifecycle works.

Transaction lifecycle

The preceeding diagram can be explained as follows:

  1. The sender create a transaction.
  2. The sender's Bitcoin wallet sign the transaction using sender's private key.
  3. The transaction is broadcasted to the network.
  4. Miners who are listening for the transaction will store it to mempool. Mempool (Memory pool) is a container used to store requested transactions before they are mined and added to the blockchain.
  5. Miners add transactions from mempool to include them to a candidate block. At this step, miners can prioritize which transactions they want to include to a candidate block based on fees. Then, miners perform the mining process.
  6. When a miner who can create a valid block, the block will be broadcasted to the network.
  7. The network will verify the received block and confirm its validity.
  8. Receiver get the Bitcoin.

Based on the above explanation, we know that miners will compete to be the first to create a valid block. Then question is, what actually means as a valid block?

Valid block is a block that has property current block hash that satisies the current difficulty target. For example:

The value of current block hash in hexadecimal format is

000000000000000000043f43161dc56a08ffd0727df1516c987f7b187f5194c6

It means the current difficulty target requires that the current hash value has at least 21 leading zeros. The difficulty target has a correlation with the number of leading zeros produced by hash function. Bitcoin uses SHA256 alghoritm to hash the block. If the first attempt hash is not satisfy the difficulty target, miner will adjust the nonce until the result of hash function satisfies the difficulty target.

If the difficulty target requires 1 leading zeros, means in the worst scenario, we have to perform 16 iterative hashing processes. The number of 16 is calculated by the combination the value that we can get from SHA256 for each character. SHA256 output is in hexadecimal format which ranges from (0-9) and (A-F) so each character has 16 possibilities.

Suppose the current difficulty target requires 10 leading zeros, means the miner has to perform \(16^{10}\) iterative hashing in the worst scenario.

Actually, the difficulty target doesn't reflect directly to the number of required leading zeros, instead, there is only a positive correlation between them. In real, the hash value is converted to the decimal format. If the value is lower than current difficulty target, the hash value is considered as a valid hash. As we know, the lower decimal value, the more leading zeros it has in hexadecimal format. Not only that, using leading zeros as a representation give an easier explanation to non-tech people.

We can conclude that the lower difficulty target, the more effort is needed to perform a mining process.

Suppose the current difficulty target is \(10^{60}\). Let's calculate the number of hashing steps required in the worst scenario.

  1. Convert the value of ** \(10^{60}\)** to hexadecimal format and the result is
9f4f2726179a224501d762422c946590d91000000000000000
  1. The length of the hash result is 51.
  2. Since SHA256 output length in hexadecimal format is 64 we can calculate the leading of zeros with subracting 64 with current hash length in hexadecimal format. The number of leading zeros is \(64-51=13\).
  3. The number of hashing required in the worst scenario is \(16^{13}=4.5035996\times10^{15}\).

Doing \(4.5035996\times10^{15}\) hashing attempts is not an easy task. It requires a lot of resources and time. The value of difficulty target is adjusted after 2016 blocks ared mined. The adjustment of difficulty target is required to maintain the block production rate. In term of Bitcoin, the network maintains to produce a new block for every 10 minutes. If avarage time required to create a new block is less than 10 minutes, the difficulty target will increase, and vice versa.

The number of hashing that done by network in a second is called hash rate. The higher hash rate, the more secure the network is. It could happen because it makes attackers who want to take control 51% of computational powers has to spend a lot of resources. A higher hash rate also means time required to mine a new block might be decreased.

The current hash rate of Bitcoin network is 643.58 EH/s. EH/s stands for Exa Hash per second. Exa is a very big denomination which is equivalent to \(10^{18}\). So the current Bitcoin network can perform 643,58 quintillion hash calculations in just one second. Of course it's a very big number for computational power. Someone who want to attack Bitcoin network requires a lot of resources and it doesn't guarantee it will be profitable to do.

There is a tweet giving some interesting analogies about the current value of Bitcoin hash rate in the previous year when the Bitcoin hash rate reached 500 EH/s

Hash rate analogy post

You can find that tweet on this link.

Those analogies show us that Bitcoin network as a digital asset nowdays is secured with a very big computational power even if we compare to the power of servers that big tech companies have like google, microsoft, amazon etc. And based on the historical data, it's getting bigger and bigger over time.

Hash rate history

Conclusion

Bitcoin as the most well-known cryptocurrency is reasonable to be demanded by many parties since there are great fundamentals behind that. One of them is the security that Bitcoin offer. As a digital asset, security is one of the most fundamental aspect we have to consider nowdays. And as I have explained before, the security of Bitcoin relies on its computational resources of the network which can be represented by the value of hash rate. As we know the current Bitcoin hash rate has achieved a very high number. The good thing is that the value of hash rate is increasing over time, reflecting unstoppable improvement of bitcoin's security.