Mining Pools Prof. Tom Austin San Jos State University Review: - - PowerPoint PPT Presentation

▶

Apr 28, 2023 505 likes •796 views

Cryptocurrencies & Security on the Blockchain Mining Pools Prof. Tom Austin San Jos State University Review: Bitcoin mining Miners verify transactions Must find a proof-of-work. Reward: newly generated bitcoins, plus

SLIDE 1

Cryptocurrencies & Security on the Blockchain

Prof. Tom Austin

San José State University

Mining Pools

SLIDE 2

Review: Bitcoin mining

Miners verify transactions

–Must find a proof-of-work. –Reward: newly generated bitcoins, plus transaction fees.

One-CPU-one-vote
Key to Bitcoin's decentralization

SLIDE 3

Bitcoin Mining Rig, 2009

SLIDE 4

Bitcoin Hash Rate Over Time

SLIDE 5

Bitcoin Mining Rig(s), today

SLIDE 6

Application-Specific Integrated Circuit (ASIC)

Speed up mining
Expensive
Off-the-shelf hardware cannot compete

–On the other hand, neither can botnets

Result: mining is less decentralized

SLIDE 7

Mining Pools

Share rewards for steadier payout

–Less BTC now > more BTC later

Operator collects fee for coordinating
A variety of mining pool schemes exist
Meni Rosenfeld, Analysis of Bitcoin

Pooled Mining Reward Systems, 2011.

SLIDE 8

Mining Pool "Shares"

Coordinator determines blocks.
Miners report "shares" to coordinator.

–"Near misses" –Easier target (about 1000x easier)

So share of mining rewards are

determined by a PoW.

SLIDE 9

Pay-Per-Share (PPS)

Operator immediately pays

for shares

Operator absorbs cost of

paying shares

Higher transaction fees

SLIDE 10

Proportional Reward (PROP)

Finding shares earns future rewards
Everyone gets paid when proof is

found

Lower fees
Vulnerable to pool hopping attack

SLIDE 11

Pool Hopping Attack

A miner can:

Find a share early in the search for a new block.
Continue to benefit from the mining work of
ther miners in the pool.
Switch to a new pool.

Rewards exceed the rewards of playing fairly.

SLIDE 12

Pool Hopping Example

(in-class)

SLIDE 13

Other attacks

Sabotage (aka vigilante attack)

– Miner submits shares, but throws away proofs – Miner benefits when pool wins – Pool does not benefit from miner's hashing power

Lie in wait attack. A miner in a pool:

– Finds a valid block, but withholds it – Searches for a bunch of additional shares – Announces block after gathering extra shares

SLIDE 14

Pay Per Last N Shares (PPLNS)

Same as PROP, except …
Rewards are only paid to the last

N shares

Introduces time element
Dis-incentivizes pool hopping
Dominant approach today

SLIDE 15

Bitcoin Centralization

ASICs reduce the number of miners
Mining pools concentrate mining power in

hands of pool operators

– Worse yet, large pools pay out rewards more frequently

RESULT: Bitcoin is becoming more

centralized

SLIDE 16

Why do we care?

SLIDE 17

Problems with Centralized Mining

51% attacks
Double-spending
Censorship

– Feather-forking

Coercion

– Law enforcement could arrest pool operators

Selfish-mining

SLIDE 18

Bitcoin is Broken

http://hackingdistributed.com/2013/11/04/bitcoin-is-broken/

Bitcoin is broken. And not just superficially so, but fundamentally, at the core protocol level.

-Ittay Eyal and Emin Gün Sirer

SLIDE 19

Majority is Not Enough

Eyal and Sirer, "Majority is not Enough: Bitcoin

Mining is Vulnerable", FC 2014.

Conventional wisdom:

– BTC works if majority of miners follow the protocol. – Wrong

Two-thirds must be honest

– And that is the best theoretical case.

Practical solution suggested

– Requires three-quarters of miners are honest.

SLIDE 20

Selfish Mining Attack

Selfish miners find a block

–They do not publish it

They begin searching for the next block
Other miners waste work building off of

an orphan block

If another miner finds a proof, the selfish

miners share their own block

SLIDE 21

Selfish Mining Example

(in-class)

SLIDE 22

Propagation of Selfish-Mining Block

Network seeded with colluding nodes
When nodes receive a block:

–Share the selfishly mined block instead. –With enough Sybils, selfish miners will probably win

SLIDE 23

Propagation of Selfishly Mined Block

(in-class)

SLIDE 24

Defenses

Randomly choose between blockchains of

equal weight

– Defeats propagation of selfishly mined block – Eyal and Sirer's defense

P2Pool – Peer-to-peer mining pool

– A mini-blockchain replaces the pool operator

Non-outsourceable puzzles

SLIDE 25

Non-outsourceable Puzzles

Observation: pool members do not trust each
ther.
Solution: design proof so that the private key

for the reward is required.

Mining proof is found before the coinbase

address is specified.

For a good overview, see

https://www.youtube.com/watch?v=zqo64quO 7og

SLIDE 26

Are Non-outsourceable Puzzles a Good Idea?

Would break up benign pools

–P2Pool

Might force investors to invest in

larger server forms

–Increasing centralization further

SLIDE 27

Is selfish mining a real threat?

Craig Wright, The cancer that is the Selfish

mining fallacy, Medium 2018.

Yotam Gafni, “The selfish mining fallacy”

explained and debunked, Hackernoon 2018.

– Debunks Wright's objections to selfish mining.

To date, no selfish mining attacks have been

spotted.

SLIDE 28

Eyal and Sirer Comment:

There are four stages of acceptance to new ideas:

1. This is worthless nonsense.
2. This is an interesting, but perverse, point of

view.

3. This is true, but quite unimportant.
4. I always said so.