Dan Larimer Cannot Censor Accounts with 51% of Hashes
I have been following the ongoing debate about the capacity for eos to censor certain accounts. My interest lies in the fact that such censorship is in complete contradiction to everything I believe crypto should represent. In my reading, I stumbled on this steem post https://steemit.com/eos/@thecastle/oooohhhhhhh-x-wait-is-this-fucking-true, that presents tweets where @dan (Dan Larimer) claims that a given account could be censored by convincing only 3 of the top 5 miners to reject specific transactions. Deeper in this thread @dan claims "Give me control of 51% hashpower if any chain and I’ll freeze all accounts to prove point."
Here I show that @dan is positively mistaken and his statement qualifies as FUD against ethereum and any proof of work blockchain. In this analysis, I give @dan a lot of hashes with which to censor transactions and demonstrate he can not censor anyone temporarily with certainty, and can not censor anyone indefinitely with any chance of success.
Let's fist consider what is involved in a 51% attack. The way a 51% attack works is that you have two groups of miners. Public miners and secret miners. Secret miners aren't always secret, but I will call them secret to underscore how a 51% attack works.
The secret miners begin the 51% attack by picking a branch point on the chain on which it will add secret blocks. That is, these blocks are not broadcast to the public network. Exchanges don't see them, typical users don't see them, block explorers don't see them, etc.
The secret miners proceed to mine this secret chain until it has a significant length advantage over the public chain, then they publish the longer chain, at which point the public miners must reorganize chains and accept the longer chain that has more work.
To "censor" transactions, the attackers must systematically exclude particular accounts.
But there is a catch that @dan completely ignores: finality of transactions is not a function of the blockchain like @dan wishes it to be, it is a function of the real-world entities that interact with the blockchain. This concept of finality is what makes a 51% double spend attack work, by the way. (A 51% double spend attack is not the same as "censoring" with 51% of the hashes, which is the subject of the following analysis.)
Consider an exchange, like bittrex, that requires only two confirmations to credit a bitcoin transaction. Imagine if we "gave" @dan 51% of the bitcoin network to censor whoever he wished. Could he have success censoring this person from sending coins to bittrex? I won't present the math here, but this amounts to sampling problem where the chance of success for the censored party is about 44% on any try spanning two blocks (given some conservative assumptions about the variance of mining power--the more variance, the easier it is for Alice).
In other words, let's say @dan has 51% of the hashes, and is trying to censor Alice. Every 2 blocks, Alice tries to send her transaction to bittrex to spend it. She has a 44% chance each time she tries to push the transaction through.
Alice's censorship at this point turns into a joint probability, where after 1 day of 72 tries (144 bitcoin blocks per day) we calculate the probability Alice will fail all 72 times with a 56% (100% - 44%) probability of failure on each try.
Basically, Alices chances of failure are so infinitesimal (1 in 1.35x10^18), that her chances for success within one day is absolute, rounding to 100% after 16 decimal places.
Clearly @dan can not censor Alice, or anyone else, with only 51% of the bitcoin hashes.
Now, let's take an extreme example where we give @dan 66% of the ethereum network. Can he censor Alice from sending ETH if she can find an exchange that credits her balance after 5 confirmations? This would admittedly be a rare exchange, but she only needs one outlet to spend her ethereum to bypass @dan's censorship.
This turns into a sampling problem where Alice has an 0.01% chance of success over any 5 block interval. Now @dan has some real power. But can Alice push a transaction through in a day?
Because ethereum has 15 second blocks, Alice has 1152 tries per day to push her transaction through, each with an 0.01% chance of success (or 99.99% chance of failure). In this case, @dan is doing much better than he did with all the bitcoin mining power. Alice only has about an 11% chance after 1 day, about a 20% chance after two days, and about a 68% chance after 10 days. If Alice keeps trying for a month, she will have about a 97% chance of getting it through. And after 3 months she'll get it through with a 99.997% chance. Dan is likely to give up after 6 months because Alice will have succeeded with 99.9999999% probability.
Sorry @dan, you can't censor anyone indefinitely with only 2/3 of the ethereum hashes. You'll need much more.