Controlling only 51% of the current operating power of the miners would take over eventually but it would take a very long time. Since each client trusts the longest chain, you would have to recompute a new chain that's longer than the entire chain so far. If you only pay for an extra 1% over the "legitimate" chain, it would take several years to make a longer chain.
You're thinking of the wrong scenario. If you have 51% of the power you start mining a new block off the latest legit block but you include 0 or no "real" transactions in it. After you find one, you only compute new blocks off of _your_ "bad" last block. Since you have 51% you will control the entire blockchain from this point on. And you can basically shut down all transactions.
Note that we aren't trying to reverse any transactions or steal people's bitcoin. We are just trying to stop all transactions. This is what bitcoin is all about, so do this and you've destroyed bitcoin.
You're right, sometimes someone else will find a block before you and will add it onto the longest existing chain. IF you always appended your bad blocks to the longest chain then the blockchain would look something like bad->bad->good->bad->bad->good->bad->bad. BUT you WONT be adding your blocks to the longest chain. You will always add your blocks to YOUR OWN last bad block. So you will always be working on a blockchain that looks like ... ->bad->bad->bad->bad. And since you have 51% of the power your blockchain will eventually always be longer than the other chain(s) miners are working on. For a while the two chains (legitimate and your bad one) will go back and forth between which is longer. But at some point yours will get long enough and outpace the legitimate one.
If you don't understand this you don't understand how bitcoin works. I don't say this to be a dick, but I say it because this is a real concern that a lot of people don't realize or think about.
I hadn't thought about only working on your own blockchain like that.
A piece I'm missing is the heuristic most clients use to determine "longest". Depending on how that works, this plan could be really easy or really hard.
I believe the way longest chain is determined is the sum of the difficulty of all the blocks. This basically boils down to just the chain with the most cpu power that went into it. So as long as you control the majority of the cpu power, you can control the longest chain.
Why do you need to recompute the entire block chain. At the moment, the block chain is in some state. If you control the majority of the processing power, you can devote it all to expanding the chain from that state. Because you have more CPU, your version of the block chain would replace the old version when you choice to release it. This would not let you re-write history from before you started mining, but gives you complete control of events after you started.
