Module-4(2021Batch)

Bitcoin Mining , Bitcoin and Anonymity

By,
Dr.Jyothi D G
Professor & Head,
Department of AI & ML, BIT
Contents
1. The task of Bitcoin Miners
2. Mining Hardware
3. Energy Consumption and Ecology
4. Mining pools
5. Mining Incentives and Strategies
6. Anonymity Basics
7. How to De-anonymize Bitcoin
8. Mixing
9. Decentralized Mixing
10. Zerocoin and Zerocash
 Bitcoin Mining
Ø Bitcoin mining is often compared to historical gold rushes.
Ø In gold rushes, people rushed to find wealth, but most ended up losing everything.
Ø A few became rich, but they had to face many struggles and challenges. Similarly, in
Bitcoin mining, people invest time and resources hoping for big rewards, but success
is uncertain and comes with difficulties.
Ø To be a Bitcoin miner, you have to join the Bitcoin network and connect to other
nodes.
Ø Once connected, there are six tasks to perform:
 Bitcoin Mining
1.Listen for transactions: Miners listen for transactions on the network and validate them
by checking that signatures are correct and that the outputs being spent haven’t already
been spent.
2.Maintain block chain and listen for new blocks. To maintain the blockchain, nodes first
request other nodes to share all historical blocks that were added to the blockchain before
joining the network.
àOnce synchronized, miner monitor the network for new blocks being broadcast.
à Each new block miner receive must be validated by checking the validity of every
transaction it contains and ensuring the block has a valid nonce.
3. Assemble a candidate block: Once copy of the blockchain is up-to-date, miner can
start creating his own blocks.
 Bitcoin Mining
à To do this, miner gather transactions received and organize them into a new block that
links to the latest block in the chain.

à It’s essential to ensure that every transaction in the block is valid before including it.

4. Find a nonce that makes miners block valid: To make block valid, miner need to find a
nonce that satisfies the required conditions.

à This step is the most computationally intensive and challenging part of mining.

5.Hope your block is accepted: Even after successfully finding a valid nonce, there's no
certainty that the block will be accepted into the consensus chain.

à This process involves an element of luck, as other miners might also be competing to add
their blocks at the same time.
 Bitcoin Mining
6. Profit: If other miners accept block, miner earn a reward.

à As of 2015, the block reward is 25 bitcoins, worth approximately $10,000 at the

time along with transaction fees included in the block's transactions.
à. While transaction fees provide extra income, they typically account for only
about 1% of the block reward, making them a modest supplementary source of
earnings.
 Finding a Valid Block
Ø To find a nonce that makes your block valid, you need to work with two main
hash-based structures: The blockchain and The Merkle tree.
Ø The blockchain connects each block header to the previous one, while the Merkle
tree organizes all transactions within a block.
Ø As a miner, your first step is to compile a set of valid transactions from your
pending transaction pool into a Merkle tree.
Ø You can decide how many transactions to include, provided the total size of the
block does not exceed the allowed limit.
Ø Then create a block with a header that points to the previous block.
 Finding a Valid Block
Ø The block header includes a 32-bit nonce field, and keep trying different nonces,
looking for one that causes the block’s hash to be under the target(to begin with the
required number of zeros).
Ø As a miner, you might begin with a nonce of 0 and successively increment it by
one in search of a nonce that makes the block valid.
Ø In most cases, you’ll exhaust all possible 32-bit nonce values without producing a
valid hash.
Ø When this happens, further adjustments will be necessary to continue the mining
process.
Finding a Valid Block
 Finding a new block
Ø When the nonce in the coinbase transaction is modified, it causes the entire
Merkle tree of transactions to change.
Ø This is because the change propagates through the tree, making it a much more
resource-intensive operation compared to altering the nonce in the block header.
Ø For this reason, miners typically focus on changing the nonce in the block
header.
Ø Only after exhausting all 2^32 possible values for the block header nonce without
finding a valid block will they resort to modifying the coinbase nonce.
 Finding a new block
Ø Most nonces you attempt will not work, but need to find the right combination of the
extra nonce in the coinbase transaction and the nonce in the block header that produces a
hash below the target.
Ø Once you achieve this, it's crucial to broadcast your block as quickly as possible to
maximize your chances of earning the reward.
Ø Exactly how difficult is it to find a valid block?
As of the end of 2015, the mining difficulty target (in hexadecimal) is:
00000000000000000a9550000000000000000000000000000000000000000000
Ø So the hash of any valid block has to be below this value.
 Finding a new block
Ø
 Determining the Difficulty
Ø The mining difficulty changes every 2,016 blocks, which are found about
once every 2 weeks.
Ø It is adjusted based on how efficient the miners were over the period of the
previous 2,016 blocks according to this formula:

Ø The interval of 2,016 blocks corresponds to exactly 2 weeks if a block is

mined every 10 minutes.
Ø This formula adjusts the mining difficulty to ensure that, on average, blocks
continue to be found approximately every 10 minutes.
 Determining the Difficulty
Ø The choice of 2 weeks strikes a balance: a shorter adjustment period could cause the
difficulty to fluctuate due to random variations in block discovery, while a longer
period might allow the network's hash power to diverge significantly from the
difficulty, disrupting consistency.
Ø Each Bitcoin miner independently calculates the difficulty and only accepts blocks that
meet their computed difficulty.
Ø While miners on different branches of the blockchain might calculate different
difficulty values, miners working on the same branch will always agree on the
difficulty.
Ø This shared agreement on difficulty ensures consensus across the network.
Determining the Difficulty
 Determining the Difficulty
Ø The difficulty is a step function, even though the overall network hash rate is growing
smoothly.
Ø The discrete step results from the fact that the difficulty is only adjusted every 2,016
blocks.
•Average Block Time: ~10 minutes between consecutive blocks.
•Variation: Gradual decrease in block time as more miners join the network.
•Periodic jump back to ~10 minutes after difficulty adjustment.
 Determining the Difficulty:Mining and Hash Power
Difficulty Adjustment Cycle

•Reset Interval: Every 2,016 blocks (~2 weeks).

•Effect:
• Difficulty recalibrates to maintain an average block time of 10 minutes.
• Increased hash power leads to faster block discovery until the next adjustment.

•Increased Mining Activity:

• More miners joining the network increase hash power.
• Faster block discovery before difficulty adjustment.
•Rebalancing:
• Difficulty adjustment ensures stability in block creation times.
 MINING HARDWARE
à The core of the difficult computation miners are working on is the SHA-256 hash

function. SHA-256 is a cryptographic hash function standardized in 2001 as part of the

Secure Hash Algorithm family.

à It was chosen for Bitcoin because it was the strongest cryptographic hash function

available at the time of its design.

à While it may become less secure over Bitcoin's lifetime, it is currently considered
reliable. Despite being developed by the U.S. National Security Agency, which has

sparked some conspiracy theories, SHA-256 is widely regarded as a robust and

trustworthy hash function.

 MINING HARDWARE
Why Bitcoin Mining is Computationally Difficult
• Core Task of miners is to Mine and find a hash that meets specific conditions.
• SHA-256, a cryptographic hash function, is central to the process.
Challenges:
• Requires immense computational effort due to randomness in hash outputs.
• Miners perform trillions of hash calculations before finding a valid one.
àSecure Hash Algorithm 256-bit which was Standardized in 2001 as part of the
SHA family.
Key Features:
• Produces a fixed 256-bit output from any input.
• Strong cryptographic properties make it unpredictable.
 MINING HARDWARE
Ø It was the strongest cryptographic hash available at Bitcoin's inception.
Ø Despite potential future risks, it remains secure and trusted today.
u Hardware Used by Miners
1. CPUs: Initially used, but inefficient.
2. GPUs: Improved performance with parallel processing.

3. ASICs (Application-Specific Integrated Circuits): Purpose-built for mining, offering

massive computational power.
Conspiracies Around SHA-256
• Developed by the U.S. National Security Agency (NSA).
• NSA's involvement has led to conspiracy theories questioning its integrity of SHA-256
• Consensus: SHA-256 is widely regarded as a secure and robust cryptographic function.
 SHA Family
Ø The “256” in SHA-256 comes from its 256-bit state and output.

Ø SHA-256 & Sha-512 are closely related functions in the SHA-2 family.

Ø There is also SHA-1, an earlier generation with 160-bit output, which is now considered
insecure but is still implemented in Bitcoin script.

Ø Although the SHA-2 family, including SHA-256, is still considered to be

cryptographically secure, the next generation SHA-3 family has now been picked by an
open competition held by the U.S. National Institute of Standards and Technology.

Ø SHA-3 is in the final stages of standardization today, but it wasn’t available at the time
Bitcoin was designed.
A Closer Look at SHA-256
 A Closer Look at SHA-256
1. SHA-256 maintains a 256-bit state.
2. The state is divided into eight 32-bit words, optimized for 32-bit hardware.
3. Each round uses specific words from the state, applies bitwise tweaks, and performs
modular addition (mod 32).
4. The entire state undergoes a right shift, and the result of the addition becomes the new
leftmost word.
5. The algorithm's design is loosely based on bitwise Linear Feedback Shift Registers
(LFSRs).
6. The SHA-256 compression function runs for 64 iterations.
7. Each iteration applies slightly different constants, ensuring unique processing for
every round.
 A Closer Look at SHA-256
8. Miners must compute the SHA-256 function as quickly as possible to succeed in
mining. Mining speed directly impacts earnings, as miners compete to solve the
cryptographic puzzle first.

9. Efficient manipulation of 32-bit words.

10.Performing 32-bit modular addition.

11. Executing bitwise logic operations at high speeds.

 CPU MINING
Ø The first generation of mining was all done on general-purpose computers—that
is, general-purpose central processing units (CPUs).
Ø That is, miners simply searched over nonces in a linear fashion, computed SHA-
256 in software, and checked whether the result was a valid block.
 CPU MINING
u Bitcoin mining has become extremely difficult and impractical for general-purpose
computers like desktops using CPUs:
• A high-end desktop can compute around 20 million hashes per second, but Bitcoin's
difficulty level is so high that, on average, it would take hundreds of thousands of
years to successfully mine one block.
• As a result, using a CPU (Central Processing Unit) for mining is no longer profitable or
effective because the difficulty has far outpaced the computational power of general-
purpose computers.

• Anyone still trying to mine Bitcoin with a CPU likely doesn't understand the
mining process or the current state of Bitcoin mining and is unlikely to earn any
rewards.
 GPU Mining
Ø The second generation began when people started to get frustrated with how slow
their CPUs were and instead used their graphics cards, or graphics processing units
(GPUs).
GPUs in Modern Desktops:
Ø Built-in for high-performance graphics.
Ø Offer high throughput and high parallelism—ideal for Bitcoin mining.
Parallelizable Mining:
Ø Bitcoin mining benefits from parallel processing, as multiple hashes can be computed
simultaneously with different nonces.
 OpenCL and GPU Mining
• OpenCL(Open Computing Language) Language:
• Released in 2010 as a general-purpose programming language for GPUs
• OpenCL is a framework for writing programs that execute across heterogeneous
platforms, including CPUs, GPUs, and other processors.
• Enables non-graphics computations, including Bitcoin mining.
• Allows faster computations on GPUs compared to CPUs.
• Impact on Mining:
• OpenCL facilitated the use of GPUs for efficient Bitcoin mining.
u Advantages of GPUs for Mining
• Accessibility:
• GPUs are readily available online or at consumer electronics stores.
• Simple and convenient for beginners to set up.
 Why GPUs Became Popular for Bitcoin Mining
• Parallelism:
• GPUs have multiple Arithmetic Logic Units (ALUs) designed for simultaneous
computations.
• Ideal for parallel SHA-256 operations required in mining.

• User-Friendly:
• High-end hardware accessible to the general public.
• Simple to configure for mining tasks.
• Performance:
• GPUs outperformed CPUs in mining due to their ability to handle high-volume,
parallelized computations efficiently.
• Scalability:
• Multiple GPUs could be combined to scale up mining operations effectively.
 Overclocking GPUs for Bitcoin Mining
• Definition of Overclocking:
• Running a GPU faster than its designed speed.
• Introduces risks of overheating or malfunction.
• Origin of Overclocking Demand:
• Originally popular among gamers.
• Adopted by Bitcoin miners for potential profit increases.
u Overclocking and SHA-256 Computation
• Benefits:
• Increases the speed of SHA-256 computations.
Potential for higher mining throughput.
•
• Risks:
• Overclocking can cause errors in SHA-256 computations.
• Errors may result in invalid solutions or missed valid solutions.
 OpenCL and GPU Mining
Example: Scenario:
• GPU runs 50% faster (1.5× throughput).
• Errors occur in 30% of computations (0.7× success rate).
• Outcome:
• Combined effect: 1.5×0.7=1.05
• Result: 5% increase in expected profits.
u Optimizing Overclocking
• Error Handling:
• Invalid solutions can be double-checked on a CPU.
• Missed valid solutions cannot be recovered.
• Profit Calculation:
• Overclocking is profitable if the speed gain outweighs error-induced losses.
• Optimization:
• Miners carefully calibrate overclocking to maximize profitability without excessive risk.
 Disadvantages of GPU mining
• GPUs include specialized hardware for video processing, such as a large number of
floating-point units, which are not utilized in SHA-256 computations for Bitcoin
mining.

• Additionally, GPUs are not thermally optimized for mining; when stacked together,
they are prone to overheating, limiting their efficiency and reliability.
 GPU Mining
u Power Consumption of GPUs
• GPUs consume significantly more power than ordinary computers.
• Increased electricity costs make GPU mining less economical.
u Challenges in Setting Up GPUs for Mining
• Miners needed to build custom boards or purchase expensive setups to house multiple
GPUs.
• Added complexity and costs for mining operations.
u GPU Performance in Bitcoin Mining
• Performance Potential:
• A high-end GPU with aggressive tuning can achieve up to 200 million hashes per
second.
• This is 10× faster than CPU mining.
• Limitations:
• Even with 100 GPUs, it would take hundreds of years on average to mine one block at
the 2015 difficulty level.
 Decline of GPU Mining for Bitcoin
• Reasons for Decline:
• Increased Bitcoin mining difficulty has rendered GPUs inefficient for mining.
• Specialized hardware (ASICs) has replaced GPUs for Bitcoin mining.
• Current Use Cases:
• GPU mining is now mostly seen in early-stage altcoins where mining difficulty is
lower.
•
 Mining with field programmable gate Arrays
• Around 2011, miners began using Field Programmable Gate Arrays (FPGAs) for
Bitcoin mining after the first implementation in Verilog, a hardware design
language.

• FPGAs offer performance similar to custom hardware but can be customized or

reconfigured "in the field," unlike factory-designed chips that remain fixed in their
functionality.
 Advantages of FPGAs Over GPUs
• Superior Performance:
• FPGAs excel in bit fiddling operations(AND,OR, XOR,Shifting), which are trivial
to implement on them.
• Better suited for mining-specific tasks compared to GPUs.
• Efficient Cooling:
• FPGAs generate less heat, making cooling more manageable than with GPUs.
u Optimized Resource Utilization
• Full Utilization:
• Unlike GPUs, nearly all transistors on an FPGA card can be used for mining tasks.
• Maximizes hardware efficiency.
• Scalability:
• Multiple FPGAs can be packed together and driven by a single central unit.
 Advantages of FPGAs Over GPUs
u Neat Array Design
• FPGAs allow for more organized and compact arrays compared to bulky GPU
setups.
• Easier to build and manage large mining arrays with FPGAs.
u Transition to FPGA Mining
• Many miners switched to FPGAs for their efficiency and customizability.
• Ideal for dedicated mining operations during their time of popularity.
 Performance of FPGA Mining
• Throughput:
• An FPGA with a careful implementation can achieve up to 1 gigahash per second (1 billion
hashes per second).
• Significant performance improvement compared to CPUs and GPUs.
• Limitations:
• Even with 100 boards at 1 giga hash-per-second each, it would still take about 100 years on
average to mine a Bitcoin block at the 2015 difficulty level.
u Challenges of FPGA Mining
• Hardware Stress:
• Consumer-grade FPGAs were pushed beyond their design limits for mining.
• Overclocking and continuous operation led to errors and malfunctions.
• Optimization Difficulty:
• The 32-bit addition step, critical for SHA-256 calculations, proved difficult to optimize
effectively.
 Accessibility Issues
• Limited Availability:
• FPGAs are not widely available at consumer electronics stores, unlike GPUs.
• Complex Setup:
• Setting up and programming an FPGA requires specialized knowledge.
• Fewer people are skilled in FPGA programming compared to GPU configurations.
u Decline of FPGA Mining
• Short-Lived Era:
• Despite performance gains, the use of FPGAs for Bitcoin mining was limited due
to:
• Hardware reliability issues.
• Optimization challenges.
• Limited accessibility and complexity.
•
 Mining with Application-Specific Integrated Circuits
u Introduction to Bitcoin ASICs:
• Application-Specific Integrated Circuits (ASICs) are chips designed solely
for Bitcoin mining.
• Market Variety:
• ASICs are available in different sizes, prices, and performance levels.
• Options vary in energy efficiency and compactness.
u Advantages of ASICs for Mining
• Optimized for Mining:
• Tailored for SHA-256 calculations required in Bitcoin mining.
• Outperform general-purpose hardware like CPUs, GPUs, and FPGAs.
• Energy Efficiency:
• ASICs are more energy-efficient compared to earlier mining hardware.
 Challenges in ASIC Development
• Expertise and Lead Time:
• ASIC design requires significant expertise and has a long production timeline.
• Fast development of Bitcoin ASICs set records for integrated circuit turnaround
time.
• Initial Bugs:
• Early ASIC generations were buggy and failed to meet promised performance
levels.
u Maturation of ASIC Technology
• Improved Reliability:
• Modern Bitcoin ASICs are far more reliable and efficient than early versions.
• Stable performance numbers now align with advertised specifications.
• Widespread Adoption:
• ASICs dominate Bitcoin mining due to their unmatched performance and efficiency.
 Professional mining today
u Shift to Professional Mining Centers
Mining has transitioned from individuals to professional mining centers.
•
• Secrecy:
• Companies keep operational details private to maintain a competitive advantage.
• Equipment:
• Mining centers often use bulk-purchased, newer, and more efficient ASICs than those
available to individuals.
u Key Considerations for Setting Up Mining Centers
1. Climate:
Cold climates are preferred to reduce cooling costs.
1.
2. Electricity Costs:
1. Cheap electricity is critical to maintain profitability.
3. Network Speed:
1. High-speed internet is required for efficient communication with the Bitcoin network.
 Professional mining today
u Challenges of Cooling in Mining Centers
• Heat Output:
• Bitcoin mining generates 10× more heat per square foot than traditional data
centers.
• Cooling Needs:
• Efficient cooling systems are essential to manage the significant heat produced by
ASICs.

Eg: A professional mining center in the Republic of Georgia.

Highlights the scale and infrastructure of modern mining operations.

 Professional mining today
•
 Similarities to gold mining
u Bitcoin Mining vs. Gold Mining: An Overview
• Parallels:
• Both began with a gold rush mentality, attracting young, amateur individuals eager to
profit.
• Over time, operations became professionalized and consolidated by large companies.
u Evolution of Bitcoin Mining
• Stages:
• CPUs: Initial phase of Bitcoin mining.
• GPUs: Higher throughput introduced.
• FPGAs: Improved performance and customizability.
• ASICs: Highly specialized chips dominating mining today.
• Trend:
• Mining has shifted away from individuals to large-scale professional operations.
 Professional mining today
u Evolution of Gold Mining
• Stages:
• Gold Pans: Used by individuals for small-scale mining.
• Sluice Boxes: Small group operations.
• Placer Mining: Large groups using water blasting techniques.
• Modern Mining: Gigantic open-pit mines extracting tons of raw material.
• Trend: Similar to Bitcoin, gold mining has become dominated by large companies
over time.
 Advantages of FPGAs Over GPUs
u Impact of Consolidation
• Loss of Accessibility:
• For both Bitcoin and gold mining, the ability of individuals to participate and profit
has declined.
• Large companies now control most operations and profits.
• Profit Distribution:
• Most profits have gone to equipment sellers (e.g., gold pans, mining ASICs).
• Individual miners often bear the costs without significant rewards.
•
 ENERGY CONSUMPTION AND ECOLOGY
u Energy cannot be destroyed; it is always converted from one form to another. In
Bitcoin mining, electricity—a useful, high-grade form of energy—is transformed
into heat, which dissipates into the environment.

u This energy consumption is inherent to the computational process, particularly for

cryptographic hash functions like SHA-256, which are irreversible by design.

u The irreversibility of SHA-256 ensures the security of Bitcoin mining but also
guarantees that energy is consumed in the process.
u While energy consumption is inevitable, the current electricity usage for Bitcoin
mining far exceeds the theoretical minimum defined by Landauer’s
principle(Developed by Ralph Landauer in the 1960s states that any irreversible
computation must use a minimum amount of energy)
 ENERGY CONSUMPTION AND ECOLOGY
Ø Even if mining were optimized to this theoretical limit, energy consumption
would still be required.

u This highlights the inherent trade-off between computation and energy efficiency
in Bitcoin mining.

u How does Bitcoin mining use energy? Three steps in the process require energy,

1.Embeded Energy: Bitcoin mining equipment, like ASICs, requires significant

energy even before it is used. This energy, known as embodied energy, includes the
energy needed to mine raw materials, manufacture the equipment, and ship it. By the
time a mining ASIC arrives, a substantial amount of energy has already been
consumed.
 ENERGY CONSUMPTION AND ECOLOGY
Ø Over time, the embodied energy may decrease as fewer new mining devices are
produced and purchased.

Ø If mining equipment becomes less frequently replaced and remains in use for
longer periods, the initial energy investment can be spread out, or amortized,
over several years of mining.

2. Electricity: When an ASIC is powered on and mining, it consumes electricity,

which is inevitable due to Landauer's principle.

à As mining rigs become more efficient, the amount of electricity required may
decrease, reducing energy costs. However, energy consumption will never be
entirely eliminated; it will always remain a fundamental aspect of Bitcoin mining.
 Continued…
3. Cooling: Bitcoin mining equipment requires effective cooling to avoid
overheating and malfunction.

à In small-scale setups located in cold climates, cooling costs can be minimal.

However, as the number of ASICs increases in a confined space, even cold
environments may require additional cooling to handle the significant waste
heat generated.

à Typically, the energy needed for cooling is also provided through electricity,
adding to the overall operational costs.
 Mining at Scale
Ø At large scales, embodied energy and electricity costs per unit of mining work
decrease due to efficiency in chip design and power delivery.

Ø However, cooling costs typically increase because concentrated heat requires

more energy to dissipate, unless the physical area scales alongside the
equipment.
 Estimating Energy Usage
Ø Estimating the total energy consumption of the Bitcoin system is challenging
due to its decentralized nature and lack of comprehensive data from miners.

Ø However, rough calculations can provide order-of-magnitude estimates, though

these figures are imprecise and subject to rapid changes in parameters.

Ø Early 2015 estimates highlight the difficulty and variability in determining

accurate energy usage.
 TOP-DOWN APPROACH
u Each time a block is mined, 25 bitcoins (worth about $6,500 in early 2015) are
rewarded to miners, equating to approximately $11 per second entering the
Bitcoin economy.

u If miners spent all their revenue on electricity, they could purchase 367
megajoules of energy per second, assuming an average industrial electricity cost
of $0.10 per kilowatt-hour ($0.03 per megajoule).

u This would result in a continuous energy consumption of 367 megawatts,

providing an upper bound on Bitcoin's potential energy usage.
 Mining pools
u Historically, small business owners used mutual insurance to manage risks.
Example: Farmers agreed to share profits with any farmer who suffered a loss, like a
barn burning down.
Ø This spreads financial risks across the group.
• Bitcoin Mining Pools act as mutual insurance for small miners.
• Miners collaborate and designate a pool manager to receive block rewards.
• Rewards are distributed proportionally based on each miner’s work contribution.
• The pool manager takes a small fee for managing the pool.
Ø Main benefits are 1.Reduces reward variance for individual miners.
2. Provides a steady and predictable income for small-scale miners.
3. Allows miners with lower hashing power to participate effectively.
 Mining pools
Ø The Challenge of Verifying Contributions
• Pool managers must determine each miner’s work contribution accurately.
• Relying solely on claims can lead to dishonesty (miners overstating their work).
• Accurate mechanisms are needed to measure and validate contributions.
u Ensuring Trust and Stability
• Reliable verification ensures fairness and trust within the pool.
• The system guarantees proportional rewards, reducing conflicts.
• Mining pools provide stability in the income stream for small miners.
 Mining Shares
• Challenge: How can miners prove their work to the pool manager without
cheating?
• Solution is Miners output shares, or near-valid blocks, as probabilistic proof of
their work.
Eg: Suppose a valid block hash requires 67 leading zeros.
• During their search, miners may find blocks with fewer zeros (e.g., 40 or 50),
which are not fully valid but still prove effort. These "shares" demonstrate the
miner's contribution to the pool.
• Valid Block Requirement: The hash must be below a specific target threshold.
• Shares:
• Near-valid blocks with hashes containing a significant number of leading
zeros (e.g., 40-50 zeros).
• The number of zeros depends on the difficulty and the type of miners in the
pool.
 Mining Shares
u Role of the Pool Manager
• The pool manager assembles the block:
• Runs a Bitcoin node to collect transactions.
• Includes their own address in the coinbase transaction.
• Miners' Role:
• All pool participants work on the same block provided by the manager.
• Miners submit shares (near-valid blocks) to prove their work.
• This system ensures fairness and trust in reward distribution while minimizing
cheating.
Mining Shares
 Mining Shares
u When a pool member discovers a valid block, they send it to the pool manager.

u The manager then distributes the block reward proportionally based on each
miner's contributed work.

u The miner who found the block does not receive any special bonus.

u Instead, payment is determined solely by the amount of work done, meaning a

miner who contributed more work can earn a larger share of the reward, even if
they did not find the valid block themselves.
Mining Shares
 Pay per Share
u Pay-Per-Share (PPS) Model Overview
• In the Pay-Per-Share (PPS) model:
• Miners are paid a flat fee for every share submitted above a certain difficulty.
• Payment is immediate, without waiting for the pool to mine a valid block.
• Key Feature: Miners send shares and get paid right away.
Benefits: 1)For Miners:
• Guaranteed income for every valid share submitted.
• Reduces reward variance and provides steady earnings.
2). For Pool Managers:
• They assume all the risk of block discovery.
3). Trade-off: Pool managers often charge higher fees to compensate for the increased
risk.
 Challenges of the Pay-Per-Share Model
• Lack of Incentive for Valid Blocks:
• Miners are paid for shares, not valid blocks.
• They might discard valid blocks, causing losses for the pool.
• Risk of Malicious Attacks:
• A malicious pool manager could attack a competing pool by encouraging
miners to discard valid blocks.
• This could destabilize and financially harm the competing pool.
 Mining Shares
• In the proportional model:
• Payments are made only when the pool finds a valid block.
• Rewards are distributed proportionally based on the work each miner
contributed.
• Key Difference: No flat fee per share like in the Pay-Per-Share (PPS) model.
u Risk Distribution in the Proportional Model
• For Miners:
• Miners bear some risk, as payouts depend on the pool finding blocks.
• However, in large pools, the variance in finding blocks is relatively low.
• For Pool Managers:
• Lower financial risk because payouts occur only when valid blocks are found.
 Proportional Model
u Incentives and Advantages
• Incentive for Valid Blocks:
• Miners are motivated to submit valid blocks because rewards are tied to block
discovery.
• This avoids the issue seen in the Pay-Per-Share model where valid blocks might be
discarded.
• Efficient for Pool Stability:
• Encourages honest participation from miners.
• Reduces malicious behavior that can harm the pool.
u Challenges for Pool Managers
• The proportional model requires more effort from pool managers:
• Verification: Validating the work contributed by each miner.
• Calculation: Computing proportional rewards accurately.
• Distribution: Ensuring fair and timely reward payouts.
• Despite the added complexity, the model balances fairness and incentives effectively.
 Pool Hopping
u Pool Switching and Incentives
• Why Miners Switch Pools:
• In a proportional pool, rewards per share are higher if a block is found
quickly.
• Miners exploit this by mining early in the cycle, when rewards are high, and
switching to a pay-per-share (PPS) pool later.
• Key Issue: Fixed block rewards in proportional pools create unequal incentives.
• Pool-Hopping Behavior:
• Miners strategically switch between pools to maximize earnings.
• Proportional pools are more vulnerable due to fluctuating rewards per share.
• Impact: Makes proportional pools impractical for long-term stability.
 Pool hopping
• Pay-Per-Last N Shares (PPLNS):
• Rewards are based on the last N shares submitted, not the timing of
submission.
• This reduces the incentives for miners to hop between pools.
• Limitation: While PPLNS discourages hopping, it is not completely immune to
manipulation.
u The Ongoing Challenge
• Open Problem:
• Designing a mining pool reward system that is fully resistant to pool-
hopping remains unsolved.
• Effective solutions must balance fairness, simplicity, and resistance to
exploitation.
 History and Standardization
u Origin of Mining Pools
• Introduction of Mining Pools (2010):
• Emerged during the GPU era of Bitcoin mining.
• Purpose: Lowered variance for participating miners, providing more stable
rewards.
• Instant popularity due to benefits for small-scale miners.
u Mining Pool Protocols
• Mining Pool Communication:
• Pools use protocols to enable communication between the pool manager
and miners.
• Functions:
• Pool managers send block details for miners to work on.
• Miners send shares back to the manager.
 Standardized and Competing Protocols
• Standardized Protocol:
• getblocktemplate: Officially standardized as a Bitcoin Improvement
Proposal (BIP).
• Competing Protocol:
• Stratum: More popular in practice and proposed as a BIP.
• Impact of Multiple Protocols:
• Minor inconvenience as pools can choose their preferred protocol.
• The market determines which protocol is superior.
u Hardware-Level Support and Limitations
• Some mining hardware supports these protocols at the hardware level.
• Effect on Development:
• Hardware-level support provides efficiency but may limit protocol
innovation over time.
 51% Mining pools
u Shift to Pool Mining (2015)
• By 2015, nearly all miners operated through mining pools, with solo mining
becoming rare.
• Mining pools provided lower reward variance and higher efficiency, attracting
most miners.
u GHash.IO and the 51% Concern (June 2014)
• GHash.IO became the largest mining pool, controlling over 50% of the
network’s hash rate.
• This created a 51% attack risk, which could compromise the network’s security.
• The mining community reacted strongly against GHash.IO, fearing
centralization.
 51% Mining pools
u GHash.IO's Response (August 2014)
• GHash.IO reduced its market share by stopping new participants.
• Result:
• Its share dropped below 50%.
• However, two pools still controlled nearly half of the network's power,
raising continued centralization concerns.
u Market Fluidity by 2015
• April 2015: The network became less concentrated with more diversified pools.
• Reasons for Fluidity:
• New miners and pools entered the market.
• Standardized protocols simplified switching between pools for miners.
51% Mining pools
51% Mining pools
51% Mining pools
 51% Mining pools
u Future Concerns and Evolution
• The 51% risk remains a concern, but negative publicity (e.g., GHash.IO’s
case) discourages pools from growing too large.
• Uncertain Future:
• The market share of pools continues to change.
• The long-term evolution of mining pools and their impact on
decentralization remains to be seen.
 Are Mining pools beneficial
u Advantages:
1. Predictable Earnings:
1. Mining pools reduce reward variance, making earnings more predictable
for participants.
2. They enable smaller miners to participate effectively, who might
otherwise find solo mining infeasible due to high variance.
2. Simplified Network Upgrades:
1. A centralized pool manager assembles blocks and operates on the
network.
2. Upgrading the software of the pool manager effectively updates all pool
participants, simplifying network-wide upgrades.
 Are Mining pools beneficial:Disadvantages
1. Centralization Risk:
1. Mining pools introduce a degree of centralization, raising concerns about the power
concentrated in large pools.

2. While miners can leave a pool perceived as too powerful, it is unclear how often
this happens in practice.
2. Reduced Node Participation:
1. Mining pools decrease the number of participants running fully validating Bitcoin
nodes.

2. Previously, all miners stored the entire blockchain and validated every transaction
independently, ensuring decentralization at the node level.
u Mining pools balance efficiency and accessibility for miners but come with trade-offs
in centralization and decentralization of network operations.
 Mining incentives and strategies
u There are also some interesting strategic considerations that every miner has to
make before they pick which blocks to work on.
1. Choosing Transactions to Include:
• Miners select which transactions to include in a block, typically prioritizing those
with transaction fees higher than a set minimum.
2. Deciding Which Block to Mine On:
• Miners decide which block to extend, with the default strategy being to mine on
top of the longest valid chain.
3. Choosing Between Competing Blocks at the Same Height:
• When two blocks at the same height are announced simultaneously, creating a 1-
block fork, miners choose which block to extend. The default behavior is to extend
the block they heard about first.
4. Timing of Block Announcements:
• Miners decide when to announce a newly mined block. The default is to announce
immediately, but they may choose to delay the announcement for strategic reasons.
 Forking attack
u Forking Attack Overview
• Objective: Perform a double-spend by creating a fork in the blockchain.
Eg: The attacker sends a payment to the victim (e.g., Bob) for a good or
service.
• Bob confirms the transaction on the blockchain and ships the goods or
performs the service.
u Fork Creation and Double Spend
• The attacker starts working on an earlier block—before the block containing
the transaction to Bob.
• On this forked chain, the attacker includes a double-spend transaction,
redirecting the coins back to their own address.
• This creates two competing chains:
• Main Chain: Includes the original transaction to Bob.
• Forked Chain: Includes the double-spend transaction.
 Forking attack:Conditions for Success
• For the attack to succeed:
• The forked chain must overtake the current longest chain.
• The attacker must have majority hash power (α>0.5\alpha > 0.5α>0.5).
• This ensures that the attacker can consistently mine blocks faster than the honest
miners.
• Once successful, the transaction to Bob no longer exists on the consensus blockchain.
u Implications and Risks
• Impact on Bob:
• Bob loses the goods or service provided, as the payment no longer exists on the
blockchain.
• Importance of Hash Power Distribution:
• The attack is viable only if the attacker has majority hash power.
• Maintaining decentralized hash power is critical to preventing such attacks.
 Forking attack
u
 Forking attack
u Forking attack becomes feasible when an attacker controls more than 50% of the
network’s hash power (α>0.5\alpha > 0.5α>0.5), but it may also be possible with
slightly less due to factors like network latency.

u Default miners on the main chain experience delays in hearing about new blocks,
leading to stale blocks, while a centralized attacker can communicate faster and
produce fewer stale blocks, potentially gaining an efficiency advantage of 1% or more.

u However, near the 50% threshold, such attacks rely heavily on random chance and may
take a long time to succeed.

u The attack becomes increasingly efficient as the attacker’s hash power surpasses 50%,
making 51% less of a strict threshold and more of a gradual tipping point.
 Forking attack via Bribery
u Challenges of a Direct Forking Attack
• Direct Approach: Buying enough hardware to control the majority of hash
power is:
• Expensive and difficult due to the scale of global mining capacity.
• Alternative Solution: Bribing existing miners to work on the attacker’s fork
instead of acquiring hash power directly.
u Methods of Bribing Miners
1. Out-of-Band Payments:
1. Locate large-scale miners and offer cash or incentives to support the fork.
2. Creating a New Mining Pool:
1. Run a pool at a loss with higher incentives than other pools to attract
miners temporarily.
3. Big Tips on the Forked Chain:
1. Leave large block rewards (tips) on the forked chain to entice miners to
leave the longest chain and work on the fork.
 Forking attack via bribery:Attack Mechanics
• Goal: Use bribes to redirect existing hash power to the attacker’s fork, allowing it to
overtake the longest chain.
• Key Idea: Instead of acquiring hardware, the attacker pays miners already controlling
the capacity.
u Risks and Considerations
• Resistance from Miners:
• Miners might avoid helping the attacker to protect the currency they’ve invested
in.
• Tragedy of the Commons:
• While miners collectively benefit from a solvent currency, individual miners may
defect if they see short-term financial gain from accepting bribes.
u Implications for Network Security
• Short-Term Gain vs. Long-Term Stability:
• Attack success depends on miners prioritizing immediate rewards over the
network's health.
• Defense:A decentralized and incentivized network reduces the risk of bribery and
fork attacks.
 Temporary Block-Withholding Attacks
u Selfish Mining Overview
• Default Behavior:
• Miners announce a newly found block immediately to the network.
• Selfish Mining:
• A miner withholds a block instead of announcing it.
• The goal is to secretly mine additional blocks on top of the withheld block.
u Mechanics of Selfish Mining
• Key Objective:
• Get ahead of the public blockchain by mining two secret blocks in a row.
• Outcome if Successful:
• Once two secret blocks are mined:
• The attacker announces both blocks at once.
• The attacker's chain becomes the longest valid chain.
• The block found by the rest of the network becomes orphaned, wasting their mining effort.
 Temporary Block-Withholding Attacks
u Impact on the Network
• Wasted Hash Power:
• Other miners unknowingly work on what they think is the longest chain, only for their block
to become stale upon the attacker's reveal.
• Attacker’s Gain:
• Increases the attacker’s effective share of mining rewards by undermining the network’s
efficiency.
u Implications of Selfish Mining
• Network Vulnerability:
• Exploits the protocol’s reliance on the longest chain rule.
• Can reduce trust in the network if left unchecked.
• Mitigation Strategies:
• Incentive-compatible mechanisms to ensure honest behavior.
• Increased network decentralization to dilute selfish miners’ impact.
Temporary Block-Withholding Attacks
 Blacklisting and Punitive Forking
u Blacklisting Transactions in Bitcoin
• What is Blacklisting?
• Preventing transactions from a specific address (e.g., address X) by making its
funds unspendable.
• Potential Motivations:
• Ransom/Extortion: Force payment to remove the blacklist.
• Legal Compliance: Government or law enforcement designates certain
addresses as "evil" and mandates miners to blacklist them.
u Challenges of Blacklisting: Conventional Wisdom:
• Blacklisting is ineffective because:
• Some miners may refuse to include transactions, but others will.
• Blacklisted transactions can still be processed by miners outside the
jurisdiction enforcing the blacklist.
 Temporary Block-Withholding Attacks
u Punitive Forking as a Blacklisting Strategy
• Punitive Forking Approach:
• A miner announces they will refuse to work on a chain containing blacklisted transactions.
• If the miner controls a majority of the hash power, the threat ensures blacklisted transactions
are excluded.
• Other miners may stop trying to include these transactions to avoid their blocks being orphaned.
u Implications of Punitive Forking
• Risks and Consequences:
• Centralization Risk: A miner with majority hash power could censor transactions unilaterally.
• Undermines Decentralization: Incentivizes compliance with dominant miners instead of
independent operations.
• Legal and Ethical Issues: Raises questions about censorship and the neutrality of the Bitcoin
network.
• Potential Defense:
• Decentralization of hash power reduces the feasibility of punitive forking.
 Feather Forking
u Punitive Forking and Its Limitations
• Punitive Forking:
• A miner announces they will refuse to mine on a chain containing certain
transactions (e.g., from address X).
• Challenges:
• Requires Majority Hash Power: The attacker must control more than 50% of the
network hash power to succeed.
• Risk of Self-Isolation: If the blacklisted transactions are included in the
consensus chain, the attacker’s mining efforts are wasted.
• Result: Punitive forking is not credible to other miners and often fails.
 Feather Forking
u Feather Forking as a Better Strategy:
• Instead of refusing to mine indefinitely, the attacker announces they will attempt to fork
but give up after a certain number of blocks (e.g., k blocks).
Eg: If a transaction from address X is included, the attacker mines on an alternate chain for
a short time and then rejoins the longest chain if unsuccessful.
u Probabilities and Incentives
• Success Probability:
• With hash power α, the chance of replacing one block is α.
• The chance of replacing two blocks in a row is α2 .
Eg: For α=0.20(20% hash power), the chance of success is 0.04 (4%).
• Incentive for Other Miners:
• Other miners see an α2 chance that their block will be orphaned if they include
transactions from address X.
• To avoid losing rewards, rational miners may choose to avoid the blacklisted
transactions, even if α<0.5.
 Feather Forking
u Collective Enforcement of Blacklists
• Cooperation Among Miners:
• Rational miners may join the attacker to enforce the blacklist.
• Motivation: Avoiding the risk of orphaned blocks outweighs the transaction fees from the
blacklisted transactions.
• Result:
• Even without majority hash power, feather forking can effectively enforce a blacklist.
u Implications for the Bitcoin Network
• Feather Forking Effectiveness:
• Works even when the attacker has less than 50% hash power.
• Increases centralization risks as miners may be coerced into enforcing blacklists.
• Defenses:
• Promote decentralization to dilute individual miners’ influence.
• Encourage transaction inclusion to resist censorship.
 Transitioning to Mining rewards dominated by transaction fees
u As of 2015, transaction fees contribute minimally to miners' revenue, with block
rewards accounting for over 99% of their earnings.
u However, the scheduled halving of block rewards every four years will eventually make
transaction fees the primary source of income for miners.
u This raises open questions about how miners will adapt when transaction fees dominate
their revenue.
u Will miners become more aggressive in enforcing minimum transaction fees, or will
they cooperate to establish and enforce fee thresholds?
u These uncertainties highlight potential shifts in mining strategies and network dynamics
as the Bitcoin ecosystem evolves.