Bitcoin Mining Technology

CHAPTER 3

Bitcoin Mining Technology Nirupama Devi Bhaskar, David LEE Kuo Chuen Sim Kee Boon Institute for Financial Economics, Singapore Management University, Singapore

Contents 3.1 Introduction 3.1.1 A distributed or decentralized network? 3.2 Technology Behind Bitcoin 3.2.1 Block 3.2.2 Blockchain 3.2.3 Block-hashing mechanism 3.2.4 Bitcoin address 3.3 Mining Process 3.4 Mining Possibilities 3.4.1 Solo mining 3.4.2 Hardware 3.4.3 Software 3.4.4 Factors to consider 3.4.5 Mining contracts 3.5 Mining Pools 3.5.1 Reward types 3.6 Threats to Mining 3.7 Recent Advancements 3.8 Conclusion References Further Reading

45 46 46 48 49 49 51 53 53 53 54 55 56 57 58 59 62 63 64 64 64

3.1 INTRODUCTION Bitcoin mining has become a competitive business endeavor. As most of the miners believe in the long-term viability of cryptocurrency, there are also dozens of other online payments called altcoins. Bitcoin is the most popular of these digital currencies. The total value of the Bitcoin system is about $7.6 billion in mid-2014, which is 10 times more than all other cryptocurrencies put together. With the current advanced technology and mining services available, one can earn profits from mining, which is a process of synchronizing transactions in a network of computers. The profit is a function of the cost of mining, which is increasing over time, and cryptocurrency price, which fluctuates.

Handbook of Digital Currency

© 2015 Elsevier Inc. All rights reserved.

45

46

Handbook of Digital Currency

Different methods are followed for mining digital currencies of which Bitcoin uses cryptographic algorithms including elliptic curve digital signature algorithm (ECDSA) and hash functions. Billions of dollars are being spent on custom hardware and software that do nothing but hash computations. The Bitcoin system has gained popularity as numerous opportunities in mining are available owing to the recent technical advancements. In this chapter, we will outline and discuss the technical aspects of mining and the various schemes for sharing the mined coins for those who are awarded for their efforts in cracking the code and winning the race for the block.

3.1.1 A distributed or decentralized network? Bitcoin system is supposed to be a distributed network as opposed to a centralized network. However, while a distributed network is totally decentralized, decentralized alone does not mean that the network is fully distributed. One can think of a distributed system as functionality that depends on more than one node performing the function, in the case of miners, many nodes performing the mining of cryptocurrency. A distributed system implies “spread” of functionality. A decentralized system, in this case, is one in which performance of mining does not depend on a single/central node/server. A few pools of miners may be used to achieve the functionality, but it is not necessarily distributed. When the functionality is not fully distributed to the peer-to-peer nodes but via a few pool-to-pool nodes, there is a possibility that collusion by a few concerted parties can dominate the network and end up with an undesired outcome similar to a centralized functionality. The original thought was that with an increase in the number of miners, it gets harder for anyone to attack the network, thereby securing the Bitcoin network. The security in the system, however, relies on the fact that it would be too difficult and expensive for an attacker to command 51% of the processing power in the network. One of the key elements for Bitcoin network to be secure is that mining, the distributed network process that secures transactions, must be decentralized. An anonymous mining pool GHash supposedly owned by Russian CEX.io achieved 55% of the total network mining power for about a 24 h span. There was no 51% attack but there has been call to determining pools over 25%. The implication is serious as it casts doubts on the trust of the blockchain, which is central to the Bitcoin system.

3.2 TECHNOLOGY BEHIND BITCOIN Bitcoin system is a peer-to-peer network. A node in a P2P network is any computer system with software installed in it. A node on receiving data from another node verifies,

Bitcoin Mining Technology

stores, and propagates the information to every other node connected to it. Information is transferred this way from one node to every other node in the network. A transaction can have any number of inputs and outputs. An input contains the reference to the output from the previous transaction, while the output of a transaction holds the receiving address and the corresponding amount. Bitcoin is a proof-of-work (PoW) system that requires computation of a piece of data, which is counterintuitive and satisfies certain criteria. It is computationally costly and time-consuming for users to generate this data, but they are rewarded for attempting to do so. PoW computation is a random process and is estimated on trial and error basis. Therefore, a user with higher computational power can influence the network and is not solely based on the number of network identities a user holds. There are many PoW functions, of which Bitcoin uses Hashcash as the mining core (Black, 2002). SHA256 is the most widely used PoW scheme, introduced for Bitcoin system. Few other PoW hashing algorithms include Scrypt, CryptoNight, HEFTY1, Quark, and Blake-256. In addition to PoW system, there are other similar schemes that are used to secure the cryptocurrency network. Proof of stake is used as an alternative to PoW in cryptocurrencies like Peercoin (Reed, 2014). While the probability of mining a block in PoW scheme depends on the work done by the user, proof of stake requests the user to disclose the amount of his or her stake ownership of that currency. A user holding 5% of the currency has the probability of mining 5% of that currency’s proof-of-stake blocks. Proof-of-stake scheme also increases the network security by reducing malicious attacks on the system. This is due to the fact that as an attacker has to own near majority of the network to be successful in his or her attempt, he or she would be affected to a greater extent by his or her very own attack. Proof of burn is used to destroy (burn) coins. To burn bitcoins means to send those bitcoins to a verifiable yet nonspendable address. This is possible only if the address is not generated from a private key. Chancecoin is a cryptocurrency that uses this scheme. Proof of solvency is a scheme that allows the users to verify the solvency of the online exchanges that accept Bitcoin deposits. It is based on the proof of assets and liabilities, which can be determined by implementing a code. This scheme can only indicate the insolvency of an exchange and cannot do anything more to prevent it. Bitcoin exchanges like Kraken, Bitfinex, and Bitstamp have proved their proof of solvency. Proof of solvency has been limited to Bitcoin reserves and can be verified from anywhere in the world. Proof of reserve is similar to proof of solvency and has been designed to prevent bankruptcy of an exchange. Since the demise of Mt. Gox, clients have realized the importance of verifying the reserves held by exchanges. Every exchange selectively discloses information about the funds held while maintaining the privacy of the other clients. Most of

47

48

Handbook of Digital Currency

the exchanges use Merkle trees for this purpose, where a company can prove the process involved in calculating the total funds held. Bifubao is one good example of exchanges that follows proof-of-reserve scheme to provide extra security to the users (Bifubao, 2014).

3.2.1 Block The complete history of transactions is stored by everyone, so anyone can verify who the current owner of any particular group of coins is. Transactions are grouped into blocks. The number of transactions in a block is determined by the size. The size limit for a block is 1,000,000 bytes to support quick propagation and reduced anomalies. The size of each transaction is determined by the number of inputs and outputs of that transaction. Figure 3.1 represents a block, which consists of two segments, the header and the body. The transactions are included in the body of a block, while the header consists of seven fields as shown below. A block version number depends on the version of the software used to generate that block. Hash PrevBlock is a 256-bit hash value that serves as the reference to the previous block of the blockchain. The Merkle root is the hash of all the transaction hashes in the block. Transactions of a block are hashed only indirectly through the Merkle root. Therefore, hashing a block with one transaction takes exactly the same amount of effort as hashing a block with 1000 transactions. Time stamp field represents the current time stamp as seconds since 1970-01-01T00:00 UTC (coordinated universal time from January 1, 1970). The bit field represents the current target value. The SHA256 hash of a block’s header must be lower than or equal to the current target for the block to be accepted by the Version

02000000

Previous block hash (reversed)

Timestamp

17975b97c18ed1f7e255adf297599b553 30edab87803c81701000000000000000 8a97295a2747b4f1a0b3948df3990344 C0e19fa6b2b92b3a19c8e6badc141787 358b0553

Bits

535f0119

Nonce

48750833

Transaction count

63

Merkle root (reversed)

Transactions

Figure 3.1 Block structure.

Bitcoin Mining Technology

network. This is the mathematical puzzle that has to be solved, in order to validate the block. The target value decreases with increase in the difficulty measure. Difficulty, as its name suggests, is a metric that determines how hard it is to solve transaction blocks, and it varies according to the network hashrate. The target value is inversely proportional to the difficulty of generating a block. A nonce is an 8-byte field in the block header. The value of nonce is altered so that the hash is below the target. It starts with “0” and is incremented for every hash. The value is guessed until the hash containing the required number of leading zeros is found. The number of transactions included in the block is displayed in the last field of the header.

3.2.2 Blockchain Blockchain is a sequence of blocks, which holds the complete record of transactions like a public ledger. This indicates the order in which the transactions occurred. Figure 3.2 represents a blockchain where the most recently validated block points to the immediately prior block generated. Each block in the chain confirms the integrity of the previous one, all the way back to the first block called the genesis block. No party can overwrite previous records by forking the chain.

3.2.3 Block-hashing mechanism Bitcoin uses Hashcash functions like SHA256 (double-SHA256 function to avoid partial attacks). SHA256 transforms the input message into a 256-bit message digest. Hashrate is the measure of the number of calculations (hashes) per second that the hardware can perform, as it tries to crack the mathematical problem. The higher the hashrate when compared with the current average hashrate of the network, the more likely it is to solve a transaction block. A node after verifying the entire blockchain collects the newly generated (unconfirmed) transactions and suggests to the network what the next block should be. There

Genesis block

Figure 3.2 Blockchain.

Block 2

…

Block n − 1

Recent block

49

50

Handbook of Digital Currency

is a possibility for multiple nodes to create such blocks at the same time; therefore, in order to validate a block, the node must contain a solution to a very special math problem. Computers use a cryptographic hash to estimate an output until it is below the target value (given by the “bits” header field), and the only way to predict the output is by random guesses. The first node to solve the block broadcasts it to the network and gets accepted as the next block in the chain. Let H be a fixed hash function of the network that is built into the protocol. If x represents the pending transactions and n represents the nonce, then n is appended to x and the combination is hashed. The output hash begins with zeroes and has to be lesser than the target (bits header field) to validate the block. The puzzle here is to determine the value of the nonce for which the hash output is lesser than the target. The number of zeroes at the start of the output value indicates the difficulty of solving a block. A complex PoW puzzle will have a longer run of zeroes and this increases with more mining activity. The difficulty in solving a puzzle is because of the fact that the cryptographic hash function produces a random number. A change in the input by one bit would generate an entirely different output, thereby making it hard to predict. The block header represented by the hash output is therefore lesser than the target on the validation of the block. Once solved, the hash output is like a fingerprint that uniquely identifies that block. This hash output is also used as the previous block reference. The target value is automatically adjusted by the network to ensure that a validation process takes about 10 min on average. On determining the appropriate nonce value, the node transmits the block of transactions along with the nonce value to the other nodes in the network. The other nodes verify the validity of the solution and update their blockchain with the new block received. For instance, consider a nonce value of 0 that is appended to a string value. The hash output generated may not be lesser than the target. Nonce (x ¼ 9270) is incremented for every trial until the output determined is less than the target. H(“Hello!0”) ¼ 1312af181c275f94028d480a6adc1e125b1caa44c749ec81976192e2ec934c64 H(“Hello!9270”) ¼ 0000000002fc32107f1fdc0241fa747ff97342a4714df7cc52ea464e12dcd4e9 The validation process of a block is called mining. A bitcoin miner receives an incentive for expending their computation power for validation, which strongly supports the PoW system. A miner receives bitcoins for every block of transactions validated. Initially, 50 bitcoins were awarded for every successful validation. However, approximately, for every 210,000 validations (4 years), the number of bitcoins rewarded halves. Currently, the reward is 25 bitcoins. In addition to this, a miner also earns transaction fee that has increased slightly from 0 with the recent popularity of Bitcoin system. The reward system has made Bitcoin mining extremely competitive. The most important factor that determines a miner’s probability of being successful is the amount of computing power held, as it is more likely to earn more bitcoins with larger computing resources.

Bitcoin Mining Technology

Block A

Block n − 3

Recent block

Block n − 2

Block B

Figure 3.3 Fork in blockchain.

It is also possible for multiple nodes to validate a block at the same instant. This creates a fork in the blockchain. Figure 3.3 represents such a case, where the other subsequent nodes keep track of both the forks. Miners work to extend the fork that is the longest in the blockchain. Consider two forks created by simultaneously validated blocks A and B. Miners work on both the forks and add the newly generated block to one of them. When a new block is added to block A, the miners working on fork B will switch to A and block B is abandoned. Block B now becomes an orphan block.

3.2.4 Bitcoin address To make a bitcoin transaction, a user generates the public and the private key pair using the “wallet” program installed in the computer. A new key pair can be created for every transaction made and each one is entirely independent of the prior. The wallet data file holds the Bitcoin addresses and the corresponding private keys. A Bitcoin address is a 160-bit hash value of the public key. The key pair created is based on ECDSA. Figure 3.4 shows the flow of the process of generating a Bitcoin address. The public key is hashed using SHA256. The result is again hashed using RIPEMD160, which is a cryptographic hash function that generates a 160-bit value. The version (1 byte, 000) is appended to the start of the 160-bit hash. Double-SHA256 iteration is performed on this value. Checksum is the leftmost 4 byte of the double hash. This checksum is added at the end of the RIPEMD-160 result, after which it is converted to a base58 string using Base58Check encoding. This format of Bitcoin address is referred to as Base58Checked address. Bitcoin wallets check the validity of the address before every transaction. The addresses contain built-in check code, thereby making it resistant to typological errors.

51

52

Handbook of Digital Currency

Private key: Key conversion (one-way)

Public key:

1 byte (0×04) 64 bytes

RIPEMD160 (SHA256 (

1

Network ID byte

1

64 bytes

))

20 bytes

Main network: 0 × 00

SHA256 (SHA256 ( 1

Checksum:

25 byte binary address:

1

20 bytes

20 bytes

))

4 bytes

4

Base256 to Base58 conversion

Bitcoin address

Figure 3.4 Bitcoin address generation process.

The PubKeyHash is Base58Check encoded to get the Bitcoin address with a version number and checksum. The probability of the checksum resulting in an incorrect but a valid PubKeyHash on decoding is approximately 1 in 4.3 billion. To lose bitcoins in such a case, in addition to an invalid address, there has to be a valid one that decodes to a different PubKeyHash that generates the exact same checksum. For a transaction of the sort, it will be spendable only by the person who knows the private key for the incorrect address (public key). These addresses are randomly generated numbers and it is unlikely for two or more users to have the same address at a given time. If there is a collision, then both the owners can spend the money sent to that address. However, neither of them can spend the entire amount in that particular colliding address. It is more likely for a user to earn profits from mining bitcoins and transaction fees rather than creating a collision intentionally, because it would approximately take 2107 times longer to collide with an address than to solve a block. Bitcoins can also be sent to IP addresses, but the current implementation does not provide authentication for the same. So a middleman can intercept the transaction, pretend to be the destination address, and receive the bitcoins. Nowadays, advanced

Bitcoin Mining Technology

computers are being used in the competitive Bitcoin mining environment and efforts are being taken to also develop a quantum computer for the same. The implications of quantum computing in Bitcoin world are further discussed in the article (http:// www.bitcoinnotbombs.com/bitcoin-vs-the-nsas-quantum-computer/; Chris, 2014).

3.3 MINING PROCESS Bitcoins are created by mining. Mining is the process of maintaining the blockchain by adding newly validated blocks to it. As a reward for dedicating the computing power to the network, the miners are rewarded with newly mined bitcoins and transaction fees. The miners with high computing power are most likely to solve a block first; however, the difficulty of mining increases as more blocks are solved. The first transaction transferred 50 bitcoins to all the nodes in the network. Per the Bitcoin protocol, the reward halves once in every 4 years. Currently, 25 bitcoins are awarded to a node validating a block. However, once the limit of 21million bitcoins is reached, there will be no more rewards and miners would only earn the transaction fees. A special transaction called coinbase, which is a claim for the reward, is included along with the other transactions. Mining has become a competitive business recently, with specialized technology used for the purpose. Billions of dollars are invested in mining to reap profits sooner.

3.4 MINING POSSIBILITIES The three ways to mine bitcoins are solo mining, mining contracts, and mining pools.

3.4.1 Solo mining In solo mining, miners compute hashes individually and the reward on solving a block will be paid entirely to the owner of the hashing computer. The odds of earning new bitcoins are very low and the variance is substantial. A well-equipped solo miner would take an average of 3 months to earn any reward. Mining process is random and memoryless. So if the miner does not solve a block by the end of 3 months, then he or she is not any close to solving a block than he or she was at the beginning of the period. Moreover, the efficiency of a single hardware of certain hashing power reduces with the consistent increase in difficulty. Currently, the difficulty is high, and even with a mining equipment of, say, 1 GH/s, it would take more than 70 years on an average to solve a block. The average time taken to solve a block can be calculated approximately using Difficulty  ð232 Þ Hashrate For a hashrate of 1 GH/s and a current difficulty level of 16,818,461,371, the time taken to solve a block is Time ¼

53

54

Handbook of Digital Currency



Time ¼ 16, 818,461,371  232 = 109 =60=60=24=365 ¼ 2290:55 A solo miner with an equipment of 1 GH/s hashrate would approximately take an average of 2290 years to solve a block. The setup of a bitcoin miner is, however, easy and a user would be in need of hardware mining equipment and software.

3.4.2 Hardware Miners have experimented with different kinds of hardware with the only motive to increase computation power. Table 3.1 shows the statistics of the mining performance of some of the hardware products used in a Bitcoin mining rig. There are four main categories of hardware used by bitcoin miners: • Central processing unit (CPU) mining The CPU, a part of computer, was the earliest device used for mining bitcoins. The cost of operating CPU exceeded the profits from mining new bitcoins. This has been the least powerful and slowest method of mining when compared to today’s standards. The computing power of CPUs is <10 MH/s. • Graphics processing unit (GPU) mining Graphics hardware was used to enhance the performance of a CPU. GPU is the 3-D graphics and visual effects rendering system of computer that can also make

Table 3.1 Hardware products Advertised Product MH/s

Bi Fury BFL SC Avalon2 BFL Monarch BPU 600 C Bitcoin Ultra Enigma 1 AntMiner S2 CoinTerra TerraMiner IV HashFast Sierra Evo 3 KnC Neptune HashCoins Zeus Extolabs EX1 Minerscube 15

MH/J

MH/s/$

Watts

Price (USD)

Communication ports

5000 50,000 300,000 600,000

1176 166 – 1714

24 50 – 273

4.25 300 – 350

209 984 3075 2196

USB USB USB/ethernet PCIe, USB

750,000

1000

320

860

3200

USB, ethernet

1,000,000 1,600,000

900 –

442 500.2

1100 2100

2259 3199

Ethernet Ethernet

2,000,000

1492

294

2200

6800

USB

3,000,000 3,500,000 3,600,000 15,000,000

1429 1436 1895 –

231 – 379 1666

2100 2400 1900 2475

12,995 10,999 9499 9225

Ethernet USB USB, ethernet Ethernet

Mining Hardware comparison, n.d.; https://en.bitcoin.it/wiki/Mining_hardware_comparison.

Bitcoin Mining Technology

complex calculations in high-end video games and is efficient at solving transaction blocks by SHA mathematics. GPUs are faster and more efficient than CPUs. Mining rigs are specifically built for the purpose of mining bitcoins. Rigs built using graphic cards cost about a few hundreds of dollars; however, they are not profitable anymore. High-end Intel- or AMD-based rigs have a computing power in the range of 200 MH/s to 2 GH/s. ATI and NVIDIA are some of the main vendors of GPU. • Field-programmable gate array (FPGA) mining FPGA is an integrated circuit that can be customized per users’ needs after manufacturing. Bitcoin miners utilized these chips to support mining, as they can operate at high hashrates with low-power consumption. The range of computing speed is much higher than GPUs at around 100 MH/s to 25 GH/s. Mining using FPGAs was once dominant in the industry for its ease of implementation and is still prevalent on a much smaller scale. Sklavos and Koufopavlou (2005) had illustrated the implementation of the SHA2 hash function using FPGAs. However, it is necessary to combine a few chips together to match the performance standards of applicationspecific integrated circuit (ASICs). • Application-specific integrated circuit (ASIC) mining ASIC has been pivotal in the growth of semiconductor industry over the last few decades. With the increasing popularity of Bitcoin, the need for more computation speed led to the development of ASICs that are designed especially for bitcoin mining since 2013. The most efficient bitcoin mining equipment utilizes custom-designed ASICs. They are expensive because of the specialized and time-consuming fabrication. A single chip can compute at the rate of 5-500 GH/s. Bitcoin ASICs of 28 nm LP (low-power) specification, currently used, are highly efficient in comparison to other mining equipment. ASICs with computing power of 2 TH/s and much higher are being designed.

3.4.3 Software Special software is necessary to connect the miners to the blockchain and mining pool. As an interface, it is responsible for delivering the work to the miners, receiving the completed work from the miners, and transmitting this information back to the blockchain and mining pool. Mining software can operate on operating systems including Windows, Linux, and Mac OS X. It has also been designed to work on Raspberry Pi, with a few modifications for drivers depending on the mining setup. The software mainly supports the display and monitoring of the general statistics such as the equipment temperature, hashrate, fan speed, average speed of the miner, and overlock periods. Some of the most commonly used mining software includes the following: • CGMiner This is currently the most popular mining software as it is based on the original code Cpu Miner. The coding language is C and works on all platforms including

55

56

Handbook of Digital Currency

Windows, Linux, and Mac OS X. Its framework is OpenCL (Open Computing Language); therefore, it can operate on different mining platforms like CPU, GPU, FPGA, and ASIC. Its features include overclocking, monitoring, fan speed control, remote interface capabilities, self-detection of new blocks with a minidatabase, and multi-GPU support and CPU mining support. • BFGMiner BFGMiner is a modular ASIC/FPGA miner. It is written in C language and has OpenCL framework. It is a derivative of CGMiner with a few improvements in its features like dynamic clocking, monitoring, vector support, integrated overclocking, fan control, and remote interface capabilities. • EasyMiner A GUI-based miner for Windows, Linux, and Android. It also includes support and binaries for RPi, OpenWrt routers, and others as well. EasyMiner acts as a convenient wrapper for the built-in CGMiner and BFGMiner software. • Bitminter This software is like a mining pool that pays the user with the share of coins it creates and the income from transaction fees. Its framework is OpenCL and allows the user to mine on GPUs or ASICs/FPGAs. It is coded in Java. Bitminter assures a good mining speed and long polling in order to reduce stale work. Other commonly used software are BTCMiner, Poclbm, and DiabloMiner. There are many software available that differ in the coding language and other features, to support the diverse needs of the miners. It is highly important for a miner to choose the appropriate software.

3.4.4 Factors to consider Some of the factors to consider while selecting the suitable hardware and software for mining include the following: • Cost of mining equipment The cost of the mining equipment depends on the hashrate and the lead time (amount of time that it would take to receive the product from the order time). The cost is usually measured per GH and the average consumer price ranges between $5 and $10 per GH. Difficulty increases consistently with increase in hashrate by 1020% in a fortnight. So the average useful life of the mining equipment is about 3-6 months approximately. Successful miners in the industry need to reinvest the profits earned consistently in updating the mining hardware and software several times. Before purchasing the equipment, it is possible to calculate the projected profitability and estimate how long it would take to pay back the investment. As the market price of bitcoin increases and advanced ASIC devices hit the market, many new miners are drawn into the system. The capital expenditure of the miners and operating expenses

Bitcoin Mining Technology

increase over time, owing to the increased hashrate of the network and difficulty. However, the value of bitcoin would also grow proportionately. • Electricity cost Hardware with less power consumption is preferred as they are more efficient and emit relatively less heat. An average of 1-1.2 W/GH is the standard. For the entire Bitcoin network currently, at $100 per MWh, the electricity cost incurred would be $70,712,000 per year. • Difficulty Difficulty is the measure of how difficult it is to find a hash below a given target. It is an arbitrary value and has no unit. It is recalculated every 2016 blocks based on the assumption that the 2016 blocks would be solved in exactly 2 weeks if everyone had been mining at that difficulty level. Intuitively, increased difficulty indicates the decrease in the probability of generating a block at a given computation power. The current expected probability is a reduction of about 10-15% for every 2 weeks.

3.4.5 Mining contracts Mining contracts are for those who would like to invest in bitcoin mining without the hassle of either managing the hardware or operating the software. These contracts provide mining services, with specified performance for a certain period. Mining shares are also available, that is, shares of hardware of large-scale mining centers. Cloud mining actually means using shared processing power run from remote data centers. A user only needs a home computer for communication purposes, optional local bitcoin wallets, and the like. There are three types of mining contract options: • Hosted mining A user leases a mining machine that is hosted by the provider. It contributes some systematic risk to the network. For this type of mining, when a substantial amount of computing power is consolidated in large hosting providers, there is a possibility for the provider to control the network to a certain extent. • Virtual hosted mining In virtual hosted mining, a user can create a virtual private server to mine bitcoins and also install his or her own mining software. • Leased hashing power A user can lease an amount of hashing power without having a dedicated physical or virtual computer from a data center that is formed by a group of bitcoin miners. The data center then takes a share from any newly mined bitcoins. Some of the leading mining contractors include E-Pickaxe, Antminer, KnC, Cloud Hashing, CoinTerra, NimbusMining, and CloudHashers. Joining a mining pool has advantages including no added electricity costs, equipment and concerned problems

57

58

Handbook of Digital Currency

(i.e., ventilation and hardware failures), system building, and software configuration. The setup is practically instant. Some of the disadvantages are lower profits (as the operator bears the incurred costs), lack of control, and flexibility. With the consistent increase in the difficulty metric, the value of the hashrate that a user buys in a contract decreases over time. In certain cases, such contracts turn out to be profitable, but for the majority, it ends up as a costly lesson.

3.5 MINING POOLS Mining pools are groups formed by many miners that collectively use all their resources and mine together with the motive to generate combined higher hashing power. Being a part of a mining pool increases the probability of quickly mining a block, as the probability of solving a block is in direct proportion to the computational resources. Bitcoin mining is made less risky by such pools. The reward is split among the participants based on their level of contribution. The income earned per miner is steady but lesser, because the transaction fee is not cashed out and additional fee is charged by the pool operator to compensate for the incurred expenses. It is also possible to switch mining pools to one that has more hash power. Figure 3.5 represents the distribution of hashrate among the existing mining pools as of July 2014, from Blockchain.info. GHash.IO and BTC Guild are the two largest existing mining pools. Every pool is characterized by distinct features like its size and payout reward type. Bigger pools provide consistent earnings with smaller variance from the expected profit. Though small pools are characterized by larger variance and less frequent larger payments, they help avoid potentially harmful concentration of hashing power. GHash.IO 3%

3%

BTCGuild

4%

Unknown

7%

32%

50BTC.com Eligius

7%

BitMinter ASICMiner

EclipseMC HHTT

18%

Bitparking 24%

Triplemining Slush's pool

Figure 3.5 Hashrate distribution among mining pools.

Bitcoin Mining Technology

Table 3.2 Mining pools Name

Found blocks

Average hashrate

GHash.IO BTC Guild Unknown 50BTC.com Eligius Bitminter ASICMiner EclipseMC HHTT Bitparking Triplemining Slush’s pool CoinLab MegaBigPower Discus fish

29,742 22,177 16,409 6406 6401 3580 3127 2566 601 583 111 56 47 37 34

No data 641,826.56 GH No data 32,342.24 GH 299,667.54 GH 195,870.72 GH 55,711.50 GH 150,432.12 GH 9621.96 GH 12,546.32 GH 2308.09 GH 389,577.18 GH No data No data No data

Table 3.2 provides the list of mining pools that have solved the highest number of transaction blocks. Miners are determined to maximize their rewards. New miners prefer to join pools with higher hashrate hoping to increase their chances of solving a block. Some of them use strategies like hopping to pools that are more attractive at a given time, while a few follow selfish mining. Selfish miners direct the honest miners to waste their computational time on a branch that is to be orphaned. This is made possible by selective disclosure of the miners’ blocks to an honest miner. Selfish mining pools secretively work on their validated private branch, while the honest miners expend their resources on adding blocks to the shorter public fork of blockchain. As the selfish miners do not form the majority of the computing power in the network, the private chain held by them would not stay longer than the public chain indefinitely. The selfish mining pool reveals its private branch when the honest miners are too close. This makes the honest miners to abandon the shorter public chain per the protocol, to work on the recently added blocks of the selfish miners’ chain. Selfish miners look forward to form the majority of the network, to control the blockchain. When they form the majority, they would no longer need to follow the strategy as other miners can not be any faster than their pool.

3.5.1 Reward types When a pool solves a block, the 25 bitcoins earned is distributed among the pool clients based on the type of reward provided by that mining pool. There are multiple approaches to pooled mining. It is important to consider the reward type before joining a mining pool, as every pool has its own benefits. Rosenfeld (2011) in his research work in

59

60

Handbook of Digital Currency

2011 had analyzed the mining reward systems in detail. A share, with respect to a pool, refers to a proof of work at the expected difficulty. The payout from a mining pool can be any of the following types: • Proportional (Prop) This is the simplest of pooled mining reward systems. The reward received by the pool on solving a block is distributed among all miners in direct proportion to how many shares each of them submitted in that round. The operator holds back a certain amount as fee. This system is vulnerable to pool hopping. Mining later in a round leads to less than normal reward, while mining early in the round gives higher than normal reward. The threshold point where the expected payout is approximately equal to average payout is when the number of shares submitted is 43% of the difficulty. Miners prefer to mine only when the round is earlier to the point, after which they hope to other pools and return back when a new round begins. Those who stick to one particular pool, hoping to earn their due reward, would receive lesser than what they expected. This reduction in the reward received will, however, depend on the number of hoppers and the hopping techniques applied. • Pay per share (PPS) Each submitted share is worth a certain amount of bitcoins. When a client submits a share, a payment is paid to him or her irrespective of how many blocks were solved. This payment is net of the fees and depends on the contribution of the share. The payout is a deterministic value and so easily predictable. The difference between the actual earnings and the PPS earnings paid is called extra credit. The pool keeps count of the unpaid PPS credits and pays them off when a new block is solved. When new bitcoins are earned, the payments to the miners depend on the funds available. If there are pending funds to be settled, they are accumulated as future payouts. The operator absorbs the variance faced by a miner with respect to the reward per share. A pool operator takes a lot of risk in this case (if a block is not solved in the expected time, the operator bears the risk without any compensation in return) and so it has the highest percentage fees. The operator should balance the fees charged and the financial reserve held to make payments, in order to reduce the probability of bankruptcy. However, pools like btcserv.net and abcpool.co charge no fees. They only hold back the transaction fees. • Shared maximum pay per share (SMPPS) The pool keeps a record of a participant’s due reward. When a participant submits a share, the corresponding due reward increases in the pool. If extra credit of certain bitcoins is earned in the first round, some proportion of it will be paid every round, until it is paid off entirely. This means that the shares could also be underpaid. SMPPS is not hopping proof. Though expected reward is constant, the time (maturity) it takes to receive the reward is not. When the maturity time is less, SMPPS proves to be very attractive compared to the other alternatives. Whereas when maturity time is high, the hoppers leave the pool as the rewards are delayed.

Bitcoin Mining Technology

• Equalized SMPPS It is similar to SMPPS but equalizes payments fairly among all those who owe rewards. The pool keeps track of the shares submitted, the payment made for each, and the payments due. The payments are made with the available funds. Those that are due are paid with the next reward earned, in a manner so as to maximize the minimum percentage paid among all shares. For instance, if a share receives 90% of PPS, then it will not be paid again until every other share in the pool is paid the same percent of PPS. One major drawback is when a share receives a relatively high payment, then it is less probable for it to receive any additional payment until every other share, including the newly added shares, receives the same amount of payment. This reward system also supports hopping and so pools that follow it are mostly used as backup pools by miners when no other pool satisfies their criteria. • Recent shared maximum pay per share (RSMPPS) This system focuses on the recent miners. The extra credits issued are remembered in order. On earning new bitcoins, the reward is distributed to the recent shares first in the current round, only after which the unpaid rewards from the previous rounds are settled. This is continued to the previous rounds until all the pending payments are made. • Capped pay per share with recent backpay (CPPSRB) It is a variant of MPPS reward system. This type of pool does not go bankrupt mostly because of the high variance; however, the miners have an overall lower variance than the other types of reward systems like double geometric method (DGM). CPPSRB pays the newest shares first (last-in-first-out order) and no shares are underpaid in this system unlike SMPPS. • Score-based system (score) Score-based reward system was modeled with the main intention to resist pool hopping. There are three main types of score-based systems that include the following: Slush’s method Each share submitted contributes to a metric called score maintained by the system. At the end of a round, the reward is distributed to the participants in proportion to their respective score. To counter the effect of hoppers who leave a pool at the later stage of a round as in proportional reward system, in score-based system, the score credited increases with time. For each share, the score is updated by t  s ¼ exp c where t represents the time and c is a constant. So a miner who submits a share later earns a higher reward in this system. Geometric method This method is also a hopping proof method and is the improvisation of Slush’s method. It has two types of fees: fixed fee and variable fee. Fixed fee is the constant

61

62

Handbook of Digital Currency

amount from the reward obtained from every block and the variable fee is based on a score. This score value decreases as time passes from the beginning of the round. Therefore, shorter rounds have higher fees and vice versa. This method has been developed based on a solid mathematical model, in a way so that there is no disadvantage between mining earlier and mining in the later stage of a round. Pay per last N shares (PPLNS) This system is similar to proportional, but instead of looking at the number of shares in a round, it considers the last N shares regardless of round boundaries. To solve the problem of hopping, it distributes the reward based on which miners submitted the last N shares regardless of any blocks found in the last period. N represents twice the number of shares per round. This way, it eliminates the concept of earning rewards for mining early in a round. • DGM The DGM is a hybrid between PPLNS and geometric reward types that combines the advantages of both and so is resilient to hopping pools. Round boundaries are crossed, but not ignored as in PPLNS, and every block found reduces the reward to be given for future blocks. The share-based variance (due to discontinuities in share submission) is reduced in addition to the pool-based variance (due to smaller pools). • Pay per last N groups/shifts (PPLNSG) Bitminter is a pool that pays by PPLNSG. When a block is found, a client is paid proportionally to his or her number of shares submitted against those of others in the pool for the last “N” rounds. The number of rounds differs from pool to pool. • Pay on target (POT) POT is a high variance PPS that pays on the difficulty of work returned to pool. The payout increases for shares of higher difficulty and is the maximum for the miner who solves the block.

3.6 THREATS TO MINING The Bitcoin network gets stronger in terms of security as more miners join the network. The complexity of hacking the system increases with the hashrate of the network. In order to cause damage to the Bitcoin network, the attacker must possess a mining power that forms the majority in the network. This could most probably be initiated only by a mining pool that holds the major computing part of the network. When a pool covers 51% or more of the network, it can easily cause mayhem by building its own chain faster than the network and broadcast whenever it likes. Eyal and Sirer (2014) had outlined certain selfish mining strategies that one can adopt. According to them, if the hash power is 0-25%, selfish mining will yield profits above fair share unless Bitcoin’s block propagation protocol is patched. Between 25% and 33%, it will yield profits above fair share even if Bitcoin is patched. Between 33% and 50%,

Bitcoin Mining Technology

no fix is possible and a selfish miner need not be well connected to the network to win. Double spends against five confirmed transactions are possible. When it is greater than 50%, there is a loss of decentralized trust as double spends against six confirmed transactions are certain to succeed. Furthermore, pool can reject any selected block found by any competing miner, reject any selected transaction, deprioritize certain transactions, and extort high fees from particular address for transaction to be included in the blockchain. The most damaging of all is the complete denial of service in the sense that pool can ignore and orphan every single block found by competitors, thus stopping all bitcoin transactions. While there are no incentives for anyone to do that as yet, those mentioned above are possible and can be damaging to any cryptocurrencies that subject themselves to such possible threats. It is not entirely true that Bitcoin requires no trust as all participants have to trust the good intention of the miners that gathered more than 51% computing power. Eyal and Sirer (2014) went further to state that If users were okay with trusting the good intentions of a single entity, we’d do away with the entire protocol, save all the electricity that goes into mining, and keep all the account balances on a database administered by GHash. We’d make sure to use something like HyperDex so it can handle the high transaction rate and is consistent and fault-tolerant. The resulting system would be cheaper, faster and more convenient for everyone, but all of Bitcoin's unique features would have been lost.

In such a situation, the attacker can reverse transactions that he or she sends while in control (double-spend transaction), prevent transactions from receiving confirmation (invalid), or even prevent other miners from solving blocks for a short period. However, the attacker cannot reverse other’s transactions, prevent transactions from being sent at all, and create or steal coins. In case when such an attack could successfully take place, it is likely that the confidence in the currency would be lost and its value as a currency would decline rapidly.

3.7 RECENT ADVANCEMENTS Bitcoin industry has seen technological advancement that is all focused to improve the computing power to facilitate mining in lesser time. The product of Spondoolies-Tech, which is still under development, is claimed to be the masterpiece of the system. This Bitcoin SHA256 miner would have a mining power of 6 TH/s, the highest by far, and the software would be incorporated in the equipment itself, thereby supporting many advanced features. Mining pools are investing millions of dollars in technology. CoinTerra has built a giant mining plant, which includes more than 2500 rigs (hardware equipment). Each rig is capable of computing at the rate of more than 1.6 TH/s (1.6 trillion of the special numbers). However, this consumes an enormous amount of energy at approximately

63

64

Handbook of Digital Currency

20 kW per stack of 10 rigs. The total hashing power of this plant is about 4 PH/s (4000 trillion). The total hashing power of the Bitcoin network is currently 79 PH/s, which is 564 times higher than the 140 TH/s it handled just a year ago. The computing power required to achieve this is now 6000 times more powerful than the top 500 supercomputers of the world combined. NSA also attempts to build a quantum computer that could crack most types of encryption. This could have a major impact on the Bitcoin system as it could mine at mind-crushing speeds and it also has the capacity to determine the public and the private keys of a user.

3.8 CONCLUSION Bitcoin is the most widely used digital currency, driven by the ease of transaction and the incentives to mine. This chapter details the fundamentals of technology behind Bitcoin network. It also explains the basic process, opportunities, and rewards of mining activity. Miners seek to maximize their rewards by following strategies like selfish mining and pool hopping based on their needs and the pool reward system. Bitcoin system is also prone to potential takeover by a miner who forms the majority share of the network. Bitcoin industry has witnessed major technological advancements in the recent years, and there is still more room for better innovations.

REFERENCES Bifubao, 2014. Proof of reserves. http://blog.bifubao.com/en/2014/03/16/proof-of-reserves/. Black, A., 2002. Hashcash—a denial of service counter-measure. Blockchain, 2014. https://blockchain.info/pools (accessed July 2014). Chris, 2014. Bitcoin vs. the NSA’s quantum computer. http://www.bitcoinnotbombs.com/bitcoin-vs-thensas-quantum-computer/. Eyal, I., Sirer, E.G., 2014. How a mining monopoly can attack Bitcoin. http://hackingdistributed.com/ 2014/06/16/how-a-mining-monopoly-can-attack-bitcoin/. Mining Hardware comparison. https://en.bitcoin.it/wiki/Mining_hardware_comparison. Reed, S.L., 2014. Bitcoin cooperative proof-of-stake. arXiv preprint arXiv:1405.5741. Rosenfeld, M., 2011. Analysis of bitcoin mining reward systems. arXiv 1112.4980. Sklavos, N., Koufopavlou, O., 2005. Implementation of the SHA-2 hash family standard using FPGAs. J. Supercomput. 31 (3), 227–248.

FURTHER READING Bogliolo, A., Polidori, P., Aldini, A., Moreira, W., Mendes, P., Yildiz, M., Ballester, C., Seigneur, J.M., 2012. Virtual currency and reputation-based cooperation incentives in user-centric networks. In: Proceedings of the IEEE Wireless Networking Symposium (IWCMC2012-Wireless Nets), Limassol, Cyprus, pp. 895–900. Courtois, N.T., Grajek, M., Naik, R., 2014. The Unreasonable Fundamental Incertitudes Behind Bitcoin Mining. University College London, UK. Decker, C., Wattenhofer, R., 2013. Information propagation in the bitcoin network. IEEE P2P.

Bitcoin Mining Technology

Eyal, I., Sirer, E.G., 2013. Majority Is Not Enough: Bitcoin Mining Is Vulnerable. Cornell University, NY. Karame, G.O., Androulaki, E., Capkun, S., 2011. Two Bitcoins at the Price of One? Double Spending Attacks on Fast Payments in Bitcoin. IACR Cryptology ePrint Archive, p. 248. Kondor, D., et al., 2014. Do the rich get richer? An empirical analysis of the Bitcoin transaction network. PLoS ONE 9 (2), e86197. Kroll, J.A., Davey, I.C., Felten, E.W., 2013. The Economics of Bitcoin Mining, or Bitcoin in the Presence of Adversaries. In: Proceedings of WEIS, vol. 2013. Martins, S., Yang, Y., 2011. Introduction to bitcoins: a pseudo-anonymous electronic currency system. In: Proceedings of the 2011 Conference of Center for Advanced Studies on Collaborative Research, IBM Corp. McEvoy, R.P., Crowe, F.M., Murphy, C.C., Marnane, W.P., 2006. Optimisation of SHA-2 family of hash functions on FPGAs. In: IEEE Computer Society Annual Symposium on Emerging VLSI Technologies and Architectures (ISVLSI’06). IEEE Computer Society, Washington, DC, pp. 317–322. Nakamoto, S., 2009. Bitcoin: A Peer-to-Peer Electronic Cash System. http://bitcoin.org/bitcoin.pdf. Pouwelse, J., et al., 2014. Operational distributed regulation for bitcoin. arXiv preprint arXiv:1406.5440. Reid, F., Harrigan, M., 2012. An Analysis of Anonymity in the Bitcoin System. Security and Privacy in Social Networks. Springer Verlag, Berlin, Germany. Satoh, A., Inoue, T., 2005. ASIC-hardware-focused comparison for hash functions MD5, RIPEMD-160, and SHS. Integration VLSI J. (1), 3–10. Wallace, B., 2011. The rise and fall of bitcoin. Wired Magazine. http://www.wired.com/2011/11/mf_ bitcoin/all. Why 20 Bitcoin Companies Are Backing a New Deal for Digital Identity. http://www.ahametals.com/20bitcoin-companies-backing-new-deal-digital-identity/.

65