A similar idea was proposed by Sirer and me as a part of two-phase proof of
work (2P-PoW) [1]. In 2P-PoW the first phase is Bitcoin's standard PoW and
the second phase requires the signature. This way Bitcoin doesn't lose its
mining power (read: security) in one day, but rather it is possible to
gradually switch from the current PoW to the signature-based one, slowly
phasing out the existing hardware and mining datacenters.
For a more general view of nonoutsourceable puzzles you can check out
Miller et al.'s paper [2].
Ittay
[1]
http://hackingdistributed.com/2014/06/18/how-to-disincentivize-large-bitcoin-mining-pools/
[2] https://cs.umd.edu/~amiller/nonoutsourceable.pdf
--
Message: 2
Date: Wed, 11 Feb 2015 08:54:15 +
From: Hector Chu hector...@gmail.com
Subject: [Bitcoin-development] Proposal: Requiring a miner's signature
in the block header
To: bitcoin-development@lists.sourceforge.net
Message-ID:
caao2fkefxc_byt4xvjb0s-7yy0m7m-av7mhuh-rbduri_ga...@mail.gmail.com
Content-Type: text/plain; charset=utf-8
A proposal for stemming the tide of mining centralisation -- Requiring a
miner's signature in the block header (the whole of which is hashed), and
paying out coinbase to the miner's public key.
Please comment on whether this idea is feasible, has been thought of
before,
etc., etc. Thank you.
Motivation
--
Mining is centralising to a handful of pool operators. This is bad for a
number of political reasons, which we won't go into right now. But I have
always believed that some years down the line, they could hold the users
hostage and change the rules to suit themselves. For instance by
eliminating
the halving of the block reward.
Solution
Currently the block header is formed by the pool operator and distributed
for
hashing by the pooled miners. It is possible to divide the work among the
miners as the only thing that is used to search the hash space is by
changing
a nonce or two.
I propose that we require each miner to sign the block header prior to
hashing. The signature will be included in the data that is hashed.
Further,
the coinbase for the block must only pay out to the public key counterpart
of
the private key used to sign the block header.
A valid block will therefore have a signature in the block header that is
verified by the public key being paid by the coinbase transaction.
Ramifications
-
Work can no longer be divided among the pooled miners as before, without
sharing the pool's private key amongst all of them. If the pool does try to
take this route, then any of the miners may redeem the coinbase when it
matures. Therefore, all miners will use their own key pair.
This will make it difficult to form a cooperating pool of miners who may
not
trust each other, as the block rewards will be controlled by disparate
parties
and not by the pool operator. Only a tight clique of trusted miners would
be
able to form their own private pool in such an environment.
Attacks
---
Pooled hashpower, instead of earning bitcoins legitimately may try to break
the system instead. They may try a double-spending attack, but in order to
leverage the pool to its full potential the pool operator would again have
to
share their private key with the whole pool. Due to the increased
cooperation
and coordination required for an attack, the probability of a 51% attack is
much reduced.
-- next part --
An HTML attachment was scrubbed...
--
Message: 3
Date: Wed, 11 Feb 2015 10:25:27 +0100
From: Natanael natanae...@gmail.com
Subject: Re: [Bitcoin-development] Proposal: Requiring a miner's
signature in the block header
To: Hector Chu hector...@gmail.com
Cc: bitcoin-development@lists.sourceforge.net
Message-ID:
CAAt2M1_qj0r03=
ref9mn7bjlg-odep3m5tez7jwdlc+zknq...@mail.gmail.com
Content-Type: text/plain; charset=utf-8
Den 11 feb 2015 09:55 skrev Hector Chu hector...@gmail.com:
A proposal for stemming the tide of mining centralisation -- Requiring a
miner's signature in the block header (the whole of which is hashed), and
paying out coinbase to the miner's public key.
Please comment on whether this idea is feasible, has been thought of
before,
etc., etc. Thank you.
Motivation
--
Mining is centralising to a handful of pool operators. This is bad for a
number of political reasons, which we won't go into right now. But I have
always believed that some years down the line, they could hold the users
hostage and change the rules to suit themselves. For instance by
eliminating
the halving of the block reward.
[...]
I propose that we require each miner to sign the block header prior to
hashing. The signature will be included in the data that is hashed.
Further,
the coinbase for the block must only pay out to the public key
counterpart
