Eliminating mining pool concentration in Bitcoin without Lamport Signatures

Improvement to: Preventing mining pool concentration with Lamport signatures 

RKHS
2 min readJun 19, 2014

This outlines a small change to Bitcoin which would eliminate the concentration of hashing power into large mining pools such as Gigahash.io . Implementing this proposal does not change implementation of hardware for Bitcoin hashing.

This implementation does not use Lamport Signatures. Only SHA256 and Secp256k1 operations are used.

This protocol introduces a “secret” that is used to claim block rewards. A mining pool cannot share their secret with anyone, without risking the coins being stolen. The person mining for a pool who finds the block has an incentive to steal the coins using the secret (or sell the secret), rather than take the fractional reward from the pool.

Therefore

  • Pool payouts will be reduced to compensate for stolen block rewards. Uses will be driven to solo mining.
  • Honest users with more than 1% of hash power, will leave large pools.
  • People with more than 1% of hash power, will join public pools such as Gigahash.io, collect payout from shares, steal block rewards when they can, get kicked out of pool and rejoin with same hash power under different alias to do it again. Public pools will be impossible.
  • Pool payouts will be approximately 50% of mined Bitcoin, if the pool and user who mined the block have equal probability of claiming the block and everyone attempts to claim the block. Solomining will be significantly more profitable than pooled mining.
  • Pools with less than 1% of hashing power will have unstable returns on equipment.
  • Users may move to pooled hosted mining as public pools with self-hosted hardware become more difficult.

A miner generates a 20 byte randomly generated secret S and a randomly generated 20 byte Nonce N. N and SHA256(N, S) are appended to the blockheader.

The block header is hashed and if

H = SHA256(SHA256(Blockheader, N, SHA256(N,S))

Is less than the target T, then the block is valid.

To claim the reward for the block, the person publishes a “reserve claim block reward” instruction. The secret S is used to generate a secp256k1 public key, by raising the base point b to the power of the secret S.

The “reserve claim block reward” instruction publishes
<Address to Receive Reward>, <Pubkey from S>, <Hash of Block claimed>

Once the “reserve claim block reward” has been published, the user can publish a second“claim block reward” transaction.

<Secret S>, <Hash of Block claimed>

  1. It is verified that the public key derived from S equals the previously published pubkey
  2. It is verified that the published hash in the block being claimed matches SHA256(N,S)
  3. If these verify, then the person receives the coin rewards to the address published in the first claim transaction

The first user to claim the block with a valid secret now has an spendable output. Multiple people may publish “reserve claim block reward” and the first one to publish “claim block reward” with a valid secret, will receive the reward.

--

--