CS代考 GB-27MB)

Bitcoin mining logistics and strategy

This lecture
● Why study cryptocurrency?

Copyright By PowCoder代写 加微信 powcoder

● About the course
● About me
● Crypto background
○ digital signatures
○ hash functions
○ … and applications
● Intro to cryptocurrencies
○ basic digital cash

Recap: Bitcoin scripting language (“Script”)
Design goals
● Built for Bitcoin (inspired by Forth)
● Simple, compact
● Support for cryptography
● Stack-based
● Limits on time/memory
● No looping
I am not impressed
image via . Amand

OP_CHECKMULTISIG
● Built-in support for joint signatures ● Specify n public keys
● Specify t
● Verification requires t signatures
BUG ALERT: Extra data value popped from the stack and ignored

Multisig application: Escrow transactions
(disputed case) (normal case)
Pay x to x to IGNED(ALICE, BOB) SIGNED(ALICE, JUDY)
To: : x to 2-of-3 of Alice, Bob, Judy (MULTISIG) PROBLEM: Alice wants to buy online from Bob.
Alice doesn’t want to pay until after BoSIbGNEsDh(AiLpICsE).

Bob doesn’t want to ship until after Alice pays.

Proof-of-burn/OP_RETURN transactions
nothing’s going to redeem that ☹
OP_RETURN

“hash”:”5a42590…b8b6b”,
“vin_sz”:2,
“vout_sz”:1,
“lock_time”:315415,
“size”:404, …
Block index or real-world timestamp before which this transaction can’t be published

More advanced scripts
● Multiplayer lotteries
● Hash pre-image challenges
● Coin-swapping protocols
“Smart contracts”

Bitcoin miners

Recap: Bitcoin miners
Bitcoin depends on miners to:
● Store and broadcast the block chain
● Validate new transactions
● Vote (by hash power) on consensus
But who are the miners?

It’s called mining because it’s very difficult to profit!
Gold miners ascending the Chilkoot pass
1898 Klondike gold rush

Mining Bitcoins in 6 easy steps
1. Join the network, find a set of peers
2. Listen for transactions
a. Validate all proposed transactions
b. Share transactions with other nodes
3. Listen for new blocks
a. Validate all proposed blocks
b. Maintain blockchain history
c. Share valid blocks with other nodes
4. Assemble a new candidate block
5. Find the nonce to make your block valid
6. Hope everybody accepts your new block
7. Profit!
Useful to Bitcoin network

The Bitcoin network

Bitcoin P2P network
● Ad-hoc protocol (runs on TCP port 8333)
● Ad-hoc network with random topology
● All nodes are equal
● New nodes can join at any time
● Forget non-responding nodes after 3 hr

Joining the Bitcoin P2P network
Hello World! I’m ready to Bitcoin!
getad1d,r(7)

Transaction propagation via flooding
Already heard that!
New tx! A→B
Pending transactions are kept in the mempool

When to relay a transactions
● Transaction valid with current blockchain head
● (default) script matches a whitelist
○ Avoid unusual scripts
● Haven’t seen before ○ Avoid infinite loops
● Doesn’t conflict with others I’ve relayed ○ Avoid double-spends
Sanity checks only…
Some nodes may ignore them!

Nodes may differ on transaction pool
New tx! A→C A→C

Colliding transaction and front-running
Transactions or blocks may be broadcast which conflict
● Default behavior: accept what you hear first
● Network position matters
● Miners may implement other logic
○ Example: favor transactions with a higher fee
Front-running: attempting to broadcast a competing transaction after hearing a pending (unconfirmed) transactions
● Can be a step in many types of attack!

Block propagation nearly identical
Relay a new block when you hear it if:
● Block meets the hash target
● Block has all valid transactions
○ Run all scripts, even if you wouldn’t relay ● Block builds on current longest chain
○ Avoid forks
Sanity check
Also may be ignored…

Source: and : “Accelerating Bitcoin’s Transaction Processing” 2014

Nobody knows exactly how big the P2P network is
● Estimates-up to 1M IP addresses/month
● Only about 5-10k “full nodes”
○ Permanently connected
○ Fully-validate
● This number may be dropping!

Nodes need not communicate only on the public network
● Public P2P network is random and slow
● Large miners can directly peer to share information quickly
○ The rich get richer

Fully-validating nodes
● Permanently connected
● Store entire blockchain
● Validate and forward every node/transaction

Storage costs continually growing for full nodes

Miners want the UTXO set at their fingertips
● Unspent Transaction Output
○ Everything else can be stored on disk
● Can easily fit into RAM

Thin/SPV clients (not fully-validating)
Idea: don’t store everything
● Store block headers only (about 700k blocks so far)
● Request transactions as needed
○ To verify incoming payment
● Trust fully-validating nodes 10,000x cost savings! (400 GB-27MB)

Software diversity
● About 90% of nodes run “Core Bitcoin” (C++) ○ Some are out of date versions
● Other implementations running successfully
○ BitcoinJ (Java)
○ Libbitcoin (C++)
○ btcd (Go)
● “Original Satoshi client”

Bitcoin blocks

Bitcoin blocks
Why bundle transactions together?
● Single unit of work for miners
● Limit length of hash-chain of blocks
○ Faster to verify history
Why limit the size of blocks?
● Limit block collisions (larger blocks slower to propagate)
● Limit overall blockchain size

Bitcoin block structure Hash chain of blocks
Hash tree (Merkle tree) of transactions in each block
prev: H( )
trans: H( )
prev: H( )
trans: H( )
prev: H( )
trans: H( )
H() H() H() H()
transaction transaction transaction transaction

The real deal: a Bitcoin block
“prev_block”:”00000000000000003043…”,
“time”:1391279636,
“bits”:419558700,
“nonce”:459459841,
“mrkl_root”:”89776…”,
“n_tx”:354,
“size”:181520,
“mrkl_tree”:[
“6bd5eb25…”,
“89776cdb…”
“hash”:”00000000000000001aad2…”,
block header
transaction data

The real deal: a Bitcoin block header
mining puzzle information
“hash”:”00000000000000001aad2…”, “ver”:2, “prev_block”:”00000000000000003043…”, “time”:1391279636,
“bits”:419558700,
“nonce”:459459841, “mrkl_root”:”89776…”,
hashed during mining
not hashed

The real deal: coinbase transaction
redeeming nothing
“prev_out”:{ Null hash pointer “hash”:”000000…..0000000″, “n”:4294967295
“coinbase”:”…”
}, “out”:[
First ever coinbase parameter:
“The Times 03/Jan/2009 Chancellor on brink of second bailout for banks”
block reward
transaction fees
“value”:”25.03371419″, “scriptPubKey”:”OPDUP OPHASH160 … ”

Learn these details via your favorite online block explorer
blockchain.info (and many other sites)

Finding a valid block
prev: H( )
mrkl_root: H( )
nonce: 0x0f0f00f070f07001f1e20…
hash: 0xd036c030a2904c102c087f4c085…
prev: H( )
mrkl_root: H( )
nonce: 0x7a83
hash: 0x0000
All changed
H() H() H() H()
transaction transaction transaction
25.0→A coinbase: 0x300d0f005…06501

Mining difficulty “target” (March 2023)
256 bit hash output
000000000000000000170a370000000000000000000000000000000000000000
76+ leading zeroes required
Current difficulty = 276.8
=131,553,881,656,092,740,000,0

Setting the mining difficulty
Every two weeks, compute:
next_difficulty= previous_difficulty *
(2 weeks)/(time to mine last 2016 blocks)
Expected number of blocks in 2 weeks at 10 minutes/block

Mining difficulty over time
bitcoinwisdom.com

Time to find a block
10 minutes
bitcoinwisdom.com

Mining hardware

● General purpose hash function
○ Part of SHA-2 family: SHA-224,SHA-384,SHA-512
● Published in 2001
● Designed by the NSA
● Remains unbroken cryptographically
○ Weaknesses known
● SHA-3 (replacement) under standardization

SHA-256 in more depth
256-bit state
Bitwise tweaks
64 iterations
round constants
Addition mod 32

CPU mining
while (1){
HDR[kNoncePos]++;
IF (SHA256(SHA256(HDR)) < (65535 << 208)/ DIFFICULTY) two hashes Throughput on a high-end PC = 10-20 MHz ≈ 224 143 million years to find a block GPU mining ● GPUs designed for high-performance graphics ○ high parallelism ○ high throughput ● First used for Bitcoin ca. October 2010 ● Implemented in OpenCL ○ Later: hacks for specific cards GPU mining advantages ● easily available, easy to set up ● parallel ALUs ● bit-specific instructions ● can drive many from 1 CPU ● can overclock! Observation: some errors are okay (may miss a valid block) Goodput: throughput × success rate Worth over-clocking by 50% with 30% errors! Source: LeonardH, cryptocurrencies talk.com GPU mining disadvantages ● poor utilization of hardware ● poor cooling ● large power draw ● few boards to hold multiple GPUs Throughput on a good card = 20-200 MHz ≈ 227 ≈178k years to find a block w/100 cards! FPGA mining ● Field Programmable Gate Area ● First used for Bitcoin ca. June 2011 ● Implemented in Verilog FPGA mining advantages ● higher performance than GPUs ○ excellent performance on bitwise operations ● better cooling ● extensive customisation, optimisation , thinkcomputers.org FPGA mining disadvantages ● higher power draw than GPUs designed for ○ frequent malfunctions, errors ● poor optimization of 32-bit adds ● fewer hobbyists with sufficient expertise ● more expensive than GPUs ● marginal performance/cost advantage over GPUs Throughput on a good card = 100-1000 MHz ≈ 230 22 thousand years to find a block w/100 Bitcoin ASICs developed since 2013 Bitcoin ASICs ● special purpose ○ approaching known limits on feature sizes ○ less than 10x performance improvement expected ● designed to be run constantly for life ● require significant expertise, long lead-times ● perhaps the fastest chip development ever! Early market dynamics (2013/2014) ● Most boards obsolete within 3-6 months ○ Half of profits made in first 6 weeks ● Shipping delays are devastating to customers ● Most companies require pre-orders ● Most individual customers should have lost... But... rising prices saved them! Modern case study: Ant 19 Pro ● First shipped 2021 ● 110 TH/s ● Cost: ~US$20,000 ● Power consumption: 3,250 kW Still, 19 years to find a block! Evolution of mining CPU GPU FPGA ASIC gold pan sluice box placer mining pit mining Professional mining centers ● cheap power ● good network ● cool climate BitFury mining center, Republic of Georgia Energy consumption & ecology Thermodynamic limits Landauer’s principle: Any non-reversible computation must consume a minimum amount of energy. Specifically, each bit changed requires (kT ln 2) joules SHA-256 is not reversible Energy consumption is inevitable Energy aspects of Bitcoin mining ● Embodied energy: used to manufacture mining chips & other equipment ○ should decrease over time ○ returns to scale ● Electricity: used to perform computation ○ should increase over time ○ returns to scale ● Cooling: required to protect equipment ○ costs more with increased scale! Estimating energy usage: top-down ● Each block worth approximately US$250,000 ● Approximately $400/s generated ● Industrial electricity (US): $0.03/MJ ○ $0.10/kWh Economic upper bound on electricity consumed: 13,000 MJ/s = 13 GW Limits to the upper bound ● Network may be dependent on subsidized (or free) electricity ● Some miners may be running at a loss to gain influence ● Some miners may have pre-paid electricity contracts ○ Price of Bitcoin has recently dipped! Estimating energy usage: bottom-up ● Best claimed efficiency: 110 THz/3250W ● Network hash rate: 200,000,000 THz ● (excludes cooling, embodied energy) Lower bound on electricity consumed: ~6 GW How much is a gigawatt? Three Gorges Dam = 10 GW typical hydro plant ≈ 1 GW Kashiwazaki-Kariwa nuclear power plant = 7 GW typical nuclear plant ≈ 4 GW major coal-fired plant ≈ 2 GW How much is a gigawatt? Typical family home: 1-2 kW (electricity only) All of Australia (2019): ~27 GW (electricity only) All payment systems require energy Perhaps some energy can be reclaimed via data furnaces ● Observation: in the limit, computing devices produce heat almost as well as electric heaters! ● Why not install mining rigs as home heaters? ● Challenges: ○ Ownership/maintenance model ○ Gas heaters still at least 10x more efficient ○ What happens in summer? Open questions ● drive out electricity subsidies? ● require guarding power outlets? ● Can we make a currency with no proof-of-work? Mining pools Economics of being a small miner ● Cost: ≈US$20,000 ● Expected time to find a block: ≈19 years ● Expected revenue: ≈$1,000/month Ant 19 Pro Mining uncertainty # blocks found in one year probability (Poisson dist.) Time to find first block Probability density Idea: could small miners pool risk? Mining pools ● Goal: pool participants all attempt to mine a block with the same coinbase recipient ○ send money to key owned by pool manager ● Distribute revenues to members based on how much work they have ○ minus a cut for pool manager How do we know how much work members perform? Mining shares Idea: prove work with “near-valid blocks” (shares) 4AA087F0A52ED2093FA816E53B9B6317F9B8C1227A61F9481AFED67301F2E3FB D3E51477DCAB108750A5BC9093F6510759CC880BB171A5B77FB4A34ACA27DEDD 00000000008534FF68B98935D090DF5669E3403BD16F1CDFD41CF17D6B474255 BB34ECA3DBB52EFF4B104EBBC0974841EF2F3A59EBBC4474A12F9F595EB81F4B 00000000002F891C1E232F687E41515637F7699EA0F462C2564233FE082BB0AF 0090488133779E7E98177AF1C765CF02D01AB4848DF555533B6C4CFCA201CBA1 460BEFA43B7083E502D36D9D08D64AFB99A100B3B80D4EA4F7B38E18174A0BFB 000000000000000078FB7E1F7E2E4854B8BC71412197EB1448911FA77BAE808A 652F374601D149AC47E01E7776138456181FA4F9D0EEDD8C4FDE3BEF6B1B7ECE 785526402143A291CFD60DA09CC80DD066BC723FD5FD20F9B50D614313529AF3 000000000041EE593434686000AF77F54CDE839A6CE30957B14EDEC10B15C9E5 9C20B06B01A0136F192BD48E0F372A4B9E6BA6ABC36F02FCED22FD9780026A8F Mining pools Hey folks! Here’s our next block to work on Pool manager prev: H( ) mrkl_root: H( ) 0x00000000000a877902e... 0x000000000001e8709ce... 0x00000000000490c6b00... 0x0000000000007313f89... 0x0000000000045a1611f... 0x00000000000000003f89... Mining pool variations ● Pay per share: flat reward per share ○ Typically minus a significant fee ○ What if miners never send in valid blocks? ● Proportional: typically since last block ○ Lower risk for pool manager ○ More work to verify ● “Luke-jr” approach: no management fee ○ Miners can only get paid out in whole BTC ○ Pool owner keeps spread Mining pool protocols ● API for fetching blocks, submitting shares ○ Getblockshare ● Proposed for standardization with a BIP ● Increasingly important; some hardware support Mining pool history ● First pools appear in late-2010 ○ Back in the GPU era! ● By 2014: around 90% of mining pool-based ● June 2014: GHash.io exceeds 50% Mining pools (March 2022) Are mining pools a good thing? ○ Make mining more predictable ○ Allow small miners to participate ○ More miners using updated validation software ○ Lead to centralization ○ Discourage miners from running full nodes Can we prevent pools? 程序代写 CS代考 加微信: powcoder QQ: 1823890830 Email: powcoder@163.com