-
Notifications
You must be signed in to change notification settings - Fork 32
/
Copy pathWeek 5 : Bitcoin Mining
714 lines (597 loc) · 34.5 KB
/
Week 5 : Bitcoin Mining
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
----------------------------------------------------------------------------------------------------------------------------------------
5.1 : The task of Bitcoin Miners
----------------------------------------------------------------------------------------------------------------------------------------
* Mining Bitcoins in 6 easy steps
----------------------------------
(How to become a Miner)
1. Join the network, (become a Bitcoin node), listen for transactions.
- Validate all proposed transactions.
2. Listen for new blocks, maintain block chain.
- When a new block is proposed, validate it.
3. Assemble a new valid block.
4. Find the nonce to make your block valid. (Hard - computationally).
5. Hope everybody accepts your new block.
6. Profit! (>25 BTC / block -> $15,000).
* Finding a valid block
----------------------
-> Two main hash-based data structures.
1. block-chain - each block's header points to the previous block header in the chain.
2. Merkel tree within each block - hash-based binary tree of all the transactions included within that block.
# Miners assembly all the transactions from the pending pool into the tree.
# Create a block with the right header that points to the previous block.
# Then need to start searching over the nonce field to try to have the hash of the block headers start with the required number of zeroes.
# Can start with a nonce of all 0's (32-bit) - get an incorrect hash; Keep trying of other nonces (nonce 1 -> hash, etc);
# Can try every single possiblity for the 32-bit nonce, you may not get the right hash, need to make further changes.
# Parameter in the coinbase transaction - where the miners are minting new coins and claiming it.
# There is an "extra nonce" parameter in the coin-base, after exhausting all possible nonces in the block-header, then the extra-nonce is used.
# The extra nonces in the coinbase transaction will be incremented and the hash of it will be computed, and will start searching the block-header.
**** Changing a single parameter in the coinbase transaction, will require the entire merkel tree of transaction to change.
- Changing the extra nonce in the coinbase transaction is expensive than changing the nonce in the header, hence use the outer-loop.
- outer loop - changes nonce in the coin-base parameter
- inner loop - changes nonce in the block header.
# Difficult computation, but eventually will find the right combination between the extra nonce in the coinbase transaction and the nonce in the header.
# Will find a block with a hash with sufficient 0's to make it valid -> published and announce and profit.
------------------- --------------------
| | | |
| ---------------|---- | ---------------|----
| | prev: H( ) | | | prev: H( ) |
| -------------------- | --------------------
| | mrkl_root: H( ) | | | mrkl_root: H( )--|----------------
-----| -------------------- <--------------------------| -------------------- |
| nonce: 0x7a83 | | nonce: 0xf77a | |
-------------------- -------------------- |
| hash: 0x0000 | | hash: 0x0000... | |
-------------------- -------------------- |
|
-----------------------------
|
|
\ /
--------------------
| H( ) H( ) |
-----|----------|---
| |
---------- -----------
| |
\ / \ /
-------------------- --------------------
| H( ) H( ) | | H( ) H( ) |
----/-----------|--- ----|-----------|---
/ | | |
/ | | |
/ | | |
\/ \ / \ / \ /
------------------ --------------- --------------- --------------
| 25.0 ---> A | | transaction | | transaction | | transaction |
| coinbase: | --------------- --------------- ---------------
| 0x000...01 |
------------------
* Mining difficulty "target" (2014-08-07)
---------------------------------------------
-> The hash of any valid block needs to below the value shown below.
-> It's a 256-bit hash output value. (Using SHA 256 to hash function)
-> Atleast first 64-bit are 0's
-> Current difficulty = 2 ^66.2 ~ 84 quintillion.
* Setting the minning difficulty
-----------------------------------
-> Every two weeks compute: It's based on how efficient the miners were over the previous two weeks.
next_difficulty = previous_difficulty * (2 weeks)
------------------------------
(time to mine last 2016 blocks)
/ \
|
|
Expected number of blocks in 2 weeks at 10 minutes/block
-> Over time mining difficulty keeps increasing (not steady, exponentail increase, it's based on how many miners enter into the market).
-> On an average a block is to be found every 10 miinutes. At the beginning of two weeks the difficulty in practice to get a block is about 9 minutes, but eventually towards the end of the two-week period the time to get the new block will be about 8 minutes.
Q. Which of the following are true about Bitcoin miners?
a. The target hash has become so small that the block header nonce alone isn’t generally large enough to allow miners so search enough of the hash output space to find a valid block - correct;
b. Bitcoin miners can more efficiently mine for blocks by specifically targeting parts of the nonce search space that have more puzzle solutions
c. Over a 2 week period, the average time to mine a block is always 10 minutes
d. The mining difficulty is recomputed roughly every 2 weeks to keep the proof-of-work puzzle difficult - correct;
----------------------------------------------------------------------------------------------------------------------------------------
5.2 Mining Hardware
----------------------------------------------------------------------------------------------------------------------------------------
* SHA- 256
-----------
-> It is a general purpose crypotographich hash function.
- Part of SHA-2 family : SHA-224, SHA-384, SHA-512;
-> Published in 2001
-> Designed by the NSA
-> Remains unbroken cryptographically. (Weaknesses known);
-> SHA-3 (replacement) under standardization.
SHA-256 in more depth
-----------------------
# There is a 256-bit state in SHA-256 that split uo into eight 32-bit words.
# Optimized for 32-bit platforms.
# Each round some of those words are taken and there are four different operations performed on them. The words are at their bit-level
and AND and other logic operations are performed on them.
# Then the number of words in the state are taken - some with these operatins performed on them and added together with
"mod 32" in a pipeline.
# Then the result of all these additions is wired over to the first word of the state and the entire state shifts over.
# All the above steps occur in just one round of SHA compression function.
# A complete computation of the SHA-256 takes about 80 times.
# In each iteration there are slightly different constants applied at one step.
-> certain design ideas date back to classic linear feedback shift registers - approach to cryptographic design.
# This is the work of the Miners, and they are supposed to do it as fast as possible.
-> To do this we need to deal with:
1. 32-bit words
2. 32-bit additions
3. Bit-wise logic
------- ------- ------- ------- ___ ------- ------- ------- -------
| | | | | | | | |_|_| | | | | | | | |
--->| a | --->| b | ---> | c | --> | d |-->|_|_| -->| e | --> | f | --> | g | --> | h |-----
| | | | | | | | | | / \ | | | | | | | | | |
| ------- | ------- ------- ------- | ------- | ------- ------- ------- |
| | | | |
| | | | |
| | | | |
| ------ ----------------- | ------ ---------------- |
| | ∑(0)| ( Maj(a, b, c) ) | | ∑(1)| ( Che(e, f, g) ) | x80 iterations
| ----- ----------------- | ------- ---------------- |
| | | | | | |
| | | | | | |
| | | | | | |
| \ / \ / | \ / \ / |
| ------ ------ | ------- ------- |
|---------|--|--|<-----------|--|--|-------------------------------|--|--|<--------------|--|--|<----------|
------- ------- ------- ------- round
/ \ constants
|
| ----
( W(j) |-|-| K(j))
-----
* CPU Minig
-------------
-> First generation of mining when Bitcoin was proposed was all done on general purpose CPUs.
-> It searched over nonces in a simple linear manner, computed SHA-256 in software and checked if the results was a valid block.
-> The SHA-256 is to be computed twice.
while (1) {
HDR[kNoncePos]++;
IF (SHA256(SHA256(HDR)) < (65535 << 208) / DIFFICULTY)
return;
}
# Throughput of a high-end PC = 10-20 MHz ~ 2^24;
# It would take 139,461 years on an average to find a block.
* GPU mining
-------------
-> Second generation of mining
-> GPU designed for high-performance graphics.
- high parallelism.
- high throughput.
-> First used for Bitcoin ca. October 2010.
-> Implemented in OpenCL
- Later: hacks for specific cards.
* Advantages of GPU Mining
---------
1. Easily available, easy to set up.
2. parallel ALUs (Arithmetic Logical Units)
3. bit-specific instructions (useful for SHA-256)
4. can drive many GPU's from 1 CPU.
5. can overclock! (GPU's can be made to run faster);
* "Goodput" (Measure of Mining success)
----------------------------------------
# Observation : some errors are okay (may miss a valid block);
# Goodput : throughput x success rate;
- throughput - how quickly you are finding blocks.
- success rate - how often does the computation actually have errors.
# Worth overclocking by 50% with 30% errors!
* Disadvantages of GPU mining
-------------------------------
1. poor utilization of hardware.
2. poor cooling.
3. large power draw.
4. few boards to hold multiple GPUs.
Throughput on a good card = 20 - 200 MHz ~ 2^27
~ 173 years on average to find a block w / 100 cards!
* FPGA mining
-------------------
-> Field Programmable Gate Area.
-> First used for Bitcoin ca. June 2011.
-> Implemented in Verilog.
* FPGA mining Advantages
---------------------------
-> Higher performance than GPUs.
- excellent performance on bitwise operations.
-> Better cooling.
-> Extensive customization, optimization. (bit fidling);
* FPGA mining Disadvantages
-----------------------------
-> Higher power drawn than GPUs designed for.
- frequent malfunctions, errors.
-> poor optimization of 32-bit adds.
-> fewer hobbyists with sufficient expertise.
-> More expensive than GPUs.
-> marginal performance/cost advantage over GPUs.
# Throughput on a good card = 100-1000 MHz ~ 2^30
# 25 years on average to find a block w/100 boards!
* Bitcoin ASICs (Application Specific Integrated Circuits)
-----------------------------------------------------------------------------------
-> special purpose
- approaching known limits on feature sizes.
- less than 10x performance improvement expected.
-> Designed to be run constantly for life.
-> Requires significant expertise, long lead-times.
-> Perhaps the fastest chip developed ever.
* Case study: TerraMiner IV
-------------------------------
# Shipped in Jan 2014
# 2 TH/s
# Cost: US $6000
~ 14 months on an average to find a block.
* Market dynamics (2013/2014)
------------------------------
-> Most boards obsolete within 3-6 months
-> Shipped delays are delays are devastating to customers.
-> Most companies require pre-orders.
-> Most individual customers should have lost.
- But due to rising prices of Bitcoins, miners havebeen saved.
* Professional mining centers
--------------------------------------------------------------------------------
-> Needs
----------
1. cheap power
2. good netwrok
3. cool climate - georgia, iceland, etc;
* Future
----------------
-> Can small miners stay in the game?
-> Do ASICs violate the original Bitcoin vision?
-> Would we be better off without ASICs?
Q. Which statement about Bitcoin miners is NOT true?
a. If the global hash rate doubles every two months, a new piece of hardware that a miner buys will find most of the blocks that it ever will mine in the first six months of operation
b. Bitcoin miners can recoup a reasonable fraction of their initial expenses by selling their ASICs once they are done with them to other users for less computationally intense purposes. - True
c. Many miners will consider the climate of an area when setting up mine operations because of the cost of cooling their equipment
d. Mining Bitcoin on a modern CPU will yield negligible mining rewards
----------------------------------------------------------------------------------------------------------------------------------------
5.3 Energy Consumption & Ecology
----------------------------------------------------------------------------------------------------------------------------------------
* Thermodynamics limits :
--------------------------
-> (1960's) Rolf Landauer's principle: Any non-reversible computation must consume a minimum amount energy.
Specifically, each bit changed requires (kT ln 2)joules.
-> Energuy is never destroyed, transformed from one form to another.
-> Computation -> electricity -> heat;
-> SHA-256 - non-reversible computation. (Energy consumption is inevitable);
-> Todays energy consumption is far above(1000's) time more than that generalized by Landauer.
* Energy consumption aspects of Bitcoin mining
-----------------------------------------------
# 3 steps
1. Embodied energy : used to manufacture mining chips and other equipment.
(Includes physical mining - digging out rare metals, coppers -> IC's, etc; Manufacture into Bitcoin mining ASIC);
-> Should decrease over time. (since sufficient chip will be there, more resources online, etc);
-> Returns to scale. (optimized on large scale)
2. Electricity : used to perform computation. (plug into wall - draws electricity - and perform computation).
-> Should increase over time.
-> Return to scale. (optimized on large scale)
3. Cooling : required to protect equipment.
-> costs more with increased scale! (not optimized in a large scale);
I. Estimating energy usage : top-down
------------------------------------
(How much energy is the Bitcoin using?) - approximation;
-> Each block worth approximately US$15,000 (25 BTC that's found every 10 minutes).
-> Approximately $25/s generated.
-> Industrial electricity (US): $0.03/MJ
- $0.10/kWh
-> If the miners took that $25 that they earn every second and turned that into electricity investment, then they would get (Upper bound)
900 MJ/s = 900 MW;
II. Estimating energy usage: bottom-up
-----------------------------------------
-> Best claimed efficieny : 1GHz/W. (mining rigs)
-> Network hash rate: 150,000,000 Ghz.
-> (excluding cooling, embodied energy);
# Lower bound on electricity = 150,000,000 GHz / 1 GHz/W = 150 MHz W = 150MW
* How much is a MW?
--------------------
-> Three Gorges Dam (China) = 10,000 MW;
-> Typical hydro plant = 1,000 MW;
-> Nuclear power plant (Japan) = 7,000 MW;
-> Typical nuclear plant = 4,000 MW;
-> Major coal-fired plant ~ 2,000 MW;
-> Bitcoin power consumption estimate = 150 MW - 900 MW;
# All payment systems required energy;
-> Moving and guarding gold buillion around;
-> Running an ATM, etc;
* Data furnaces
-------------------
-> Observatin : In the limit, computing devices produce heat almost as well as electric heaters!
-> Why not install mining rigs as home heaters?
-> Challenges:
- Ownership/maintenance model. (Mining rewards go to the company that sold the rig or the owner of the rig)
- Gas heaters still at least 10x more efficient.
- What happens in summer? (Bitcoining mining network plummet seasonally);
* Open questions
------------------
-> Will Bitcoin drive out electricity subsidies?
-> Will Bitcoin require guarding power outlets?
-> Can we make a currency with no proof-of-work?
Q1. Which of the following are assumptions made about the UPPER bound for the energy used for mining Bitcoins?
a. Everyone mines where it is cold (cooling doesn’t consume energy)
b. Everyone mines at the maximum claimed efficiency
c. Miners mine up to the point that all of the money they earn is used to pay for electricity - true;
d. The energy efficiency of mining hardware decreases with age
e. Miners all pay the same for electricity - true;
Q2. Which of the following are assumptions made about the LOWER bound for the energy used for mining Bitcoins?
a. Everyone mines where it is cold (cooling doesn’t consume energy) - true;
b. Everyone mines at the maximum claimed efficiency - true;
c. Miners mine up to the point that all of the money they earn is used to pay for electricity
d. The energy efficiency of mining hardware decreases with age
----------------------------------------------------------------------------------------------------------------------------------------
5.4 Mining Pools
----------------------------------------------------------------------------------------------------------------------------------------
* Economics of being a small miner
----------------------------------
(TerraMiner IV)
-> Cost: US $6,000
-> Expected time to find a block : 14 months;
-> Expected revenue : $ 1000/ month ($15000/ 14 months);
Mining uncertainty
--------------------
-> Unsure when you'll find the next block - random process;
| 14
p | months
r |\ |
o d | \ |
b e | \ |
a n | \ |
b s | \|
i i | |
l t | | \
i y | | \
t | | \
y | | \
| | \
| | \
------|--------------------------\\\\\\\\\----------------------
Time to find first block
----------------------------------------------------
| # blocks found in | Probability (Poisson |
| one Year | distribution) |
-----------------------------------------------------
| 0 | 42.4% |
-----------------------------------------------------
| 1 | 36.4% |
-----------------------------------------------------
| 2 | 15.6% |
-----------------------------------------------------
| 3 | 5.6% |
----------------------------------------------------
# It like a game of roulette;
* Idea : could small miners pool risk?
(Many individual miners can work together and incase one fails the others can help out);
* Mining Pool
-----------------
-> Goal : pool participants all attempt to mine a block with the same coinbase recipient.
- send money to key owned by pool managers;
-> Distribute revenues to members based on how much work they have performed.
- minus the cut for pool manager.
# How do we know how much work members perform?
* Mining shares
-----------------
Idea: prove work done with "near-valid blocks" (shares);
-> It might be hard to find a block with first 66-bits 0's -> valid block;
-> almost valid block : many leading 0's; (40-bit, 50 bit, etc);
-> No way to fake.
* Mining Pool
-----------------
-> In each round, the pool manager - which will be collecting transactions and assembling a block will tell all of the participants, here is the next block that we all are going to work on.
-> They'll assemble the block , in the mrkl_root they'll put in the coinbase transaction -> which created new coins and assigns ownership to the pool itself.
--------------------
| prev: H( ) |
-------------------- ---------------
| mrkl_root: H( )-|------> | coinbase: |
-------------------- | 25 -> pool |
| nonce : | ----------------
--------------------
| hash : |
--------------------
-> Now the block header will be sent to all the participants in the pool, and the partcipants need to hash the lock;
-> Miners start hahsing, slowly start finding almost valid blocks;
-> This continues when one of them finds a valid block - published, and the manager gets the revenue.
-> All the participants send all the shares they find to manager.
-> The manager then distributes the revenue based on the number of almost valid blocks found by the participant. The one who gets the block is not given anymore credit.
* Mining pool variations
-------------------------
1. Pay per share: flat reward per share
- typically minus a significant fee
- miners get payed even if they don't find valid blocks.
2. Proportional: typically since last block.
- lower risk for pool manager.
- More work to verify. (Miners are payed based on the work they do/ shares);
3. "Luke-jr" approach : no management fee.
- miners can only get paid out in BTC. (New entrant don't make money for a while and then they even out.)
- Pool owner keeps spread
* Mining Pool protocols
--------------------------
-> API for fetching blocks, submitting shares
- Stratum.
- Getwork
- Getblocktemplate
-> Proposed for standardization with BIP (Bitcoin Protocol);
-> Increasingly important; some hardware support;
* Mining pool history
-----------------------
-> First pools appear in late-2010; (GPU era)
-> By 2014: around 90% of the mining pool-based;
-> June 2014 : GHash.io exceeds 50% - Bitcoin network;
* Are mining pools a good thing?
---------------------------------
# Pros:
- Make mining more predictable.
- Allow small miners to participate.
- More miners using updated validation softwares.
# Cons:
- Leads to centralization.
- Discourages miners running full nodes.
# Can we prevent pools?
Q. Mining pools...
a. let members earn more rewards, on average, than they would by mining alone
b. typically make all their members search for blocks with the same coinbase address (the address that receives mining rewards) - true;
c. evenly divide up block rewards between all members of the pool
d. can undermine the security of Bitcoin’s consensus algorithm, but this isn’t a problem in practice since the majority of miners aren’t part of pools
----------------------------------------------------------------------------------------------------------------------------------------
5.5 Mining Incentives and Strategies
----------------------------------------------------------------------------------------------------------------------------------------
* Game theoretic analysis of mining
-----------------------------------
# Several strategic decisions:
------------------------------
-> Which transactions to include in a block?
- Default : any above minimum transaction fee.
-> Which block to mine on top of?
- Default : longest valid chain.
-> How to choose between colliding blocks?
- Default : first block heard.
-> When to announce new blocks?
- Default : Immediately after finding them.
* Game-theoretic analysis of mining
---------------------------------------
(Can we change come of the default decisions?)
-> Assume you control 0 < α < 1 of mining power.
-> Can you profit from a non-default strategy?
For some α, YES, though under analysis.
* Attacks
-------------
-> simplest attack - Forking attack.
Forking attack
-----------------
-> Perform a double spend
-> Have a valid state of the block, and the miner will send the money to victim Bob - this could be valid since it build on the longest chain
-> Forking miner is gonna work on an earlier block (6 block earier < confirmation) - and transfer the money to an alternative address. This may not be valid as it doesn't build on the longest valid block-chain.
-> But, if you bear the majority of the Hash power (α > 0.5) - then the alternative chain will be longer that what it was previously. It then becomes the valid transaction.
(Double-spend) (new-valid-block-chain)
---------------------
| |<\
--------------------- \
| \
\ / \
--------------------- ---------------------
| | | M -> M' |
--------------------- ---------------------
| |
\ / \ /
--------------------- ---------------------
| M -> Bob | | |
--------------------- ---------------------
| |
\ / \ /
--------------------- ---------------------
| | | |
--------------------- ---------------------
| |
\ / \ /
--------------------- ---------------------
| | | |
--------------------- ---------------------
|
\ /
---------------------
| |
---------------------
-> Certainly possible if α > 0.5 .
- May be possible with less
- Avoid block collisions
-> Attack is detectable.
-> Might be reversed.
-> Might crach exchange rate.
* Forking attack via bribery
-----------------------------
-> Idea : building α > 0.5 is expensive. Why not rent it instead / bribe others?
-> Payment techniques:
# Out-of-band bribery
# Run a mining pool at a loss.
# Insert large "tips" in a block chain.
-> This a open problem.
* Checkpointing
-----------------
-> Defence against forking.
-> Added a simple security safeguard that locks-in block chain up to this point.
-> Reduce address message to save bandwidth since there are plenty of nodes to connect to.
-> Since 2010, each version of the Bitcoin client gets shipped to a specific checkpoint and will refuse to accept versions of the block chain that don't date back to that version. (Could be centralized);
* Block-withholding attack / selfish mining
------------------------------------------------
-> Strategy : Don't announce blocks right away. Try to get ahead!
-> Do mining and hopefully get two blocks in a row before the rest of the network finds even one.
-> Keep these blocks to yourself as a secret.
-> The other miners are still putting in effort to extend the current longest chain.
-> When the rest of the network actually finds a block they will publish it and everybody accepts it.
-> Immediately, you could add the two new blocks found and that would be the new longest chain. The one found by the network will be an orphaned block.
---------------------
| |
---------------------
|
\ /
---------------------
| |
---------------------
|
\ /
---------------------
| |
---------------------
| (Blocks found by you - kept and secret - later published - new long block-chain)
\ /
--------------------- ---------------------
| | <------ | |
--------------------- ---------------------
| (block extended |
\ / by network) \ /
--------------------- ---------------------
| | | |
--------------------- ---------------------
-> What happens if a block is announced when you are ahead by 1?
- The race is on, need to compete so that the network hears about the block.
* Block-withholding attacks
----------------------------
(When is it a good time to perform a block-withholding attack?)
# Improved strategy for any α if you can win every race
- Ideal neywrok position.
- Bribery?
# With a 50% chance of wining races, improved strategy for α > 0.25.
-> Not observed in practice.
* Punitive(severe/harsh) forking
--------------------------------------
-> Suppose you want to blacklist transactions from address X.
- Freeze an individual's money forever.
-> Extreme strategy : Announce that you will refuse to mine on any chain with transaction from X.
| With α < 0.5, you'll soon fall behind the network - at this point that transaction(will you plan to refuse to mine) will be part of the longest valid chain, you'll be mining on an orphaned fork (waste).|
* Feather-forking strategy
---------------------------
-> To blacklist transactions from X,
- announce that you will refuse to mine directly on any block with transactions from X.
- but you'll concede after n confirming block. (blacklisting will not continue forever.)
-> Chance of pruning/trim an offending block is α^2;
* Response to feather forking
-----------------------------
-> For other miners, including a transaction from X induces an α^2 chance of losing a block.
-> Might be safer to join in on the blacklist.
-> Can enforce a blacklist with α < 0.5;
# "Success depends on convincing other miners you'll fork." (The miners might be aware the feather-fork operation will simply black-list ot orphan the block originating from address x and henc ewill not receive any mining reward hence willnot mine these X originating blocks instead will black-list them).
Feather-forking : what is it good for?
------------------------------------------
-> Freezing individual bitcoin owners
- ransom/extortion.
- Law enforcement?
-> Enforcing a minimum transaction fee...
* Look at Transaction fees
-------------------------------
-> Default policy:
priority = sum(input_value * input_age) / size_in_bytes
-> Accepts without fees if:
priority > 0.576;
-> Transactions of smaller size will have a higher priority - higher transaction fee.
* Transactions fees will matter more
-------------------------------------
-> Currently, block rewards are > 99% of the miners revenue. But:
-> eventually since the mining (25 BTC) halves every four years the rewards will reduce dramatically and the sole means of income -> transaction fees.
# Will miners cooperate to enforce fees?
* Summary
-----------
-> Miners are free to implement any strategy.
-> Very little non-default behavior in the wild.
-> No complete game-theoretic model exists.
Q. Which of the following are true about potential mining strategies Bitcoin miners can employ?
a. Miners who control more mining power have more potentially profitable strategies available - true
b. Block withholding, forking, and other attacks have been frequently carried out in practice
c. Some alternative strategies might be motivated by goals other than earning more bitcoins - true
----------------------------------------------------------------------------------------------------------------------------------------