*2.3. Security*

Security is a fundamental requirement in a blockchain. Insufficient or absent security permits an attacker to spend the same amount several times (double spending), thereby enriching himself at the expense of others and changing the blockchain's immutable status. Such a scenario could occur in a 51% attack. Notably, the blockchain scalability trilemma is not a theorem, but in the context of distributed systems, the combination of consistency, availability and partition tolerance (CAP) is a fundamental theorem. This combination

emphasises the difficulty of creating a decentralised, secure, scalable system, particularly in the case of blockchain technology, which is still developing and immature. The Bitcoin Blockchain, for example, features high security and decentralisation, but it is not scalable; the maximum number of transactions it can support is seven per second. Although it is not used as the sole currency, it represents a significant milestone in computer history by demonstrating the use of a digital cryptocurrency in a peer-to-peer network.

Additionally, most public blockchains, such as Bitcoin and Ethereum Classic [41], use a PoW consensus protocol to ensure that the data are immutable because all transactions must be mined to solve the complexity of the block. However, this protocol is susceptible to double-spending attacks, which occur when a user makes a second transaction with the same data as a previous one that has already been validated. Furthermore, if the miner controls more than 50% of the computing power managing the blockchain, he might be able to prevent the generation of a new block because any proposed change to the protocol must be supported by more than 50% of the participants. Therefore, amongs<sup>t</sup> the numerous attacks that affect Blockchain protocols, 51% should receive additional attention. As a rule of thumb, blockchain technology is based on a distributed consensus mechanism that ensures mutual trust. When a miner owns more than 50% of the hash power in a PoW-based blockchain, he can carry out a 51% attack. In this case, he will receive 100% of the rewards from mining because he will create blockchains that are longer than those of any other miner. A double-spending attack can also occur if the same unspent transaction output (UTXO) is used for two transactions at the same time, thus erasing the last confirmed blocks from the blockchain and possibly corrupting the blockchain itself. Throughout the years, technologies such as Bitcoin that economically incentivise nodes to become miners have increased to a high number of nodes. Therefore, such an attack would require a considerable amount of hash power. Small blockchains, which have a hash power that is lower than that of Bitcoin, are not excluded from this attack. Examples of cryptocurrencies that are affected by 51% attacks include Monacoin [42], Bitcoin Gold [43] and ZenCash [44]. Furthermore, mining pools entail several miners sharing their computational power with several others who share the compensation proportionately to their shares of computing power. Owing to the advent of Bitcoin mining pools, an organisation can carry out a 51% attack if the sum of the hash power of all registered nodes exceeds 50% of the total network hashpower.AnexampleofBitcoinblockchain51%attackisshowninFigure 2.

**Figure 2.** Illustration of Bitcoin blockchain 51% attack. If an attacker acquires more than half of the global hashing power, they will be able to mine a hidden chain that will eventually surpass the length of the public chain. Once the hidden chain surpasses the length of the public chain, it can be published and accepted as the new truth.

In addition, an attack with new hash power implies that an attacker has opted to obtain a more powerful hash power than that of the public chain, having the advantage of not knowing the start of the attack because no hashing power will leave the live network. Apart from the fact that this is a stealth attack, it does not force the difficulty to adjust to the live network as a result of a drop in its hash rate, thereby preventing new miners from joining the live network. In this case, the only factor that affects the live chain's hash rate and complexity is the Bitcoin price itself. By contrast, this attack is twice as costly to execute as the current hash power attack. The execution of a 51% attack with new hash power is shown in Figure 3.

**Figure 3.** Execution of a 51% attack with new hash power.

In sum, according to the literature, current systems have different aspects that make blockchains non-scalable [45]. Three critical aspects stand out in particular:


Given these aspects, the computational capacity and bandwidth of the individual nodes must be proportionally increased (vertical scalability). Horizontal scalability, in which additional nodes are added to the network in response to the increased volume of transactions, is preferable.
