Cryptocurrencies & Security on the Blockchain Mining Pools Prof. Tom Austin San José State University
Review: Bitcoin mining • Miners verify transactions – Must find a proof-of-work. – Reward: newly generated bitcoins, plus transaction fees. • One-CPU-one-vote • Key to Bitcoin's decentralization
Bitcoin Mining Rig, 2009
Bitcoin Hash Rate Over Time
Bitcoin Mining Rig(s), today
Application-Specific Integrated Circuit (ASIC) • Speed up mining • Expensive • Off-the-shelf hardware cannot compete – On the other hand, neither can botnets • Result: mining is less decentralized
Mining Pools • Share rewards for steadier payout – Less BTC now > more BTC later • Operator collects fee for coordinating • A variety of mining pool schemes exist • Meni Rosenfeld, Analysis of Bitcoin Pooled Mining Reward Systems , 2011.
Mining Pool "Shares" • Coordinator determines blocks. • Miners report "shares" to coordinator. – "Near misses" – Easier target (about 1000x easier) • So share of mining rewards are determined by a PoW.
Pay-Per-Share (PPS) • Operator immediately pays for shares • Operator absorbs cost of paying shares • Higher transaction fees
Proportional Reward (PROP) • Finding shares earns future rewards • Everyone gets paid when proof is found • Lower fees • Vulnerable to pool hopping attack
Pool Hopping Attack A miner can: • Find a share early in the search for a new block. • Continue to benefit from the mining work of other miners in the pool. • Switch to a new pool. Rewards exceed the rewards of playing fairly.
Pool Hopping Example (in-class)
Other attacks • Sabotage (aka vigilante attack) – Miner submits shares, but throws away proofs – Miner benefits when pool wins – Pool does not benefit from miner's hashing power • Lie in wait attack. A miner in a pool: – Finds a valid block, but withholds it – Searches for a bunch of additional shares – Announces block after gathering extra shares
Pay Per Last N Shares (PPLNS) • Same as PROP, except … • Rewards are only paid to the last N shares • Introduces time element • Dis-incentivizes pool hopping • Dominant approach today
Bitcoin Centralization • ASICs reduce the number of miners • Mining pools concentrate mining power in hands of pool operators – Worse yet, large pools pay out rewards more frequently • RESULT: Bitcoin is becoming more centralized
Why do we care?
Problems with Centralized Mining • 51% attacks • Double-spending • Censorship – Feather-forking • Coercion – Law enforcement could arrest pool operators • Selfish-mining
Bitcoin is Broken http://hackingdistributed.com/2013/11/04/bitcoin-is-broken/ Bitcoin is broken. And not just superficially so, but fundamentally, at the core protocol level. --Ittay Eyal and Emin Gün Sirer
Majority is Not Enough • Eyal and Sirer, "Majority is not Enough: Bitcoin Mining is Vulnerable", FC 2014. • Conventional wisdom: – BTC works if majority of miners follow the protocol. – Wrong • Two-thirds must be honest – And that is the best theoretical case. • Practical solution suggested – Requires three-quarters of miners are honest.
Selfish Mining Attack • Selfish miners find a block – They do not publish it • They begin searching for the next block • Other miners waste work building off of an orphan block • If another miner finds a proof, the selfish miners share their own block
Selfish Mining Example (in-class)
Propagation of Selfish-Mining Block • Network seeded with colluding nodes • When nodes receive a block: – Share the selfishly mined block instead. – With enough Sybils, selfish miners will probably win
Propagation of Selfishly Mined Block (in-class)
Defenses • Randomly choose between blockchains of equal weight – Defeats propagation of selfishly mined block – Eyal and Sirer's defense • P2Pool – Peer-to-peer mining pool – A mini-blockchain replaces the pool operator • Non-outsourceable puzzles
Non-outsourceable Puzzles • Observation : pool members do not trust each other. • Solution : design proof so that the private key for the reward is required. • Mining proof is found before the coinbase address is specified. • For a good overview, see https://www.youtube.com/watch?v=zqo64quO 7og
Are Non-outsourceable Puzzles a Good Idea? • Would break up benign pools – P2Pool • Might force investors to invest in larger server forms – Increasing centralization further
Is selfish mining a real threat? • Craig Wright, The cancer that is the Selfish mining fallacy , Medium 2018. • Yotam Gafni, “The selfish mining fallacy” explained and debunked, Hackernoon 2018. – Debunks Wright's objections to selfish mining. • To date, no selfish mining attacks have been spotted.
Eyal and Sirer Comment: There are four stages of acceptance to new ideas: 1. This is worthless nonsense. 2. This is an interesting, but perverse, point of view. 3. This is true, but quite unimportant. 4. I always said so.
Recommend
More recommend
