Bitcoin mining incentives, community & politics
Mining incentives and strategies
Copyright By PowCoder代写 加微信 powcoder
Game-theoretic analysis of mining Several strategic decisions
● Which transactions to include in a block ○ Default: any above minimum transaction fee
● Which block to mine on top of ○ Default: longest valid chain
● How to choose between colliding blocks ○ Default: first block heard
● When to announce new blocks
○ Default: immediately after finding them
Several types of miner (the BAR model)
● Altruistic/Default/Honest ○ Run exact default protocol
● Rational
○ Try to extract maximum profit
● Byzantine
○ Unpredictable behavior
Goal: withstand a minority of Byzantine nodes and the rest Rational nodes
Game-theoretic analysis of mining
Assume you control 0 < α < 1 of mining power Can you profit from a non-default strategy?
For some α, YES, though analysis is ongoing!
Forking attacks
Forking attacks
● Certainly possible if α >0.5
○ may be possible with less
○ avoid block collisions
● Attack is detectable
● Might be reversed
● Might crash exchange rate
I expect you to die, Mr. Bitcoin
Goldfinger Attack?
Forking attacks via bribery
● Idea: building α > 0.5 is expensive. Why not rent it instead?
● Payment techniques:
○ Out-of-band bribery
○ Run a mining pool at a loss
○ Insert large “tips” in the block chain
This is an open problem!
Checkpointing
Default clients ship with built-in checkpoint
Block-withholding attacks
Strategy: don’t announce blocks right away. Try to get ahead!
“Selfish mining”
Secret Block
Secret Block
All other miners are wasting effort here!
Block-withholding attacks, take 2
What happens if a block is announced when you’re ahead by 1?
Secret Block
The race is on!
Block-withholding attacks aka selfish mining
● Improved strategy for any α if you can win every race ○ Ideal network position
○ Bribery?
● Always a good strategy if you can win every race
● With an α + 0.5(1-α) chance of winning races, improved strategy for α > 0.25
● With an α chance of winning races, improved strategy for α > 0.333
● Not yet observed in practice!
Shocking finding in 2014!
Punitive forking
● Suppose you want to blacklist transactions from address X ○ Freeze an individual’s money forever
● Extreme strategy: announce that you will refuse to mine on any chain with a transaction from X
With α < 0.5, you’ll soon fall behind the network
Feather-forking strategy
● To blacklist transactions from X, announce that you will refuse to mine
directly on any block with a transaction from X ○ but you’ll concede after n confirming blocks
● Chance of pruning an offending block is α2
Response to feather forking
For other miners, including a transaction from X induces an α2 chance of losing a block
Might be safer to join in on the blacklist
Can enforce a blacklist with α < 0.5!
Success depends on convincing other miners you’ll fork
Feather-forking: what is it good for?
● Freezing individual bitcoin owners ○ ransom/extortion
○ law enforcement?
● Enforcing a minimum transaction fee...
A second look at transaction fees
Default policy:
priority = sum(input_value * input_age)/size_in_bytes
Accept without fees if: ? priority > 0.576
Will miners cooperate to enforce consistent fees?
Transaction fees will matter more
Currently, block rewards are > 99% of miner revenue. But:
Eventually, transaction fees will dominate
Fee-sniping: is it worth it to steal a large fee?
Fee-sniping can be worthwhile
Expected value: α
Expected value: α2(1+X)
I miners fee-snipe, perhaps they can be bribed…
M→B, fee: 0.01 M→M’→, fMee’:1.0
Bribery attacks
● Pay miners out-of-band
● Start a new mining pool paying negative fees
● In-band payments on one chain
○ Anybody-can-spend transactions
○ Large mining fees
● Smart Contracts
○ Can be conditional on attack succeeding, or guaranteed
● Miners are free to implement any strategy
● Very little non-default behavior in the wild
● No complete game-theoretic model exists
Things might be about to get interesting…
How to change Bitcoin: Hard forks and soft forks
Hard-coded limits in Bitcoin
● 10 min. average creation time per block
● 1 M bytes in a block
● 20,000 signature operations per block
● 100 M satoshis per bitcoin
● 23M total bitcoins maximum
● 50,25,12.5… bitcoin mining reward
These affect economic balance of power too much to change now
Cryptographic limits in Bitcoin
● Only 1 signature algorithm (ECDSA/P256)
● Hard-coded hash functions (SHA-256, RIPEMD)
Crypto primitives might break by 2140… Known risk: quantum computers
Throughput limits in Bitcoin
● 1 M bytes/block (10 min)
● >250 bytes/transaction
● 7 transactions/sec ☹
Compare to:
● VISA: 2,000-10,000 transactions/sec
● PayPal: 50-100 transaction/sec
Simple intervention: raise the block size
Advantages to larger blocks:
● More transaction throughput
● Lower fees
Disadvantages to larger blocks:
● Slower block propagation
● More block collisions (advantage larger miners)
● More expensive to run a full node
Performance
Centralization
Simple intervention: raise the block size
Advantages to larger blocks:
● More transaction throughput
● Lower fees
Disadvantages to larger blocks:
● Slower block propagation
● More block collisions (advantage larger miners)
● More expensive to run a full node
Hard-forking changes to Bitcoin: larger blocks
1 Block234
That’s crazy talk!!
I found a nifty new block!
That’s crazy talk!!
6 24 Block 23
BBlloocckk 2234
Old nodes will ignore new large blocks
Hard-forking changes to Bitcoin: larger blocks Legacydes
this block
Legacy fork
Conditions for a hard fork:
● Majority supports change
● New blocks/tx are invalid under old rules (looser validation rules)
will ignore
Hard forks
● New op codes
● Changes to size limits
● Changes to mining rate
● Many small bug fixes
Community not seriously considering these
Soft forks
Observation: we can add new features which only limit the set of valid transactions
Need majority of nodes to enforce new rules Old nodes will approve
RISK: Legacy nodes will mine now-invalid blocks
Last block before rule change
Soft-forking example: lower block size limit
Conditions for a soft fork:
● Majority supports change
● New blocks/tx are valid under old rules (stricter validation rules)
Soft fork example: pay-to-script-hash (P2SH)
<
OP_HASH160
Old nodes will just approve the hash, not run the embedded script
Major soft forks in Bitcoin
● 2012: Pay-to-script-hash (P2SH)
○ Replace scripts with their hash to improve privacy, efficiency
● 2017: Segregated witness (SegWit)
○ Signatures removed from tx data, moved to separate part of block
○ Improved permanence, removed malleability, changed effective block limit
● 2021: TapRoot
○ Modified transaction format
○ Support for Schnorr signatures
○ Better support for Lightning network
Soft fork possibilities
● New signature schemes
○ Use opcodes which were previously NOPs
● Extra per-block metadata
○ Shove in the coinbase parameter
○ Commit to UTXO tree in each block
○ Range: point to more prior blocks
Permanent forks (or “intended hard forks”)
● Two communities want incompatible outcomes ○ Example: small blocks, big blocks
● Miners choose which set of rules to follow
● Both communities follow a new chain
● Examples: Bitcoin Cash, Bitcoin SV (Satoshi Vision), Bitcoin Gold
Permanent forks (or “intended hard forks”)
Valid under A rules Invalid under B rules
Valid under B rules Invalid under A rules
Which chain is “Bitcoin”??
What happens to users after a permanent fork
● Before the fork: Alice owns 1 Bitcoin
● After the fork: Alice owns 1 Bitcoin, 1 Bitcoin Gold!
○ Entire state is duplicated
○ Total exchange value may less, or more…
● Challenge: ensure tx are inconsistent on both chains
○ Prevent cross-chain replay attacks
Summary of fork possibilities
Stricter validation
Looser validation
Incompatible validation
Majority support
Permanent fork
Minority support
Permanent fork
Unsuccessful fork
Permanent fork
Consensus in the Bitcoin community
Bitcoin community must agree on rules
● what is the genesis block
● what makes a transaction valid
● what makes a block valid
● what makes a blockchain branch “longest”
○ Most aggregate work, not most blocks!
To a lesser extent:
● how P2P nodes should behave
Bitcoin community must agree on history
Must agree on a canonical longest chain
● might disagree on most recent few blocks
● which transactions have occurred
● which coins exist and who owns them
Bitcoin community must agree that coins are valuable
Essential for any currency
● Traditional currencies: government-backing
● Bitcoin: “Tinkerbell effect”
Interlocking notions of consensus
consensus about rules
consensus that coins are valuable
consensus about history
Bitcoin development process
Bitcoin core software is de facto standard
open source (MIT license)
the most widely used Bitcoin software
those who don’t use it follow its lead on rules
Bitcoin core is maintained by an open-source team
Bitcoin Improvement Proposals (BIPs)
“formal” proposal for changes to Bitcoin includes technical spec and rationale
published in a numbered series
each BIP has a champion to evangelize / coordinate also: informational BIPs, process-oriented BIPs
Bitcoin Improvement Proposals (BIPs)
Who decides which BIPs get implemented?
Power is often complicated!
“In a room sit three great men, a king, a priest, and a rich man with his gold. Between them stands a sellsword, a little man of common birth and no great mind. Each of the great ones bids him slay the other two. ‘Do it,’ says the king, ‘for I am your lawful ruler.’ ‘Do it,’ says the priest, ‘for I command you in the name of the gods.’ ‘Do it,’ says the rich man, ‘and all this gold shall be yours.’ So tell me – who lives and who dies?” – Varys
In A Clash of Kings by R Martin
Claim: Bitcoin Core developers have the power.
They write the rulebook.
Almost everybody uses their code, follows their rules.
Claim: Miners have the power.
Miners write the history.
History will be consistent with miners’ consensus rules.
Miners can signal support for BIPs introducing forks
Claim: Investors have the power.
Investors determine whether Bitcoin has any value.
In case of hard-fork, investors decide which branch wins.
Claim: Merchants and their customers have the power.
They generate the primary demand for Bitcoins. They drive the long-term price of Bitcoin.
Investors are just guessing where merchants and customers will go.
Claim: Payment services have the power.
They are the ones that really handle transactions.
So they drive primary demand.
Merchants, customers, and investors will follow them.
Everybody in Bitcoin has the right of exit
If you don’t like the rules, you can fork
● Nobody else has to pay attention to your fork
● Nobody else might value coins on your fork
The power of Bitcoin is entirely dependent on community consensus
No simple answer for who controls Bitcoin
● Developers lead on technical matters ○ “Leading the parade”
● Miners lead on short-term consensus
● Investors, users ultimately have the power
○ Market settles contentious forks
Formal governance attempts in Bitcoin have failed
● Bitcoin Foundation defunct since 2015
● Nobody clearly controls Bitcoin trademark, logo
○ “What is Bitcoin” decided informally!
Can governments control Bitcoin?
Bitcoin’s roots are often anti-government
● Cypherpunks:
○ Cryptography can enhance privacy and security
● Crypto-anarchists
○ Cryptography can (eventually) replace governments
Strong cryptography will cause the power of the state to decline, perhaps even collapse fairly abruptly … digital money … and other crypto-mediated interactions, will profoundly change the nature of economies and social interactions. Governments will have a hard time collecting taxes, regulating the behavior of individuals and corporations … when it can’t even tell what continent folks are on! –
Bitcoin was published anonymously by
● author of white paper and original Bitcoin software
● almost certainly a pseudonym
● identity associated with certain public keys
● writes fairly well in English
● has barely been heard from since 2010
● owns lots of Bitcoins from early mining
○ Still not spent!
Governments have several concerns about Bitcoin
● Electricity consumption
● Consumer protection
○ Many failed exchanges, banks
● Taxation and tax avoidance
● Economic sanctions
● Capital controls
● Anti-money laundering
Anti-Money Laundering is a key law enforcement tool
goal of AML: stop or detect large amounts of money from:
● Crossing borders
● Moving from underground to legitimate economy
Typically only worried about large amounts (e.g. US$10k)
Know Your Customer (KYC) laws
Traditional financial institutions are required to:
1. identify and authenticate clients,
2. evaluate risk of client,
3. watch for anomalous behavior
Which participants in the Bitcoin ecosystem should do KYC?
Typically, regulation so far has affected exchanges Most people’s on-ramp/off-ramp from crypto
Exchanges must interact with the traditional financial system
Some governments see Bitcoin as an opportunity
程序代写 CS代考 加微信: powcoder QQ: 1823890830 Email: powcoder@163.com