One of the key requirements for the Bitcoin network to be secure is that mining, the distributed process in which the network processes and secures transactions, must be decentralized; that is to say, there should be no single individual or entity with more than 50% of the computing power of the entire network. If the condition is not met, then Bitcoin essentially collapses into a less efficient model of a centralized database, where the majority shareholder can unilaterally block and even reverse transactions at will. Most of the time in Bitcoin’s history, this condition has been met; although miners do organize themselves into centralized groups known as pools, there have been a wide array of pools to choose from, and usually no single one has had more than a quarter of the network’s power. Over the past few months, however, a new mining pool has emerged that has come to be a serious threat to this status quo: GHASH.io. The mining pool’s hashpower first increased to 30%, then 40%, and now the situation has hit a peak where the pool controls an impressive 45% of the network – just shy of the 50% needed for Bitcoin to turn into a system of de-facto centralized trust.
What Is Mining?
In order to understand what is going on here, it is important to first understand the concept of mining, and specifically mining pools. The purpose of the Bitcoin network is to maintain a decentralized database of what the balances of all of the accounts in the Bitcoin system are; the way that it does so is by releasing a series of “blocks”, with one new block coming out every ten minutes and containing all of the transactions that have taken place during that time. Each block builds on top of the previous block, and the idea is that once a transaction is deep enough in the “blockchain” it becomes very hard to reverse, since an attacker would need to start from the block before the one containing the transaction and then outpace the rest of the network combined from there. Miners are the ones who release these blocks; every time a miner does a round of the mining computation there is a roughly 1 in 1019 chance that the miner will succeed, create the next block, and get a 25 BTC reward. Anyone with computing power can download a Bitcoin mining software package and become a miner, although in practice specialized hardware is also required. Because of this random mechanism, the chance that a miner will mine a block within a given timeframe is almost exactly proportional to the miner’s computing power.
However, there is one problem with this setup: the 25 BTC reward is extremely rare, and most small miners, if left to mine on their own, would never discover any blocks at all. Mining pools fix this in the following way. Instead of a miner mining for themselves, the miner mines for the mining pool. In exchange, if a miner discovers a block that is almost valid (say, such that 1 in 10000 “almost valid” blocks are actually valid), the mining pool pays the miner 25 BTC divided by 10000, minus a small fee. Because the process is random, miners cannot cheat; they can either mine for themselves, and have a 1 in 1019 chance of getting 25 BTC, or they can try to generate blocks that give the mining pool the reward instead, and then every time they run the computation they have a 1 in 1014 chance of being eligible for, say, a 0.0024 BTC reward from the miner assuming a 4% fee. Like an inverted gambling site, the mining pool uses its large size to absorb the randomness of the mining process and ensure for its users a more even reward.
The Problem
Throughout much of Bitcoin’s history, even with the centralization of mining pools, mining has been fairly decentralized. The picture on the right shows the mining pool distribution in June 2012, with a large array of pools where no single one owns more than about 15% of the total network hashpower. Now, however, a single mining pool, GHASH.io, controls roughly 40% hashpower, and the next largest, BTC Guild, controls about 25%. That is to say, if GHASH.io and BTC Guild merged, they together would have a high degree of control over the Bitcoin network. They would not be able to do everything; they cannot, for example, force a transaction from A to B without A’s signature. However, they can block or reverse transactions at will. Even with only 40%, GHASH.io can reverse transactions with some success; by the simple laws of randomness, a mining pool with 40% hashpower will occasionally seem to have over 50% hashpower for a few hours at a time; in fact, there have been instances where GHASH mined six blocks in a row. And this worry is not just theoretical; there is some evidence that GHASH.io is actually being used to attack gambling sites, which are more vulnerable to this kind of attack than merchants because they have no ability to simply cancel an order if the associated transaction gets reversed.
GHASH.io is also interesting because it is affiliated with CEX.io, a site that sells what is known as “mining contracts”. Right now, nearly all Bitcoin mining is done with specialized hardware, which users buy from Bitcoin mining hardware manufacturers and then run at home. But this setup is not optimal; it is possible to save on shipping costs by never actually shipping the miners, and instead keeping the miners in house and letting the users configure them remotely. From there, one can go a step further: not require users to bother with the concept of “Bitcoin miners” and simply sell them “hashpower”; that is, users can pay 0.04 BTC, put in a Bitcoin address, and receive the revenue from 1 gigahash (ie. 1 billion rounds of mining computation per second) of mining power directly, with no need to think about any of the details of what is actually going on. This is what a mining contract is, and users are increasingly opting to purchase these contracts from CEX instead of bothering to configure their own miners. And as a result GHASH’s market share is rapidly increasing.
The Solutions
Given that this is a threat to the most fundamental security assumption behind the Bitcoin network, the next question is: what do we do about it? Fortunately, there are several solutions. The first, and most obvious, is to support decentralized mining pools. Decentralized mining pools serve the same function as regular mining pools, but use their own blockchain instead of a centralized mining service to reward miners. The most advanced decentralized mining pool is p2pool, and is relatively easy to setup.
The process is as follows:
- Install any Bitcoin miner (eg. bfgminer)
- Point the miner to P2Pool and start running. In bfgminer’s case, the command line instruction is
bfgminer -o http://p2pool.org:9332 -u address -p password, whereaddressshould be replaced by your Bitcoin address andpasswordcan literally be kept as “password”.
Even if P2Pool hits 51% market share, it will not be able to actually block or reverse transactions, since the mining pool is decentralized and so its power is vested in the network as a whole. However, p2pool has two weaknesses. First of all, because p2pool is its own blockchain, it consumes significant resources, making it difficult to install on many computers. Second, even with the setup guide described above, it may not be easy-to-use enough. What is needed is for someone to make a one-click script that installs bfgminer, configures bfgminer, installs p2pool and installs a command line application and a graphical user interface that simply accepts a Bitcoin address and starts mining.
Given P2Pool’s inefficiencies, another solution is to improve the state of centralized mining pools. This can be done in two ways. First of all, someone can write a software package and release it as open source that essentially allows anyone to run their own top-quality mining pool. In the world of virtual private server hosting, for example, such a software package already exists: HyperVM. As a result, we see hundreds of small VPS providers all competing to provide the best and most high-quality possible service, and costs are coming down fast; Microtronix, for example, is now providing a basic 128 MB server for as little as $11 per year. If a similar, high-quality package existed for mining pools, anyone would be able to set up their own mining pool and we could have a much more diverse mining pool ecosystem even without P2Pool.
Second, there is a protocol knows as getblocktemplate where, instead of miners simply mining whatever the mining pool tells them to mine, miners themselves come up with the next block. When a miner tries to claim a reward for an almost valid block (or “share”), the mining pool checks if the block reward went to the pool and if it did pays the reward to the miner. Note that, once again, miners cannot cheat; the miner needs to decide whether the block will pay to themselves or to the pool before making an attempted mining round, so it’s not possible to simultaneously claim shares from the pool and claim the full reward from blocks that are actually valid. However, the problem here is the same as with p2pool: miners need to have an actual Bitcoin node running, which consumes resources and has its own setup costs.
Finally, there is another solution, which looks at a specific piece of the puzzle: CEX.io. Theoretically, CEX.io, because it by itself has enough hashpower that its block rewards are fairly even, should be solo mining and not cooperating with a pool. In practice, however, this will not happen. The reason, provided in an official post by CEX itself, is this:
In October the development of the “GHash.IO” project was transferred to the CEX.IO development team.
The team worked hard to completely rewrite the whole GHash.IO engine, as well as perform other stability and responsiveness improvements, which you all may have noticed.
We have also removed the 3% fee and released merged-mining alt coins to the miners.
Thus, CEX is working very closely with GHash, and has no reason to abandon it. The solution here is thus the same as the first solution suggested for centralized mining pools: create an open-source software package that lets anyone create their own equivalent of CEX, and thereby quickly outcompete it.
GHASH.io also has the power to solve this problem themselves; all they need to do, right now, is double their fees for all users, and set the fee to automatically adjust upwards again if the pool’s hashpower exceeds 33%. The solution will make the Bitcoin community happy because the pool’s hashpower will decrease to a more reasonable percentage, and it will likely even increase GHASH.io’s revenue at the same time.
Finally, for the average user, there is the more extreme option of switching to another currency. Litecoin, for example, is very similar to Bitcoin, but its developers are working very hard at making it p2pool-friendly. Peercoin and Nxt use an alternative mining mechanism called “proof of stake” where users “mine” with money rather than computing power; although this alternative mechanism is relatively unproven, it is extremely promising because it is essentially impossible to set up a mining pool with it.
However, ultimately for now the simplest solution may be the one that works: simply boycott GHASH.io. The solution worked in 2011, when Deepbit threatened to pass 50% mining power several times and was rapidly struck down by an organized boycott each time, and may well work now. GHASH’s mining power is down to 38% already, and hopefully will decrease further as users move off to other pools such as Slush, Deepbit (now only at 3%) and of course P2Pool. But in the long term, especially as more profit-motivated players that are not themselves heavily invested in the Bitcoin currency and community join the scene, we may need another solution. There have been several efforts to set up bounties for some of the above solutions; if someone contacts us with a well-organized, community-supported and credible effort we will link to it here. Otherwise, the problem we have today will eventually pass, but it will not be the last time that something like this happens.
