Bitcoin Magazine

Everyone can see what you download - Private Internet Access
Show Menu
ghashio

Mining Pool Centralization At Crisis Levels

One of the key requirements for the Bitcoin network to be secure is that mining, the distributed process in which the network processes and secures transactions, must be decentralized; that is to say, there should be no single individual or entity with more than 50% of the computing power of the entire network. If the condition is not met, then Bitcoin essentially collapses into a less efficient model of a centralized database, where the majority shareholder can unilaterally block and even reverse transactions at will. Most of the time in Bitcoin’s history, this condition has been met; although miners do organize themselves into centralized groups known as pools, there have been a wide array of pools to choose from, and usually no single one has had more than a quarter of the network’s power. Over the past few months, however, a new mining pool has emerged that has come to be a serious threat to this status quo: GHASH.io. The mining pool’s hashpower first increased to 30%, then 40%, and now the situation has hit a peak where the pool controls an impressive 45% of the network – just shy of the 50% needed for Bitcoin to turn into a system of de-facto centralized trust.

What Is Mining?

In order to understand what is going on here, it is important to first understand the concept of mining, and specifically mining pools. The purpose of the Bitcoin network is to maintain a decentralized database of what the balances of all of the accounts in the Bitcoin system are; the way that it does so is by releasing a series of “blocks”, with one new block coming out every ten minutes and containing all of the transactions that have taken place during that time. Each block builds on top of the previous block, and the idea is that once a transaction is deep enough in the “blockchain” it becomes very hard to reverse, since an attacker would need to start from the block before the one containing the transaction and then outpace the rest of the network combined from there. Miners are the ones who release these blocks; every time a miner does a round of the mining computation there is a roughly 1 in 1019 chance that the miner will succeed, create the next block, and get a 25 BTC reward. Anyone with computing power can download a Bitcoin mining software package and become a miner, although in practice specialized hardware is also required. Because of this random mechanism, the chance that a miner will mine a block within a given timeframe is almost exactly proportional to the miner’s computing power.

However, there is one problem with this setup: the 25 BTC reward is extremely rare, and most small miners, if left to mine on their own, would never discover any blocks at all. Mining pools fix this in the following way. Instead of a miner mining for themselves, the miner mines for the mining pool. In exchange, if a miner discovers a block that is almost valid (say, such that 1 in 10000 “almost valid” blocks are actually valid), the mining pool pays the miner 25 BTC divided by 10000, minus a small fee. Because the process is random, miners cannot cheat; they can either mine for themselves, and have a 1 in 1019 chance of getting 25 BTC, or they can try to generate blocks that give the mining pool the reward instead, and then every time they run the computation they have a 1 in 1014 chance of being eligible for, say, a 0.0024 BTC reward from the miner assuming a 4% fee. Like an inverted gambling site, the mining pool uses its large size to absorb the randomness of the mining process and ensure for its users a more even reward.

The Problem

Throughout much of Bitcoin’s history, even with the centralization of mining pools, mining has been fairly decentralized. The picture on the right shows the mining pool distribution in June 2012, with a large array of pools where no single one owns more than about 15% of the total network hashpower. Now, however, a single mining pool, GHASH.io, controls roughly 40% hashpower, and the next largest, BTC Guild, controls about 25%. That is to say, if GHASH.io and BTC Guild merged, they together would have a high degree of control over the Bitcoin network. They would not be able to do everything; they cannot, for example, force a transaction from A to B without A’s signature. However, they can block or reverse transactions at will. Even with only 40%, GHASH.io can reverse transactions with some success; by the simple laws of randomness, a mining pool with 40% hashpower will occasionally seem to have over 50% hashpower for a few hours at a time; in fact, there have been instances where GHASH mined six blocks in a row. And this worry is not just theoretical; there is some evidence that GHASH.io is actually being used to attack gambling sites, which are more vulnerable to this kind of attack than merchants because they have no ability to simply cancel an order if the associated transaction gets reversed.

GHASH.io is also interesting because it is affiliated with CEX.io, a site that sells what is known as “mining contracts”. Right now, nearly all Bitcoin mining is done with specialized hardware, which users buy from Bitcoin mining hardware manufacturers and then run at home. But this setup is not optimal; it is possible to save on shipping costs by never actually shipping the miners, and instead keeping the miners in house and letting the users configure them remotely. From there, one can go a step further: not require users to bother with the concept of “Bitcoin miners” and simply sell them “hashpower”; that is, users can pay 0.04 BTC, put in a Bitcoin address, and receive the revenue from 1 gigahash (ie. 1 billion rounds of mining computation per second) of mining power directly, with no need to think about any of the details of what is actually going on. This is what a mining contract is, and users are increasingly opting to purchase these contracts from CEX instead of bothering to configure their own miners. And as a result GHASH’s market share is rapidly increasing.

The Solutions

Given that this is a threat to the most fundamental security assumption behind the Bitcoin network, the next question is: what do we do about it? Fortunately, there are several solutions. The first, and most obvious, is to support decentralized mining pools. Decentralized mining pools serve the same function as regular mining pools, but use their own blockchain instead of a centralized mining service to reward miners. The most advanced decentralized mining pool is p2pool, and is relatively easy to setup.

The process is as follows:

  1. Install any Bitcoin miner (eg. bfgminer)
  2. Point the miner to P2Pool and start running. In bfgminer’s case, the command line instruction is bfgminer -o http://p2pool.org:9332 -u address -p password, where address should be replaced by your Bitcoin address and password can literally be kept as “password”.

Even if P2Pool hits 51% market share, it will not be able to actually block or reverse transactions, since the mining pool is decentralized and so its power is vested in the network as a whole. However, p2pool has two weaknesses. First of all, because p2pool is its own blockchain, it consumes significant resources, making it difficult to install on many computers. Second, even with the setup guide described above, it may not be easy-to-use enough. What is needed is for someone to make a one-click script that installs bfgminer, configures bfgminer, installs p2pool and installs a command line application and a graphical user interface that simply accepts a Bitcoin address and starts mining.

Given P2Pool’s inefficiencies, another solution is to improve the state of centralized mining pools. This can be done in two ways. First of all, someone can write a software package and release it as open source that essentially allows anyone to run their own top-quality mining pool. In the world of virtual private server hosting, for example, such a software package already exists: HyperVM. As a result, we see hundreds of small VPS providers all competing to provide the best and most high-quality possible service, and costs are coming down fast; Microtronix, for example, is now providing a basic 128 MB server for as little as $11 per year. If a similar, high-quality package existed for mining pools, anyone would be able to set up their own mining pool and we could have a much more diverse mining pool ecosystem even without P2Pool.

Second, there is a protocol knows as getblocktemplate where, instead of miners simply mining whatever the mining pool tells them to mine, miners themselves come up with the next block. When a miner tries to claim a reward for an almost valid block (or “share”), the mining pool checks if the block reward went to the pool and if it did pays the reward to the miner. Note that, once again, miners cannot cheat; the miner needs to decide whether the block will pay to themselves or to the pool before making an attempted mining round, so it’s not possible to simultaneously claim shares from the pool and claim the full reward from blocks that are actually valid. However, the problem here is the same as with p2pool: miners need to have an actual Bitcoin node running, which consumes resources and has its own setup costs.

Finally, there is another solution, which looks at a specific piece of the puzzle: CEX.io. Theoretically, CEX.io, because it by itself has enough hashpower that its block rewards are fairly even, should be solo mining and not cooperating with a pool. In practice, however, this will not happen. The reason, provided in an official post by CEX itself, is this:

In October the development of the “GHash.IO” project was transferred to the CEX.IO development team.
The team worked hard to completely rewrite the whole GHash.IO engine, as well as perform other stability and responsiveness improvements, which you all may have noticed.
We have also removed the 3% fee and released merged-mining alt coins to the miners.

Thus, CEX is working very closely with GHash, and has no reason to abandon it. The solution here is thus the same as the first solution suggested for centralized mining pools: create an open-source software package that lets anyone create their own equivalent of CEX, and thereby quickly outcompete it.

GHASH.io also has the power to solve this problem themselves; all they need to do, right now, is double their fees for all users, and set the fee to automatically adjust upwards again if the pool’s hashpower exceeds 33%. The solution will make the Bitcoin community happy because the pool’s hashpower will decrease to a more reasonable percentage, and it will likely even increase GHASH.io’s revenue at the same time.

Finally, for the average user, there is the more extreme option of switching to another currency. Litecoin, for example, is very similar to Bitcoin, but its developers are working very hard at making it p2pool-friendly. Peercoin and Nxt use an alternative mining mechanism called “proof of stake” where users “mine” with money rather than computing power; although this alternative mechanism is relatively unproven, it is extremely promising because it is essentially impossible to set up a mining pool with it.

However, ultimately for now the simplest solution may be the one that works: simply boycott GHASH.io. The solution worked in 2011, when Deepbit threatened to pass 50% mining power several times and was rapidly struck down by an organized boycott each time, and may well work now. GHASH’s mining power is down to 38% already, and hopefully will decrease further as users move off to other pools such as Slush, Deepbit (now only at 3%) and of course P2Pool. But in the long term, especially as more profit-motivated players that are not themselves heavily invested in the Bitcoin currency and community join the scene, we may need another solution. There have been several efforts to set up bounties for some of the above solutions; if someone contacts us with a well-organized, community-supported and credible effort we will link to it here. Otherwise, the problem we have today will eventually pass, but it will not be the last time that something like this happens.

BTC: 1FxkfJQLJTXpW6QmxGT6oF43ZH959ns8Cq

LTC: LaBhvWiAP7msku6w8QSQ5G7omVWMF3uxJC

By

Vitalik Buterin is a co-founder of Bitcoin Magazine who has been involved in the Bitcoin community since 2011, and has contributed to Bitcoin both as a writer and the developer of a fork of bitcoinjs-lib, pybitcointools and multisig.info, as well as one of the developers behind Egora. Now, Vitalik's primary job is as the main developer of Ethereum, a project which intends to create a next-generation smart contract and decentralized application platform that allows people to create any kind of decentralized application on top of a blockchain that can be imagined.

Get Top Stories Weekly

We respect your email privacy

  • blah

    “Peercoin… it is extremely promising because it is essentially impossible to set up a mining pool with ”
    Can someone explain why proof of stake doesn’t allow pool mining to save on communication resources?

  • Peter

    You also have the option of looking into Quark, which has a total of about 270 million coins already mined, and each year about 1 million more are mined. Thus setting up this kind of infrastructure to mine is not economically worthwhile.

    It seems like Quark has gotten around the issue of pre-mining where the inventors can mine a majority of the coins for themselves. The mining was done over a six month period and the coins are currently distributed pretty well given its young age.

    Mining is one issue that crypto fans need to look into more. Each coin has its own strengths and weaknesses, and this is clearly an issue with bitcoin right now. On the other hand, it makes no sense to corner the market and do anything nefarious, because then you destroy the coin, losing all your money.

  • Manfred Karrer

    I dont understand the positive associations with proof of stake. Isn´t it a model which increases the power of the rich (owners of the coins) guys, very similar what we have in real life? Doesn´t that lead to power monopols? An incentive to get more control if you own more leads to capital accumulation. Maybe there will be not mining pools but capital pools, like we see in real life (lend money to investors for interest). That may be not a threat at a well distributed level at the beginning, but in the long run to seems like a typical structure like the monopoly game has.

    • Dini

      That is a genuine concern especially with a purely POS coin such as Nxt, but significantly less so with a combination POS/POW coin such as Peercoin, since the initial generation and distribution of coins works the same way as for bitcoin. Plus the rich-get-richer, and more powerful, phenomenon is somewhat of an issue also for POW since POW mining is so costly, and those who can afford the computing power generate wealth to then increase their computing power even more, with better and more expensive hardware. POS minting can be done with almost any hardware, and at least with Peercoins, it is not just the amount of coins but also their age that matters (age resets upon successful minting or transfer to another address).

      • whateverthefuck

        Lies. NXT > PEER

  • Mike H

    The resources required to run a Bitcoin node are hardly a big deal, you can rent a VPS for 20-30 dollars a month that can easily run one, or just buy a cheap computer to sit next to your (vastly more expensive) ASIC rigs. The p2pool command given in this article doesn’t actually decentralise anything – for that you HAVE to run your own Bitcoin code regardless of which technology you choose. Anything less is selling your vote.

  • Hype

    Mid to long term solutions i would suggest to discuss with motherboard manufacturers an option if they would be interested to sell boards with built in ASIC units*similar to USB ones. The idea would be that it would be always running in background and would connect to network for mining works when possible – without any means of users controll in a random way – not sure if this is technically possible. I imagine if it could take say 1-2% of system resourses and just stay in background mining, everyone could be fine with it. A number of ways might be a motivational for this :
    - A manufacturer might get a bounty for such product on the market, in return make the boards, say 50% cheaper ? So that end customer is actually motivated with his wallet.

    - Manufacturer might be managing mining accounts that his boards are mining.

    .. for this scenario as you can imagine there is surely alot of room for solution.
    Result. Massive Hashing power without any way to controll it, just randomly connected power.