Presentation is loading. Please wait.

Presentation is loading. Please wait.

Bitcoin Mining CS1951 L Spring 2019 5 February 2019 Maurice Herlihy

Published byBrendan Crawford Modified over 5 years ago

Similar presentations

Presentation on theme: "Bitcoin Mining CS1951 L Spring 2019 5 February 2019 Maurice Herlihy"— Presentation transcript:

1 Bitcoin Mining CS1951 L Spring 2019 5 February 2019 Maurice Herlihy Brown University

2 Nakamoto Consensus in One Line
hash of block on longest branch public key difficulty SHA256( h | T | K | nonce ) < D standard hash function transactions Find this!

3 Mining … Try nonce = 1 Compute hash Try nonce = 2
Enough leading zeros? Try nonce = 3 Try nonce = 1,000,000

4 As value rises, GPUs displace CPUs
Era of CPU mining Bitcoin not worth much As value rises, GPUs displace CPUs

5 Large size, high power, heat …
Era of GPU mining Versatile, high resale Large size, high power, heat …

6 Today Era of ASiC mining
Power efficient, small, effective Expensive, no resale value

7 Mining Payoff is high, but expected wait is now years …
Bitcoin gets harder and harder to mine Maybe I can pool the risk …

8 Work on this block credited to me
Pools Work on this block credited to me boss Try nonce = 1… Try nonce = 100… Try nonce = 200… worker worker worker

9 I won! My nonce yields k leading zeros!
Pools I won! My nonce yields k leading zeros! boss worker worker worker

10 You get most of the reward!
Pools You get most of the reward! boss worker worker worker

11 How do I know you’re not freeloaders?
Pools How do I know you’re not freeloaders? boss I worked just as hard! I worked just as hard! worker worker worker

12 Pools boss worker worker worker Here is a stream of partial results …

13 Payment proportional to your hash’s number of leading zeros
Pools boss worker worker worker

14

15 Pools have no incentive to launch 51% attack, so who cares?
Just kidding about that decentralized, censorship-resistence thing!

16 Competing Pools

17 Sometimes this increases green pool’s income
Infiltration Diluting blue pool’s income, but … pretending to work, but suppressing full solutions Reducing green pool’s mining rate Sometimes this increases green pool’s income Reducing overall Bitcoin difficulty

18 Best for both, but unstable
No infiltration Best for both, but unstable

19 Asymmetric Infiltration
Favors infiltrating pool (sometimes)

20 Not great for either but stable
Mutual Infiltration Not great for either but stable

21 Prisoner’s Dilemma Prisoner A choices Prisoner B choices Stay silent
Confess & betray Each 1 month jail A goes free, B gets 1 year jail B goes free, A gets 1 year jail Each 3 months jail Prisoner B choices

22 Iterated Prisoner’s Dilemma
Dominant strategy is to infiltrate But both are better off if they refrain 3+ miners, anonymous attacks, complex, unstable?

23 In-Depth

24 Feather-Forking I refuse to mine on any chain that includes Alice’s transaction Threat not credible, too expensive

25 Rational to blacklist Alice
Feather-Forking I refuse to mine on any chain that includes Alice’s transaction in last k blocks Threat is credible Rational to blacklist Alice

26 Feather-Forking Source

27 Finney Attack Bob’s Pizza cannot affort to delay customers…
So Bob accepts 0-confirmation transactions Alice pre-mines block with tranaction to self Alice sends txn paying Bob, receives pizza Alice releases pre-mined block …

28 Double Spending Attack
51% pool? Lowers confidence in BTC … Clients abandon, BTC becomes worthless Not profitable to rational player …

29 Harder to detect, maybe profitable
Censorship Attack 51% pool? Extort higher fees? Political control? Harder to detect, maybe profitable

30 Attempt to destroy currency Auric Goldfinger, villain, …
Goldfinger Attacks Attempt to destroy currency From 1964 Movie Auric Goldfinger, villain, … wants to increase value of own gold by … making gold in Ft. Knox radioactive!

31 Bitcoin “Death Spiral”
Mining rigs cost fiat (USD, Euro, etc.) Reward in BTC Loss of confidence in BTC … Lowers mining reward … Fewer miners, BTC easier to subvert. … Further lowering confidence

32 Goldfinger Attack Motivation Law enforcement, anti-laundering …
Most plausible Government Law enforcement, anti-laundering … Too expensive? Non-state atttacker Political or social goal Hard to short? Investment gain Short BTC

33 Technology Review Article
The Fed issues a stablecoin Dollar Facebook issues stablecoin, or subverts BTC Everyone issues a stablecoin

34 Hysteria about China

35 Rent equipment for 51% attack
Rental Attack Rent equipment for 51% attack Very expensive against BTC or ETH Not so expensive for lesser coins … Even for BTC, getting cheaper …

36 Most Expensive as of 26 Dec 18 Hash rates from Mine the Coin
Rental prices from NiceHash Percent rentable from NiceHash

37 Least Expensive

38 After DAO disaster (later), Ethereum split into ETH and ETC
This Happened After DAO disaster (later), Ethereum split into ETH and ETC 18th-largest cryptocurrency Deep reorganization” of 100s of blocks Double spends ~1.1M USD Numbers unreliable, but something happened

39 Price almost didn’t move
It gets weirder Price almost didn’t move “a lot of these assets have dogmatic diehard communities that refuse to submit, and most tokens are held by them anyway”

40 Attacker returned about half the stolen money to at least one exchange
And weirder Attacker returned about half the stolen money to at least one exchange “the hashing power of ETC network is still not strong enough and it's still possible to rent enough hashing power to launch another 51% attack.”

41 Game Theory: Auric vs Bond
Auric gets utility A by destroying BTC Bond gets utility B by preserving BTC Bond sets mining reward C Auric destroys by spending more than C Preserve Destroy Auric A-C Bond B-C

42 If A > B Auric destroys BTC If B > A, Bond preserves BTC…
Auric vs Bond Preserve Destroy Auric A-C Bond B-C If A > B Auric destroys BTC If B > A, Bond preserves BTC… By setting C = A BTC must pay a “tax” of A to stay alive!

43 Probability distributions? Need to have governance to respond
Auric vs Bond Bitcoin must pay a “tax” of A to stay alive! What if you don’t know A? Probability distributions? Need to have governance to respond

44 Governance?

45 In greater depth …

46 In the future when block rewards are gone …
Long-term Stability? In the future when block rewards are gone … And there are only transaction fees… Often more effective to steal “whale” transactions … Than to build on other blocks Existential threat?

47 If I’m ahead, withhold my block and mine on private chain
Selfish Mining If I’m ahead, withhold my block and mine on private chain

48 Selfish Mining If public chain catches up,
publish private chain, and hope for best

49 If I’m still ahead, keep mining on private chain
Selfish Mining If I’m still ahead, keep mining on private chain

50 Selfish Mining If public chain starts to catch up,
publish enough private chain to invalidate public blocks

51 Selfish Mining “Rational miners will prefer to join the selfish miners, and the colluding group will increase in size until it becomes a majority. At this point, the Bitcoin system ceases to be a decentralized currency.”

52 Selfish mining can be profitable for any size pool
Fixes exist that work for < 25% pools. No fix works for > 33% pools

53

54 Fake News? Vitalik Buterin
"No honest (or semi-honest) miner would want to join a selfish pool… Even if they do have a small incentive to [join], they have an even greater incentive to not break the Bitcoin network to preserve the value of their own Bitcoins and mining hardware." Vitalik Buterin

55 Ittay Eyal & Emin Gün Sirer
Fake News? "No honest (or semi-honest) miner would want to join a selfish pool… Even if they do have a small incentive to [join], they have an even greater incentive to not break the Bitcoin network to preserve the value of their own Bitcoins and mining hardware." “This is patently false. Take your regular, run-of-the-mill counterfeiter. Every time he manufactures a banknote, he undermines the very currency he is illegally replicating. Yet that doesn't stop counterfeiters from creating bogus banknotes.” Vitalik Buterin Ittay Eyal & Emin Gün Sirer

56 Lots of orphaned blocks?
Lots of blocks in close succession? Not so easy to detect Not hard to obfuscate But no evidence of selfish mining for real

57

58 In the future when block rewards are gone …
Stability? In the future when block rewards are gone … And there are only transaction fees… Often more effective to steal “whale” transactions … Than to build on other blocks Existential threat?

59 Let someone else pay for
Cryptomining Malware Let someone else pay for Hardware Electricity Bills Two varieties: Browser-based Binary malware-based

60 Website visitors run mining code
Browser-Based Website visitors run mining code Legit: Charities: UNESCO Ad blocker response: Salon.com javascript or web assembly

61 Website serves “orchestrator”, checks host enviroment
“Drive-By” Mining Website serves “orchestrator”, checks host enviroment Downloads optimized Wasm or asm.js mining script Instantiates number of web workers (threads) Sets up connection with pool Fetches work from pool and submits hashes

62 “Drive-By” Mining Vectors
Embedded video streaming: 2,500 sites Advertising websites Compromised websites Torrent portals: mostly Pirate Bay

63 Drive-By Mining Countermeasures
Block blacklisted pool connections Fooled by aliasing Monitor CPU usage Fooled by throttling Inspect binary code Can detect hashing “fingerprint” E.g., 80 XOR, 85 left shfit, 32 right shift …

64 Domain aliases to fool pools
Cryptomining Malware Monero most popular 4.32% mined by criminals ~$57M in January 2019 Evasion Domain aliases to fool pools “Idle” mining when CPU idle, no monitors rnning

65 Cryptomining Malware as Commodity
Malware easily purchased on-line $35 for Monero miner, for example “Miner is free, we charge a fee of 2%” Premium service maintenance, upgrades, proxies, service-level agreements Discussion forums Bot-friendly pools

66 Mining eras: CPU, GPU, ASIC
Ideas we covered in this lecture Mining eras: CPU, GPU, ASIC Pools and pool attacks Feather forking Finney attacks Goldfinger Attacks Selfish Mining Mining Malware

67

Download ppt "Bitcoin Mining CS1951 L Spring 2019 5 February 2019 Maurice Herlihy"

Similar presentations

For a New Liberty CTIR Literature Series 1 Part 4 Chapter 9.

For a New Liberty CTIR Literature Series 1 Part 4 Chapter 9.
COMS 486 Iowa State University Introduction to Bitcoin A P2P Electronic Cash System.

COMS 486 Iowa State University Introduction to Bitcoin A P2P Electronic Cash System.
Bitcoin. What is Bitcoin? A P2P network for electronic payments Benefits: – Low fees – No middlemen – No central authority – Can be anonymous – Each payment.

Bitcoin. What is Bitcoin? A P2P network for electronic payments Benefits: – Low fees – No middlemen – No central authority – Can be anonymous – Each payment.
Bitcoin Double Spending Attack Karame, Androulaki & Capkun Presented by Subhro Kar CSCE 715, Fall 2013.

Bitcoin Double Spending Attack Karame, Androulaki & Capkun Presented by Subhro Kar CSCE 715, Fall 2013.
Stefan Dziembowski Why do the cryptographic currencies need a solid theory? Forum Informatyki Teoretycznej, Warsaw 30.1.2015.

Stefan Dziembowski Why do the cryptographic currencies need a solid theory? Forum Informatyki Teoretycznej, Warsaw
BITCOIN An introduction to a decentralised and anonymous currency. By Andy Brodie.

BITCOIN An introduction to a decentralised and anonymous currency. By Andy Brodie.
Bitcoin is the FUTURE of MONEY!!

Bitcoin is the FUTURE of MONEY!!
The world’s first decentralized digital currency Meni Rosenfeld Bitcoil 29/11/2012Written by Meni Rosenfeld1.

The world’s first decentralized digital currency Meni Rosenfeld Bitcoil 29/11/2012Written by Meni Rosenfeld1.
AIM Why should we invest in real estate? DO NOW What are the advantages of investing in real estate? REAL ESTATE.

AIM Why should we invest in real estate? DO NOW What are the advantages of investing in real estate? REAL ESTATE.
On Power Splitting Games in Distributed Computation: The case of Bitcoin Pooled Mining Loi Luu, Ratul Saha, Inian Parameshwaran, Prateek Saxena & Aquinas.

On Power Splitting Games in Distributed Computation: The case of Bitcoin Pooled Mining Loi Luu, Ratul Saha, Inian Parameshwaran, Prateek Saxena & Aquinas.
Bitcoin (what, why and how?)

Bitcoin (what, why and how?)
Security Update Vincent BRILLAULT HEPiX Spring 2014, Annecy.

Security Update Vincent BRILLAULT HEPiX Spring 2014, Annecy.
Bitcoins and the Digital Economy Presented By: Matt Blackman.

Bitcoins and the Digital Economy Presented By: Matt Blackman.
Bitcoins – Mining and Trading Jonathan Day, Carpe Diem 18 th July 2013.

Bitcoins – Mining and Trading Jonathan Day, Carpe Diem 18 th July 2013.
Subverting Bitcoin David Evans and Samee Zahur. Mining Why do we need miners?

Subverting Bitcoin David Evans and Samee Zahur. Mining Why do we need miners?
First… What is Cryptocurrency? A Cryptocurrency is a digital currency that is created through mathematical engineering (algorithm). It is designed to.

First… What is Cryptocurrency? A Cryptocurrency is a digital currency that is created through mathematical engineering (algorithm). It is designed to.
An Introduction to Product Markets. What is a Market? Institution or mechanism that brings together buyers and sellers Common element is goods or services.

An Introduction to Product Markets. What is a Market? Institution or mechanism that brings together buyers and sellers Common element is goods or services.
Block Chain 101 May 2017.

Block Chain 101 May 2017.
Motivation ✓ ✘ ? Bitcoin/Ideal Credit Card Works on Internet

Motivation ✓ ✘ ? Bitcoin/Ideal Credit Card Works on Internet
Math 1050 Project Part 3 Joshua Funderburk Sarah Hansen

Math 1050 Project Part 3 Joshua Funderburk Sarah Hansen

Similar presentations

Ads by Google