Bitcoin mining pools
Recently, the GHash mining pool breached Bitcoin etiquette to become a 55% miner for Bitcoin . This collapsed the key value proposition of Bitcoin, namely, its decentralization. In turn, there has been considerable criticism and backlash. Many people in the community, including us, have noted that etiquette or the good will of miners are not sufficient to keep monopolies at bay, and called for technical measures to disincentivize large mining pools.
In this post, we present a specific technical fix, called Two Phase Proof of Work (2P-PoW), to disincentivize large mining pools. We first describe the problem, outline the requirements for a good solution, and then present the simplest solution that we know of that meets those requirements.
The critical property of our solution that sets it apart from previous ideas is that it preserves the current investment in Bitcoin by both existing users and by existing miners. It provides a seamless, smooth transition from the current PoW to the modified, large-miner-deterring 2P-PoW. Yet it enables the existing miners to continue to use their mining hardware; in fact, it extends the lifetime of this hardware. Overall, it provides a gentle fix to the recent GHash fiasco and makes it highly unlikely that we'll find ourselves at the mercy of a single entity, without perturbing the existing economies and investments in place.
The Problem and Background
Today, large pools are built out of independent entities that place their hashing power under the control of a pool manager that coordinates their efforts, collects rewards, and redistributes those rewards to the participants in proportion to their effort. When pools grow to be large, they pose a risk: Pools over 25% can cheat the system with selfish mining and earn more than their fair share, over 33% presents risk of unilaterally successful selfish mining, large pools risk double-spends with low confirmations, and over 50% is an unmitigated disaster. Such majority miners are toxic: not only can they engage in subtle attacks, but their mere presence, even when they are not engaging in any attacks at all, damages the Bitcoin value proposition, kills the critical features that make Bitcoin interesting and exciting, and therefore hinders Bitcoin adoption. Mining pools over 25% are not good for Bitcoin.
In order to disincentivize large pools, we propose a small, backwards-compatible change to Bitcoin's Proof of Work (PoW) mechanism that retains both the current blockchain and miners' current investments in mining hardware. The key insight behind this change is to make it difficult to delegate proofs of work, for as long as the proof of work can be delegated, huge pools can be built, leading to a winner-takes-all GHash-at-51% sort of scenario.
Bitcoin's puzzles are sometimes compared to scratch-off lottery tickets [permacoin], with the miner's name at the top. A miner scratches one ticket after another until he finds a winning ticket and publishes it to receive its rewards. But a lone miner working alone can be scratching for months before he finds a winning ticket. For instance, A $1500 mining card, available for preorder from Butterfly Labs, will need an expected time of over 6 years to mine a single block, if it were available today. That's a long time to wait in between winning tickets. To reduce this variance, people form pools.
With pools, the pool manager takes a stack of tickets and distributes it among a set of pool members in such a way that the winnings can only be deposited to the pool operator's address. Together they have a lot of scratching power (aka mining power). Whenever one of the members gets a winning ticket, it publishes it, awarding the pool manager with the reward. There is no opportunity for the finder to say "finders keepers!" and keep the money for itself, because the PoW mechanism is set up to send the winnings directly to, and only to, the pool manager. The pool manager then distributes the winnings among all members of the pool, in accordance with how much they contributed to the pool.
This kind of proof of work is inherently distributable. We need a slightly different proof of work that cannot be easily outsourced to others. What does such a PoW look like?
Requirements
Before we go on to answer that question, let's discuss some must-have features of any good solution.
- Any solution in this space must preserve the existing blockchain, and with it, the existing Bitcoin balances.
- Any good solution in this space must also preserve the large investments many miners have made and are planning to make in their equipment.
- A great solution in this space would provide a seamless transition from the existing system to the new one, and provide adjustable knobs that can be fine-tuned for a desired tradeoff that fits the community's needs.