MINING CRYPTOCURRENCIESAn evolution and outlook on mining practicesFilip Maertens // @fmaertens // me@filipmaertens.com

A BIT ON ME

- TU/e MSIT master with major in cryptography

- Co-author qualified digital signatures req. (BE)

- Author self-healing anonymous DHT network

- Founder Argus Labs (AI, Context, Sensors)

Love technology and finance

THE MATHYes. The boring stuff. Let’s try and make it easy on the ear.

Inversion problem (1)

F(x = remainder digits 5 – 10 after square root) x = 3, SQRT(x) = 1,73205080756887, y = 50807x = 5, SQRT(x) = 2,23606797749979, y = 67977x = 9, SQRT(x) = 3,00000000000000, y = 00000

F(y = 00000) -> x

x = 1, y = 00000 ≠ F(x = SQRT(x))x = 2, y = 00000 ≠ F(x = SQRT(x))…x = 9, y = 00000 = F(x = SQRT(x))

Only solution to inversion of one-way functions is to use a trial-and-error approach.

Basic principleNeed a function that requires more time to create than to verify it.

Dwork and Naor (1992), square root on thousandsof digits long numbers. Impractical.

Adam back (1997) hash collisions. Initially finding SHA1(x) == SHA1(y) where x != y

✖

✔

full collision is unfeasible

k-partial collision is doable

Hashing is an ideal function ! It’s one-way, secure and requires less power to verify than to create.

SHA256 (“Pay Filip 1 BTC 00001”) =57ca9f83daba36d98abd0588627535a4c6f6f09b77a3e63b7d5bdd5b0594e4ff

Computational too easy. Let’s make it harder by accepting only results that start with a “0” !

SHA256 (“Pay Filip 1 BTC 00014”) =01fa6ca07d67d4c59c00c2a3caeea75f94b7e549d40c9566f3eb6158e1154793

Took me 14 trials to get a hash that starts with a “0” and was already a bit harder. I had to do some work to obtain the result.

Inversion problem (2)

Ensure replay or tampering attacks cannot

happen: - Receiving address - Cryptographic nonce - Timestamp - Hash of previous block header

Please pay me 1 BTC

Bitcoin is based on second-preimage attacks.

Proof of work mechanism to protect against spam and Denial of Service attacks.

For x, find a second preimage x' ≠ x such that h(x) = h(x′) => “Solution”

implement the proof-of-work by incrementing a nonce in the block until a value is found that gives the block's hash the required zero bits

More zeroes = higher difficulty (0 = 16 fold increase). Today we are at 15 trailing zeroes.

Hashcash principle

Difficulty> 30 trillion attempts to find solutions, every second!

Individually calculated on timestamp of last solution, and distributed collectively.

Calculate timestamp(most recent solution) – timestamp(2016 solutions ago) :

- Less than 2 weeks = increase difficulty - More than 2 weeks = decrease difficulty

OVERVIEWTired yet ? No ? OK, some more things a miner should know.

Two flavoursHashcash-sha256 :

- SHA-2 based (256 bit) - Costly creation, cheap verification - CPU based (processing cost)

Hashcash-scrypt :

- PBKDF2 based (1 iteration in 128kb memory) - Cost of creation equals cost of verification - Memory based

TerminologyProof of work

Solution-verification check both the problem and the found solution (CPU or memory)

Block

Set of recent Bitcoin transactions that have not yet been recorded in any prior blocksBitcoin = SHA256(SHA256(Block_Header))

Blockchain (Merkle-Tree)

Append-only. Each block memorializes what took place immediately before it was created.

LearningsDifficulty levels can drop (in theory).

ASIC miners for hashcash-scrypt won’t disrupt significantly

Mining is a cost – value tradeoff (find cheap ways to improve value)

Hashcash-scrypt is less resistant to centralization issues than hashcash-sha256^2

Hashcash-scrypt verification is more costly than hashcash-sha256^2

SHA3 makes ASIC miners become worthless

MINING ?Minting coins. Wut ?

Before we beginMining is calculating solutions to a difficult mathematical problem (“inversion”) :

- 6 solutions, or blocks, found per hour - Currently a block contains 25 BTC - BTC in block reduce by 50% every 210k blocks - Maximum of 21 million (prevents inflation)

Single or Pooled Mining : - Cost/reward for solo mining is infeasible - Pooled mining

Selfish miner threat : - US$ 1M for 2.6 Ph/s to take over 51% - Ghash.io warning issuance

• Cryptographic hash functions convert data to alphanumeric string :

• Fixed length

• Nonces is a random number added to data

• The miners work to produce a new hash :

• Previous hash value• Transaction block• Nonce

• User with correct hash value is rewarded Bitcoin (25 BTC, Dec-2012; 12.5 in Sep 2015)

SOFTWAREWhat do you need to mine ?

RequiredOperating system

- Linux (yay!) - Microsoft Windows

Protocol

- getwork protocol (deprecated) - Stratum protocol (better pooled mining support)

Mining software (my favourites)

- cgminer - cpuminer

HARDWAREWelcome to the big rat-race game

CPU GPU FGPA ASIC

Application Specific Integrated Circuit = ASIC = Purpose-built

Can only mine hashcash-sha256^2 – nothing else

Yearly increase in nm efficiency (2014 = 14nm, 2019 = 5nm)BFL/Fasthash = 28nm, KnCMiner Neptune = 20nm

Increasing computational power

BFLFeb/13 = 60

Gh/s

KNCMINEROct/13 = 550

Gh/s

HASHFASTSep/13 = 400

Gh/s

ASIC MANUFACTURERS

Preordering is a risky game – Beware of newcomersAlways asked time-stamped photographic proof

Demand pictures of the wafers at the fabsFounders must have background in IC board design

Always take delivery delays into account vs. difficulty riseMight kill the ROI of hardware purchase

6 to 9 month waiting times are common (go figure!)

Less nm = more power efficient design = better performance

New ASIC equipment pushes out previous generations of minersOutdated hardware cannot be “upgraded” + difficulty level increases

(!) theoretically heavy investment and power increase might lead to natural centralization

ASIC AND BEYOND (theory)

Quantum computingD-Wave running at 2.7 kelvin

Forming single-atom quantum bitsMight destroy Bitcoin security (elliptic curve cryptography becomes broken)Quantum solves factoring problem but also the discrete logarithm problem

Balanced ternary computingMore efficient complex computing than binary

Too costly to produce only for Bitcoin mining purposes

Mass-parallel ASIC computing

AT A TIPPING POINT

BitFury’s Ghash.io countermeasures

Most powerful mining pool had to ensure it cannot establish a selfish-miner situationASIC manufacturers need to watch they don’t sell too much to one party

Moving from the home/basement to data centers

Mining as a service is surfacing (indication of a heavy $$$ CAPEX market)

Hobbyists are being flushed out and serious mining operations kick in

Speculation is at its core of investment decision making (Winklevoss, Andreesen, …)Direct value is only for manufacturers, not miners

Bitcoin mining becomes a lonely place for those with an unfair advantage Fiat/BTC

THE RAT-RACE GAME

Accumulate enough ASIC power before difficulty goes up or die

ALTERNATIVE VALUE CREATIONswitching strategies

MINERS BECOME TRADERS

CFD (“Contract For Difference”) Trading

Buying BTC using shorted BTC/USD profit proceedsSimple CFD trading (highly volatile, pump and dump, political, etc.)

Emerging of trading platforms

Kraken500Trade

Mt.Gox (uh-oh)

MINERS GO SCRYPT

Explosive growth of hashcash-scrypt(1) based coins

Litecoin (LTC) most popular (often referred to as “silver”)Possible to recycle “old” CPU/GPU mining rigs

First ASIC miners are popping up: e.g. Viper Miner (25 Mh/s)