SmartPool: Decentralized mining pools using smart contracts · Bitcoin’s mining power distribu=on...
Transcript of SmartPool: Decentralized mining pools using smart contracts · Bitcoin’s mining power distribu=on...
SmartPool:Decentralizedminingpoolsusingsmartcontracts
1
LoiLuuCofounder,SmartPool.ioPhDcandidate,Na=onalUniversityofSingapore
Outline• Whatismining&pooledmining• Whycentralizedminingpoolisnotideal• SmartPoolsolu=on
Whatismining• Probabilis=callyelectsleaderstoproposeblocks– Bysolvingproofofwork,ormining
• Awaytoissuemorecoins– 12.5BTCper1Bitcoinblock– 5ETHper1Ethereumblock
Howtomineablock• Needtofindanoncesothat
Hash(BlockHeader,nonce)≤dor
Hash(BlockHeader,nonce,dataset)≤d• Findingavalidnonceishard– Normalcomputerstakeyearstofindavalidnonce
Miningpool• Groupofminersjoinhandtomineblockstogether• Rewardissplitamongminersbasedontheircontribu=ons– Reducevariance– Receivesmallerrewardsfrequently
Howminingpoolswork• Poolstrackminercontribu=onsbyusingshares– Ashareissimilartoablock,butrequiredlessworktofind
– Eachsharehasprobabilityd/Dbeingavalidblock
Hash(BlockHeader,nonce,dataset)≤d
Hash(BlockHeader,nonce,dataset)≤DwithD>>d
Validblock
Validshare
Howminingpoolswork(2)• Pooloperatorrecordstheshares,anddistributesrewardaccordingly
Network(Bitcoin,Ethereum)
Solominer Solominer SolominerMiningpool
poolmembers
block block block
shareshare
Pooledminingisgreat• Forminers– Allowthemtohavestableincome– Lowvariancemeanseasiertomakeeconomicplan
• Forthenetwork– Helpincreasethesecurityofthenetworkbyallowingmoreminerstojointheminingprocess
Centralizedpooledminingissues• Miningincryptocurrenciesishighlycentralized– 3-5poolscontrolmajorityofhashpower
Ethereum’sminingpowerdistribu=onBitcoin’sminingpowerdistribu=on
Centralizedpooledminingissues(2)• Implicittrust– Minerstrustpooltorecordsharesandpaycorrectly
• Transac=oncensorshipthreat– Poolsdecidewhichtransac=onstoinclude,nottheminers
• Singlepointoffailures– Easytopar==onthenetwork[IEEESS&P‘17]
SMARTPOOL:REPLACINGPOOLOPERATORBYASMARTCONTRACT
Naïvesolu=on
MiningpoolSmart
Contract
Miner’sminingsodware
Pool’sGateway
Miner’sLocalenvironmentgetWork()
submitWork()
Workresponded
EthereumBlockchain
submitShares()
User’saddress
RewardissentwhenablockisminedMinerusesthepool’saddressasthe
coinbaseaddressintheirblocks
Naïvesolu=on’sProblems• Numberofsharesislarge
– Mayrequirebillionsofsharesperblock– Requireasmanymessagestothecontract
• Cost(gas)toverifyaEthashPoWisexpensive– Maybemorethantherewardpershare– Rendernega=veincomestominers
• VerifyinganEthashPoWwasnoteventechnicallyfeasible– Requireaccessto1GBdataset– Smartcontractstorageiscostly(around$80,000USDperGB)
Hash(BlockHeader,nonce,dataset)≤d
SMARTPOOL’SSOLUTION
SmartPool–Solu=on• Allowbatchsubmissions(uptomillionsofshares)– significantlyreducenumberoftransac=onstothecontract
– onlysubmittheMerklerootofalltheshares
SmartPoolsmartcontract
Miners
Submitbatchofshares
SmartPool–Solu=on(2)• Probabilis=cverifica=ontocheckasubmission– Randomlyverifyonlyonesharepersubmission
– Pr[ofchea=ngdetected]ispropor=onaltotheamountofchea=ng
SmartPoolsmartcontract
Requestedproof
Submitbatchofshares
Probabilis=cVerifica=on
Creditcontribu=ons
Requestarandomproof
Miners
SmartPool:Disincen=vizechea=ng• Penaltyscheme:pay0shareinasubmissionifchea=ngdetected
– Expectedrewardisthesamewhetherchea=ngornot– Minershavenoincen=vetocheat
• Ifwesamplemorethan1share,canstronglydisincen=vizechea=ngminers
• Cryptoeconomicispowerful!
Get1.5Rewardwith2/3probability
Get0Rewardwith1/3probability
Probabilis=cverifica=on
passed
detected
Expectedreward=1
17
Reward=1
SmartPool:CheaplyVerifyEthashPoW• VerifyingEthashPoWwasthoughttobeimpossibleinsidea
contract– datasetincludes64randomelementsfroma1GBdataset.Wecan’tstoretheen=re1GBdataset
– Canwestorejustthe16MBdataset?Sincethe1GBdatasetisgeneratedfromthe16MBone• WouldcosthundredsofEthers• The16MBdatasetchangesevery30kblocks(4-5days)• Geongtheelementinthe1Gbdatasetfromthe16MBseedisexpensive
– i.e.requires8SHA-512computa=onsperelement,willrunoutofgas
Hash(BlockHeader,nonce,dataset)≤d
Oursolu=on:onlyverifytheresultofEthash• Observa=on
– Wedonotneedtheen=re1GBdatasetnorthe16Mbseed,weonlycareaboutthecorrectnessofthe64sampledelements(basedonthenonceandtheblockheader)
• Solu=on– StoretheMerklerootofthe1GBdatasetinthecontract
• EveryonecanverifythisMerkleroot– Requiretheminerstosendthemerkleproofforeachdataelement
• Checkingtheproofsfor64elementsismuchcheaperandsimpler
SmartPool’sEthashinTestnet• Weself-implementtheSHA-512insolidity– Costis200kofgaspercomputa=on
• FullyverifyanEthashPoWwith3.9Mofgas– CurrentgasLimit>4M– Canbeoptmizedfurther
• Oursolu=oncanbeusedtobuildalighterlight-client
Moreinthewhitepaper• Howtopreventminersfromstealingothers’shares?• Howtopreventclaimingasharemul=ple=mes– Withinasubmission– Acrosssubmissions
• HowtorunminingpoolsforothercryptocurrenciesonEthereum
21
SmartPool:FeaturesandPlan• Features
– Totallydecentralized– Secure– Efficientandscalable– Opensourceandnon-profit
• Plan– TestnetdeploymentinMarch– MainnetdeploymentinMay– Suppor=ngothercryptocurrenciesdependsonfunding
SmartPool.ioiscallingfordona=on
23
Closingthoughts• Blockchains&smartcontractshelpremovemiddleman/centralizedoperators– Decentralizedminingpoolsisoneexample.
• Blockchains&smartcontractsarethetools,notthesolu=ons– Morethoughtsonthedesignandimplementa=onsrequired
Acknowledgement• EthereumFounda=on
• DinarDirham• 24pseudonymousdonors
Thankyou–Q&Ahtp://smartpool.ioSmartPool_Prj